diff --git a/BUILD.gn b/BUILD.gn index bc6a7dba5b55a61f291a8f23436808490fe93f82..28ffd344ca03a19d171ddfa31aed25a33cd0e80d 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Copyright (c) 2021-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,14 +20,15 @@ group("accesstoken_build_module_test") { if (is_standard_system) { deps += [ "frameworks/test/unittest:unittest", + "interfaces/inner_api/el5filekeymanager/test:unittest", "interfaces/innerkits/accesstoken/test:unittest", "interfaces/innerkits/analysis_model/test:unittest", - "interfaces/innerkits/el5filekeymanager/test:unittest", "interfaces/innerkits/nativetoken/test:unittest", "interfaces/innerkits/privacy/test:unittest", "interfaces/innerkits/token_callback/test:unittest", "interfaces/innerkits/token_setproc/test:unittest", "services/accesstokenmanager/test:unittest", + "services/common/ability_manager/test:unittest", "services/common/database/test:unittest", ] if (ability_base_enable == true) { diff --git a/CODEOWNERS b/CODEOWNERS index 390f4c7856e835109b72f77fdb630a430817d599..f3ec2904f4efa25ce020722399bebbe2c09fa81f 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -21,5 +21,5 @@ frameworks/privacy/include/privacy_am_service_ipc_interface_code.h @leonchan5 frameworks/privacy/include/privacy_service_ipc_interface_code.h @leonchan5 frameworks/privacy/include/privacy_state_change_ipc_interface_code.h @leonchan5 frameworks/tokensync/include/token_sync_service_ipc_interface_code.h @leonchan5 -interfaces/innerkits/privacy/include/privacy_permission_record_ipc_interface_code.h @leonchan5 +interfaces/inner_api/privacy/include/privacy_permission_record_ipc_interface_code.h @leonchan5 interfaces/innerkits/token_callback/include/accesstoken_grant_result_ipc_interface_code.h @leonchan5 diff --git a/README.md b/README.md index 439cacaf4b0b5b9c0f5bcea01d0d991a64a49bd9..81034313acc09da0f63dea661d1181d9ed3ae140 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,6 @@ The following figure shows the ATM architecture. | int GetTokenTypeFlag(AccessTokenID tokenID); | Obtains the type of a trusted token ID.| | int GetTokenType(FullTokenID tokenID); | Obtains the type of an access token.| | int GetTokenTypeFlag(FullTokenID tokenID); | Obtains the type of a trusted token ID.| -| int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); | Checks whether the native process corresponding to the given token ID has the specified distributed capability.| | AccessTokenID GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); | Obtains the token ID of an app.| | AccessTokenIDEx GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex); | Obtains the token ID of an app.| | int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); | Obtains the token information about an OpenHarmony Ability Package (HAP).| @@ -75,7 +74,6 @@ ATM provides unified access control for apps and allows apps or service abilitie #### Native Process - Before a native process starts, it calls **GetAccessTokenId** to obtain a token ID, and then calls **SetSelfTokenID** to set the token ID to the kernel. -- During the running of a native process, it calls **GetNativeTokenInfo** or **CheckNativeDCap** to obtain the token information, including the distributed capability and APL. #### App HAP - When an app is installed, **AllocHapToken** is called to obtain the token ID of the app. diff --git a/README_zh.md b/README_zh.md index f36a711f2bd9e777d12f7cc913c81c1cf58483dd..4202198cf7a366cf4abfe3b60e18d8682d496ff7 100644 --- a/README_zh.md +++ b/README_zh.md @@ -63,7 +63,6 @@ ATM部件的架构图如下所示: | int GetTokenTypeFlag(AccessTokenID tokenID); | 查询指定可信tokenID的类型 | | int GetTokenType(FullTokenID tokenID); | 查询指定tokenID的类型 | | int GetTokenTypeFlag(FullTokenID tokenID); | 查询指定可信tokenID的类型 | -| int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); | 检测指定tokenID对应的native进程是否具有指定的分布式能力 | | AccessTokenID GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); | 查询指定应用的tokenId | | AccessTokenIDEx GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex); | 查询指定应用的tokenIDEx | | int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); | 查询指定tokenID对应的hap包的tokenInfo信息 | @@ -75,6 +74,7 @@ ATM部件的架构图如下所示: | int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName); | 查询指定tokenID的应用的指定权限 | | int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 授予指定tokenID的应用的指定权限 | | int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag); | 撤销指定tokenID的应用的指定权限 | +| int GrantPermissionForSpecifiedTime(AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime, uint32_t maxTime); | 授权指定tokenID的应用固定授权时间的指定权限 | | int ClearUserGrantedPermissionState(AccessTokenID tokenID); | 清空指定tokenID的应用的user_grant权限状态 | | uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr); | 创建获取native进程的tokenId | @@ -83,7 +83,6 @@ ATM提供了统一的应用权限访问控制功能,支持应用程序或者SA #### native进程 - 在native进程拉起前,需要调用GetAccessTokenId函数,获取该native进程的TokenID;再调用SetSelfTokenID将进程TokenID设置到内核中。 -- 在native进程运行过程中,可以通过调用GetNativeTokenInfo、CheckNativeDCap来查验对应进程所具备的token信息,包括分布式能力、APL等级等信息。 #### 应用hap - 在应用安装时,需要调用AllocHapToken创建获取该应用的TokenID。 diff --git a/access_token.gni b/access_token.gni index 3c8f3ea557da91f8b0ed86a9e11464d59b2103fb..d62e2c4a4b363d44f82ee9dd9b40512174681eaa 100644 --- a/access_token.gni +++ b/access_token.gni @@ -12,7 +12,8 @@ # limitations under the License. access_token_path = "//base/security/access_token" -audio_framework_path = "//foundation/multimedia/audio_framework" +access_token_innerkit_path = + "//base/security/access_token/interfaces/innerkits/accesstoken" module_output_path_interface_privacy = "access_token/access_token/interface_privacy" module_output_path_interface_access_token = diff --git a/bundle.json b/bundle.json index d6099fc651164b0c9608145add9efb382e8fb90d..b4f8cb0961ed89f02e6ef1d3b9d1bb8cfbea6531 100644 --- a/bundle.json +++ b/bundle.json @@ -30,9 +30,11 @@ "components": [ "ability_base", "ability_runtime", + "audio_framework", "ace_engine", "bounds_checking_function", "c_utils", + "camera_framework", "cJSON", "common_event_service", "config_policy", @@ -50,6 +52,7 @@ "napi", "openssl", "power_manager", + "relational_store", "safwk", "samgr", "screenlock_mgr", @@ -66,8 +69,9 @@ "//base/security/access_token/tools:tools_atm" ], "fwk_group": [ - "//base/security/access_token/interfaces/kits:napi_packages", - "//base/security/access_token/interfaces/kits:cj_packages" + "//base/security/access_token/interfaces/kits/capi:capi_packages", + "//base/security/access_token/interfaces/kits/cj:cj_packages", + "//base/security/access_token/frameworks/js/napi:napi_packages" ], "service_group": [ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk", @@ -86,7 +90,30 @@ "name": "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "header": { "header_files": [ - "accesstoken_kit.h" + "access_token_error.h", + "access_token.h", + "accesstoken_callback_stubs.h", + "accesstoken_callbacks.h", + "accesstoken_kit.h", + "accesstoken_state_change_ipc_interface_code.h", + "atm_tools_param_info.h", + "hap_token_info_for_sync_parcel.h", + "hap_token_info.h", + "i_permission_state_callback.h", + "i_token_sync_callback.h", + "native_token_info.h", + "perm_state_change_callback_customize.h", + "permission_def.h", + "permission_dlp_mode.h", + "permission_grant_info.h", + "permission_list_state.h", + "permission_state_change_info.h", + "permission_state_full.h", + "permission_status.h", + "sec_comp_enhance_data.h", + "token_sync_kit_interface.h", + "tokenid_kit.h", + "tokensync_callback_ipc_interface_code.h" ], "header_base": "//base/security/access_token/interfaces/innerkits/accesstoken/include" } @@ -122,7 +149,19 @@ "name": "//base/security/access_token/interfaces/innerkits/privacy:libprivacy_sdk", "header": { "header_files": [ - "privacy_kit.h" + "active_change_response_info.h", + "add_perm_param_info.h", + "on_permission_used_record_callback.h", + "perm_active_status_customized_cbk.h", + "permission_used_request.h", + "permission_used_result.h", + "permission_used_type_info.h", + "permission_used_type.h", + "privacy_error.h", + "privacy_kit.h", + "privacy_param.h", + "privacy_permission_record_ipc_interface_code.h", + "state_customized_cbk.h" ], "header_base": "//base/security/access_token/interfaces/innerkits/privacy/include" } @@ -140,6 +179,8 @@ "name": "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", "header": { "header_files": [ + "perm_setproc.h", + "setproc_common.h", "token_setproc.h" ], "header_base": "//base/security/access_token/interfaces/innerkits/token_setproc/include" @@ -149,6 +190,8 @@ "name": "//base/security/access_token/interfaces/innerkits/token_setproc:libtokensetproc_shared", "header": { "header_files": [ + "perm_setproc.h", + "setproc_common.h", "token_setproc.h" ], "header_base": "//base/security/access_token/interfaces/innerkits/token_setproc/include" @@ -164,13 +207,35 @@ } }, { - "name": "//base/security/access_token/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", + "name": "//base/security/access_token/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "header": { "header_files": [ + "el5_filekey_manager_kit.h", + "app_key_info.h", + "data_lock_type.h", + "el5_filekey_callback_interface.h", + "el5_filekey_callback_stub.h", + "el5_filekey_manager_error.h", "el5_filekey_manager_kit.h" ], - "header_base": "//base/security/access_token/interfaces/innerkits/el5filekeymanager/include" + "header_base": "//base/security/access_token/interfaces/inner_api/el5filekeymanager/include" } + }, + { + "name": "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk", + "header": { + "header_files": [ + "token_sync_kit.h", + "token_sync_kit_loader.h" + ], + "header_base": "//base/security/access_token/interfaces/innerkits/tokensync/include" + } + }, + { + "name": "//base/security/access_token/interfaces/kits/cj/accesstoken:cj_ability_access_ctrl_ffi" + }, + { + "name": "//base/security/access_token/interfaces/kits/cj/screenlockfilemanager:cj_screen_lock_file_manager_ffi" } ], "test": [ diff --git a/config/BUILD.gn b/config/BUILD.gn index 85c15a7a440b9ea385698153a67db04e713a4d8f..9a67f677825e62060c8949540db9a3a669c98ff6 100644 --- a/config/BUILD.gn +++ b/config/BUILD.gn @@ -16,6 +16,11 @@ declare_args() { } config("access_token_compile_flags") { + cflags_cc = [ + "-Os", + "-fno-asynchronous-unwind-tables", + "-fno-unwind-tables", + ] cflags = [ "-fdata-sections", "-ffunction-sections", diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index c522297a96daa7460afbaff48fc202f282d680e6..905cf97537af37433da66c892757cf3a9c615565 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -54,14 +54,13 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { "src/hap_policy_parcel.cpp", "src/hap_token_info_for_sync_parcel.cpp", "src/hap_token_info_parcel.cpp", - "src/native_token_info_for_sync_parcel.cpp", "src/native_token_info_parcel.cpp", "src/permission_def_parcel.cpp", "src/permission_grant_info_parcel.cpp", "src/permission_list_state_parcel.cpp", "src/permission_state_change_info_parcel.cpp", "src/permission_state_change_scope_parcel.cpp", - "src/permission_state_full_parcel.cpp", + "src/permission_status_parcel.cpp", ] external_deps = [ "c_utils:utils" ] diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h index b6c9c363fa6c8fe6c6b080fa61f9abbbac24267c..9ef4d29ffb688ff9761111d39f4168972280e1c3 100644 --- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h +++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h @@ -34,6 +34,8 @@ enum class AccessTokenInterfaceCode { INIT_TOKEN_HAP, SET_PERMISSION_REQUEST_TOGGLE_STATUS, GET_PERMISSION_REQUEST_TOGGLE_STATUS, + GRANT_PERMISSION_FOR_SPECIFIEDTIME, + REQUEST_APP_PERM_ON_SETTING, GET_TOKEN_TYPE = 0x0010, CHECK_NATIVE_DCAP, @@ -42,6 +44,7 @@ enum class AccessTokenInterfaceCode { GET_NATIVE_TOKENINFO, GET_HAP_TOKENINFO, UPDATE_HAP_TOKEN, + GET_TOKEN_ID_BY_USER_ID, GET_HAP_TOKEN_FROM_REMOTE = 0x0020, GET_ALL_NATIVE_TOKEN_FROM_REMOTE, @@ -66,6 +69,14 @@ enum class AccessTokenInterfaceCode { GET_VERSION, GET_PERMISSION_MANAGER_INFO, GET_NATIVE_TOKEN_NAME, + INIT_USER_POLICY, + UPDATE_USER_POLICY, + CLEAR_USER_POLICY, + GET_HAP_TOKENINFO_EXT, + REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, + UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, + + VERIFY_ACCESSTOKEN_WITH_LIST = 0x0050, }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/hap_policy_parcel.h b/frameworks/accesstoken/include/hap_policy_parcel.h index ceafe550f57fb38d449bb812b9977518102ba480..a391e2a4d8912f430b442e258c5730c8f787a045 100644 --- a/frameworks/accesstoken/include/hap_policy_parcel.h +++ b/frameworks/accesstoken/include/hap_policy_parcel.h @@ -31,7 +31,7 @@ struct HapPolicyParcel final : public Parcelable { static HapPolicyParcel *Unmarshalling(Parcel &in); - HapPolicyParams hapPolicyParameter; + HapPolicy hapPolicy; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h index 3a0c0e7d1bed86c23df2f28375e210e44e2e2102..5ec9285f4ed86c4eb07d6a51c6cab1321a587e64 100644 --- a/frameworks/accesstoken/include/i_accesstoken_manager.h +++ b/frameworks/accesstoken/include/i_accesstoken_manager.h @@ -17,6 +17,7 @@ #define I_ACCESSTOKEN_MANAGER_H #include +#include #include "access_token.h" #include "accesstoken_service_ipc_interface_code.h" @@ -29,12 +30,11 @@ #include "hap_token_info_parcel.h" #include "iremote_broker.h" #include "i_permission_state_callback.h" -#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_grant_info_parcel.h" #include "permission_list_state_parcel.h" -#include "permission_state_full_parcel.h" +#include "permission_status_parcel.h" #include "permission_state_change_scope_parcel.h" #include "system_ability_definition.h" @@ -47,53 +47,60 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IAccessTokenManager"); - virtual PermUsedTypeEnum GetUserGrantedPermissionUsedType( + virtual PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) = 0; virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) = 0; + virtual int VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) = 0; virtual int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) = 0; virtual int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) = 0; virtual int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) = 0; virtual int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) = 0; virtual int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID = 0) = 0; virtual int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID = 0) = 0; + virtual int32_t RequestAppPermOnSetting(AccessTokenID tokenID) = 0; virtual PermissionOper GetSelfPermissionsState(std::vector& permListParcel, PermissionGrantInfoParcel& infoParcel) = 0; virtual int32_t GetPermissionsStatus( AccessTokenID tokenID, std::vector& permListParcel) = 0; virtual int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; virtual int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) = 0; + virtual int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) = 0; virtual int ClearUserGrantedPermissionState(AccessTokenID tokenID) = 0; virtual AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) = 0; virtual int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId) = 0; + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) = 0; virtual int DeleteToken(AccessTokenID tokenID) = 0; virtual int GetTokenType(AccessTokenID tokenID) = 0; - virtual int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) = 0; virtual AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) = 0; virtual AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) = 0; virtual int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) = 0; + virtual int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) = 0; virtual int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) = 0; - virtual int32_t UpdateHapToken( - AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel) = 0; + virtual int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) = 0; virtual int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) = 0; virtual int32_t UnRegisterPermStateChangeCallback(const sptr& callback) = 0; + virtual int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, + const sptr& callback) = 0; + virtual int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) = 0; #ifndef ATM_BUILD_VARIANT_USER_ENABLE virtual int32_t ReloadNativeTokenInfo() = 0; #endif + virtual int GetHapTokenInfoExtension(AccessTokenID tokenID, + HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) = 0; virtual AccessTokenID GetNativeTokenId(const std::string& processName) = 0; #ifdef TOKEN_SYNC_ENABLE virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) = 0; virtual int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) = 0; - virtual int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) = 0; virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0; virtual int DeleteRemoteDeviceTokens(const std::string& deviceID) = 0; @@ -102,11 +109,13 @@ public: #endif virtual int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) = 0; + virtual int32_t InitUserPolicy( + const std::vector& userList, const std::vector& permList) = 0; + virtual int32_t UpdateUserPolicy(const std::vector& userList) = 0; + virtual int32_t ClearUserPolicy() = 0; virtual void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& tokenInfo) = 0; - virtual int32_t DumpPermDefInfo(std::string& tokenInfo) = 0; virtual int32_t GetVersion(uint32_t& version) = 0; virtual void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) = 0; - virtual int32_t GetNativeTokenName(AccessTokenID tokenID, std::string& name) = 0; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h deleted file mode 100644 index a4b6b397cf9d2f4c83d8291ae38f71b7829ad79d..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H -#define NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H - -#include "native_token_info.h" -#include "parcel.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -struct NativeTokenInfoForSyncParcel final : public Parcelable { - NativeTokenInfoForSyncParcel() = default; - - ~NativeTokenInfoForSyncParcel() override = default; - - bool Marshalling(Parcel &out) const override; - - static NativeTokenInfoForSyncParcel *Unmarshalling(Parcel &in); - - NativeTokenInfoForSync nativeTokenInfoForSyncParams; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H - diff --git a/frameworks/accesstoken/include/permission_state_full_parcel.h b/frameworks/accesstoken/include/permission_status_parcel.h similarity index 78% rename from frameworks/accesstoken/include/permission_state_full_parcel.h rename to frameworks/accesstoken/include/permission_status_parcel.h index 71e869ed1ef93fd7b1d968ee6e2dcc00bb30eb13..fef5f4d2c66ba2077f2a0b91428e8793f014475b 100644 --- a/frameworks/accesstoken/include/permission_state_full_parcel.h +++ b/frameworks/accesstoken/include/permission_status_parcel.h @@ -16,22 +16,22 @@ #ifndef INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_PARCEL_H #define INTERFACES_INNER_KITS_PERMISSION_PERMISSION_STATE_FULL_PARCEL_H -#include "permission_state_full.h" +#include "permission_status.h" #include "parcel.h" namespace OHOS { namespace Security { namespace AccessToken { -struct PermissionStateFullParcel final : public Parcelable { - PermissionStateFullParcel() = default; +struct PermissionStatusParcel final : public Parcelable { + PermissionStatusParcel() = default; - ~PermissionStateFullParcel() override = default; + ~PermissionStatusParcel() override = default; bool Marshalling(Parcel &out) const override; - static PermissionStateFullParcel *Unmarshalling(Parcel &in); + static PermissionStatusParcel *Unmarshalling(Parcel &in); - PermissionStateFull permStatFull; + PermissionStatus permState; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/src/hap_info_parcel.cpp b/frameworks/accesstoken/src/hap_info_parcel.cpp index 9a46ce07e643510018bd91b9b8e3ee83763aa76a..bac45bdb64d03a83769a46e9d46e0f4758580709 100644 --- a/frameworks/accesstoken/src/hap_info_parcel.cpp +++ b/frameworks/accesstoken/src/hap_info_parcel.cpp @@ -29,6 +29,10 @@ bool HapInfoParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteInt32(this->hapInfoParameter.apiVersion)); RETURN_IF_FALSE(out.WriteBool(this->hapInfoParameter.isSystemApp)); RETURN_IF_FALSE(out.WriteString(this->hapInfoParameter.appDistributionType)); + RETURN_IF_FALSE(out.WriteBool(this->hapInfoParameter.isRestore)); + if (this->hapInfoParameter.isRestore) { + RETURN_IF_FALSE(out.WriteUint32(this->hapInfoParameter.tokenID)); + } return true; } @@ -46,6 +50,10 @@ HapInfoParcel* HapInfoParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadInt32(hapInfoParcel->hapInfoParameter.apiVersion), hapInfoParcel); RELEASE_IF_FALSE(in.ReadBool(hapInfoParcel->hapInfoParameter.isSystemApp), hapInfoParcel); RELEASE_IF_FALSE(in.ReadString(hapInfoParcel->hapInfoParameter.appDistributionType), hapInfoParcel); + RELEASE_IF_FALSE(in.ReadBool(hapInfoParcel->hapInfoParameter.isRestore), hapInfoParcel); + if (hapInfoParcel->hapInfoParameter.isRestore) { + RELEASE_IF_FALSE(in.ReadUint32(hapInfoParcel->hapInfoParameter.tokenID), hapInfoParcel); + } return hapInfoParcel; } } // namespace AccessToken diff --git a/frameworks/accesstoken/src/hap_policy_parcel.cpp b/frameworks/accesstoken/src/hap_policy_parcel.cpp index c914130fd255ab4c7900585fe1cf0a52c3e96006..2f97c490c1e1e5e56af4d911ebb7765919810f9a 100644 --- a/frameworks/accesstoken/src/hap_policy_parcel.cpp +++ b/frameworks/accesstoken/src/hap_policy_parcel.cpp @@ -20,37 +20,37 @@ #include "permission_def.h" #include "permission_def_parcel.h" #include "permission_state_full.h" -#include "permission_state_full_parcel.h" +#include "permission_status_parcel.h" namespace OHOS { namespace Security { namespace AccessToken { bool HapPolicyParcel::Marshalling(Parcel& out) const { - RETURN_IF_FALSE(out.WriteInt32(this->hapPolicyParameter.apl)); - RETURN_IF_FALSE(out.WriteString(this->hapPolicyParameter.domain)); + RETURN_IF_FALSE(out.WriteInt32(this->hapPolicy.apl)); + RETURN_IF_FALSE(out.WriteString(this->hapPolicy.domain)); - const std::vector& permList = this->hapPolicyParameter.permList; + const std::vector& permList = this->hapPolicy.permList; uint32_t permListSize = permList.size(); RETURN_IF_FALSE(out.WriteUint32(permListSize)); for (uint32_t i = 0; i < permListSize; i++) { PermissionDefParcel permDefParcel; permDefParcel.permissionDef = permList[i]; - out.WriteParcelable(&permDefParcel); + RETURN_IF_FALSE(out.WriteParcelable(&permDefParcel)); } - const std::vector& permStateList = this->hapPolicyParameter.permStateList; + const std::vector& permStateList = this->hapPolicy.permStateList; uint32_t permStateListSize = permStateList.size(); RETURN_IF_FALSE(out.WriteUint32(permStateListSize)); for (uint32_t i = 0; i < permStateListSize; i++) { - PermissionStateFullParcel permStateParcel; - permStateParcel.permStatFull = permStateList[i]; - out.WriteParcelable(&permStateParcel); + PermissionStatusParcel permStateParcel; + permStateParcel.permState = permStateList[i]; + RETURN_IF_FALSE(out.WriteParcelable(&permStateParcel)); } - const std::vector& aclRequestedList = this->hapPolicyParameter.aclRequestedList; + const std::vector& aclRequestedList = this->hapPolicy.aclRequestedList; uint32_t aclRequestedListSize = aclRequestedList.size(); RETURN_IF_FALSE(out.WriteUint32(aclRequestedListSize)); @@ -58,7 +58,7 @@ bool HapPolicyParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteString(aclRequestedList[i])); } - const std::vector& info = this->hapPolicyParameter.preAuthorizationInfo; + const std::vector& info = this->hapPolicy.preAuthorizationInfo; uint32_t infoSize = info.size(); RETURN_IF_FALSE(out.WriteUint32(infoSize)); @@ -66,6 +66,8 @@ bool HapPolicyParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteString(info[i].permissionName)); RETURN_IF_FALSE(out.WriteBool(info[i].userCancelable)); } + + RETURN_IF_FALSE(out.WriteInt32(this->hapPolicy.checkIgnore)); return true; } @@ -78,9 +80,9 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) int32_t apl; RELEASE_IF_FALSE(in.ReadInt32(apl), hapPolicyParcel); - hapPolicyParcel->hapPolicyParameter.apl = ATokenAplEnum(apl); + hapPolicyParcel->hapPolicy.apl = ATokenAplEnum(apl); - hapPolicyParcel->hapPolicyParameter.domain = in.ReadString(); + hapPolicyParcel->hapPolicy.domain = in.ReadString(); uint32_t permListSize; RELEASE_IF_FALSE(in.ReadUint32(permListSize), hapPolicyParcel); @@ -89,16 +91,16 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) for (uint32_t i = 0; i < permListSize; i++) { sptr permDefParcel = in.ReadParcelable(); RELEASE_IF_FALSE(permDefParcel != nullptr, hapPolicyParcel); - hapPolicyParcel->hapPolicyParameter.permList.emplace_back(permDefParcel->permissionDef); + hapPolicyParcel->hapPolicy.permList.emplace_back(permDefParcel->permissionDef); } uint32_t permStateListSize; RELEASE_IF_FALSE(in.ReadUint32(permStateListSize), hapPolicyParcel); RELEASE_IF_FALSE((permStateListSize <= MAX_PERMLIST_SIZE), hapPolicyParcel); for (uint32_t i = 0; i < permStateListSize; i++) { - sptr permissionStateParcel = in.ReadParcelable(); + sptr permissionStateParcel = in.ReadParcelable(); RELEASE_IF_FALSE(permissionStateParcel != nullptr, hapPolicyParcel); - hapPolicyParcel->hapPolicyParameter.permStateList.emplace_back(permissionStateParcel->permStatFull); + hapPolicyParcel->hapPolicy.permStateList.emplace_back(permissionStateParcel->permState); } uint32_t aclRequestedListSize; RELEASE_IF_FALSE(in.ReadUint32(aclRequestedListSize), hapPolicyParcel); @@ -106,7 +108,7 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) for (uint32_t i = 0; i < aclRequestedListSize; i++) { std::string acl; RELEASE_IF_FALSE(in.ReadString(acl), hapPolicyParcel); - hapPolicyParcel->hapPolicyParameter.aclRequestedList.emplace_back(acl); + hapPolicyParcel->hapPolicy.aclRequestedList.emplace_back(acl); } uint32_t infoSize; RELEASE_IF_FALSE(in.ReadUint32(infoSize), hapPolicyParcel); @@ -115,8 +117,11 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) PreAuthorizationInfo info; RELEASE_IF_FALSE(in.ReadString(info.permissionName), hapPolicyParcel); RELEASE_IF_FALSE(in.ReadBool(info.userCancelable), hapPolicyParcel); - hapPolicyParcel->hapPolicyParameter.preAuthorizationInfo.emplace_back(info); + hapPolicyParcel->hapPolicy.preAuthorizationInfo.emplace_back(info); } + int32_t checkIgnore; + RELEASE_IF_FALSE(in.ReadInt32(checkIgnore), hapPolicyParcel); + hapPolicyParcel->hapPolicy.checkIgnore = HapPolicyCheckIgnore(checkIgnore); return hapPolicyParcel; } } // namespace AccessToken diff --git a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp index ed6f85f5eadbeec67143b2c0acc107b641227136..fbbec4f94053bb610ffb71890f19898254b94847 100644 --- a/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp +++ b/frameworks/accesstoken/src/hap_token_info_for_sync_parcel.cpp @@ -18,7 +18,7 @@ #include "hap_token_info_parcel.h" #include "parcel_utils.h" #include "permission_state_full.h" -#include "permission_state_full_parcel.h" +#include "permission_status_parcel.h" namespace OHOS { namespace Security { @@ -27,16 +27,16 @@ bool HapTokenInfoForSyncParcel::Marshalling(Parcel& out) const { HapTokenInfoParcel baseInfoParcel; baseInfoParcel.hapTokenInfoParams = this->hapTokenInfoForSyncParams.baseInfo; - out.WriteParcelable(&baseInfoParcel); + RETURN_IF_FALSE(out.WriteParcelable(&baseInfoParcel)); - const std::vector& permStateList = this->hapTokenInfoForSyncParams.permStateList; + const std::vector& permStateList = this->hapTokenInfoForSyncParams.permStateList; uint32_t permStateListSize = permStateList.size(); RETURN_IF_FALSE(permStateListSize <= MAX_PERMLIST_SIZE); RETURN_IF_FALSE(out.WriteUint32(permStateListSize)); for (uint32_t i = 0; i < permStateListSize; i++) { - PermissionStateFullParcel permStateParcel; - permStateParcel.permStatFull = permStateList[i]; - out.WriteParcelable(&permStateParcel); + PermissionStatusParcel permStateParcel; + permStateParcel.permState = permStateList[i]; + RETURN_IF_FALSE(out.WriteParcelable(&permStateParcel)); } return true; @@ -57,10 +57,10 @@ HapTokenInfoForSyncParcel* HapTokenInfoForSyncParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadUint32(permStateListSize), hapTokenInfoForSyncParcel); RELEASE_IF_FALSE((permStateListSize <= MAX_PERMLIST_SIZE), hapTokenInfoForSyncParcel); for (uint32_t i = 0; i < permStateListSize; i++) { - sptr permissionStateParcel = in.ReadParcelable(); + sptr permissionStateParcel = in.ReadParcelable(); RELEASE_IF_FALSE(permissionStateParcel != nullptr, hapTokenInfoForSyncParcel); hapTokenInfoForSyncParcel->hapTokenInfoForSyncParams.permStateList.emplace_back( - permissionStateParcel->permStatFull); + permissionStateParcel->permState); } return hapTokenInfoForSyncParcel; } diff --git a/frameworks/accesstoken/src/hap_token_info_parcel.cpp b/frameworks/accesstoken/src/hap_token_info_parcel.cpp index 03d82bedaeceb92b4d28759ac9112507691496ce..fa7cebd52ac12c2635912d3af03b351bc76af973 100644 --- a/frameworks/accesstoken/src/hap_token_info_parcel.cpp +++ b/frameworks/accesstoken/src/hap_token_info_parcel.cpp @@ -21,15 +21,12 @@ namespace Security { namespace AccessToken { bool HapTokenInfoParcel::Marshalling(Parcel& out) const { - RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.apl)); RETURN_IF_FALSE(out.WriteUint8(this->hapTokenInfoParams.ver)); RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.userID)); RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.bundleName)); RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.apiVersion)); RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.instIndex)); RETURN_IF_FALSE(out.WriteInt32(this->hapTokenInfoParams.dlpType)); - RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.appID)); - RETURN_IF_FALSE(out.WriteString(this->hapTokenInfoParams.deviceID)); RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenID)); RETURN_IF_FALSE(out.WriteUint32(this->hapTokenInfoParams.tokenAttr)); return true; @@ -42,10 +39,7 @@ HapTokenInfoParcel* HapTokenInfoParcel::Unmarshalling(Parcel& in) return nullptr; } - int apl; uint8_t ver; - RELEASE_IF_FALSE(in.ReadInt32(apl), hapTokenInfoParcel); - hapTokenInfoParcel->hapTokenInfoParams.apl = ATokenAplEnum(apl); RELEASE_IF_FALSE(in.ReadUint8(ver), hapTokenInfoParcel); hapTokenInfoParcel->hapTokenInfoParams.ver = ver; RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.userID), hapTokenInfoParcel); @@ -53,8 +47,6 @@ HapTokenInfoParcel* HapTokenInfoParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.apiVersion), hapTokenInfoParcel); RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.instIndex), hapTokenInfoParcel); RELEASE_IF_FALSE(in.ReadInt32(hapTokenInfoParcel->hapTokenInfoParams.dlpType), hapTokenInfoParcel); - hapTokenInfoParcel->hapTokenInfoParams.appID = in.ReadString(); - hapTokenInfoParcel->hapTokenInfoParams.deviceID = in.ReadString(); RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenID), hapTokenInfoParcel); RELEASE_IF_FALSE(in.ReadUint32(hapTokenInfoParcel->hapTokenInfoParams.tokenAttr), hapTokenInfoParcel); return hapTokenInfoParcel; diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp deleted file mode 100644 index d380db591eed3f442ded813b8fbb849233f649bf..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "native_token_info_for_sync_parcel.h" -#include "refbase.h" -#include "native_token_info_parcel.h" -#include "parcel_utils.h" -#include "permission_state_full.h" -#include "permission_state_full_parcel.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const -{ - NativeTokenInfoParcel baseInfoParcel; - baseInfoParcel.nativeTokenInfoParams = this->nativeTokenInfoForSyncParams.baseInfo; - RETURN_IF_FALSE(out.WriteParcelable(&baseInfoParcel)); - - const std::vector& permStateList = this->nativeTokenInfoForSyncParams.permStateList; - uint32_t permStateListSize = permStateList.size(); - RETURN_IF_FALSE(permStateListSize <= MAX_PERMLIST_SIZE); - RETURN_IF_FALSE(out.WriteUint32(permStateListSize)); - for (uint32_t i = 0; i < permStateListSize; i++) { - PermissionStateFullParcel permStateParcel; - permStateParcel.permStatFull = permStateList[i]; - RETURN_IF_FALSE(out.WriteParcelable(&permStateParcel)); - } - - return true; -} - -NativeTokenInfoForSyncParcel* NativeTokenInfoForSyncParcel::Unmarshalling(Parcel& in) -{ - auto* nativeTokenInfoForSyncParcel = new (std::nothrow) NativeTokenInfoForSyncParcel(); - if (nativeTokenInfoForSyncParcel == nullptr) { - return nullptr; - } - - sptr baseInfoParcel = in.ReadParcelable(); - RELEASE_IF_FALSE(baseInfoParcel != nullptr, nativeTokenInfoForSyncParcel); - nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.baseInfo = baseInfoParcel->nativeTokenInfoParams; - - uint32_t permStateListSize; - RELEASE_IF_FALSE(in.ReadUint32(permStateListSize), nativeTokenInfoForSyncParcel); - RELEASE_IF_FALSE(permStateListSize <= MAX_PERMLIST_SIZE, nativeTokenInfoForSyncParcel); - for (uint32_t i = 0; i < permStateListSize; i++) { - sptr permissionStateParcel = in.ReadParcelable(); - RELEASE_IF_FALSE(permissionStateParcel != nullptr, nativeTokenInfoForSyncParcel); - nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.permStateList.emplace_back( - permissionStateParcel->permStatFull); - } - return nativeTokenInfoForSyncParcel; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/frameworks/accesstoken/src/native_token_info_parcel.cpp b/frameworks/accesstoken/src/native_token_info_parcel.cpp index cd2f6e8460f87d3ee397c5cbff0f4e4c7f840681..26b4139555d8dec593cd0c74fb45676365a56487 100644 --- a/frameworks/accesstoken/src/native_token_info_parcel.cpp +++ b/frameworks/accesstoken/src/native_token_info_parcel.cpp @@ -27,31 +27,7 @@ namespace AccessToken { bool NativeTokenInfoParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteInt32(this->nativeTokenInfoParams.apl)); - RETURN_IF_FALSE(out.WriteUint8(this->nativeTokenInfoParams.ver)); RETURN_IF_FALSE(out.WriteString(this->nativeTokenInfoParams.processName)); - RETURN_IF_FALSE(out.WriteUint32(this->nativeTokenInfoParams.tokenID)); - RETURN_IF_FALSE(out.WriteUint32(this->nativeTokenInfoParams.tokenAttr)); - - if ((this->nativeTokenInfoParams.dcap).size() > MAX_DCAP_SIZE) { - return false; - } - uint32_t dcapSize = (this->nativeTokenInfoParams.dcap).size(); - RETURN_IF_FALSE(out.WriteUint32(dcapSize)); - - for (const auto& dcapItem : this->nativeTokenInfoParams.dcap) { - RETURN_IF_FALSE(out.WriteString(dcapItem)); - } - - if ((this->nativeTokenInfoParams.nativeAcls).size() > MAX_ACL_SIZE) { - return false; - } - uint32_t nativeAclSize = (this->nativeTokenInfoParams.nativeAcls).size(); - RETURN_IF_FALSE(out.WriteUint32(nativeAclSize)); - - for (const auto& item : this->nativeTokenInfoParams.nativeAcls) { - RETURN_IF_FALSE(out.WriteString(item)); - } - return true; } @@ -63,35 +39,9 @@ NativeTokenInfoParcel* NativeTokenInfoParcel::Unmarshalling(Parcel& in) } int32_t apl; - uint8_t ver; RELEASE_IF_FALSE(in.ReadInt32(apl), nativeTokenInfoParcel); - RELEASE_IF_FALSE(in.ReadUint8(ver), nativeTokenInfoParcel); nativeTokenInfoParcel->nativeTokenInfoParams.apl = ATokenAplEnum(apl); - nativeTokenInfoParcel->nativeTokenInfoParams.ver = ver; - nativeTokenInfoParcel->nativeTokenInfoParams.processName = in.ReadString(); - RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenID), nativeTokenInfoParcel); - RELEASE_IF_FALSE(in.ReadUint32(nativeTokenInfoParcel->nativeTokenInfoParams.tokenAttr), nativeTokenInfoParcel); - - uint32_t dcapSize; - RELEASE_IF_FALSE(in.ReadUint32(dcapSize), nativeTokenInfoParcel); - RELEASE_IF_FALSE(dcapSize <= MAX_DCAP_SIZE, nativeTokenInfoParcel); - - for (uint32_t i = 0; i < dcapSize; i++) { - std::string dcapsItem; - RELEASE_IF_FALSE(in.ReadString(dcapsItem), nativeTokenInfoParcel); - nativeTokenInfoParcel->nativeTokenInfoParams.dcap.emplace_back(dcapsItem); - } - - uint32_t nativeAclSize; - RELEASE_IF_FALSE(in.ReadUint32(nativeAclSize), nativeTokenInfoParcel); - RELEASE_IF_FALSE(nativeAclSize <= MAX_ACL_SIZE, nativeTokenInfoParcel); - - for (uint32_t i = 0; i < nativeAclSize; i++) { - std::string item; - RELEASE_IF_FALSE(in.ReadString(item), nativeTokenInfoParcel); - nativeTokenInfoParcel->nativeTokenInfoParams.nativeAcls.emplace_back(item); - } return nativeTokenInfoParcel; } } // namespace AccessToken diff --git a/frameworks/accesstoken/src/permission_grant_info_parcel.cpp b/frameworks/accesstoken/src/permission_grant_info_parcel.cpp index e447be6c016218966b4f3dad4b14f16c211701f3..a487ff682effbdcfb3b80fdbc1082e72442ec737 100644 --- a/frameworks/accesstoken/src/permission_grant_info_parcel.cpp +++ b/frameworks/accesstoken/src/permission_grant_info_parcel.cpp @@ -23,6 +23,7 @@ bool PermissionGrantInfoParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteString(this->info.grantBundleName)); RETURN_IF_FALSE(out.WriteString(this->info.grantAbilityName)); + RETURN_IF_FALSE(out.WriteString(this->info.grantServiceAbilityName)); RETURN_IF_FALSE(out.WriteString(this->info.permStateAbilityName)); RETURN_IF_FALSE(out.WriteString(this->info.globalSwitchAbilityName)); return true; @@ -36,6 +37,7 @@ PermissionGrantInfoParcel* PermissionGrantInfoParcel::Unmarshalling(Parcel& in) } permissionGrantInfoParcel->info.grantBundleName = in.ReadString(); permissionGrantInfoParcel->info.grantAbilityName = in.ReadString(); + permissionGrantInfoParcel->info.grantServiceAbilityName = in.ReadString(); permissionGrantInfoParcel->info.permStateAbilityName = in.ReadString(); permissionGrantInfoParcel->info.globalSwitchAbilityName = in.ReadString(); return permissionGrantInfoParcel; diff --git a/frameworks/accesstoken/src/permission_list_state_parcel.cpp b/frameworks/accesstoken/src/permission_list_state_parcel.cpp index d373581a1d2844abf4afbdc5bfbbb7a24ef8d257..65ea4120d730e52486aa673e55294b2d05cd1a2d 100644 --- a/frameworks/accesstoken/src/permission_list_state_parcel.cpp +++ b/frameworks/accesstoken/src/permission_list_state_parcel.cpp @@ -24,6 +24,7 @@ bool PermissionListStateParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteString(this->permsState.permissionName)); RETURN_IF_FALSE(out.WriteInt32(static_cast(this->permsState.state))); + RETURN_IF_FALSE(out.WriteInt32(static_cast(this->permsState.errorReason))); return true; } @@ -42,6 +43,9 @@ PermissionListStateParcel* PermissionListStateParcel::Unmarshalling(Parcel& in) return nullptr; } permissionStateParcel->permsState.state = static_cast(state); + int32_t errorReason; + RELEASE_IF_FALSE(in.ReadInt32(errorReason), permissionStateParcel); + permissionStateParcel->permsState.errorReason = static_cast(errorReason); return permissionStateParcel; } diff --git a/frameworks/accesstoken/src/permission_state_full_parcel.cpp b/frameworks/accesstoken/src/permission_state_full_parcel.cpp deleted file mode 100644 index da9e38d879df4e752da5c15af340750a1825eb12..0000000000000000000000000000000000000000 --- a/frameworks/accesstoken/src/permission_state_full_parcel.cpp +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_state_full_parcel.h" -#include "parcel_utils.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -bool PermissionStateFullParcel::Marshalling(Parcel& out) const -{ - RETURN_IF_FALSE(out.WriteString(this->permStatFull.permissionName)); - RETURN_IF_FALSE(out.WriteBool(this->permStatFull.isGeneral)); - - RETURN_IF_FALSE(out.WriteUint32(this->permStatFull.resDeviceID.size())); - for (auto devId : this->permStatFull.resDeviceID) { - RETURN_IF_FALSE(out.WriteString(devId)); - } - - RETURN_IF_FALSE(out.WriteUint32(this->permStatFull.grantStatus.size())); - for (auto grantStat : this->permStatFull.grantStatus) { - RETURN_IF_FALSE(out.WriteInt32(grantStat)); - } - - RETURN_IF_FALSE(out.WriteUint32(this->permStatFull.grantFlags.size())); - for (auto grantFlag : this->permStatFull.grantFlags) { - RETURN_IF_FALSE(out.WriteUint32(grantFlag)); - } - return true; -} - -PermissionStateFullParcel* PermissionStateFullParcel::Unmarshalling(Parcel& in) -{ - auto* permissionStateParcel = new (std::nothrow) PermissionStateFullParcel(); - if (permissionStateParcel == nullptr) { - return nullptr; - } - - RELEASE_IF_FALSE(in.ReadString(permissionStateParcel->permStatFull.permissionName), permissionStateParcel); - RELEASE_IF_FALSE(in.ReadBool(permissionStateParcel->permStatFull.isGeneral), permissionStateParcel); - - uint32_t resIdSize = 0; - RELEASE_IF_FALSE(in.ReadUint32(resIdSize), permissionStateParcel); - RELEASE_IF_FALSE(resIdSize <= MAX_DEVICE_ID_SIZE, permissionStateParcel); - for (uint32_t i = 0; i < resIdSize; i++) { - std::string resId; - RELEASE_IF_FALSE(in.ReadString(resId), permissionStateParcel); - permissionStateParcel->permStatFull.resDeviceID.emplace_back(resId); - } - - uint32_t grantStatsSize = 0; - RELEASE_IF_FALSE(in.ReadUint32(grantStatsSize), permissionStateParcel); - RELEASE_IF_FALSE(grantStatsSize <= MAX_DEVICE_ID_SIZE, permissionStateParcel); - for (uint32_t i = 0; i < grantStatsSize; i++) { - int grantStat; - RELEASE_IF_FALSE(in.ReadInt32(grantStat), permissionStateParcel); - permissionStateParcel->permStatFull.grantStatus.emplace_back(grantStat); - } - - uint32_t grantFlagSize = 0; - RELEASE_IF_FALSE(in.ReadUint32(grantFlagSize), permissionStateParcel); - RELEASE_IF_FALSE(grantFlagSize <= MAX_DEVICE_ID_SIZE, permissionStateParcel); - for (uint32_t i = 0; i < grantFlagSize; i++) { - uint32_t flag; - RELEASE_IF_FALSE(in.ReadUint32(flag), permissionStateParcel); - permissionStateParcel->permStatFull.grantFlags.emplace_back(flag); - } - return permissionStateParcel; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/frameworks/accesstoken/src/permission_status_parcel.cpp b/frameworks/accesstoken/src/permission_status_parcel.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f7fc523e822a07f222f30cc494ad7170f34dadc6 --- /dev/null +++ b/frameworks/accesstoken/src/permission_status_parcel.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_status_parcel.h" +#include "parcel_utils.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +bool PermissionStatusParcel::Marshalling(Parcel& out) const +{ + RETURN_IF_FALSE(out.WriteString(this->permState.permissionName)); + RETURN_IF_FALSE(out.WriteInt32(this->permState.grantStatus)); + RETURN_IF_FALSE(out.WriteUint32(this->permState.grantFlag)); + return true; +} + +PermissionStatusParcel* PermissionStatusParcel::Unmarshalling(Parcel& in) +{ + auto* permissionStateParcel = new (std::nothrow) PermissionStatusParcel(); + if (permissionStateParcel == nullptr) { + return nullptr; + } + + RELEASE_IF_FALSE(in.ReadString(permissionStateParcel->permState.permissionName), permissionStateParcel); + RELEASE_IF_FALSE(in.ReadInt32(permissionStateParcel->permState.grantStatus), permissionStateParcel); + RELEASE_IF_FALSE(in.ReadUint32(permissionStateParcel->permState.grantFlag), permissionStateParcel); + return permissionStateParcel; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index d78b3c41bde4436e3c5f564da7a70219abee6b1a..84a20c2c2b6acd9990e420015802728e80bd312f 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -44,15 +44,14 @@ ohos_shared_library("accesstoken_common_cxx") { sources = [ "src/constant_common.cpp", "src/data_validator.cpp", - "src/json_parser.cpp", "src/permission_map.cpp", + "src/time_util.cpp", ] external_deps = [ "c_utils:utils", "hilog:libhilog", "init:libbegetutil", - "json:nlohmann_json_static", ] configs = [ diff --git a/frameworks/common/include/accesstoken_common_log.h b/frameworks/common/include/accesstoken_common_log.h new file mode 100644 index 0000000000000000000000000000000000000000..634f533a0655ba177f4053083db6556dc794ad80 --- /dev/null +++ b/frameworks/common/include/accesstoken_common_log.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_COMMON_LOG_H +#define ACCESSTOKEN_COMMON_LOG_H + +#include "hilog/log.h" + +#define ATM_DOMAIN 0xD005A01 +#define ATM_TAG "ATM" + +#define PRI_DOMAIN 0xD005A02 +#define PRI_TAG "PRIVACY" + +#define LOGF(domain, tag, fmt, ...) \ + ((void)HILOG_IMPL(LOG_CORE, LOG_FATAL, domain, tag, \ + "[%{upblic}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +#define LOGE(domain, tag, fmt, ...) \ + ((void)HILOG_IMPL(LOG_CORE, LOG_ERROR, domain, tag, \ + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +#define LOGW(domain, tag, fmt, ...) \ + ((void)HILOG_IMPL(LOG_CORE, LOG_WARN, domain, tag, \ + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +#define LOGI(domain, tag, fmt, ...) \ + ((void)HILOG_IMPL(LOG_CORE, LOG_INFO, domain, tag, \ + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +#define LOGD(domain, tag, fmt, ...) \ + ((void)HILOG_IMPL(LOG_CORE, LOG_DEBUG, domain, tag, \ + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) + +#define IF_FALSE_PRINT_LOG(domain, tag, cond, fmt, ...) \ + do { \ + if (!(cond)) { \ + LOGE(domain, tag, fmt, ##__VA_ARGS__); \ + } \ + } while (0) + +#define IF_FALSE_RETURN_LOG(domain, tag, cond, fmt, ...) \ + do { \ + if (!(cond)) { \ + LOGE(domain, tag, fmt, ##__VA_ARGS__); \ + return; \ + } \ + } while (0) + +#endif // ACCESSTOKEN_COMMON_LOG_H diff --git a/frameworks/common/include/accesstoken_log.h b/frameworks/common/include/accesstoken_log.h index db001cf351b91baab2069554bc2f7b42bdcebc53..3d53ed332c75ff4e1f530c9e20f56f22342b3fdf 100644 --- a/frameworks/common/include/accesstoken_log.h +++ b/frameworks/common/include/accesstoken_log.h @@ -43,6 +43,13 @@ static constexpr unsigned int SECURITY_DOMAIN_PRIVACY = 0xD005A02; ((void)HILOG_IMPL(label.type, LOG_DEBUG, label.domain, label.tag, \ "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +#define IF_FALSE_RETURN_VALUE_LOG(label, cond, retVal, fmt, ...) \ + do { \ + if (!(cond)) { \ + ACCESSTOKEN_LOG_ERROR(label, fmt, ##__VA_ARGS__); \ + return retVal; \ + } \ + } while (0) #else #include @@ -57,6 +64,13 @@ static constexpr unsigned int SECURITY_DOMAIN_PRIVACY = 0xD005A02; #define ACCESSTOKEN_LOG_ERROR(fmt, ...) printf("[%s] error: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) #define ACCESSTOKEN_LOG_FATAL(fmt, ...) printf("[%s] fatal: %s: " fmt "\n", LOG_TAG, __func__, ##__VA_ARGS__) +#define IF_FALSE_RETURN_VALUE_LOG(cond, retVal, fmt, ...) \ + do { \ + if (!(cond)) { \ + ACCESSTOKEN_LOG_ERROR(fmt, ##__VA_ARGS__); \ + return retVal; \ + } \ + } while (0) #endif // HILOG_ENABLE #endif // ACCESSTOKEN_LOG_H diff --git a/frameworks/common/include/constant_common.h b/frameworks/common/include/constant_common.h index 8651f5d4e77c956572bfb92bd1cbb4c724d6fc9e..82e2da2b0f2fc7eacde82fbfe7a1a76234d9da63 100644 --- a/frameworks/common/include/constant_common.h +++ b/frameworks/common/include/constant_common.h @@ -37,6 +37,14 @@ public: * GetLocalDeviceId */ static std::string GetLocalDeviceId(); + + /** + * Flag operate + */ + static bool IsPermOperatedByUser(int32_t flag); + static bool IsPermOperatedBySystem(int32_t flag); + static bool IsPermGrantedBySecComp(int32_t flag); + static uint32_t GetFlagWithoutSpecifiedElement(uint32_t fullFlag, uint32_t removedFlag); }; } } diff --git a/frameworks/common/include/permission_map.h b/frameworks/common/include/permission_map.h index 9ced40f698a30ba019635c5eba60e2d879859c5a..6f375463753a50940f30cd9f11a1c8970d4f58bb 100644 --- a/frameworks/common/include/permission_map.h +++ b/frameworks/common/include/permission_map.h @@ -24,6 +24,7 @@ namespace Security { namespace AccessToken { bool TransferPermissionToOpcode(const std::string& permissionName, uint32_t& opCode); bool TransferOpcodeToPermission(uint32_t opCode, std::string& permissionName); +bool IsUserGrantPermission(const std::string& permission); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/utils/include/time_util.h b/frameworks/common/include/time_util.h similarity index 100% rename from services/common/utils/include/time_util.h rename to frameworks/common/include/time_util.h diff --git a/frameworks/common/src/constant_common.cpp b/frameworks/common/src/constant_common.cpp index 331a8b21f07202d4aaeec5e9db38f2f72a2b954b..1e4a9599fb5e4f1e7a37e389f1d630b4a719418c 100644 --- a/frameworks/common/src/constant_common.cpp +++ b/frameworks/common/src/constant_common.cpp @@ -15,6 +15,8 @@ #include "constant_common.h" #include + +#include "access_token.h" #include "parameter.h" namespace OHOS { @@ -51,6 +53,31 @@ std::string ConstantCommon::GetLocalDeviceId() } return localDeviceId; } + +bool ConstantCommon::IsPermOperatedByUser(int32_t flag) +{ + uint32_t uFlag = static_cast(flag); + return (uFlag & PERMISSION_USER_FIXED) || (uFlag & PERMISSION_USER_SET); +} + +bool ConstantCommon::IsPermOperatedBySystem(int32_t flag) +{ + uint32_t uFlag = static_cast(flag); + return (uFlag & PERMISSION_SYSTEM_FIXED) || (uFlag & PERMISSION_GRANTED_BY_POLICY); +} + +bool ConstantCommon::IsPermGrantedBySecComp(int32_t flag) +{ + uint32_t uFlag = static_cast(flag); + return uFlag & PERMISSION_COMPONENT_SET; +} + +uint32_t ConstantCommon::GetFlagWithoutSpecifiedElement(uint32_t fullFlag, uint32_t removedFlag) +{ + uint32_t unmaskedFlag = (fullFlag) & (~removedFlag); + return unmaskedFlag; +} + } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 7cabba045d234e902fd0f9ee104b0983a587ae6d..22fa6eea2891b6f14f6f4bf8b58e8e50db30f941 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -16,7 +16,7 @@ #include "data_validator.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "permission_used_request.h" #include "permission_used_type.h" #include "privacy_param.h" @@ -24,9 +24,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DataValidator"}; -} // namespace bool DataValidator::IsBundleNameValid(const std::string& bundleName) { @@ -46,7 +43,7 @@ bool DataValidator::IsDescValid(const std::string& desc) bool DataValidator::IsPermissionNameValid(const std::string& permissionName) { if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid perm length(%{public}d).", static_cast(permissionName.length())); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast(permissionName.length())); return false; } return true; @@ -91,7 +88,7 @@ bool DataValidator::IsProcessNameValid(const std::string& processName) bool DataValidator::IsDeviceIdValid(const std::string& deviceId) { if (deviceId.empty() || (deviceId.length() > MAX_LENGTH)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid deviceId length(%{public}d).", static_cast(deviceId.length())); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid deviceId length(%{public}d).", static_cast(deviceId.length())); return false; } return true; @@ -118,7 +115,7 @@ bool DataValidator::IsPermissionFlagValid(uint32_t flag) bool DataValidator::IsTokenIDValid(AccessTokenID id) { if (id == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid token."); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid token."); return false; } return true; @@ -142,7 +139,7 @@ bool DataValidator::IsPermissionUsedFlagValid(uint32_t flag) bool DataValidator::IsPermissionUsedTypeValid(uint32_t type) { if ((type != NORMAL_TYPE) && (type != PICKER_TYPE) && (type != SECURITY_COMPONENT_TYPE)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type); return false; } return true; @@ -152,7 +149,7 @@ bool DataValidator::IsPolicyTypeValid(uint32_t type) { PolicyType policyType = static_cast(type); if ((policyType != EDM) && (policyType != PRIVACY) && (policyType != TEMPORARY)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type); return false; } return true; @@ -162,7 +159,7 @@ bool DataValidator::IsCallerTypeValid(uint32_t type) { CallerType callerType = static_cast(type); if ((callerType != MICROPHONE) && (callerType != CAMERA)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type(%{public}d).", type); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type(%{public}d).", type); return false; } return true; @@ -173,7 +170,7 @@ bool DataValidator::IsHapCaller(AccessTokenID id) AccessTokenIDInner *idInner = reinterpret_cast(&id); ATokenTypeEnum type = static_cast(idInner->type); if (type != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Not hap(%{public}d).", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Not hap(%{public}d).", id); return false; } return true; diff --git a/frameworks/common/src/json_parser.cpp b/frameworks/common/src/json_parser.cpp deleted file mode 100644 index 67f60c287019725ed44f28fb83ef318f871b2c7a..0000000000000000000000000000000000000000 --- a/frameworks/common/src/json_parser.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "json_parser.h" - -#include -#include -#include -#include -#include - -#include "accesstoken_log.h" -#include "access_token_error.h" -#include "access_token.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "JsonParser"}; -constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M -constexpr size_t BUFFER_SIZE = 1024; -} - -bool JsonParser::GetStringFromJson(const nlohmann::json& j, const std::string& tag, std::string& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_string()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetIntFromJson(const nlohmann::json& j, const std::string& tag, int& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_number()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetUnsignedIntFromJson(const nlohmann::json& j, const std::string& tag, unsigned int& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_number()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -bool JsonParser::GetBoolFromJson(const nlohmann::json& j, const std::string& tag, bool& out) -{ - if (j.find(tag) != j.end() && j.at(tag).is_boolean()) { - out = j.at(tag).get(); - return true; - } - return false; -} - -int32_t JsonParser::ReadCfgFile(const std::string& file, std::string& rawData) -{ - char filePath[PATH_MAX + 1] = {0}; - if (realpath(file.c_str(), filePath) == NULL) { - return ERR_FILE_OPERATE_FAILED; - } - int32_t fd = open(filePath, O_RDONLY); - if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Open failed errno %{public}d.", errno); - return ERR_FILE_OPERATE_FAILED; - } - struct stat statBuffer; - - if (fstat(fd, &statBuffer) != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fstat failed."); - close(fd); - return ERR_FILE_OPERATE_FAILED; - } - - if (statBuffer.st_size == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Config file size is invalid."); - close(fd); - return ERR_PARAM_INVALID; - } - if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Config file size is too large."); - close(fd); - return ERR_OVERSIZE; - } - rawData.reserve(statBuffer.st_size); - - char buff[BUFFER_SIZE] = { 0 }; - ssize_t readLen = 0; - while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { - rawData.append(buff, readLen); - } - close(fd); - if (readLen == 0) { - return RET_SUCCESS; - } - return ERR_FILE_OPERATE_FAILED; -} - -bool JsonParser::IsDirExsit(const std::string& file) -{ - if (file.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "File path is empty"); - return false; - } - - struct stat buf; - if (stat(file.c_str(), &buf) != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get file attributes failed, errno %{public}d.", errno); - return false; - } - - if (!S_ISDIR(buf.st_mode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "File mode is not directory."); - return false; - } - - return true; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS \ No newline at end of file diff --git a/frameworks/common/src/permission_map.cpp b/frameworks/common/src/permission_map.cpp index d1a2ccf2525b8b111b08721b777f89d8b66d85fa..f5b3325e323906286124d88e02647f5387bf340b 100644 --- a/frameworks/common/src/permission_map.cpp +++ b/frameworks/common/src/permission_map.cpp @@ -68,6 +68,9 @@ const static std::vector> g_permMap = { {"ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY", true}, {"ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY", true}, {"ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", true}, + {"ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", true}, + {"ohos.permission.ACCESS_NEARLINK", true}, + {"ohos.permission.CUSTOM_SCREEN_CAPTURE", true}, {"ohos.permission.USE_BLUETOOTH", false}, {"ohos.permission.DISCOVER_BLUETOOTH", false}, {"ohos.permission.MANAGE_BLUETOOTH", false}, @@ -81,6 +84,7 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_PHONE_NUMBERS", false}, {"ohos.permission.DISTRIBUTED_SOFTBUS_CENTER", false}, {"ohos.permission.REQUIRE_FORM", false}, + {"ohos.permission.START_DESKTOP_UI_COMPONENT", false}, {"ohos.permission.AGENT_REQUIRE_FORM", false}, {"ohos.permission.GET_NETWORK_INFO", false}, {"ohos.permission.PLACE_CALL", false}, @@ -116,6 +120,7 @@ const static std::vector> g_permMap = { {"ohos.permission.UPDATE_SYSTEM", false}, {"ohos.permission.FACTORY_RESET", false}, {"ohos.permission.ASSIST_DEVICE_UPDATE", false}, + {"ohos.permission.PLUGIN_UPDATE", false}, {"ohos.permission.RECEIVE_UPDATE_MESSAGE", false}, {"ohos.permission.UPDATE_MIGRATE", false}, {"ohos.permission.GRANT_SENSITIVE_PERMISSIONS", false}, @@ -169,6 +174,7 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_WIFI_LOCAL_MAC", false}, {"ohos.permission.GET_WIFI_CONFIG", false}, {"ohos.permission.SET_WIFI_CONFIG", false}, + {"ohos.permission.MANAGE_ENTERPRISE_WIFI_CONNECTION", false}, {"ohos.permission.MANAGE_WIFI_CONNECTION", false}, {"ohos.permission.DUMP", false}, {"ohos.permission.MANAGE_WIFI_HOTSPOT", false}, @@ -176,6 +182,7 @@ const static std::vector> g_permMap = { {"ohos.permission.MANAGE_SECURE_SETTINGS", false}, {"ohos.permission.READ_DFX_SYSEVENT", false}, {"ohos.permission.READ_HIVIEW_SYSTEM", false}, + {"ohos.permission.READ_DFX_XPOWER", false}, {"ohos.permission.WRITE_HIVIEW_SYSTEM", false}, {"ohos.permission.SUBSCRIBE_SWING_ABILITY", false}, {"ohos.permission.MANAGER_SWING_MOTION", false}, @@ -213,11 +220,17 @@ const static std::vector> g_permMap = { {"ohos.permission.ENTERPRISE_OPERATE_DEVICE", false}, {"ohos.permission.ENTERPRISE_ADMIN_MANAGE", false}, {"ohos.permission.ENTERPRISE_CONFIG", false}, + {"ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY", false}, + {"ohos.permission.PUBLISH_ENTERPRISE_POLICY_EVENT", false}, + {"ohos.permission.RECEIVE_ENTERPRISE_POLICY_EVENT", false}, + {"ohos.permission.PERSONAL_MANAGE_RESTRICTIONS", false}, + {"ohos.permission.START_PROVISIONING_MESSAGE", false}, {"ohos.permission.NFC_TAG", false}, {"ohos.permission.NFC_CARD_EMULATION", false}, {"ohos.permission.MANAGE_UWB", false}, {"ohos.permission.USE_UWB_RANGING", false}, {"ohos.permission.PERMISSION_USED_STATS", false}, + {"ohos.permission.PERMISSION_RECORD_TOGGLE", false}, {"ohos.permission.NOTIFICATION_AGENT_CONTROLLER", false}, {"ohos.permission.MOUNT_UNMOUNT_MANAGER", false}, {"ohos.permission.MOUNT_FORMAT_MANAGER", false}, @@ -277,6 +290,10 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_SCENE_CODE", false}, {"ohos.permission.FILE_GUARD_MANAGER", false}, {"ohos.permission.SET_FILE_GUARD_POLICY", false}, + {"ohos.permission.ENTERPRISE_RECOVERY_KEY", false}, + {"ohos.permission.MANAGE_RECOVERY_KEY", false}, + {"ohos.permission.UTILIZE_RECOVERY_KEY", false}, + {"ohos.permission.GET_RECOVERY_KEY_BRIEF_INFORMATION", false}, {"ohos.permission.securityguard.SET_MODEL_STATE", false}, {"ohos.permission.hsdr.HSDR_ACCESS", false}, {"ohos.permission.SUPPORT_USER_AUTH", false}, @@ -335,6 +352,14 @@ const static std::vector> g_permMap = { {"ohos.permission.EXEMPT_CAMERA_PRIVACY_INDICATOR", false}, {"ohos.permission.EXEMPT_MICROPHONE_PRIVACY_INDICATOR", false}, {"ohos.permission.EXEMPT_LOCATION_PRIVACY_INDICATOR", false}, + {"ohos.permission.EXEMPT_PRIVACY_SECURITY_CENTER", false}, + {"ohos.permission.ACCESS_LEARN_MORE_DIALOG", false}, + {"ohos.permission.WRITE_PROTECTION_ADVICE_POLICY", false}, + {"ohos.permission.READ_PROTECTION_ADVICE_POLICY", false}, + {"ohos.permission.USE_FRAUD_MESSAGES_PICKER", false}, + {"ohos.permission.USE_FRAUD_CALL_LOG_PICKER", false}, + {"ohos.permission.USE_FRAUD_APP_PICKER", false}, + {"ohos.permission.PROXY_MESSAGE_AUTH", false}, {"ohos.permission.GET_SUPER_PRIVACY", false}, {"ohos.permission.SET_SUPER_PRIVACY", false}, {"ohos.permission.RECORD_VOICE_CALL", false}, @@ -346,7 +371,10 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_PASSWORDVAULT_ABILITY", false}, {"ohos.permission.ACCESS_LOWPOWER_MANAGER", false}, {"ohos.permission.ACCESS_DDK_USB", false}, + {"ohos.permission.ACCESS_DDK_USB_SERIAL", false}, + {"ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", false}, {"ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", false}, + {"ohos.permission.ACCESS_DDK_DRIVERS", false}, {"ohos.permission.ACCESS_TEXTAUTOFILL_ABILITY", false}, {"ohos.permission.ACCESS_DDK_HID", false}, {"ohos.permission.MANAGE_APP_BOOT", false}, @@ -354,12 +382,12 @@ const static std::vector> g_permMap = { {"ohos.permission.CONNECT_UI_EXTENSION_ABILITY", false}, {"ohos.permission.FILE_ACCESS_PERSIST", false}, {"ohos.permission.SET_SANDBOX_POLICY", false}, + {"ohos.permission.CHECK_SANDBOX_POLICY", false}, {"ohos.permission.ACCESS_ACCOUNT_KIT_SERVICE", false}, {"ohos.permission.REQUEST_ANONYMOUS_ATTEST", false}, {"ohos.permission.ACCESS_ACCOUNT_KIT_UI", false}, {"ohos.permission.READ_ACCOUNT_LOGIN_STATE", false}, {"ohos.permission.WRITE_ACCOUNT_LOGIN_STATE", false}, - {"ohos.permission.START_ABILITY_WITH_ANIMATION", false}, {"ohos.permission.START_RECENT_ABILITY", false}, {"ohos.permission.READ_CLOUD_SYNC_CONFIG", false}, {"ohos.permission.MANAGE_CLOUD_SYNC_CONFIG", false}, @@ -426,6 +454,7 @@ const static std::vector> g_permMap = { {"ohos.permission.MANAGE_SETTINGS", false}, {"ohos.permission.ACCESS_DEVICE_COLLABORATION_PRIVATE_ABILITY", false}, {"ohos.permission.ACCESS_DEVICE_COLLABORATION_SERVICE", false}, + {"ohos.permission.ACCESS_FUSION_AWARENESS_DATA", false}, {"ohos.permission.ACCESS_RINGTONE_RESOURCE", false}, {"ohos.permission.ACCESS_FILE_CONTENT_SHARE", false}, {"ohos.permission.ACCESS_SEARCH_SERVICE", false}, @@ -435,6 +464,8 @@ const static std::vector> g_permMap = { {"ohos.permission.SET_FOREGROUND_HAP_REMINDER", false}, {"ohos.permission.OPERATE_FINDNETWORK", false}, {"ohos.permission.QUERY_FINDNETWORK_LOCATION", false}, + {"ohos.permission.REGISTER_FINDNETWORK_ACCESSORY", false}, + {"ohos.permission.MANAGE_SHUTDOWN_FINDNETWORK", false}, {"ohos.permission.INJECT_INPUT_EVENT", false}, {"ohos.permission.ACCESS_SUBSCRIPTION_CAPSULE_DATA", false}, {"ohos.permission.PRE_START_ATOMIC_SERVICE", false}, @@ -470,9 +501,12 @@ const static std::vector> g_permMap = { {"ohos.permission.ACCESS_FACTORY_OTA_DIR", false}, {"ohos.permission.MICROPHONE_CONTROL", false}, {"ohos.permission.MANAGE_MOUSE_CURSOR", false}, + {"ohos.permission.INPUT_DEVICE_CONTROLLER", false}, {"ohos.permission.FILTER_INPUT_EVENT", false}, {"ohos.permission.INPUT_PANEL_STATUS_PUBLISHER", false}, {"ohos.permission.RECEIVE_FUSION_MESSAGES", false}, + {"ohos.permission.ACCESS_FUSION_MANAGER", false}, + {"ohos.permission.ACCESS_AMS_FROM_FUSION", false}, {"ohos.permission.PUBLISH_LOCATION_EVENT", false}, {"ohos.permission.DUMP_AUDIO", false}, {"ohos.permission.ACTIVATE_DEVICE_PSI", false}, @@ -485,6 +519,114 @@ const static std::vector> g_permMap = { {"ohos.permission.GET_FILE_THUMBNAIL", false}, {"ohos.permission.PUBLISH_DISPLAY_ROTATION_EVENT", false}, {"ohos.permission.PUBLISH_CAST_PLUGGED_EVENT", false}, + {"ohos.permission.NETWORK_DHCP", false}, + {"ohos.permission.ACCESS_BBOX_DIR", false}, + {"ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", false}, + {"ohos.permission.START_RESTORE_NOTIFICATION", false}, + {"ohos.permission.ALLOW_CONNECT_CAR", false}, + {"ohos.permission.MANAGE_NET_FIREWALL", false}, + {"ohos.permission.GET_NET_FIREWALL", false}, + {"ohos.permission.ACCESS_IDM_WIDGET", false}, + {"ohos.permission.GET_TELEPHONY_ESIM_STATE", false}, + {"ohos.permission.SET_TELEPHONY_ESIM_STATE", false}, + {"ohos.permission.MANAGE_ACCESSORY", false}, + {"ohos.permission.COLLECT_ACCESSORY_LOG", false}, + {"ohos.permission.ACCESS_DISTRIBUTED_MODEM", false}, + {"ohos.permission.GET_ETHERNET_LOCAL_MAC", false}, + {"ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", false}, + {"ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", false}, + {"ohos.permission.CAMERA_BACKGROUND", false}, + {"ohos.permission.CONNECT_PUSH_EXTENSION", false}, + {"ohos.permission.CONNECT_VOIP_EXTENSION", false}, + {"ohos.permission.CALLED_TRANSITION_ON_LOCK_SCREEN", false}, + {"ohos.permission.CALLED_BELOW_LOCK_SCREEN", false}, + {"ohos.permission.MANAGE_USER_ACCOUNT_INFO", false}, + {"ohos.permission.ALLOW_UPGRADE_GUIDE_ACCESS", false}, + {"ohos.permission.MANAGE_RGM", false}, + {"ohos.permission.ACCESS_PROTOCOL_DFX_DATA", false}, + {"ohos.permission.ACCESS_CMAP_SERVICE", false}, + {"ohos.permission.GET_NEARLINK_LOCAL_MAC", false}, + {"ohos.permission.MANAGE_NEARLINK", false}, + {"ohos.permission.UNINSTALL_QUICK_FIX_BUNDLE", false}, + {"ohos.permission.INSTALL_QUICK_FIX_BUNDLE", false}, + {"ohos.permission.INSTALL_SANDBOX_BUNDLE", false}, + {"ohos.permission.UNINSTALL_SANDBOX_BUNDLE", false}, + {"ohos.permission.MANAGE_SYSTEM_AUDIO_EFFECTS", false}, + {"ohos.permission.START_SYSTEM_DIALOG", false}, + {"ohos.permission.ACCESS_STATUSBAR_ICON", false}, + {"ohos.permission.ACCESS_AI_ABILITY", false}, + {"ohos.permission.READ_HEALTH_MOTION", false}, + {"ohos.permission.hsdr.REQUEST_HSDR", false}, + {"ohos.permission.QUERY_PASSWORD_VAULT_DATA", false}, + {"ohos.permission.SUBSCRIBE_NOTIFICATION_WINDOW_STATE", false}, + {"ohos.permission.STORAGE_MANAGER_CRYPT", false}, + {"ohos.permission.READ_FINDSERVICE", false}, + {"ohos.permission.GET_NEARLINK_PEER_MAC", false}, + {"ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN", false}, + {"ohos.permission.SUPERVISE_KIA_SERVICE", false}, + {"ohos.permission.ACCESS_ANALYTICS", false}, + {"ohos.permission.WINDOW_TOPMOST", false}, + {"ohos.permission.BLOCK_ALL_APP_START", false}, + {"ohos.permission.START_UIABILITY_TO_HIDDEN", false}, + {"ohos.permission.ACCESS_SUPER_HUB", false}, + {"ohos.permission.READ_WRITE_USB_DEV", false}, + {"ohos.permission.READ_WRITE_USER_FILE", false}, + {"ohos.permission.USER_AUTH_FROM_BACKGROUND", false}, + {"ohos.permission.READ_WEATHER_DATA", false}, + {"ohos.permission.MANAGE_APP_KEEP_ALIVE", false}, + {"ohos.permission.MANAGE_APP_KEEP_ALIVE_INTERNAL", false}, + {"ohos.permission.ACCESS_VIRTUAL_KEYBOARD", false}, + {"ohos.permission.CALLED_UIEXTENSION_ON_LOCK_SCREEN", false}, + {"ohos.permission.READ_APP_LOCK", false}, + {"ohos.permission.WRITE_APP_LOCK", false}, + {"ohos.permission.ACCESS_APP_LOCK", false}, + {"ohos.permission.ACCESS_APP_SINGLE_PERMISSION_MANAGEMENT", false}, + {"ohos.permission.ACCESS_APP_INSTALL_DIR", false}, + {"ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION", false}, + {"ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", false}, + {"ohos.permission.MANAGE_UDMF_APP_SHARE_OPTION", false}, + {"ohos.permission.MANAGE_PASTEBOARD_APP_SHARE_OPTION", false}, + {"ohos.permission.ENABLE_EXPERIENCE_HBM", false}, + {"ohos.permission.CAPTURE_PLAYBACK", false}, + {"ohos.permission.MICROPHONE_BACKGROUND", false}, + {"ohos.permission.USE_USER_ACCESS_MANAGER", false}, + {"ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT", false}, + {"ohos.permission.ACCESS_CONFIDENTIAL_COMPUTING_ZONE", false}, + {"ohos.permission.SYNC_ASSET_BETWEEN_TRUSTED_ACCOUNT", false}, + {"ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", false}, + {"ohos.permission.ACCESS_ACCOUNT_SERVICE_EXTENSION_ABILITY", false}, + {"ohos.permission.SET_LAUNCH_REASON_MESSAGE", false}, + {"ohos.permission.EXEMPT_CAPTURE_SCREEN_AUTHORIZE", false}, + {"ohos.permission.GET_DOMAIN_ACCOUNT_SERVER_CONFIGS", false}, + {"ohos.permission.MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS", false}, + {"ohos.permission.MANAGE_DOMAIN_ACCOUNTS", false}, + {"ohos.permission.WATCH_READ_EMERGENCY_INFO", false}, + {"ohos.permission.WATCH_WRITE_EMERGENCY_INFO", false}, + {"ohos.permission.WATCH_START_SOS_SERVICE", false}, + {"ohos.permission.ANTI_FRAUD", false}, + {"ohos.permission.GET_SIGNATURE_INFO", false}, + {"ohos.permission.NDK_START_SELF_UI_ABILITY", false}, + {"ohos.permission.GET_ANIM_POLICY", false}, + {"ohos.permission.PRELOAD_FILE", false}, + {"ohos.permission.INPUT_KEYBOARD_CONTROLLER", false}, + {"ohos.permission.LOCATION_SWITCH_IGNORED", false}, + {"ohos.permission.SET_MUTE_POLICY", false}, + {"ohos.permission.SET_ABILITY_INSTANCE_INFO", false}, + {"ohos.permission.VIRTUAL_KEYBOARD_WINDOW", false}, + {"ohos.permission.ACCESS_DLP_HIDE_INFO", false}, + {"ohos.permission.DLP_GET_HIDE_STATUS", false}, + {"ohos.permission.CONNECT_ASSET_ACCELERATION_EXTENSION", false}, + {"ohos.permission.GET_FAMILY_INFO", false}, + {"ohos.permission.GET_PAGE_INFO", false}, + {"ohos.permission.ACCESS_ACCOUNT_RECOMMENDATION_DATA", false}, + {"ohos.permission.SET_PAC_URL", false}, + {"ohos.permission.ACCESS_DISK_PHY_INFO", false}, + {"ohos.permission.MANAGE_EDM_POLICY", false}, + {"ohos.permission.ACCESS_USER_ACCOUNT_INFO", false}, + {"ohos.permission.ACCESS_VIRTUAL_SCREEN", false}, + {"ohos.permission.ACCESS_CUSTOM_RINGTONE", false}, + {"ohos.permission.PERFORM_LOCAL_DEBUG", false}, + {"ohos.permission.ACCESS_STARTUPGUIDE", false} }; bool TransferPermissionToOpcode(const std::string& permission, uint32_t& opCode) @@ -508,6 +650,16 @@ bool TransferOpcodeToPermission(uint32_t opCode, std::string& permission) permission = g_permMap[opCode].first; return true; } + +bool IsUserGrantPermission(const std::string& permission) +{ + for (const auto& perm : g_permMap) { + if (permission == perm.first) { + return perm.second; + } + } + return false; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/utils/src/time_util.cpp b/frameworks/common/src/time_util.cpp similarity index 82% rename from services/common/utils/src/time_util.cpp rename to frameworks/common/src/time_util.cpp index 2fbb28bd8087192264afd30e0686869ee0905f7e..6f8f7a0edd24ffef0cb74f69179add12272cd97b 100644 --- a/services/common/utils/src/time_util.cpp +++ b/frameworks/common/src/time_util.cpp @@ -14,17 +14,21 @@ */ #include "time_util.h" -#include +#include namespace OHOS { namespace Security { namespace AccessToken { +namespace { +static constexpr int64_t ONE_SECOND_MILLISECONDS = 1000; +} int64_t TimeUtil::GetCurrentTimestamp() { - std::chrono::milliseconds ms = std::chrono::duration_cast( - std::chrono::system_clock::now().time_since_epoch() - ); - return ms.count(); + struct timeval t; + gettimeofday(&t, nullptr); + int64_t timestamp = t.tv_sec * ONE_SECOND_MILLISECONDS + t.tv_usec / ONE_SECOND_MILLISECONDS; + + return timestamp; } bool TimeUtil::IsTimeStampsSameMinute(int64_t timeStamp1, int64_t timeStamp2) diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_client.h similarity index 64% rename from interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_client.h index f310df5e10f0efc7cc7c5016bbca56303e585a47..e143ace3a3817ad0248301823bf73cef37e9580a 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_client.h +++ b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_client.h @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -19,39 +19,38 @@ #include "el5_filekey_manager_interface.h" #include -#include "el5_filekey_manager_death_recipient.h" namespace OHOS { namespace Security { namespace AccessToken { +constexpr int32_t DEFAULT_SA_REQUEST_RETRY_TIMES = 1; class El5FilekeyManagerClient { public: - static El5FilekeyManagerClient& GetInstance(); + static El5FilekeyManagerClient &GetInstance(); ~El5FilekeyManagerClient(); int32_t AcquireAccess(DataLockType type); int32_t ReleaseAccess(DataLockType type); - int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId); - int32_t DeleteAppKey(const std::string& keyId); + int32_t GenerateAppKey(uint32_t uid, const std::string &bundleName, std::string &keyId); + int32_t DeleteAppKey(const std::string &bundleName, int32_t userId); int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos); int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos); int32_t SetFilePathPolicy(); int32_t RegisterCallback(const sptr &callback); - - void LoadSystemAbilitySuccess(const sptr &remoteObject); - void LoadSystemAbilityFail(); - void OnRemoteDiedHandle(); + int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId); + int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID); + int32_t QueryAppKeyState(DataLockType type); + int32_t CallProxyWithRetry(const std::function &)> &func, + const char *funcName, int32_t retryTimes = DEFAULT_SA_REQUEST_RETRY_TIMES); + bool IsRequestNeedRetry(int32_t ret); private: El5FilekeyManagerClient(); DISALLOW_COPY_AND_MOVE(El5FilekeyManagerClient); std::mutex proxyMutex_; - sptr proxy_ = nullptr; - std::condition_variable proxyConVar_; - sptr deathRecipient_ = nullptr; sptr GetProxy(); }; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS +} // namespace AccessToken +} // namespace Security +} // namespace OHOS #endif // EL5_FILEKEY_MANAGER_CLIENT_H diff --git a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface.h similarity index 84% rename from frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface.h index 61fda9112627a8d8b6d50fcb1ca8c43bfaf85878..dd3e1086ff25a592693675caaa397c1b014eeb48 100644 --- a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface.h +++ b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface.h @@ -34,12 +34,15 @@ public: virtual int32_t AcquireAccess(DataLockType type) = 0; virtual int32_t ReleaseAccess(DataLockType type) = 0; virtual int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) = 0; - virtual int32_t DeleteAppKey(const std::string& keyId) = 0; + virtual int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) = 0; virtual int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) = 0; virtual int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) = 0; virtual int32_t SetFilePathPolicy() = 0; virtual int32_t RegisterCallback(const sptr &callback) = 0; + virtual int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) = 0; + virtual int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID) = 0; + virtual int32_t QueryAppKeyState(DataLockType type) = 0; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface_code.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface_code.h similarity index 93% rename from frameworks/el5filekeymanager/include/el5_filekey_manager_interface_code.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface_code.h index 049fea05485ad8d02b499493280e61d9d2120e82..688659dec8ca7c7ed51c137a9a66beb5c5920461 100644 --- a/frameworks/el5filekeymanager/include/el5_filekey_manager_interface_code.h +++ b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_interface_code.h @@ -29,6 +29,9 @@ enum class EFMInterfaceCode { CHANGE_USER_APP_KEYS_LOAD_INFO, SET_FILE_PATH_POLICY, REGISTER_CALLBACK, + GENERATE_GROUPID_KEY, + DELETE_GROUPID_KEY, + QUERY_APP_KEY_STATE, }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/el5filekeymanager/include/el5_filekey_manager_log.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_log.h similarity index 100% rename from frameworks/el5filekeymanager/include/el5_filekey_manager_log.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_log.h diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_proxy.h similarity index 85% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_proxy.h index 6d0bfa26967d673cd57fee42ab3af6968da70933..f572cc282f97e066a86d700b5278bdf68e9b834b 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_proxy.h +++ b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_manager_proxy.h @@ -31,12 +31,15 @@ public: int32_t AcquireAccess(DataLockType type) override; int32_t ReleaseAccess(DataLockType type) override; int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) override; - int32_t DeleteAppKey(const std::string& keyId) override; + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) override; int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) override; int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) override; int32_t SetFilePathPolicy() override; int32_t RegisterCallback(const sptr &callback) override; + int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) override; + int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID) override; + int32_t QueryAppKeyState(DataLockType type) override; private: static inline BrokerDelegator delegator_; }; diff --git a/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_service_ext_interface.h similarity index 79% rename from frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h rename to frameworks/inner_api/el5filekeymanager/include/el5_filekey_service_ext_interface.h index 00d17ec3ab60cfbc07b8bc2c9996d86826d93580..13f2448ff2f53790731db0f6f8f61e0750f48b94 100644 --- a/frameworks/el5filekeymanager/include/el5_filekey_service_ext_interface.h +++ b/frameworks/inner_api/el5filekeymanager/include/el5_filekey_service_ext_interface.h @@ -28,7 +28,7 @@ public: virtual int32_t AcquireAccess(DataLockType type, bool isApp) = 0; virtual int32_t ReleaseAccess(DataLockType type, bool isApp) = 0; virtual int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) = 0; - virtual int32_t DeleteAppKey(const std::string& keyId) = 0; + virtual int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) = 0; virtual int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) = 0; virtual int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) = 0; @@ -37,6 +37,11 @@ public: virtual int32_t SetPolicyScreenLocked() = 0; virtual int32_t DumpData(int fd, const std::vector& args) = 0; virtual int32_t RegisterCallback(const sptr &callback) = 0; + virtual int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) = 0; + virtual int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID) = 0; + virtual int32_t QueryAppKeyState(DataLockType type, bool isApp) = 0; + virtual void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) = 0; + virtual void UnInit() = 0; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/BUILD.gn b/frameworks/js/napi/BUILD.gn similarity index 87% rename from interfaces/kits/BUILD.gn rename to frameworks/js/napi/BUILD.gn index 4ce2c2b1d0108994f0d8f8ce9a65c78e4c7fab9a..57602dbdaa01ed6873cf38d8bc08746fcdbc6972 100644 --- a/interfaces/kits/BUILD.gn +++ b/frameworks/js/napi/BUILD.gn @@ -24,10 +24,3 @@ group("napi_packages") { ] } } - -group("cj_packages") { - deps = [] - if (support_jsapi) { - deps += [ "accesstoken:cj_ability_access_ctrl_ffi" ] - } -} diff --git a/frameworks/js/napi/accesstoken/BUILD.gn b/frameworks/js/napi/accesstoken/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6cebe5c4c58380e6392910cf5b676301cad5ec80 --- /dev/null +++ b/frameworks/js/napi/accesstoken/BUILD.gn @@ -0,0 +1,78 @@ +# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../../access_token.gni") + +ohos_shared_library("libabilityaccessctrl") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/token_callback/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "${access_token_path}/interfaces/kits/js/napi/common/include", + "${access_token_path}/interfaces/kits/js/napi/accesstoken/include", + ] + + sources = [ + "src/napi_atmanager.cpp", + "src/napi_context_common.cpp", + "src/napi_request_global_switch_on_setting.cpp", + "src/napi_request_permission.cpp", + "src/napi_request_permission_on_setting.cpp", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "../common:libnapi_common", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + external_deps = [ + "ability_base:want", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "ability_runtime:napi_base_context", + "ability_runtime:ui_extension", + "ace_engine:ace_uicontent", + "c_utils:utils", + "hilog:libhilog", + "hisysevent:libhisysevent", + "init:libbegetutil", + "ipc:ipc_single", + "napi:ace_napi", + ] + + if (eventhandler_enable == true) { + cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] + external_deps += [ "eventhandler:libeventhandler" ] + } + + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + relative_install_dir = "module" + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp similarity index 74% rename from interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp rename to frameworks/js/napi/accesstoken/src/napi_atmanager.cpp index 134967a0036566e078f8a09df6b23d39b6c4a36f..3f98af78960b617b799ca090c793c8ca68c41b70 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_atmanager.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp @@ -15,12 +15,15 @@ #include "napi_atmanager.h" #include "access_token.h" +#include "hisysevent.h" +#include "napi_hisysevent_adapter.h" #include "napi_request_global_switch_on_setting.h" #include "napi_request_permission.h" #include "napi_request_permission_on_setting.h" #include "parameter.h" #include "token_setproc.h" #include "want.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { @@ -30,11 +33,15 @@ std::vector g_permStateChangeRegisters; std::mutex g_lockCache; std::map g_cache; static PermissionParamCache g_paramCache; +static std::atomic g_cnt = 0; +constexpr uint32_t REPORT_CNT = 10; namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenAbilityAccessCtrl" -}; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; +static const char* REGISTER_PERMISSION_STATE_CHANGE_TYPE = "permissionStateChange"; +static const char* REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE = "selfPermissionStateChange"; +constexpr uint32_t THIRD_PARAM = 2; +constexpr uint32_t FORTH_PARAM = 3; + static void ReturnPromiseResult(napi_env env, int32_t contextResult, napi_deferred deferred, napi_value result) { if (contextResult != RET_SUCCESS) { @@ -87,7 +94,7 @@ static void NotifyPermStateChanged(RegisterPermStateChangeWorker* registerPermSt napi_create_object(registerPermStateChangeData->env, &result)); if (!ConvertPermStateChangeInfo(registerPermStateChangeData->env, result, registerPermStateChangeData->result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ConvertPermStateChangeInfo failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "ConvertPermStateChangeInfo failed"); return; } @@ -102,31 +109,9 @@ static void NotifyPermStateChanged(RegisterPermStateChangeWorker* registerPermSt napi_call_function(registerPermStateChangeData->env, undefined, callback, 1, &result, &resultOut)); } -static void UvQueueWorkPermStateChanged(uv_work_t* work, int status) -{ - if (work == nullptr || work->data == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work == nullptr || work->data == nullptr"); - return; - } - std::unique_ptr uvWorkPtr {work}; - RegisterPermStateChangeWorker* registerPermStateChangeData = - reinterpret_cast(work->data); - std::unique_ptr workPtr {registerPermStateChangeData}; - - napi_handle_scope scope = nullptr; - napi_open_handle_scope(registerPermStateChangeData->env, &scope); - if (scope == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to open scope"); - return; - } - NotifyPermStateChanged(registerPermStateChangeData); - napi_close_handle_scope(registerPermStateChangeData->env, scope); - ACCESSTOKEN_LOG_DEBUG(LABEL, "UvQueueWorkPermStateChanged end"); -}; - static bool IsPermissionFlagValid(uint32_t flag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Permission flag is %{public}d", flag); + LOGD(ATM_DOMAIN, ATM_TAG, "Permission flag is %{public}d", flag); return (flag == PermissionFlag::PERMISSION_USER_SET) || (flag == PermissionFlag::PERMISSION_USER_FIXED) || (flag == PermissionFlag::PERMISSION_ALLOW_THIS_TIME); }; @@ -148,40 +133,35 @@ void RegisterPermStateChangeScopePtr::PermStateChangeCallback(PermStateChangeInf { std::lock_guard lock(validMutex_); if (!valid_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Object is invalid."); - return; - } - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(env_, napi_get_uv_event_loop(env_, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Object is invalid."); return; } - std::unique_ptr uvWorkPtr {work}; - RegisterPermStateChangeWorker* registerPermStateChangeWorker = - new (std::nothrow) RegisterPermStateChangeWorker(); + RegisterPermStateChangeWorker* registerPermStateChangeWorker = new (std::nothrow) RegisterPermStateChangeWorker(); if (registerPermStateChangeWorker == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for RegisterPermStateChangeWorker!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for RegisterPermStateChangeWorker!"); return; } std::unique_ptr workPtr {registerPermStateChangeWorker}; registerPermStateChangeWorker->env = env_; registerPermStateChangeWorker->ref = ref_; registerPermStateChangeWorker->result = result; - ACCESSTOKEN_LOG_DEBUG(LABEL, - "result permStateChangeType = %{public}d, tokenID = %{public}d, permissionName = %{public}s", - result.permStateChangeType, result.tokenID, result.permissionName.c_str()); - registerPermStateChangeWorker->subscriber = shared_from_this(); - work->data = reinterpret_cast(registerPermStateChangeWorker); - NAPI_CALL_RETURN_VOID(env_, - uv_queue_work_with_qos(loop, work, [](uv_work_t* work) {}, UvQueueWorkPermStateChanged, uv_qos_default)); - uvWorkPtr.release(); - workPtr.release(); + auto task = [registerPermStateChangeWorker]() { + napi_handle_scope scope = nullptr; + napi_open_handle_scope(registerPermStateChangeWorker->env, &scope); + if (scope == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to open scope"); + delete registerPermStateChangeWorker; + return; + } + NotifyPermStateChanged(registerPermStateChangeWorker); + napi_close_handle_scope(registerPermStateChangeWorker->env, scope); + delete registerPermStateChangeWorker; + }; + if (napi_status::napi_ok != napi_send_event(env_, task, napi_eprio_high)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermStateChangeCallback: Failed to SendEvent"); + } else { + workPtr.release(); + } } void RegisterPermStateChangeScopePtr::SetEnv(const napi_env& env) @@ -203,59 +183,25 @@ void RegisterPermStateChangeScopePtr::SetValid(bool valid) PermStateChangeContext::~PermStateChangeContext() {} -void UvQueueWorkDeleteRef(uv_work_t *work, int32_t status) -{ - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work == nullptr : %{public}d", work == nullptr); - return; - } else if (work->data == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work->data == nullptr : %{public}d", work->data == nullptr); - return; - } - RegisterPermStateChangeWorker* registerPermStateChangeWorker = - reinterpret_cast(work->data); - if (registerPermStateChangeWorker == nullptr) { - delete work; - return; - } - napi_delete_reference(registerPermStateChangeWorker->env, registerPermStateChangeWorker->ref); - delete registerPermStateChangeWorker; - registerPermStateChangeWorker = nullptr; - delete work; - ACCESSTOKEN_LOG_DEBUG(LABEL, "UvQueueWorkDeleteRef end"); -} - void RegisterPermStateChangeScopePtr::DeleteNapiRef() { - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(env_, napi_get_uv_event_loop(env_, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; - } - - std::unique_ptr uvWorkPtr {work}; - RegisterPermStateChangeWorker* registerPermStateChangeWorker = - new (std::nothrow) RegisterPermStateChangeWorker(); + RegisterPermStateChangeWorker* registerPermStateChangeWorker = new (std::nothrow) RegisterPermStateChangeWorker(); if (registerPermStateChangeWorker == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for RegisterPermStateChangeWorker!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for RegisterPermStateChangeWorker!"); return; } std::unique_ptr workPtr {registerPermStateChangeWorker}; registerPermStateChangeWorker->env = env_; registerPermStateChangeWorker->ref = ref_; - - work->data = reinterpret_cast(registerPermStateChangeWorker); - NAPI_CALL_RETURN_VOID(env_, - uv_queue_work_with_qos(loop, work, [](uv_work_t* work) {}, UvQueueWorkDeleteRef, uv_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeleteNapiRef"); - uvWorkPtr.release(); - workPtr.release(); + auto task = [registerPermStateChangeWorker]() { + napi_delete_reference(registerPermStateChangeWorker->env, registerPermStateChangeWorker->ref); + delete registerPermStateChangeWorker; + }; + if (napi_status::napi_ok != napi_send_event(env_, task, napi_eprio_high)) { + LOGE(ATM_DOMAIN, ATM_TAG, "DeleteNapiRef: Failed to SendEvent"); + } else { + workPtr.release(); + } } void NapiAtManager::SetNamedProperty(napi_env env, napi_value dstObj, const int32_t objValue, const char *propName) @@ -267,7 +213,7 @@ void NapiAtManager::SetNamedProperty(napi_env env, napi_value dstObj, const int3 napi_value NapiAtManager::Init(napi_env env, napi_value exports) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Enter init."); + LOGD(ATM_DOMAIN, ATM_TAG, "Enter init."); napi_property_descriptor descriptor[] = { DECLARE_NAPI_FUNCTION("createAtManager", CreateAtManager) }; @@ -291,6 +237,7 @@ napi_value NapiAtManager::Init(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("getPermissionsStatus", NapiRequestPermission::GetPermissionsStatus), DECLARE_NAPI_FUNCTION("requestPermissionOnSetting", NapiRequestPermissionOnSetting::RequestPermissionOnSetting), DECLARE_NAPI_FUNCTION("requestGlobalSwitch", NapiRequestGlobalSwitch::RequestGlobalSwitch), + DECLARE_NAPI_FUNCTION("requestPermissionOnApplicationSetting", RequestAppPermOnSetting), }; napi_value cons = nullptr; @@ -348,7 +295,7 @@ void NapiAtManager::CreateObjects(napi_env env, napi_value exports) napi_value NapiAtManager::JsConstructor(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Enter JsConstructor"); + LOGD(ATM_DOMAIN, ATM_TAG, "Enter JsConstructor"); napi_value thisVar = nullptr; NAPI_CALL(env, napi_get_cb_info(env, cbinfo, nullptr, nullptr, &thisVar, nullptr)); @@ -357,17 +304,17 @@ napi_value NapiAtManager::JsConstructor(napi_env env, napi_callback_info cbinfo) napi_value NapiAtManager::CreateAtManager(napi_env env, napi_callback_info cbInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Enter CreateAtManager"); + LOGD(ATM_DOMAIN, ATM_TAG, "Enter CreateAtManager"); napi_value instance = nullptr; napi_value cons = nullptr; NAPI_CALL(env, napi_get_reference_value(env, g_atManagerRef_, &cons)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get a reference to the global variable g_atManagerRef_ complete"); + LOGD(ATM_DOMAIN, ATM_TAG, "Get a reference to the global variable g_atManagerRef_ complete"); NAPI_CALL(env, napi_new_instance(env, cons, 0, nullptr, &instance)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "New the js instance complete"); + LOGD(ATM_DOMAIN, ATM_TAG, "New the js instance complete"); return instance; } @@ -404,17 +351,63 @@ bool NapiAtManager::ParseInputVerifyPermissionOrGetFlag(const napi_env env, cons return false; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID = %{public}d, permissionName = %{public}s", asyncContext.tokenId, + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID = %{public}d, permissionName = %{public}s", asyncContext.tokenId, asyncContext.permissionName.c_str()); return true; } +bool NapiAtManager::ParseInputVerifyPermissionSync(const napi_env env, const napi_callback_info info, + AtManagerSyncContext& syncContext) +{ + size_t argc = NapiContextCommon::MAX_PARAMS_TWO; + + napi_value argv[NapiContextCommon::MAX_PARAMS_TWO] = { nullptr }; + napi_value thisVar = nullptr; + std::string errMsg; + void *data = nullptr; + NAPI_CALL_BASE(env, napi_get_cb_info(env, info, &argc, argv, &thisVar, &data), false); + if (argc < NapiContextCommon::MAX_PARAMS_TWO) { + NAPI_CALL_BASE(env, napi_throw(env, GenerateBusinessError(env, + JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")), false); + return false; + } + syncContext.env = env; + // 0: the first parameter of argv + if (!ParseUint32(env, argv[0], syncContext.tokenId)) { + errMsg = GetParamErrorMsg("tokenId", "number"); + NAPI_CALL_BASE(env, + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); + return false; + } + + // 1: the second parameter of argv + if (!ParseString(env, argv[1], syncContext.permissionName)) { + errMsg = GetParamErrorMsg("permissionName", "string"); + NAPI_CALL_BASE(env, + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); + return false; + } + + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID = %{public}d, permissionName = %{public}s", syncContext.tokenId, + syncContext.permissionName.c_str()); + return true; +} + void NapiAtManager::VerifyAccessTokenExecute(napi_env env, void *data) { AtManagerAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { return; } + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + int32_t cnt = g_cnt.fetch_add(1); + if (cnt % REPORT_CNT == 0) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "VERIFY_ACCESS_TOKEN_EVENT", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "EVENT_CODE", VERIFY_TOKENID_INCONSISTENCY, + "SELF_TOKENID", selfTokenId, "CONTEXT_TOKENID", asyncContext->tokenId); + } + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); } @@ -424,7 +417,7 @@ void NapiAtManager::VerifyAccessTokenComplete(napi_env env, napi_status status, std::unique_ptr context {asyncContext}; napi_value result; - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenId = %{public}d, permissionName = %{public}s, verify result = %{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenId = %{public}d, permissionName = %{public}s, verify result = %{public}d.", asyncContext->tokenId, asyncContext->permissionName.c_str(), asyncContext->result); NAPI_CALL_RETURN_VOID(env, napi_create_int32(env, asyncContext->result, &result)); // verify result @@ -433,11 +426,11 @@ void NapiAtManager::VerifyAccessTokenComplete(napi_env env, napi_status status, napi_value NapiAtManager::VerifyAccessToken(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "VerifyAccessToken begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct failed."); return nullptr; } @@ -458,7 +451,7 @@ napi_value NapiAtManager::VerifyAccessToken(napi_env env, napi_callback_info inf reinterpret_cast(asyncContext), &(asyncContext->work))); NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessToken end."); + LOGD(ATM_DOMAIN, ATM_TAG, "VerifyAccessToken end."); context.release(); return result; } @@ -481,6 +474,15 @@ void NapiAtManager::CheckAccessTokenExecute(napi_env env, void *data) asyncContext->errorCode = JS_ERROR_PARAM_INVALID; return; } + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + int32_t cnt = g_cnt.fetch_add(1); + if (cnt % REPORT_CNT == 0) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "VERIFY_ACCESS_TOKEN_EVENT", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "EVENT_CODE", VERIFY_TOKENID_INCONSISTENCY, + "SELF_TOKENID", selfTokenId, "CONTEXT_TOKENID", asyncContext->tokenId); + } + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); @@ -499,11 +501,11 @@ void NapiAtManager::CheckAccessTokenComplete(napi_env env, napi_status status, v napi_value NapiAtManager::CheckAccessToken(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "CheckAccessToken begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "CheckAccessToken begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } @@ -524,7 +526,7 @@ napi_value NapiAtManager::CheckAccessToken(napi_env env, napi_callback_info info reinterpret_cast(asyncContext), &(asyncContext->work))); NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "CheckAccessToken end."); + LOGD(ATM_DOMAIN, ATM_TAG, "CheckAccessToken end."); context.release(); return result; } @@ -533,14 +535,14 @@ std::string NapiAtManager::GetPermParamValue() { long long sysCommitId = GetSystemCommitId(); if (sysCommitId == g_paramCache.sysCommitIdCache) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "SysCommitId = %{public}lld", sysCommitId); + LOGD(ATM_DOMAIN, ATM_TAG, "SysCommitId = %{public}lld", sysCommitId); return g_paramCache.sysParamCache; } g_paramCache.sysCommitIdCache = sysCommitId; if (g_paramCache.handle == PARAM_DEFAULT_VALUE) { int32_t handle = static_cast(FindParameter(PERMISSION_STATUS_CHANGE_KEY)); if (handle == PARAM_DEFAULT_VALUE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "FindParameter failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "FindParameter failed"); return "-1"; } g_paramCache.handle = handle; @@ -551,7 +553,7 @@ std::string NapiAtManager::GetPermParamValue() char value[NapiContextCommon::VALUE_MAX_LEN] = {0}; auto ret = GetParameterValue(g_paramCache.handle, value, NapiContextCommon::VALUE_MAX_LEN - 1); if (ret < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Return default value, ret=%{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Return default value, ret=%{public}d", ret); return "-1"; } std::string resStr(value); @@ -561,65 +563,72 @@ std::string NapiAtManager::GetPermParamValue() return g_paramCache.sysParamCache; } -void NapiAtManager::UpdatePermissionCache(AtManagerAsyncContext* asyncContext) +void NapiAtManager::UpdatePermissionCache(AtManagerSyncContext* syncContext) { std::lock_guard lock(g_lockCache); - auto iter = g_cache.find(asyncContext->permissionName); + auto iter = g_cache.find(syncContext->permissionName); if (iter != g_cache.end()) { std::string currPara = GetPermParamValue(); if (currPara != iter->second.paramValue) { - asyncContext->result = AccessTokenKit::VerifyAccessToken( - asyncContext->tokenId, asyncContext->permissionName); - iter->second.status = asyncContext->result; + syncContext->result = AccessTokenKit::VerifyAccessToken( + syncContext->tokenId, syncContext->permissionName); + iter->second.status = syncContext->result; iter->second.paramValue = currPara; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Param changed currPara %{public}s", currPara.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Param changed currPara %{public}s", currPara.c_str()); } else { - asyncContext->result = iter->second.status; + syncContext->result = iter->second.status; } } else { - asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); - g_cache[asyncContext->permissionName].status = asyncContext->result; - g_cache[asyncContext->permissionName].paramValue = GetPermParamValue(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "G_cacheParam set %{public}s", - g_cache[asyncContext->permissionName].paramValue.c_str()); + syncContext->result = AccessTokenKit::VerifyAccessToken(syncContext->tokenId, syncContext->permissionName); + g_cache[syncContext->permissionName].status = syncContext->result; + g_cache[syncContext->permissionName].paramValue = GetPermParamValue(); + LOGD(ATM_DOMAIN, ATM_TAG, "G_cacheParam set %{public}s", + g_cache[syncContext->permissionName].paramValue.c_str()); } } napi_value NapiAtManager::VerifyAccessTokenSync(napi_env env, napi_callback_info info) { static uint64_t selfTokenId = GetSelfTokenID(); - auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); - if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + auto* syncContext = new (std::nothrow) AtManagerSyncContext(); + if (syncContext == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } - std::unique_ptr context {asyncContext}; - if (!ParseInputVerifyPermissionOrGetFlag(env, info, *asyncContext)) { + std::unique_ptr context {syncContext}; + if (!ParseInputVerifyPermissionSync(env, info, *syncContext)) { return nullptr; } - if (asyncContext->tokenId == 0) { + if (syncContext->tokenId == 0) { std::string errMsg = GetParamErrorMsg("tokenID", "number"); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JS_ERROR_PARAM_INVALID, errMsg))); return nullptr; } - if ((asyncContext->permissionName.empty()) || - ((asyncContext->permissionName.length() > NapiContextCommon::MAX_LENGTH))) { + if ((syncContext->permissionName.empty()) || + ((syncContext->permissionName.length() > NapiContextCommon::MAX_LENGTH))) { std::string errMsg = GetParamErrorMsg("permissionName", "string"); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JS_ERROR_PARAM_INVALID, errMsg))); return nullptr; } - if (asyncContext->tokenId != static_cast(selfTokenId)) { - asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); + if (syncContext->tokenId != static_cast(selfTokenId)) { + int32_t cnt = g_cnt.fetch_add(1); + if (cnt % REPORT_CNT == 0) { + AccessTokenID selfToken = static_cast(selfTokenId); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "VERIFY_ACCESS_TOKEN_EVENT", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "EVENT_CODE", VERIFY_TOKENID_INCONSISTENCY, + "SELF_TOKENID", selfToken, "CONTEXT_TOKENID", syncContext->tokenId); + } + syncContext->result = AccessTokenKit::VerifyAccessToken(syncContext->tokenId, syncContext->permissionName); napi_value result = nullptr; - NAPI_CALL(env, napi_create_int32(env, asyncContext->result, &result)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "VerifyAccessTokenSync end."); + NAPI_CALL(env, napi_create_int32(env, syncContext->result, &result)); + LOGD(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenSync end."); return result; } - UpdatePermissionCache(asyncContext); + UpdatePermissionCache(syncContext); napi_value result = nullptr; - NAPI_CALL(env, napi_create_int32(env, asyncContext->result, &result)); + NAPI_CALL(env, napi_create_int32(env, syncContext->result, &result)); return result; } @@ -673,7 +682,7 @@ bool NapiAtManager::ParseInputGrantOrRevokePermission(const napi_env env, const } } - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID = %{public}d, permissionName = %{public}s, flag = %{public}d", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID = %{public}d, permissionName = %{public}s, flag = %{public}d", asyncContext.tokenId, asyncContext.permissionName.c_str(), asyncContext.flag); return true; } @@ -699,7 +708,7 @@ void NapiAtManager::GrantUserGrantedPermissionExecute(napi_env env, void *data) return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName = %{public}s, grantmode = %{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName.c_str(), permissionDef.grantMode); if (!IsPermissionFlagValid(asyncContext->flag)) { @@ -712,7 +721,7 @@ void NapiAtManager::GrantUserGrantedPermissionExecute(napi_env env, void *data) } else { asyncContext->result = ERR_PERMISSION_NOT_EXIST; } - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, grant result = %{public}d.", asyncContext->tokenId, asyncContext->permissionName.c_str(), asyncContext->flag, asyncContext->result); } @@ -732,11 +741,11 @@ void NapiAtManager::GrantUserGrantedPermissionComplete(napi_env env, napi_status napi_value NapiAtManager::GetVersion(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetVersion begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetVersion begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } std::unique_ptr context {asyncContext}; @@ -752,7 +761,7 @@ napi_value NapiAtManager::GetVersion(napi_env env, napi_callback_info info) NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); context.release(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetVersion end."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetVersion end."); return result; } @@ -769,7 +778,7 @@ void NapiAtManager::GetVersionExecute(napi_env env, void *data) return; } asyncContext->result = static_cast(version); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Version result = %{public}d.", asyncContext->result); + LOGD(ATM_DOMAIN, ATM_TAG, "Version result = %{public}d.", asyncContext->result); } void NapiAtManager::GetVersionComplete(napi_env env, napi_status status, void *data) @@ -777,7 +786,7 @@ void NapiAtManager::GetVersionComplete(napi_env env, napi_status status, void *d AtManagerAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr context {asyncContext}; napi_value result = nullptr; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Version result = %{public}d.", asyncContext->result); + LOGD(ATM_DOMAIN, ATM_TAG, "Version result = %{public}d.", asyncContext->result); NAPI_CALL_RETURN_VOID(env, napi_create_int32(env, asyncContext->result, &result)); ReturnPromiseResult(env, asyncContext->errorCode, asyncContext->deferred, result); @@ -785,11 +794,11 @@ void NapiAtManager::GetVersionComplete(napi_env env, napi_status status, void *d napi_value NapiAtManager::GrantUserGrantedPermission(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "GrantUserGrantedPermission begin."); auto* context = new (std::nothrow) AtManagerAsyncContext(env); // for async work deliver data if (context == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } @@ -816,7 +825,7 @@ napi_value NapiAtManager::GrantUserGrantedPermission(napi_env env, napi_callback NAPI_CALL(env, napi_queue_async_work_with_qos(env, context->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GrantUserGrantedPermission end."); + LOGD(ATM_DOMAIN, ATM_TAG, "GrantUserGrantedPermission end."); contextPtr.release(); return result; } @@ -842,7 +851,7 @@ void NapiAtManager::RevokeUserGrantedPermissionExecute(napi_env env, void *data) return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName = %{public}s, grantmode = %{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName = %{public}s, grantmode = %{public}d.", asyncContext->permissionName.c_str(), permissionDef.grantMode); if (!IsPermissionFlagValid(asyncContext->flag)) { @@ -855,7 +864,7 @@ void NapiAtManager::RevokeUserGrantedPermissionExecute(napi_env env, void *data) } else { asyncContext->result = ERR_PERMISSION_NOT_EXIST; } - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "tokenId = %{public}d, permissionName = %{public}s, flag = %{public}d, revoke result = %{public}d.", asyncContext->tokenId, asyncContext->permissionName.c_str(), asyncContext->flag, asyncContext->result); } @@ -875,11 +884,11 @@ void NapiAtManager::RevokeUserGrantedPermissionComplete(napi_env env, napi_statu napi_value NapiAtManager::RevokeUserGrantedPermission(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "RevokeUserGrantedPermission begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); // for async work deliver data if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } @@ -904,7 +913,7 @@ napi_value NapiAtManager::RevokeUserGrantedPermission(napi_env env, napi_callbac reinterpret_cast(asyncContext), &(asyncContext->work))); NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "RevokeUserGrantedPermission end."); + LOGD(ATM_DOMAIN, ATM_TAG, "RevokeUserGrantedPermission end."); context.release(); return result; } @@ -930,11 +939,11 @@ void NapiAtManager::GetPermissionFlagsComplete(napi_env env, napi_status status, napi_value NapiAtManager::GetPermissionFlags(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionFlags begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } @@ -955,7 +964,7 @@ napi_value NapiAtManager::GetPermissionFlags(napi_env env, napi_callback_info in // add async work handle to the napi queue and wait for result napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionFlags end."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionFlags end."); context.release(); return result; } @@ -1062,11 +1071,11 @@ void NapiAtManager::GetPermissionRequestToggleStatusComplete(napi_env env, napi_ napi_value NapiAtManager::SetPermissionRequestToggleStatus(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "SetPermissionRequestToggleStatus begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatus begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New asyncContext failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "New asyncContext failed."); return nullptr; } @@ -1087,18 +1096,18 @@ napi_value NapiAtManager::SetPermissionRequestToggleStatus(napi_env env, napi_ca // add async work handle to the napi queue and wait for result NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "SetPermissionRequestToggleStatus end."); + LOGD(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatus end."); context.release(); return result; } napi_value NapiAtManager::GetPermissionRequestToggleStatus(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionRequestToggleStatus begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatus begin."); auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New asyncContext failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "New asyncContext failed."); return nullptr; } @@ -1119,7 +1128,116 @@ napi_value NapiAtManager::GetPermissionRequestToggleStatus(napi_env env, napi_ca // add async work handle to the napi queue and wait for result NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionRequestToggleStatus end."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatus end."); + context.release(); + return result; +} + +bool NapiAtManager::GetPermStateChangeType(const napi_env env, const size_t argc, const napi_value* argv, + std::string& type) +{ + std::string errMsg; + if (argc == 0) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); + return false; + } + // 0: the first parameter of argv + if (!ParseString(env, argv[0], type)) { + errMsg = GetParamErrorMsg("type", "permissionStateChange or selfPermissionStateChange"); + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + return false; + } + if ((type != REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) && (type != REGISTER_PERMISSION_STATE_CHANGE_TYPE)) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "type is invalid")); + return false; + } + return true; +} + +bool NapiAtManager::FillPermStateChangeScope(const napi_env env, const napi_value* argv, + const std::string& type, PermStateChangeScope& scopeInfo) +{ + std::string errMsg; + int index = 1; + if (type == REGISTER_PERMISSION_STATE_CHANGE_TYPE) { + if (!ParseAccessTokenIDArray(env, argv[index++], scopeInfo.tokenIDs)) { + errMsg = GetParamErrorMsg("tokenIDList", "Array"); + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + return false; + } + } else if (type == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) { + scopeInfo.tokenIDs = {GetSelfTokenID()}; + } + if (!ParseStringArray(env, argv[index++], scopeInfo.permList)) { + errMsg = GetParamErrorMsg("permissionNameList", "Array"); + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + return false; + } + return true; +} + +void NapiAtManager::RequestAppPermOnSettingExecute(napi_env env, void *data) +{ + AtManagerAsyncContext* asyncContext = reinterpret_cast(data); + if (asyncContext == nullptr) { + return; + } + asyncContext->result = AccessTokenKit::RequestAppPermOnSetting(asyncContext->tokenId); +} + +void NapiAtManager::RequestAppPermOnSettingComplete(napi_env env, napi_status status, void *data) +{ + AtManagerAsyncContext* asyncContext = reinterpret_cast(data); + std::unique_ptr callbackPtr {asyncContext}; + + napi_value result = GetNapiNull(env); + ReturnPromiseResult(env, asyncContext->result, asyncContext->deferred, result); +} + +napi_value NapiAtManager::RequestAppPermOnSetting(napi_env env, napi_callback_info info) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "RequestAppPermOnSetting begin."); + + auto* asyncContext = new (std::nothrow) AtManagerAsyncContext(env); + if (asyncContext == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "New asyncContext failed."); + return nullptr; + } + std::unique_ptr context {asyncContext}; + + size_t argc = NapiContextCommon::MAX_PARAMS_ONE; + napi_value argv[NapiContextCommon::MAX_PARAMS_ONE] = {nullptr}; + napi_value thatVar = nullptr; + + void *data = nullptr; + NAPI_CALL(env, napi_get_cb_info(env, info, &argc, argv, &thatVar, &data)); + if (argc < NapiContextCommon::MAX_PARAMS_ONE) { + NAPI_CALL(env, napi_throw(env, + GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing."))); + return nullptr; + } + + asyncContext->env = env; + if (!ParseUint32(env, argv[0], asyncContext->tokenId)) { + std::string errMsg = GetParamErrorMsg("tokenID", "number"); + NAPI_CALL(env, + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg))); + return nullptr; + } + + napi_value result = nullptr; + NAPI_CALL(env, napi_create_promise(env, &(asyncContext->deferred), &result)); + + napi_value resource = nullptr; // resource name + NAPI_CALL(env, napi_create_string_utf8(env, "RequestAppPermOnSetting", NAPI_AUTO_LENGTH, &resource)); + + NAPI_CALL(env, napi_create_async_work(env, nullptr, resource, + RequestAppPermOnSettingExecute, RequestAppPermOnSettingComplete, + reinterpret_cast(asyncContext), &(asyncContext->work))); + + NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default)); + + LOGD(ATM_DOMAIN, ATM_TAG, "RequestAppPermOnSetting end."); context.release(); return result; } @@ -1131,42 +1249,33 @@ bool NapiAtManager::FillPermStateChangeInfo(const napi_env env, const napi_value std::string errMsg; napi_ref callback = nullptr; - // 1: the second parameter of argv - if (!ParseAccessTokenIDArray(env, argv[1], scopeInfo.tokenIDs)) { - errMsg = GetParamErrorMsg("tokenIDList", "Array"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + if (!FillPermStateChangeScope(env, argv, type, scopeInfo)) { return false; } - // 2: the third parameter of argv - if (!ParseStringArray(env, argv[2], scopeInfo.permList)) { - errMsg = GetParamErrorMsg("tokenIDList", "Array"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); - return false; + uint32_t index; + if (type == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) { + index = THIRD_PARAM; + } else { + index = FORTH_PARAM; } - // 3: the fourth parameter of argv - if (!ParseCallback(env, argv[3], callback)) { - errMsg = GetParamErrorMsg("tokenIDList", "Callback"); + if (!ParseCallback(env, argv[index], callback)) { + errMsg = GetParamErrorMsg("callback", "Callback"); napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); return false; } std::sort(scopeInfo.tokenIDs.begin(), scopeInfo.tokenIDs.end()); std::sort(scopeInfo.permList.begin(), scopeInfo.permList.end()); - registerPermStateChangeInfo.env = env; registerPermStateChangeInfo.callbackRef = callback; - registerPermStateChangeInfo.permStateChangeType = type; registerPermStateChangeInfo.subscriber = std::make_shared(scopeInfo); registerPermStateChangeInfo.subscriber->SetEnv(env); registerPermStateChangeInfo.subscriber->SetCallbackRef(callback); - registerPermStateChangeInfo.threadId_ = std::this_thread::get_id(); std::shared_ptr *subscriber = new (std::nothrow) std::shared_ptr( registerPermStateChangeInfo.subscriber); if (subscriber == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create subscriber"); return false; } napi_wrap(env, thisVar, reinterpret_cast(subscriber), [](napi_env nev, void *data, void *hint) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RegisterPermStateChangeScopePtr delete"); std::shared_ptr* subscriber = static_cast*>(data); if (subscriber != nullptr && *subscriber != nullptr) { @@ -1185,31 +1294,34 @@ bool NapiAtManager::ParseInputToRegister(const napi_env env, const napi_callback napi_value argv[NapiContextCommon::MAX_PARAMS_FOUR] = {nullptr}; napi_value thisVar = nullptr; NAPI_CALL_BASE(env, napi_get_cb_info(env, cbInfo, &argc, argv, &thisVar, nullptr), false); - if (argc < NapiContextCommon::MAX_PARAMS_FOUR) { - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); - return false; - } if (thisVar == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ThisVar is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "ThisVar is nullptr"); return false; } napi_valuetype valueTypeOfThis = napi_undefined; NAPI_CALL_BASE(env, napi_typeof(env, thisVar, &valueTypeOfThis), false); if (valueTypeOfThis == napi_undefined) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ThisVar is undefined"); + LOGE(ATM_DOMAIN, ATM_TAG, "ThisVar is undefined"); return false; } - // 0: the first parameter of argv std::string type; - if (!ParseString(env, argv[0], type)) { - std::string errMsg = GetParamErrorMsg("type", "string"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + if (!GetPermStateChangeType(env, argc, argv, type)) { return false; } + if ((type == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) && (argc < NapiContextCommon::MAX_PARAMS_THREE)) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); + return false; + } + if ((type == REGISTER_PERMISSION_STATE_CHANGE_TYPE) && (argc < NapiContextCommon::MAX_PARAMS_FOUR)) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); + return false; + } + registerPermStateChangeInfo.env = env; + registerPermStateChangeInfo.permStateChangeType = type; + registerPermStateChangeInfo.threadId_ = std::this_thread::get_id(); if (!FillPermStateChangeInfo(env, argv, type, thisVar, registerPermStateChangeInfo)) { return false; } - return true; } @@ -1218,7 +1330,7 @@ napi_value NapiAtManager::RegisterPermStateChangeCallback(napi_env env, napi_cal RegisterPermStateChangeInfo* registerPermStateChangeInfo = new (std::nothrow) RegisterPermStateChangeInfo(); if (registerPermStateChangeInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for subscribeCBInfo!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for subscribeCBInfo!"); return nullptr; } std::unique_ptr callbackPtr {registerPermStateChangeInfo}; @@ -1226,14 +1338,25 @@ napi_value NapiAtManager::RegisterPermStateChangeCallback(napi_env env, napi_cal return nullptr; } if (IsExistRegister(env, registerPermStateChangeInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Subscribe failed. The current subscriber has been existed"); - std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); - NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); + LOGE(ATM_DOMAIN, ATM_TAG, "Subscribe failed. The current subscriber has been existed"); + if (registerPermStateChangeInfo->permStateChangeType == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) { + std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_NOT_USE_TOGETHER); + NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_NOT_USE_TOGETHER, errMsg))); + } else { + std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); + NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); + } + return nullptr; } - int32_t result = AccessTokenKit::RegisterPermStateChangeCallback(registerPermStateChangeInfo->subscriber); + int32_t result; + if (registerPermStateChangeInfo->permStateChangeType == REGISTER_PERMISSION_STATE_CHANGE_TYPE) { + result = AccessTokenKit::RegisterPermStateChangeCallback(registerPermStateChangeInfo->subscriber); + } else { + result = AccessTokenKit::RegisterSelfPermStateChangeCallback(registerPermStateChangeInfo->subscriber); + } if (result != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterPermStateChangeCallback failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallback failed"); registerPermStateChangeInfo->errCode = result; int32_t jsCode = NapiContextCommon::GetJsErrorCode(result); std::string errMsg = GetErrorMessage(jsCode); @@ -1243,7 +1366,7 @@ napi_value NapiAtManager::RegisterPermStateChangeCallback(napi_env env, napi_cal { std::lock_guard lock(g_lockForPermStateChangeRegisters); g_permStateChangeRegisters.emplace_back(registerPermStateChangeInfo); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Add g_PermStateChangeRegisters.size = %{public}zu", + LOGD(ATM_DOMAIN, ATM_TAG, "Add g_PermStateChangeRegisters.size = %{public}zu", g_permStateChangeRegisters.size()); } callbackPtr.release(); @@ -1259,37 +1382,34 @@ bool NapiAtManager::ParseInputToUnregister(const napi_env env, napi_callback_inf napi_ref callback = nullptr; std::string errMsg; if (napi_get_cb_info(env, cbInfo, &argc, argv, &thisVar, nullptr) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_get_cb_info failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_get_cb_info failed"); return false; } // 1: off required minnum argc - if (argc < NapiContextCommon::MAX_PARAMS_FOUR - 1) { + if (argc == 0) { napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); return false; } - // 0: the first parameter of argv std::string type; - if (!ParseString(env, argv[0], type)) { - errMsg = GetParamErrorMsg("type", "permissionStateChange"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + if (!GetPermStateChangeType(env, argc, argv, type)) { return false; } - PermStateChangeScope scopeInfo; - // 1: the second parameter of argv - if (!ParseAccessTokenIDArray(env, argv[1], scopeInfo.tokenIDs)) { - errMsg = GetParamErrorMsg("tokenIDList", "Array"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + if ((type == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) && (argc < NapiContextCommon::MAX_PARAMS_THREE - 1)) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); return false; } - // 2: the third parameter of argv - if (!ParseStringArray(env, argv[2], scopeInfo.permList)) { - errMsg = GetParamErrorMsg("permissionNameList", "Array"); - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); + if ((type == REGISTER_PERMISSION_STATE_CHANGE_TYPE) && (argc < NapiContextCommon::MAX_PARAMS_FOUR - 1)) { + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")); return false; } - if (argc == NapiContextCommon::MAX_PARAMS_FOUR) { - // 3: the fourth parameter of argv - if (!ParseCallback(env, argv[3], callback)) { + PermStateChangeScope scopeInfo; + if (!FillPermStateChangeScope(env, argv, type, scopeInfo)) { + return false; + } + if (((type == REGISTER_PERMISSION_STATE_CHANGE_TYPE) && (argc == NapiContextCommon::MAX_PARAMS_FOUR)) || + ((type == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) && (argc == NapiContextCommon::MAX_PARAMS_THREE))) { + int callbackIndex = (type == REGISTER_PERMISSION_STATE_CHANGE_TYPE) ? FORTH_PARAM : THIRD_PARAM; + if (!ParseCallback(env, argv[callbackIndex], callback)) { errMsg = GetParamErrorMsg("callback", "Callback"); napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)); return false; @@ -1311,7 +1431,7 @@ napi_value NapiAtManager::UnregisterPermStateChangeCallback(napi_env env, napi_c UnregisterPermStateChangeInfo* unregisterPermStateChangeInfo = new (std::nothrow) UnregisterPermStateChangeInfo(); if (unregisterPermStateChangeInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for subscribeCBInfo!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for subscribeCBInfo!"); return nullptr; } std::unique_ptr callbackPtr {unregisterPermStateChangeInfo}; @@ -1320,20 +1440,31 @@ napi_value NapiAtManager::UnregisterPermStateChangeCallback(napi_env env, napi_c } std::vector batchPermStateChangeRegisters; if (!FindAndGetSubscriberInVector(unregisterPermStateChangeInfo, batchPermStateChangeRegisters, env)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Unsubscribe failed. The current subscriber does not exist"); - std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); - NAPI_CALL(env, - napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); + LOGE(ATM_DOMAIN, ATM_TAG, "Unsubscribe failed. The current subscriber does not exist"); + if (unregisterPermStateChangeInfo->permStateChangeType == REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE) { + std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_NOT_USE_TOGETHER); + NAPI_CALL(env, + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_NOT_USE_TOGETHER, errMsg))); + } else { + std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); + NAPI_CALL(env, + napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); + } return nullptr; } for (const auto& item : batchPermStateChangeRegisters) { PermStateChangeScope scopeInfo; item->subscriber->GetScope(scopeInfo); - int32_t result = AccessTokenKit::UnRegisterPermStateChangeCallback(item->subscriber); + int32_t result; + if (unregisterPermStateChangeInfo->permStateChangeType == REGISTER_PERMISSION_STATE_CHANGE_TYPE) { + result = AccessTokenKit::UnRegisterPermStateChangeCallback(item->subscriber); + } else { + result = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(item->subscriber); + } if (result == RET_SUCCESS) { DeleteRegisterFromVector(scopeInfo, env, item->callbackRef); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Batch UnregisterPermActiveChangeCompleted failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Batch UnregisterPermActiveChangeCompleted failed"); int32_t jsCode = NapiContextCommon::GetJsErrorCode(result); std::string errMsg = GetErrorMessage(jsCode); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, jsCode, errMsg))); @@ -1363,7 +1494,7 @@ bool NapiAtManager::FindAndGetSubscriberInVector(UnregisterPermStateChangeInfo* PermStateChangeScope scopeInfo; item->subscriber->GetScope(scopeInfo); if (scopeInfo.tokenIDs == targetTokenIDs && scopeInfo.permList == targetPermList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Find subscriber in map"); + LOGD(ATM_DOMAIN, ATM_TAG, "Find subscriber in map"); unregisterPermStateChangeInfo->subscriber = item->subscriber; batchPermStateChangeRegisters.emplace_back(item); } @@ -1423,7 +1554,7 @@ bool NapiAtManager::IsExistRegister(const napi_env env, const RegisterPermStateC return true; } } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Cannot find subscriber in vector"); + LOGD(ATM_DOMAIN, ATM_TAG, "Cannot find subscriber in vector"); return false; } @@ -1439,7 +1570,7 @@ void NapiAtManager::DeleteRegisterFromVector(const PermStateChangeScope& scopeIn (*item)->subscriber->GetScope(stateChangeScope); if ((stateChangeScope.tokenIDs == targetTokenIDs) && (stateChangeScope.permList == targetPermList) && CompareCallbackRef(env, (*item)->callbackRef, subscriberRef, (*item)->threadId_)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Find subscribers in vector, delete"); + LOGD(ATM_DOMAIN, ATM_TAG, "Find subscribers in vector, delete"); delete *item; *item = nullptr; g_permStateChangeRegisters.erase(item); @@ -1459,7 +1590,7 @@ EXTERN_C_START */ static napi_value Init(napi_env env, napi_value exports) { - ACCESSTOKEN_LOG_DEBUG(OHOS::Security::AccessToken::LABEL, "Register end, start init."); + LOGD(ATM_DOMAIN, ATM_TAG, "Register end, start init."); OHOS::Security::AccessToken::NapiAtManager::Init(env, exports); return exports; } diff --git a/interfaces/kits/accesstoken/napi/src/napi_context_common.cpp b/frameworks/js/napi/accesstoken/src/napi_context_common.cpp similarity index 59% rename from interfaces/kits/accesstoken/napi/src/napi_context_common.cpp rename to frameworks/js/napi/accesstoken/src/napi_context_common.cpp index b5f7dd089f81528e5855efda0747251274b14b39..ed4e546baa36252b08e95970ee6ea40dd969b571 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_context_common.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_context_common.cpp @@ -13,15 +13,11 @@ * limitations under the License. */ #include "napi_context_common.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AtManagerAsyncWorkData" -}; -} int32_t NapiContextCommon::GetJsErrorCode(int32_t errCode) { @@ -68,7 +64,7 @@ int32_t NapiContextCommon::GetJsErrorCode(int32_t errCode) jsCode = JS_ERROR_INNER; break; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetJsErrorCode nativeCode(%{public}d) jsCode(%{public}d).", errCode, jsCode); + LOGD(ATM_DOMAIN, ATM_TAG, "GetJsErrorCode nativeCode(%{public}d) jsCode(%{public}d).", errCode, jsCode); return jsCode; } @@ -80,44 +76,32 @@ AtManagerAsyncWorkData::AtManagerAsyncWorkData(napi_env envValue) AtManagerAsyncWorkData::~AtManagerAsyncWorkData() { if (env == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid env"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid env"); return; } - std::unique_ptr workPtr = std::make_unique(); - std::unique_ptr workDataRel = std::make_unique(); - uv_loop_s *loop = nullptr; - napi_get_uv_event_loop(env, &loop); - if ((loop == nullptr) || (workPtr == nullptr) || (workDataRel == nullptr)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to init execution environment"); + AtManagerAsyncWorkDataRel* workDataRel = new (std::nothrow) AtManagerAsyncWorkDataRel(); + if (workDataRel == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "workDataRel is nullptr"); return; } + std::unique_ptr workDataRelPtr {workDataRel}; workDataRel->env = env; workDataRel->work = work; workDataRel->callbackRef = callbackRef; - workPtr->data = reinterpret_cast(workDataRel.get()); - NAPI_CALL_RETURN_VOID(env, uv_queue_work_with_qos(loop, workPtr.get(), [] (uv_work_t *work) {}, - [] (uv_work_t *work, int status) { - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work is nullptr"); - return; - } - auto workDataRel = reinterpret_cast(work->data); - if (workDataRel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WorkDataRel is nullptr"); - delete work; - return; - } - if (workDataRel->work != nullptr) { - napi_delete_async_work(workDataRel->env, workDataRel->work); - } - if (workDataRel->callbackRef != nullptr) { - napi_delete_reference(workDataRel->env, workDataRel->callbackRef); - } - delete workDataRel; - delete work; - }, uv_qos_default)); - workDataRel.release(); - workPtr.release(); + auto task = [workDataRel]() { + if (workDataRel->work != nullptr) { + napi_delete_async_work(workDataRel->env, workDataRel->work); + } + if (workDataRel->callbackRef != nullptr) { + napi_delete_reference(workDataRel->env, workDataRel->callbackRef); + } + delete workDataRel; + }; + if (napi_status::napi_ok != napi_send_event(env, task, napi_eprio_high)) { + LOGE(ATM_DOMAIN, ATM_TAG, "AtManagerAsyncWorkData: Failed to SendEvent"); + } else { + workDataRelPtr.release(); + } } } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_global_switch_on_setting.cpp b/frameworks/js/napi/accesstoken/src/napi_request_global_switch_on_setting.cpp similarity index 70% rename from interfaces/kits/accesstoken/napi/src/napi_request_global_switch_on_setting.cpp rename to frameworks/js/napi/accesstoken/src/napi_request_global_switch_on_setting.cpp index 80126aed378fa78f004728357ad4b0df16f055c4..e6b05b6d271c4c22c920388b1bc36388356aac6c 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_request_global_switch_on_setting.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_request_global_switch_on_setting.cpp @@ -16,7 +16,7 @@ #include "ability.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "napi_base_context.h" #include "token_setproc.h" #include "want.h" @@ -25,9 +25,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NapiRequestGlobalSwitch" -}; const std::string GLOBAL_SWITCH_KEY = "ohos.user.setting.global_switch"; const std::string GLOBAL_SWITCH_RESULT_KEY = "ohos.user.setting.global_switch.result"; const std::string RESULT_ERROR_KEY = "ohos.user.setting.error_code"; @@ -77,12 +74,12 @@ static napi_value GetContext( bool stageMode = false; napi_status status = OHOS::AbilityRuntime::IsStageContext(env, value, stageMode); if (status != napi_ok || !stageMode) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is not a stage mode."); + LOGE(ATM_DOMAIN, ATM_TAG, "It is not a stage mode."); return nullptr; } else { auto context = AbilityRuntime::GetStageModeContext(env, value); if (context == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Get application context."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Get application context."); return nullptr; } asyncContext->abilityContext = @@ -90,11 +87,11 @@ static napi_value GetContext( if (asyncContext->abilityContext != nullptr) { asyncContext->uiAbilityFlag = true; } else { - ACCESSTOKEN_LOG_WARN(LABEL, "Failed to convert to ability context."); + LOGW(ATM_DOMAIN, ATM_TAG, "Failed to convert to ability context."); asyncContext->uiExtensionContext = AbilityRuntime::Context::ConvertTo(context); if (asyncContext->uiExtensionContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to convert to ui extension context."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to convert to ui extension context."); return nullptr; } } @@ -123,74 +120,69 @@ static int32_t TransferToJsErrorCode(int32_t errCode) jsCode = JS_ERROR_INNER; break; } - ACCESSTOKEN_LOG_INFO(LABEL, "dialog error(%{public}d) jsCode(%{public}d).", errCode, jsCode); + LOGI(ATM_DOMAIN, ATM_TAG, "dialog error(%{public}d) jsCode(%{public}d).", errCode, jsCode); return jsCode; } -static void ResultCallbackJSThreadWorker(uv_work_t* work, int32_t status) -{ - (void)status; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Uv_queue_work_with_qos input work is nullptr"); - return; - } - std::unique_ptr uvWorkPtr {work}; - SwitchOnSettingResultCallback *retCB = reinterpret_cast(work->data); - if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RetCB is nullptr"); - return; - } - std::unique_ptr callbackPtr {retCB}; - std::shared_ptr asyncContext = retCB->data; - if (asyncContext == nullptr) { - return; - } - - napi_handle_scope scope = nullptr; - napi_open_handle_scope(asyncContext->env, &scope); - if (scope == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_open_handle_scope failed"); - return; - } - napi_value requestResult = nullptr; - NAPI_CALL_RETURN_VOID(asyncContext->env, napi_get_boolean(asyncContext->env, retCB->switchStatus, &requestResult)); - - ReturnPromiseResult(asyncContext->env, retCB->jsCode, asyncContext->deferred, requestResult); - napi_close_handle_scope(asyncContext->env, scope); -} - static void GlobalSwitchResultsCallbackUI(int32_t jsCode, bool switchStatus, std::shared_ptr& data) { auto* retCB = new (std::nothrow) SwitchOnSettingResultCallback(); if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for work!"); return; } - std::unique_ptr callbackPtr {retCB}; retCB->jsCode = jsCode; retCB->switchStatus = switchStatus; retCB->data = data; + auto task = [retCB]() { + std::unique_ptr callback {retCB}; + std::shared_ptr asyncContext = retCB->data; + if (asyncContext == nullptr) { + return; + } + napi_handle_scope scope = nullptr; + napi_open_handle_scope(asyncContext->env, &scope); + if (scope == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_open_handle_scope failed"); + return; + } + napi_value requestResult = nullptr; + NAPI_CALL_RETURN_VOID(asyncContext->env, + napi_get_boolean(asyncContext->env, retCB->switchStatus, &requestResult)); - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(data->env, napi_get_uv_event_loop(data->env, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; + ReturnPromiseResult(asyncContext->env, retCB->jsCode, asyncContext->deferred, requestResult); + napi_close_handle_scope(asyncContext->env, scope); + }; + if (napi_status::napi_ok != napi_send_event(data->env, task, napi_eprio_immediate)) { + LOGE(ATM_DOMAIN, ATM_TAG, "GlobalSwitchResultsCallbackUI: Failed to SendEvent"); + } else { + callbackPtr.release(); } - std::unique_ptr uvWorkPtr {work}; - work->data = reinterpret_cast(retCB); - NAPI_CALL_RETURN_VOID(data->env, uv_queue_work_with_qos( - loop, work, [](uv_work_t* work) {}, ResultCallbackJSThreadWorker, uv_qos_user_initiated)); +} - uvWorkPtr.release(); - callbackPtr.release(); +static void CloseModalUIExtensionMainThread(std::shared_ptr& asyncContext, + int32_t sessionId) +{ + auto task = [asyncContext, sessionId]() { + Ace::UIContent* uiContent = GetUIContent(asyncContext); + if (uiContent == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); + return; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Close uiextension component"); + uiContent->CloseModalUIExtension(sessionId); + }; +#ifdef EVENTHANDLER_ENABLE + if (asyncContext->handler_ != nullptr) { + asyncContext->handler_->PostSyncTask(task, "AT:CloseModalUIExtensionMainThread"); + } else { + task(); + } +#else + task(); +#endif } void SwitchOnSettingUICallback::ReleaseHandler(int32_t code) @@ -198,18 +190,12 @@ void SwitchOnSettingUICallback::ReleaseHandler(int32_t code) { std::lock_guard lock(g_lockFlag); if (this->reqContext_->releaseFlag) { - ACCESSTOKEN_LOG_WARN(LABEL, "Callback has executed."); + LOGW(ATM_DOMAIN, ATM_TAG, "Callback has executed."); return; } this->reqContext_->releaseFlag = true; } - Ace::UIContent* uiContent = GetUIContent(this->reqContext_); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); - return; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Close uiextension component"); - uiContent->CloseModalUIExtension(this->sessionId_); + CloseModalUIExtensionMainThread(this->reqContext_, this->sessionId_); if (code == -1) { this->reqContext_->errorCode = code; } @@ -238,7 +224,7 @@ void SwitchOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Want& { this->reqContext_->errorCode = result.GetIntParam(RESULT_ERROR_KEY, 0); this->reqContext_->switchStatus = result.GetBoolParam(GLOBAL_SWITCH_RESULT_KEY, 0); - ACCESSTOKEN_LOG_INFO(LABEL, "ResultCode is %{public}d, errorCode=%{public}d, switchStatus=%{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "ResultCode is %{public}d, errorCode=%{public}d, switchStatus=%{public}d", resultCode, this->reqContext_->errorCode, this->reqContext_->switchStatus); ReleaseHandler(0); } @@ -248,7 +234,7 @@ void SwitchOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Want& */ void SwitchOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); } /* @@ -257,7 +243,7 @@ void SwitchOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) */ void SwitchOnSettingUICallback::OnRelease(int32_t releaseCode) { - ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseCode is %{public}d", releaseCode); + LOGI(ATM_DOMAIN, ATM_TAG, "ReleaseCode is %{public}d", releaseCode); ReleaseHandler(-1); } @@ -267,7 +253,7 @@ void SwitchOnSettingUICallback::OnRelease(int32_t releaseCode) */ void SwitchOnSettingUICallback::OnError(int32_t code, const std::string& name, const std::string& message) { - ACCESSTOKEN_LOG_INFO(LABEL, "Code is %{public}d, name is %{public}s, message is %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Code is %{public}d, name is %{public}s, message is %{public}s", code, name.c_str(), message.c_str()); ReleaseHandler(-1); @@ -279,7 +265,7 @@ void SwitchOnSettingUICallback::OnError(int32_t code, const std::string& name, c */ void SwitchOnSettingUICallback::OnRemoteReady(const std::shared_ptr& uiProxy) { - ACCESSTOKEN_LOG_INFO(LABEL, "Connect to UIExtensionAbility successfully."); + LOGI(ATM_DOMAIN, ATM_TAG, "Connect to UIExtensionAbility successfully."); } /* @@ -287,18 +273,47 @@ void SwitchOnSettingUICallback::OnRemoteReady(const std::shared_ptr asyncContext) +static void CreateUIExtensionMainThread(std::shared_ptr& asyncContext, + const AAFwk::Want& want, const Ace::ModalUIExtensionCallbacks& uiExtensionCallbacks, + const std::shared_ptr& uiExtCallback) { - Ace::UIContent* uiContent = GetUIContent(asyncContext); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to get ui content!"); - asyncContext->result = RET_FAILED; - return RET_FAILED; + auto task = [asyncContext, want, uiExtensionCallbacks, uiExtCallback]() { + Ace::UIContent* uiContent = GetUIContent(asyncContext); + if (uiContent == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get ui content!"); + asyncContext->result = RET_FAILED; + return; + } + + Ace::ModalUIExtensionConfig config; + config.isProhibitBack = true; + int32_t sessionId = uiContent->CreateModalUIExtension(want, uiExtensionCallbacks, config); + LOGI(ATM_DOMAIN, ATM_TAG, "Create end, sessionId: %{public}d, tokenId: %{public}d, switchType: %{public}d.", + sessionId, asyncContext->tokenId, asyncContext->switchType); + if (sessionId == 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create component, sessionId is 0."); + asyncContext->result = RET_FAILED; + return; + } + uiExtCallback->SetSessionId(sessionId); + }; +#ifdef EVENTHANDLER_ENABLE + if (asyncContext->handler_ != nullptr) { + asyncContext->handler_->PostSyncTask(task, "AT:CreateUIExtensionMainThread"); + } else { + task(); } +#else + task(); +#endif +} + +static int32_t CreateUIExtension(const Want &want, std::shared_ptr asyncContext) +{ auto uiExtCallback = std::make_shared(asyncContext); Ace::ModalUIExtensionCallbacks uiExtensionCallbacks = { [uiExtCallback](int32_t releaseCode) { @@ -321,17 +336,10 @@ static int32_t CreateUIExtension(const Want &want, std::shared_ptrCreateModalUIExtension(want, uiExtensionCallbacks, config); - ACCESSTOKEN_LOG_INFO(LABEL, "Create end, sessionId: %{public}d, tokenId: %{public}d, switchType: %{public}d.", - sessionId, asyncContext->tokenId, asyncContext->switchType); - if (sessionId == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create component, sessionId is 0."); - asyncContext->result = RET_FAILED; + CreateUIExtensionMainThread(asyncContext, want, uiExtensionCallbacks, uiExtCallback); + if (asyncContext->result == RET_FAILED) { return RET_FAILED; } - uiExtCallback->SetSessionId(sessionId); return JS_OK; } @@ -339,7 +347,7 @@ static int32_t StartUIExtension(std::shared_ptr { AAFwk::Want want; AccessTokenKit::GetPermissionManagerInfo(asyncContext->info); - ACCESSTOKEN_LOG_INFO(LABEL, "bundleName: %{public}s, globalSwitchAbilityName: %{public}s.", + LOGI(ATM_DOMAIN, ATM_TAG, "bundleName: %{public}s, globalSwitchAbilityName: %{public}s.", asyncContext->info.grantBundleName.c_str(), asyncContext->info.globalSwitchAbilityName.c_str()); want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.globalSwitchAbilityName); want.SetParam(GLOBAL_SWITCH_KEY, asyncContext->switchType); @@ -350,7 +358,7 @@ static int32_t StartUIExtension(std::shared_ptr napi_value NapiRequestGlobalSwitch::RequestGlobalSwitch(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestGlobalSwitch begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestGlobalSwitch begin."); // use handle to protect asyncContext std::shared_ptr asyncContext = std::make_shared(env); @@ -375,7 +383,7 @@ napi_value NapiRequestGlobalSwitch::RequestGlobalSwitch(napi_env env, napi_callb NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContextHandle->asyncContextPtr->work, napi_qos_user_initiated)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestGlobalSwitch end."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestGlobalSwitch end."); asyncContextHandle.release(); return result; } @@ -388,7 +396,7 @@ bool NapiRequestGlobalSwitch::ParseRequestGlobalSwitch(const napi_env& env, napi_value thisVar = nullptr; if (napi_get_cb_info(env, cbInfo, &argc, argv, &thisVar, nullptr) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_get_cb_info failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_get_cb_info failed"); return false; } if (argc < NapiContextCommon::MAX_PARAMS_TWO - 1) { @@ -406,7 +414,7 @@ bool NapiRequestGlobalSwitch::ParseRequestGlobalSwitch(const napi_env& env, env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); + LOGI(ATM_DOMAIN, ATM_TAG, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); // argv[1] : type if (!ParseInt32(env, argv[1], asyncContext->switchType)) { @@ -415,6 +423,9 @@ bool NapiRequestGlobalSwitch::ParseRequestGlobalSwitch(const napi_env& env, env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } +#ifdef EVENTHANDLER_ENABLE + asyncContext->handler_ = std::make_shared(AppExecFwk::EventRunner::GetMainEventRunner()); +#endif return true; } @@ -423,35 +434,43 @@ void NapiRequestGlobalSwitch::RequestGlobalSwitchExecute(napi_env env, void* dat // asyncContext release in complete RequestGlobalSwitchAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); - if (asyncContextHandle == nullptr) { + if ((asyncContextHandle == nullptr) || (asyncContextHandle->asyncContextPtr == nullptr)) { return; } if (asyncContextHandle->asyncContextPtr->uiAbilityFlag) { + if ((asyncContextHandle->asyncContextPtr->abilityContext == nullptr) || + (asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo() == nullptr)) { + return; + } asyncContextHandle->asyncContextPtr->tokenId = asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->accessTokenId; } else { + if ((asyncContextHandle->asyncContextPtr->uiExtensionContext == nullptr) || + (asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo() == nullptr)) { + return; + } asyncContextHandle->asyncContextPtr->tokenId = asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->accessTokenId; } static AccessTokenID currToken = static_cast(GetSelfTokenID()); if (asyncContextHandle->asyncContextPtr->tokenId != currToken) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "The context(token=%{public}d) is not belong to the current application(currToken=%{public}d).", asyncContextHandle->asyncContextPtr->tokenId, currToken); asyncContextHandle->asyncContextPtr->result = ERR_PARAM_INVALID; return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Start to pop ui extension dialog"); + LOGI(ATM_DOMAIN, ATM_TAG, "Start to pop ui extension dialog"); StartUIExtension(asyncContextHandle->asyncContextPtr); if (asyncContextHandle->asyncContextPtr->result != JsErrorCode::JS_OK) { - ACCESSTOKEN_LOG_WARN(LABEL, "Failed to pop uiextension dialog."); + LOGW(ATM_DOMAIN, ATM_TAG, "Failed to pop uiextension dialog."); } } void NapiRequestGlobalSwitch::RequestGlobalSwitchComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestGlobalSwitchComplete begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestGlobalSwitchComplete begin."); RequestGlobalSwitchAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); if (asyncContextHandle == nullptr || asyncContextHandle->asyncContextPtr == nullptr) { diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp similarity index 74% rename from interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp rename to frameworks/js/napi/accesstoken/src/napi_request_permission.cpp index 00570ad9ad0c5b677f9edc8df05cb1109664039a..38930d947ac2b8d5396382eb90e490fced91d2ca 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_request_permission.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp @@ -18,9 +18,10 @@ #include "ability_manager_client.h" #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "hisysevent.h" #include "napi_base_context.h" +#include "napi_hisysevent_adapter.h" #include "token_setproc.h" #include "want.h" @@ -31,16 +32,12 @@ std::mutex g_lockFlag; std::map>> RequestAsyncInstanceControl::instanceIdMap_; std::mutex RequestAsyncInstanceControl::instanceIdMutex_; namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NapiRequestPermission" -}; const std::string PERMISSION_KEY = "ohos.user.grant.permission"; const std::string STATE_KEY = "ohos.user.grant.permission.state"; const std::string RESULT_KEY = "ohos.user.grant.permission.result"; const std::string EXTENSION_TYPE_KEY = "ability.want.params.uiExtensionType"; const std::string UI_EXTENSION_TYPE = "sys/commonUI"; const std::string ORI_PERMISSION_MANAGER_BUNDLE_NAME = "com.ohos.permissionmanager"; -const std::string ORI_PERMISSION_MANAGER_ABILITY_NAME = "com.ohos.permissionmanager.GrantAbility"; const std::string TOKEN_KEY = "ohos.ability.params.token"; const std::string CALLBACK_KEY = "ohos.ability.params.callback"; @@ -107,9 +104,12 @@ static void GetInstanceId(std::shared_ptr& asyncContext) auto task = [asyncContext]() { Ace::UIContent* uiContent = GetUIContent(asyncContext); if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", GET_UI_CONTENT_FAILED); return; } + asyncContext->uiContentFlag = true; asyncContext->instanceId = uiContent->GetInstanceId(); }; #ifdef EVENTHANDLER_ENABLE @@ -121,7 +121,8 @@ static void GetInstanceId(std::shared_ptr& asyncContext) #else task(); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "Instance id: %{public}d", asyncContext->instanceId); + LOGI(ATM_DOMAIN, ATM_TAG, "Instance id: %{public}d, uiContentFlag: %{public}d", + asyncContext->instanceId, asyncContext->uiContentFlag); } static void CreateUIExtensionMainThread(std::shared_ptr& asyncContext, const AAFwk::Want& want, @@ -131,7 +132,7 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as auto task = [asyncContext, want, uiExtensionCallbacks, uiExtCallback]() { Ace::UIContent* uiContent = GetUIContent(asyncContext); if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; return; @@ -141,12 +142,14 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as config.isProhibitBack = true; int32_t sessionId = uiContent->CreateModalUIExtension(want, uiExtensionCallbacks, config); - ACCESSTOKEN_LOG_INFO(LABEL, "Create end, sessionId: %{public}d, tokenId: %{public}d, permNum: %{public}zu", + LOGI(ATM_DOMAIN, ATM_TAG, "Create end, sessionId: %{public}d, tokenId: %{public}d, permNum: %{public}zu", sessionId, asyncContext->tokenId, asyncContext->permissionList.size()); if (sessionId == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create component failed, sessionId is 0"); + LOGE(ATM_DOMAIN, ATM_TAG, "Create component failed, sessionId is 0"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", CREATE_MODAL_UI_FAILED); return; } uiExtCallback->SetSessionId(sessionId); @@ -160,7 +163,7 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as #else task(); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "Instance id: %{public}d", asyncContext->instanceId); + LOGI(ATM_DOMAIN, ATM_TAG, "Instance id: %{public}d", asyncContext->instanceId); } static void CloseModalUIExtensionMainThread(std::shared_ptr& asyncContext, int32_t sessionId) @@ -168,12 +171,12 @@ static void CloseModalUIExtensionMainThread(std::shared_ptr auto task = [asyncContext, sessionId]() { Ace::UIContent* uiContent = GetUIContent(asyncContext); if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); asyncContext->result = RET_FAILED; return; } uiContent->CloseModalUIExtension(sessionId); - ACCESSTOKEN_LOG_INFO(LABEL, "Close end, sessionId: %{public}d", sessionId); + LOGI(ATM_DOMAIN, ATM_TAG, "Close end, sessionId: %{public}d", sessionId); }; #ifdef EVENTHANDLER_ENABLE if (asyncContext->handler_ != nullptr) { @@ -184,7 +187,7 @@ static void CloseModalUIExtensionMainThread(std::shared_ptr #else task(); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "Instance id: %{public}d", asyncContext->instanceId); + LOGI(ATM_DOMAIN, ATM_TAG, "Instance id: %{public}d", asyncContext->instanceId); } static napi_value GetContext( @@ -193,33 +196,40 @@ static napi_value GetContext( bool stageMode = false; napi_status status = OHOS::AbilityRuntime::IsStageContext(env, value, stageMode); if (status != napi_ok || !stageMode) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is not a stage mode"); + LOGE(ATM_DOMAIN, ATM_TAG, "It is not a stage mode"); return nullptr; } else { auto context = AbilityRuntime::GetStageModeContext(env, value); if (context == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get context failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get context failed"); return nullptr; } asyncContext->abilityContext = AbilityRuntime::Context::ConvertTo(context); - if (asyncContext->abilityContext != nullptr) { + if ((asyncContext->abilityContext != nullptr) && + (asyncContext->abilityContext->GetApplicationInfo() != nullptr)) { asyncContext->uiAbilityFlag = true; + asyncContext->tokenId = asyncContext->abilityContext->GetApplicationInfo()->accessTokenId; + asyncContext->bundleName = asyncContext->abilityContext->GetApplicationInfo()->bundleName; } else { - ACCESSTOKEN_LOG_WARN(LABEL, "Convert to ability context failed"); + LOGW(ATM_DOMAIN, ATM_TAG, "Convert to ability context failed"); asyncContext->uiExtensionContext = AbilityRuntime::Context::ConvertTo(context); - if (asyncContext->uiExtensionContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Convert to ui extension context failed"); + if ((asyncContext->uiExtensionContext == nullptr) || + (asyncContext->uiExtensionContext->GetApplicationInfo() == nullptr)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Convert to ui extension context failed"); return nullptr; } + asyncContext->tokenId = asyncContext->uiExtensionContext->GetApplicationInfo()->accessTokenId; + asyncContext->bundleName = asyncContext->uiExtensionContext->GetApplicationInfo()->bundleName; } return WrapVoidToJS(env); } } static napi_value WrapRequestResult(const napi_env& env, const std::vector& permissions, - const std::vector& grantResults, const std::vector& dialogShownResults) + const std::vector& grantResults, const std::vector& dialogShownResults, + const std::vector& errorReasons) { napi_value result = nullptr; NAPI_CALL(env, napi_create_object(env, &result)); @@ -251,52 +261,16 @@ static napi_value WrapRequestResult(const napi_env& env, const std::vector uvWorkPtr {work}; - ResultCallback *retCB = reinterpret_cast(work->data); - if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RetCB is nullptr"); - return; - } - std::unique_ptr callbackPtr {retCB}; - - int32_t result = JsErrorCode::JS_OK; - if (retCB->data->result != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Result is: %{public}d", retCB->data->result); - result = RET_FAILED; - } - if (retCB->grantResults.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantResults empty"); - result = RET_FAILED; - } - napi_handle_scope scope = nullptr; - napi_open_handle_scope(retCB->data->env, &scope); - if (scope == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_open_handle_scope failed"); - return; - } - napi_value requestResult = WrapRequestResult( - retCB->data->env, retCB->permissions, retCB->grantResults, retCB->dialogShownResults); - if (requestResult == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Wrap requestResult failed"); - result = RET_FAILED; + napi_value objErrorReason; + NAPI_CALL(env, napi_create_array(env, &objErrorReason)); + for (size_t i = 0; i < grantResults.size(); i++) { + napi_value nErrorReason = nullptr; + NAPI_CALL(env, napi_create_int32(env, errorReasons[i], &nErrorReason)); + NAPI_CALL(env, napi_set_element(env, objErrorReason, i, nErrorReason)); } + NAPI_CALL(env, napi_set_named_property(env, result, "errorReasons", objErrorReason)); - if (retCB->data->deferred != nullptr) { - ReturnPromiseResult(retCB->data->env, result, retCB->data->deferred, requestResult); - } else { - ReturnCallbackResult(retCB->data->env, result, retCB->data->callbackRef, requestResult); - } - napi_close_handle_scope(retCB->data->env, scope); + return result; } static void UpdateGrantPermissionResultOnly(const std::vector& permissions, @@ -318,11 +292,9 @@ static void RequestResultsHandler(const std::vector& permissionList { auto* retCB = new (std::nothrow) ResultCallback(); if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for work!"); return; } - - // only permissions which need to grant change the result, other keey as GetSelfPermissionsState result std::vector newGrantResults; UpdateGrantPermissionResultOnly(permissionList, permissionStates, data, newGrantResults); @@ -330,32 +302,47 @@ static void RequestResultsHandler(const std::vector& permissionList retCB->permissions = permissionList; retCB->grantResults = newGrantResults; retCB->dialogShownResults = data->dialogShownResults; + retCB->errorReasons = data->errorReasons; retCB->data = data; + auto task = [retCB]() { + int32_t result = JsErrorCode::JS_OK; + if ((retCB->data->result != RET_SUCCESS) || (retCB->grantResults.empty())) { + LOGE(ATM_DOMAIN, ATM_TAG, "Result is: %{public}d", retCB->data->result); + result = RET_FAILED; + } + napi_handle_scope scope = nullptr; + napi_open_handle_scope(retCB->data->env, &scope); + if (scope == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_open_handle_scope failed"); + delete retCB; + return; + } + napi_value requestResult = WrapRequestResult( + retCB->data->env, retCB->permissions, retCB->grantResults, retCB->dialogShownResults, retCB->errorReasons); + if (requestResult == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Wrap requestResult failed"); + result = RET_FAILED; + } - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(data->env, napi_get_uv_event_loop(data->env, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; + if (retCB->data->deferred != nullptr) { + ReturnPromiseResult(retCB->data->env, result, retCB->data->deferred, requestResult); + } else { + ReturnCallbackResult(retCB->data->env, result, retCB->data->callbackRef, requestResult); + } + napi_close_handle_scope(retCB->data->env, scope); + delete retCB; + }; + if (napi_status::napi_ok != napi_send_event(data->env, task, napi_eprio_immediate)) { + LOGE(ATM_DOMAIN, ATM_TAG, "RequestResultsHandler: Failed to SendEvent"); + } else { + callbackPtr.release(); } - std::unique_ptr uvWorkPtr {work}; - work->data = reinterpret_cast(retCB); - NAPI_CALL_RETURN_VOID(data->env, uv_queue_work_with_qos( - loop, work, [](uv_work_t* work) {}, ResultCallbackJSThreadWorker, uv_qos_user_initiated)); - - uvWorkPtr.release(); - callbackPtr.release(); } void AuthorizationResult::GrantResultsCallback(const std::vector& permissionList, const std::vector& grantResults) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called."); + LOGI(ATM_DOMAIN, ATM_TAG, "Called."); std::shared_ptr asyncContext = data_; if (asyncContext == nullptr) { return; @@ -365,7 +352,7 @@ void AuthorizationResult::GrantResultsCallback(const std::vector& p void AuthorizationResult::WindowShownCallback() { - ACCESSTOKEN_LOG_INFO(LABEL, "Called."); + LOGI(ATM_DOMAIN, ATM_TAG, "Called."); std::shared_ptr asyncContext = data_; if (asyncContext == nullptr) { @@ -375,30 +362,35 @@ void AuthorizationResult::WindowShownCallback() Ace::UIContent* uiContent = GetUIContent(asyncContext); // get uiContent failed when request or when callback called if ((uiContent == nullptr) || !(asyncContext->uiContentFlag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); return; } RequestAsyncInstanceControl::ExecCallback(asyncContext->instanceId); - ACCESSTOKEN_LOG_DEBUG(LABEL, "OnRequestPermissionsFromUser async callback is called end"); + LOGD(ATM_DOMAIN, ATM_TAG, "OnRequestPermissionsFromUser async callback is called end"); } static void CreateServiceExtension(std::shared_ptr asyncContext) { + if ((asyncContext == nullptr) || (asyncContext->abilityContext == nullptr)) { + return; + } if (!asyncContext->uiAbilityFlag) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UIExtension ability can not pop service ablility window!"); + LOGE(ATM_DOMAIN, ATM_TAG, "UIExtension ability can not pop service ablility window!"); asyncContext->needDynamicRequest = false; asyncContext->result = RET_FAILED; + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", ABILITY_FLAG_ERROR); return; } sptr remoteObject = new (std::nothrow) AccessToken::AuthorizationResult(asyncContext); if (remoteObject == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create window failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Create window failed!"); asyncContext->needDynamicRequest = false; asyncContext->result = RET_FAILED; return; } AAFwk::Want want; - want.SetElementName(ORI_PERMISSION_MANAGER_BUNDLE_NAME, ORI_PERMISSION_MANAGER_ABILITY_NAME); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.grantServiceAbilityName); want.SetParam(PERMISSION_KEY, asyncContext->permissionList); want.SetParam(STATE_KEY, asyncContext->permissionsState); want.SetParam(TOKEN_KEY, asyncContext->abilityContext->GetToken()); @@ -417,23 +409,10 @@ static void CreateServiceExtension(std::shared_ptr asyncCon int32_t ret = AAFwk::AbilityManagerClient::GetInstance()->RequestDialogService( want, asyncContext->abilityContext->GetToken()); - ACCESSTOKEN_LOG_INFO(LABEL, "Request end, ret: %{public}d, tokenId: %{public}d, permNum: %{public}zu", + LOGI(ATM_DOMAIN, ATM_TAG, "Request end, ret: %{public}d, tokenId: %{public}d, permNum: %{public}zu", ret, asyncContext->tokenId, asyncContext->permissionList.size()); } -void NapiRequestPermission::StartServiceExtension(std::shared_ptr& asyncContext) -{ - asyncContext->result = RET_SUCCESS; - Ace::UIContent* uiContent = GetUIContent(asyncContext); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); - CreateServiceExtension(asyncContext); - return; - } - asyncContext->uiContentFlag = true; - RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContext); -} - bool NapiRequestPermission::IsDynamicRequest(std::shared_ptr& asyncContext) { std::vector permList; @@ -441,24 +420,30 @@ bool NapiRequestPermission::IsDynamicRequest(std::shared_ptrtokenId); auto ret = AccessTokenKit::GetSelfPermissionsState(permList, asyncContext->info); if (ret == FORBIDDEN_OPER) { // if app is under control, change state from default -1 to 2 for (auto& perm : permList) { perm.state = INVALID_OPER; + perm.errorReason = PRIVACY_STATEMENT_NOT_AGREED; } } + LOGI(ATM_DOMAIN, ATM_TAG, + "TokenID: %{public}d, bundle: %{public}s, uiExAbility: %{public}s, serExAbility: %{public}s.", + asyncContext->tokenId, asyncContext->info.grantBundleName.c_str(), + asyncContext->info.grantAbilityName.c_str(), asyncContext->info.grantServiceAbilityName.c_str()); for (const auto& permState : permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission: %{public}s: state: %{public}d", - permState.permissionName.c_str(), permState.state); + LOGI(ATM_DOMAIN, ATM_TAG, "Permission: %{public}s: state: %{public}d, errorReason: %{public}d", + permState.permissionName.c_str(), permState.state, permState.errorReason); asyncContext->permissionsState.emplace_back(permState.state); asyncContext->dialogShownResults.emplace_back(permState.state == TypePermissionOper::DYNAMIC_OPER); + asyncContext->errorReasons.emplace_back(permState.errorReason); } if (permList.size() != asyncContext->permissionList.size()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Returned permList size: %{public}zu.", permList.size()); + LOGE(ATM_DOMAIN, ATM_TAG, "Returned permList size: %{public}zu.", permList.size()); return false; } return ret == TypePermissionOper::DYNAMIC_OPER; @@ -469,7 +454,7 @@ void UIExtensionCallback::ReleaseHandler(int32_t code) { std::lock_guard lock(g_lockFlag); if (this->reqContext_->releaseFlag) { - ACCESSTOKEN_LOG_WARN(LABEL, "Callback has executed."); + LOGW(ATM_DOMAIN, ATM_TAG, "Callback has executed."); return; } this->reqContext_->releaseFlag = true; @@ -483,6 +468,7 @@ void UIExtensionCallback::ReleaseHandler(int32_t code) UIExtensionCallback::UIExtensionCallback(const std::shared_ptr& reqContext) { this->reqContext_ = reqContext; + isOnResult_.exchange(false); } UIExtensionCallback::~UIExtensionCallback() @@ -498,7 +484,8 @@ void UIExtensionCallback::SetSessionId(int32_t sessionId) */ void UIExtensionCallback::OnResult(int32_t resultCode, const AAFwk::Want& result) { - ACCESSTOKEN_LOG_INFO(LABEL, "ResultCode is %{public}d", resultCode); + isOnResult_.exchange(true); + LOGI(ATM_DOMAIN, ATM_TAG, "ResultCode is %{public}d", resultCode); this->reqContext_->permissionList = result.GetStringArrayParam(PERMISSION_KEY); this->reqContext_->permissionsState = result.GetIntArrayParam(RESULT_KEY); ReleaseHandler(0); @@ -509,7 +496,7 @@ void UIExtensionCallback::OnResult(int32_t resultCode, const AAFwk::Want& result */ void UIExtensionCallback::OnReceive(const AAFwk::WantParams& receive) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); } /* @@ -518,8 +505,9 @@ void UIExtensionCallback::OnReceive(const AAFwk::WantParams& receive) */ void UIExtensionCallback::OnRelease(int32_t releaseCode) { - ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseCode is %{public}d", releaseCode); - + LOGI(ATM_DOMAIN, ATM_TAG, "ReleaseCode is %{public}d", releaseCode); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", TRIGGER_RELEASE, "INNER_CODE", releaseCode); ReleaseHandler(-1); } @@ -528,9 +516,10 @@ void UIExtensionCallback::OnRelease(int32_t releaseCode) */ void UIExtensionCallback::OnError(int32_t code, const std::string& name, const std::string& message) { - ACCESSTOKEN_LOG_INFO(LABEL, "Code is %{public}d, name is %{public}s, message is %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Code is %{public}d, name is %{public}s, message is %{public}s", code, name.c_str(), message.c_str()); - + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", TRIGGER_ONERROR, "INNER_CODE", code); ReleaseHandler(-1); } @@ -540,7 +529,7 @@ void UIExtensionCallback::OnError(int32_t code, const std::string& name, const s */ void UIExtensionCallback::OnRemoteReady(const std::shared_ptr& uiProxy) { - ACCESSTOKEN_LOG_INFO(LABEL, "Connect to UIExtensionAbility successfully."); + LOGI(ATM_DOMAIN, ATM_TAG, "Connect to UIExtensionAbility successfully."); } /* @@ -548,7 +537,11 @@ void UIExtensionCallback::OnRemoteReady(const std::shared_ptr asyncContext) napi_value NapiRequestPermission::RequestPermissionsFromUser(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestPermissionsFromUser begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestPermissionsFromUser begin."); // use handle to protect asyncContext std::shared_ptr asyncContext = std::make_shared(env); @@ -611,7 +604,7 @@ napi_value NapiRequestPermission::RequestPermissionsFromUser(napi_env env, napi_ NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContextHandle->asyncContextPtr->work, napi_qos_user_initiated)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestPermissionsFromUser end."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestPermissionsFromUser end."); asyncContextHandle.release(); return result; } @@ -624,7 +617,7 @@ bool NapiRequestPermission::ParseRequestPermissionFromUser(const napi_env& env, napi_value thisVar = nullptr; if (napi_get_cb_info(env, cbInfo, &argc, argv, &thisVar, nullptr) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_get_cb_info failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_get_cb_info failed"); return false; } if (argc < NapiContextCommon::MAX_PARAMS_THREE - 1) { @@ -642,7 +635,7 @@ bool NapiRequestPermission::ParseRequestPermissionFromUser(const napi_env& env, env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); + LOGI(ATM_DOMAIN, ATM_TAG, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); // argv[1] : permissionList if (!ParseStringArray(env, argv[1], asyncContext->permissionList) || @@ -671,48 +664,50 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void { // asyncContext release in complete RequestAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); - std::string bundleName = ""; - if (asyncContextHandle->asyncContextPtr->uiAbilityFlag) { - asyncContextHandle->asyncContextPtr->tokenId = - asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->accessTokenId; - bundleName = asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->bundleName; - } else { - asyncContextHandle->asyncContextPtr->tokenId = - asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->accessTokenId; - bundleName = asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->bundleName; - } - AccessTokenID selfTokenID = static_cast(GetSelfTokenID()); + static AccessTokenID selfTokenID = static_cast(GetSelfTokenID()); if (asyncContextHandle->asyncContextPtr->tokenId != selfTokenID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "The context tokenID: %{public}d, selfTokenID: %{public}d.", + LOGE(ATM_DOMAIN, ATM_TAG, "The context tokenID: %{public}d, selfTokenID: %{public}d.", asyncContextHandle->asyncContextPtr->tokenId, selfTokenID); asyncContextHandle->asyncContextPtr->result = RET_FAILED; + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQ_PERM_FROM_USER_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", TOKENID_INCONSISTENCY, + "SELF_TOKEN", selfTokenID, "CONTEXT_TOKEN", asyncContextHandle->asyncContextPtr->tokenId); return; } if (!IsDynamicRequest(asyncContextHandle->asyncContextPtr)) { - ACCESSTOKEN_LOG_INFO(LABEL, "It does not need to request permission"); + LOGI(ATM_DOMAIN, ATM_TAG, "It does not need to request permission"); asyncContextHandle->asyncContextPtr->needDynamicRequest = false; return; } GetInstanceId(asyncContextHandle->asyncContextPtr); // service extension dialog if (asyncContextHandle->asyncContextPtr->info.grantBundleName == ORI_PERMISSION_MANAGER_BUNDLE_NAME) { - ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog"); - StartServiceExtension(asyncContextHandle->asyncContextPtr); + LOGI(ATM_DOMAIN, ATM_TAG, "Pop service extension dialog, uiContentFlag=%{public}d", + asyncContextHandle->asyncContextPtr->uiContentFlag); + if (asyncContextHandle->asyncContextPtr->uiContentFlag) { + RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); + } else { + CreateServiceExtension(asyncContextHandle->asyncContextPtr); + } } else if (asyncContextHandle->asyncContextPtr->instanceId == -1) { + LOGI(ATM_DOMAIN, ATM_TAG, "Pop service extension dialog, instanceId is -1."); CreateServiceExtension(asyncContextHandle->asyncContextPtr); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "BUNDLENAME", bundleName, "UIEXTENSION_FLAG", false); + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, + "UIEXTENSION_FLAG", false); } else { - ACCESSTOKEN_LOG_INFO(LABEL, "Pop ui extension dialog"); + LOGI(ATM_DOMAIN, ATM_TAG, "Pop ui extension dialog"); asyncContextHandle->asyncContextPtr->uiExtensionFlag = true; RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "BUNDLENAME", bundleName, + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, "UIEXTENSION_FLAG", asyncContextHandle->asyncContextPtr->uiExtensionFlag); if (!asyncContextHandle->asyncContextPtr->uiExtensionFlag) { - ACCESSTOKEN_LOG_WARN(LABEL, "Pop uiextension dialog fail, start to pop service extension dialog"); - StartServiceExtension(asyncContextHandle->asyncContextPtr); + LOGW(ATM_DOMAIN, ATM_TAG, "Pop uiextension dialog fail, start to pop service extension dialog."); + RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); } } } @@ -727,13 +722,14 @@ void NapiRequestPermission::RequestPermissionsFromUserComplete(napi_env env, nap } if ((asyncContextHandle->asyncContextPtr->permissionsState.empty()) && (asyncContextHandle->asyncContextPtr->result == JsErrorCode::JS_OK)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantResults empty"); + LOGE(ATM_DOMAIN, ATM_TAG, "GrantResults empty"); asyncContextHandle->asyncContextPtr->result = RET_FAILED; } napi_value requestResult = WrapRequestResult(env, asyncContextHandle->asyncContextPtr->permissionList, - asyncContextHandle->asyncContextPtr->permissionsState, asyncContextHandle->asyncContextPtr->dialogShownResults); + asyncContextHandle->asyncContextPtr->permissionsState, asyncContextHandle->asyncContextPtr->dialogShownResults, + asyncContextHandle->asyncContextPtr->errorReasons); if (requestResult == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Wrap requestResult failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Wrap requestResult failed"); if (asyncContextHandle->asyncContextPtr->result == JsErrorCode::JS_OK) { asyncContextHandle->asyncContextPtr->result = RET_FAILED; } @@ -751,11 +747,11 @@ void NapiRequestPermission::RequestPermissionsFromUserComplete(napi_env env, nap napi_value NapiRequestPermission::GetPermissionsStatus(napi_env env, napi_callback_info info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionsStatus begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionsStatus begin."); auto* asyncContext = new (std::nothrow) RequestAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail."); return nullptr; } @@ -776,7 +772,7 @@ napi_value NapiRequestPermission::GetPermissionsStatus(napi_env env, napi_callba // add async work handle to the napi queue and wait for result napi_queue_async_work_with_qos(env, asyncContext->work, napi_qos_default); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionsStatus end."); + LOGD(ATM_DOMAIN, ATM_TAG, "GetPermissionsStatus end."); context.release(); return result; } @@ -814,7 +810,7 @@ bool NapiRequestPermission::ParseInputToGetQueryResult(const napi_env& env, cons env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID = %{public}d, permissionList size = %{public}zu", asyncContext.tokenId, + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID = %{public}d, permissionList size = %{public}zu", asyncContext.tokenId, asyncContext.permissionList.size()); return true; } @@ -825,18 +821,18 @@ void NapiRequestPermission::GetPermissionsStatusExecute(napi_env env, void *data std::vector permList; for (const auto& permission : asyncContext->permissionList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Permission: %{public}s.", permission.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Permission: %{public}s.", permission.c_str()); PermissionListState permState; permState.permissionName = permission; permState.state = INVALID_OPER; permList.emplace_back(permState); } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size: %{public}zu, asyncContext->permissionList size: %{public}zu.", + LOGD(ATM_DOMAIN, ATM_TAG, "PermList size: %{public}zu, asyncContext->permissionList size: %{public}zu.", permList.size(), asyncContext->permissionList.size()); asyncContext->result = AccessTokenKit::GetPermissionsStatus(asyncContext->tokenId, permList); for (const auto& permState : permList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Permission: %{public}s", permState.permissionName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Permission: %{public}s", permState.permissionName.c_str()); asyncContext->permissionQueryResults.emplace_back(permState.state); } } @@ -847,7 +843,7 @@ void NapiRequestPermission::GetPermissionsStatusComplete(napi_env env, napi_stat std::unique_ptr callbackPtr {asyncContext}; if ((asyncContext->permissionQueryResults.empty()) && asyncContext->result == JsErrorCode::JS_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionQueryResults empty"); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionQueryResults empty"); asyncContext->result = RET_FAILED; } napi_value result; @@ -867,8 +863,9 @@ void RequestAsyncInstanceControl::CheckDynamicRequest( { asyncContext->permissionsState.clear(); asyncContext->dialogShownResults.clear(); + asyncContext->errorReasons.clear(); if (!NapiRequestPermission::IsDynamicRequest(asyncContext)) { - ACCESSTOKEN_LOG_INFO(LABEL, "It does not need to request permission exsion"); + LOGI(ATM_DOMAIN, ATM_TAG, "It does not need to request permission exsion"); RequestResultsHandler(asyncContext->permissionList, asyncContext->permissionsState, asyncContext); return; } @@ -877,13 +874,13 @@ void RequestAsyncInstanceControl::CheckDynamicRequest( void RequestAsyncInstanceControl::AddCallbackByInstanceId(std::shared_ptr& asyncContext) { - ACCESSTOKEN_LOG_INFO(LABEL, "InstanceId: %{public}d", asyncContext->instanceId); + LOGI(ATM_DOMAIN, ATM_TAG, "InstanceId: %{public}d", asyncContext->instanceId); { std::lock_guard lock(instanceIdMutex_); auto iter = instanceIdMap_.find(asyncContext->instanceId); // id is existed mean a pop window is showing, add context to waiting queue if (iter != instanceIdMap_.end()) { - ACCESSTOKEN_LOG_INFO(LABEL, "InstanceId: %{public}d has existed.", asyncContext->instanceId); + LOGI(ATM_DOMAIN, ATM_TAG, "InstanceId: %{public}d has existed.", asyncContext->instanceId); instanceIdMap_[asyncContext->instanceId].emplace_back(asyncContext); return; } @@ -906,16 +903,11 @@ void RequestAsyncInstanceControl::ExecCallback(int32_t id) std::lock_guard lock(instanceIdMutex_); auto iter = instanceIdMap_.find(id); if (iter == instanceIdMap_.end()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d not existed.", id); - return; - } - if (iter->second.empty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map is empty", id); - instanceIdMap_.erase(id); + LOGI(ATM_DOMAIN, ATM_TAG, "Id: %{public}d not existed.", id); return; } while (!iter->second.empty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id: %{public}d, map size: %{public}zu.", id, iter->second.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "Id: %{public}d, map size: %{public}zu.", id, iter->second.size()); asyncContext = iter->second[0]; iter->second.erase(iter->second.begin()); CheckDynamicRequest(asyncContext, isDynamic); @@ -923,6 +915,10 @@ void RequestAsyncInstanceControl::ExecCallback(int32_t id) break; } } + if (iter->second.empty()) { + LOGI(ATM_DOMAIN, ATM_TAG, "Id: %{public}d, map is empty", id); + instanceIdMap_.erase(id); + } } if (isDynamic) { if (asyncContext->uiExtensionFlag) { diff --git a/interfaces/kits/accesstoken/napi/src/napi_request_permission_on_setting.cpp b/frameworks/js/napi/accesstoken/src/napi_request_permission_on_setting.cpp similarity index 71% rename from interfaces/kits/accesstoken/napi/src/napi_request_permission_on_setting.cpp rename to frameworks/js/napi/accesstoken/src/napi_request_permission_on_setting.cpp index 56458fda3a72ffa84567e83dab400f3d71b3ca1e..f252956596c37f87e71985a06cf01c2956320aae 100644 --- a/interfaces/kits/accesstoken/napi/src/napi_request_permission_on_setting.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_request_permission_on_setting.cpp @@ -16,7 +16,7 @@ #include "ability.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "napi_base_context.h" #include "token_setproc.h" #include "want.h" @@ -25,9 +25,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NapiRequestPermissionOnSetting" -}; const std::string PERMISSION_KEY = "ohos.user.setting.permission"; const std::string PERMISSION_RESULT_KEY = "ohos.user.setting.permission.result"; const std::string RESULT_ERROR_KEY = "ohos.user.setting.error_code"; @@ -79,12 +76,12 @@ static napi_value GetContext( bool stageMode = false; napi_status status = OHOS::AbilityRuntime::IsStageContext(env, value, stageMode); if (status != napi_ok || !stageMode) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is not a stage mode."); + LOGE(ATM_DOMAIN, ATM_TAG, "It is not a stage mode."); return nullptr; } else { auto context = AbilityRuntime::GetStageModeContext(env, value); if (context == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Get application context."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Get application context."); return nullptr; } asyncContext->abilityContext = @@ -92,11 +89,11 @@ static napi_value GetContext( if (asyncContext->abilityContext != nullptr) { asyncContext->uiAbilityFlag = true; } else { - ACCESSTOKEN_LOG_WARN(LABEL, "Failed to convert to ability context."); + LOGW(ATM_DOMAIN, ATM_TAG, "Failed to convert to ability context."); asyncContext->uiExtensionContext = AbilityRuntime::Context::ConvertTo(context); if (asyncContext->uiExtensionContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to convert to ui extension context."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to convert to ui extension context."); return nullptr; } } @@ -143,52 +140,16 @@ static int32_t TransferToJsErrorCode(int32_t errCode) jsCode = JS_ERROR_INNER; break; } - ACCESSTOKEN_LOG_INFO(LABEL, "dialog error(%{public}d) jsCode(%{public}d).", errCode, jsCode); + LOGI(ATM_DOMAIN, ATM_TAG, "dialog error(%{public}d) jsCode(%{public}d).", errCode, jsCode); return jsCode; } -static void ResultCallbackJSThreadWorker(uv_work_t* work, int32_t status) -{ - (void)status; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Uv_queue_work_with_qos input work is nullptr"); - return; - } - std::unique_ptr uvWorkPtr {work}; - PermissonOnSettingResultCallback *retCB = reinterpret_cast(work->data); - if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RetCB is nullptr"); - return; - } - std::unique_ptr callbackPtr {retCB}; - std::shared_ptr asyncContext = retCB->data; - if (asyncContext == nullptr) { - return; - } - - int32_t result = retCB->jsCode; - napi_handle_scope scope = nullptr; - napi_open_handle_scope(asyncContext->env, &scope); - if (scope == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_open_handle_scope failed"); - return; - } - napi_value requestResult = WrapRequestResult(asyncContext->env, retCB->stateList); - if ((result == JS_OK) && (requestResult == nullptr)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Wrap requestResult failed"); - result = JS_ERROR_INNER; - } - - ReturnPromiseResult(asyncContext->env, retCB->jsCode, asyncContext->deferred, requestResult); - napi_close_handle_scope(asyncContext->env, scope); -} - static void PermissionResultsCallbackUI(int32_t jsCode, const std::vector stateList, std::shared_ptr& data) { auto* retCB = new (std::nothrow) PermissonOnSettingResultCallback(); if (retCB == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Insufficient memory for work!"); return; } @@ -196,25 +157,59 @@ static void PermissionResultsCallbackUI(int32_t jsCode, retCB->jsCode = jsCode; retCB->stateList = stateList; retCB->data = data; + auto task = [retCB]() { + std::shared_ptr asyncContext = retCB->data; + if (asyncContext == nullptr) { + delete retCB; + return; + } - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(data->env, napi_get_uv_event_loop(data->env, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; + int32_t result = retCB->jsCode; + napi_handle_scope scope = nullptr; + napi_open_handle_scope(asyncContext->env, &scope); + if (scope == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_open_handle_scope failed"); + delete retCB; + return; + } + napi_value requestResult = WrapRequestResult(asyncContext->env, retCB->stateList); + if ((result == JS_OK) && (requestResult == nullptr)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Wrap requestResult failed"); + result = JS_ERROR_INNER; + } + + ReturnPromiseResult(asyncContext->env, retCB->jsCode, asyncContext->deferred, requestResult); + napi_close_handle_scope(asyncContext->env, scope); + delete retCB; + }; + if (napi_status::napi_ok != napi_send_event(data->env, task, napi_eprio_immediate)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionResultsCallbackUI: Failed to SendEvent"); + } else { + callbackPtr.release(); } - std::unique_ptr uvWorkPtr {work}; - work->data = reinterpret_cast(retCB); - NAPI_CALL_RETURN_VOID(data->env, uv_queue_work_with_qos( - loop, work, [](uv_work_t* work) {}, ResultCallbackJSThreadWorker, uv_qos_user_initiated)); +} - uvWorkPtr.release(); - callbackPtr.release(); +static void CloseModalUIExtensionMainThread(std::shared_ptr& asyncContext, + int32_t sessionId) +{ + auto task = [asyncContext, sessionId]() { + Ace::UIContent* uiContent = GetUIContent(asyncContext); + if (uiContent == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get ui content failed!"); + return; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Close uiextension component"); + uiContent->CloseModalUIExtension(sessionId); + }; +#ifdef EVENTHANDLER_ENABLE + if (asyncContext->handler_ != nullptr) { + asyncContext->handler_->PostSyncTask(task, "AT:CloseModalUIExtensionMainThread"); + } else { + task(); + } +#else + task(); +#endif } void PermissonOnSettingUICallback::ReleaseHandler(int32_t code) @@ -222,18 +217,12 @@ void PermissonOnSettingUICallback::ReleaseHandler(int32_t code) { std::lock_guard lock(g_lockFlag); if (this->reqContext_->releaseFlag) { - ACCESSTOKEN_LOG_WARN(LABEL, "Callback has executed."); + LOGW(ATM_DOMAIN, ATM_TAG, "Callback has executed."); return; } this->reqContext_->releaseFlag = true; } - Ace::UIContent* uiContent = GetUIContent(this->reqContext_); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); - return; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Close uiextension component"); - uiContent->CloseModalUIExtension(this->sessionId_); + CloseModalUIExtensionMainThread(this->reqContext_, this->sessionId_); if (code == -1) { this->reqContext_->errorCode = code; } @@ -262,7 +251,7 @@ void PermissonOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Wan { this->reqContext_->errorCode = result.GetIntParam(RESULT_ERROR_KEY, 0); this->reqContext_->stateList = result.GetIntArrayParam(PERMISSION_RESULT_KEY); - ACCESSTOKEN_LOG_INFO(LABEL, "ResultCode is %{public}d, errorCode=%{public}d, listSize=%{public}zu", + LOGI(ATM_DOMAIN, ATM_TAG, "ResultCode is %{public}d, errorCode=%{public}d, listSize=%{public}zu", resultCode, this->reqContext_->errorCode, this->reqContext_->stateList.size()); ReleaseHandler(0); } @@ -272,7 +261,7 @@ void PermissonOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Wan */ void PermissonOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); } /* @@ -281,7 +270,7 @@ void PermissonOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) */ void PermissonOnSettingUICallback::OnRelease(int32_t releaseCode) { - ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseCode is %{public}d", releaseCode); + LOGI(ATM_DOMAIN, ATM_TAG, "ReleaseCode is %{public}d", releaseCode); ReleaseHandler(-1); } @@ -291,7 +280,7 @@ void PermissonOnSettingUICallback::OnRelease(int32_t releaseCode) */ void PermissonOnSettingUICallback::OnError(int32_t code, const std::string& name, const std::string& message) { - ACCESSTOKEN_LOG_INFO(LABEL, "Code is %{public}d, name is %{public}s, message is %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Code is %{public}d, name is %{public}s, message is %{public}s", code, name.c_str(), message.c_str()); ReleaseHandler(-1); @@ -303,7 +292,7 @@ void PermissonOnSettingUICallback::OnError(int32_t code, const std::string& name */ void PermissonOnSettingUICallback::OnRemoteReady(const std::shared_ptr& uiProxy) { - ACCESSTOKEN_LOG_INFO(LABEL, "Connect to UIExtensionAbility successfully."); + LOGI(ATM_DOMAIN, ATM_TAG, "Connect to UIExtensionAbility successfully."); } /* @@ -311,18 +300,47 @@ void PermissonOnSettingUICallback::OnRemoteReady(const std::shared_ptr asyncContext) +static void CreateUIExtensionMainThread(std::shared_ptr& asyncContext, + const AAFwk::Want& want, const Ace::ModalUIExtensionCallbacks& uiExtensionCallbacks, + const std::shared_ptr& uiExtCallback) { - Ace::UIContent* uiContent = GetUIContent(asyncContext); - if (uiContent == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to get ui content!"); - asyncContext->result = RET_FAILED; - return RET_FAILED; + auto task = [asyncContext, want, uiExtensionCallbacks, uiExtCallback]() { + Ace::UIContent* uiContent = GetUIContent(asyncContext); + if (uiContent == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get ui content!"); + asyncContext->result = RET_FAILED; + return; + } + + Ace::ModalUIExtensionConfig config; + config.isProhibitBack = true; + int32_t sessionId = uiContent->CreateModalUIExtension(want, uiExtensionCallbacks, config); + LOGI(ATM_DOMAIN, ATM_TAG, "Create end, sessionId: %{public}d, tokenId: %{public}d.", + sessionId, asyncContext->tokenId); + if (sessionId == 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create component, sessionId is 0."); + asyncContext->result = RET_FAILED; + return; + } + uiExtCallback->SetSessionId(sessionId); + }; +#ifdef EVENTHANDLER_ENABLE + if (asyncContext->handler_ != nullptr) { + asyncContext->handler_->PostSyncTask(task, "AT:CreateUIExtensionMainThread"); + } else { + task(); } +#else + task(); +#endif +} + +static int32_t CreateUIExtension(const Want &want, std::shared_ptr asyncContext) +{ auto uiExtCallback = std::make_shared(asyncContext); Ace::ModalUIExtensionCallbacks uiExtensionCallbacks = { [uiExtCallback](int32_t releaseCode) { @@ -345,17 +363,10 @@ static int32_t CreateUIExtension(const Want &want, std::shared_ptrCreateModalUIExtension(want, uiExtensionCallbacks, config); - ACCESSTOKEN_LOG_INFO(LABEL, "Create end, sessionId: %{public}d, tokenId: %{public}d, permSize: %{public}zu.", - sessionId, asyncContext->tokenId, asyncContext->permissionList.size()); - if (sessionId == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create component, sessionId is 0."); - asyncContext->result = RET_FAILED; + CreateUIExtensionMainThread(asyncContext, want, uiExtensionCallbacks, uiExtCallback); + if (asyncContext->result == RET_FAILED) { return RET_FAILED; } - uiExtCallback->SetSessionId(sessionId); return JS_OK; } @@ -363,7 +374,7 @@ static int32_t StartUIExtension(std::shared_ptrinfo); - ACCESSTOKEN_LOG_INFO(LABEL, "bundleName: %{public}s, permStateAbilityName: %{public}s.", + LOGI(ATM_DOMAIN, ATM_TAG, "bundleName: %{public}s, permStateAbilityName: %{public}s.", asyncContext->info.grantBundleName.c_str(), asyncContext->info.permStateAbilityName.c_str()); want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.permStateAbilityName); want.SetParam(PERMISSION_KEY, asyncContext->permissionList); @@ -373,7 +384,7 @@ static int32_t StartUIExtension(std::shared_ptr asyncContext = std::make_shared(env); @@ -398,7 +409,7 @@ napi_value NapiRequestPermissionOnSetting::RequestPermissionOnSetting(napi_env e NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContextHandle->asyncContextPtr->work, napi_qos_user_initiated)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestPermissionOnSetting end."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestPermissionOnSetting end."); asyncContextHandle.release(); return result; } @@ -411,7 +422,7 @@ bool NapiRequestPermissionOnSetting::ParseRequestPermissionOnSetting(const napi_ napi_value thisVar = nullptr; if (napi_get_cb_info(env, cbInfo, &argc, argv, &thisVar, nullptr) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_get_cb_info failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_get_cb_info failed"); return false; } if (argc < NapiContextCommon::MAX_PARAMS_TWO - 1) { @@ -429,7 +440,7 @@ bool NapiRequestPermissionOnSetting::ParseRequestPermissionOnSetting(const napi_ env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); + LOGI(ATM_DOMAIN, ATM_TAG, "AsyncContext.uiAbilityFlag is: %{public}d.", asyncContext->uiAbilityFlag); // argv[1] : permissionList if (!ParseStringArray(env, argv[1], asyncContext->permissionList) || @@ -439,6 +450,9 @@ bool NapiRequestPermissionOnSetting::ParseRequestPermissionOnSetting(const napi_ env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false); return false; } +#ifdef EVENTHANDLER_ENABLE + asyncContext->handler_ = std::make_shared(AppExecFwk::EventRunner::GetMainEventRunner()); +#endif return true; } @@ -447,35 +461,43 @@ void NapiRequestPermissionOnSetting::RequestPermissionOnSettingExecute(napi_env // asyncContext release in complete RequestOnSettingAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); - if (asyncContextHandle == nullptr) { + if ((asyncContextHandle == nullptr) || (asyncContextHandle->asyncContextPtr == nullptr)) { return; } if (asyncContextHandle->asyncContextPtr->uiAbilityFlag) { + if ((asyncContextHandle->asyncContextPtr->abilityContext == nullptr) || + (asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo() == nullptr)) { + return; + } asyncContextHandle->asyncContextPtr->tokenId = asyncContextHandle->asyncContextPtr->abilityContext->GetApplicationInfo()->accessTokenId; } else { + if ((asyncContextHandle->asyncContextPtr->uiExtensionContext == nullptr) || + (asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo() == nullptr)) { + return; + } asyncContextHandle->asyncContextPtr->tokenId = asyncContextHandle->asyncContextPtr->uiExtensionContext->GetApplicationInfo()->accessTokenId; } static AccessTokenID currToken = static_cast(GetSelfTokenID()); if (asyncContextHandle->asyncContextPtr->tokenId != currToken) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "The context(token=%{public}d) is not belong to the current application(currToken=%{public}d).", asyncContextHandle->asyncContextPtr->tokenId, currToken); asyncContextHandle->asyncContextPtr->result = ERR_PARAM_INVALID; return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Start to pop ui extension dialog"); + LOGI(ATM_DOMAIN, ATM_TAG, "Start to pop ui extension dialog"); StartUIExtension(asyncContextHandle->asyncContextPtr); if (asyncContextHandle->asyncContextPtr->result != JsErrorCode::JS_OK) { - ACCESSTOKEN_LOG_WARN(LABEL, "Failed to pop uiextension dialog."); + LOGW(ATM_DOMAIN, ATM_TAG, "Failed to pop uiextension dialog."); } } void NapiRequestPermissionOnSetting::RequestPermissionOnSettingComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RequestPermissionOnSettingComplete begin."); + LOGD(ATM_DOMAIN, ATM_TAG, "RequestPermissionOnSettingComplete begin."); RequestOnSettingAsyncContextHandle* asyncContextHandle = reinterpret_cast(data); if (asyncContextHandle == nullptr || asyncContextHandle->asyncContextPtr == nullptr) { diff --git a/interfaces/kits/common/BUILD.gn b/frameworks/js/napi/common/BUILD.gn similarity index 92% rename from interfaces/kits/common/BUILD.gn rename to frameworks/js/napi/common/BUILD.gn index a8fc1b351b69feb95fab87f1347542d073fa5d26..10b5fbf057a368cf488ac99af82bea58a3e85520 100644 --- a/interfaces/kits/common/BUILD.gn +++ b/frameworks/js/napi/common/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_static_library("libnapi_common") { sanitize = { @@ -25,7 +25,7 @@ ohos_static_library("libnapi_common") { include_dirs = [ "${access_token_path}/frameworks/common/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", - "include", + "${access_token_path}/interfaces/kits/js/napi/common/include", ] sources = [ diff --git a/interfaces/kits/common/src/napi_common.cpp b/frameworks/js/napi/common/src/napi_common.cpp similarity index 86% rename from interfaces/kits/common/src/napi_common.cpp rename to frameworks/js/napi/common/src/napi_common.cpp index f1e3f165618c22edd4e2e7ca4ad446384a92581f..60387ea3b26cbab9793649aba7c63377345f4273 100644 --- a/interfaces/kits/common/src/napi_common.cpp +++ b/frameworks/js/napi/common/src/napi_common.cpp @@ -13,20 +13,17 @@ * limitations under the License. */ #include "napi_common.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "CommonNapi"}; -} // namespace bool IsCurrentThread(std::thread::id threadId) { std::thread::id currentThread = std::this_thread::get_id(); if (threadId != currentThread) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Napi_ref can not be compared,different threadId"); + LOGE(ATM_DOMAIN, ATM_TAG, "Napi_ref can not be compared,different threadId"); return false; } return true; @@ -53,7 +50,7 @@ bool CheckType(const napi_env& env, const napi_value& value, const napi_valuetyp napi_valuetype valuetype = napi_undefined; napi_typeof(env, value, &valuetype); if (valuetype != type) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Value type dismatch, [%{public}d]->[%{public}d]", valuetype, type); + LOGE(ATM_DOMAIN, ATM_TAG, "Value type dismatch, [%{public}d]->[%{public}d]", valuetype, type); return false; } return true; @@ -66,7 +63,7 @@ bool ParseBool(const napi_env& env, const napi_value& value, bool& result) } if (napi_get_value_bool(env, value, &result) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value bool"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value bool"); return false; } return true; @@ -78,7 +75,7 @@ bool ParseInt32(const napi_env& env, const napi_value& value, int32_t& result) return false; } if (napi_get_value_int32(env, value, &result) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value int32"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value int32"); return false; } return true; @@ -90,7 +87,7 @@ bool ParseInt64(const napi_env& env, const napi_value& value, int64_t& result) return false; } if (napi_get_value_int64(env, value, &result) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value int64"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value int64"); return false; } return true; @@ -102,7 +99,7 @@ bool ParseUint32(const napi_env& env, const napi_value& value, uint32_t& result) return false; } if (napi_get_value_uint32(env, value, &result) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value uint32"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value uint32"); return false; } return true; @@ -115,13 +112,13 @@ bool ParseString(const napi_env& env, const napi_value& value, std::string& resu } size_t size; if (napi_get_value_string_utf8(env, value, nullptr, 0, &size) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get string size"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get string size"); return false; } result.reserve(size + 1); result.resize(size); if (napi_get_value_string_utf8(env, value, result.data(), size + 1, &size) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value string"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value string"); return false; } return true; @@ -136,10 +133,10 @@ bool ParseStringArray(const napi_env& env, const napi_value& value, std::vector< uint32_t length = 0; napi_get_array_length(env, value, &length); - ACCESSTOKEN_LOG_INFO(LABEL, "Array size is %{public}d", length); + LOGI(ATM_DOMAIN, ATM_TAG, "Array size is %{public}d", length); if (length == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Array is empty"); + LOGI(ATM_DOMAIN, ATM_TAG, "Array is empty"); return true; } @@ -213,7 +210,7 @@ bool ParseCallback(const napi_env& env, const napi_value& value, napi_ref& resul return false; } if (napi_create_reference(env, value, 1, &result) != napi_ok) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get value callback"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get value callback"); return false; } return true; diff --git a/interfaces/kits/common/src/napi_error.cpp b/frameworks/js/napi/common/src/napi_error.cpp similarity index 100% rename from interfaces/kits/common/src/napi_error.cpp rename to frameworks/js/napi/common/src/napi_error.cpp diff --git a/interfaces/kits/el5filekeymanager/BUILD.gn b/frameworks/js/napi/el5filekeymanager/BUILD.gn similarity index 72% rename from interfaces/kits/el5filekeymanager/BUILD.gn rename to frameworks/js/napi/el5filekeymanager/BUILD.gn index 69ded2028a6ea013d7c32b6196c0a51d44edccd9..7a42453e552fd6246abf2496fcff4f6426a8d98f 100644 --- a/interfaces/kits/el5filekeymanager/BUILD.gn +++ b/frameworks/js/napi/el5filekeymanager/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_shared_library("screenlockfilemanager") { sanitize = { @@ -23,16 +23,17 @@ ohos_shared_library("screenlockfilemanager") { branch_protector_ret = "pac_ret" include_dirs = [ - "${access_token_path}/frameworks/el5filekeymanager/include", - "${access_token_path}/interfaces/innerkits/el5filekeymanager/include", - "napi/include", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", + "${access_token_path}/interfaces/inner_api/el5filekeymanager/include", + "${access_token_path}/interfaces/kits/js/napi/el5filekeymanager/include", ] - sources = [ "napi/src/el5_filekey_manager_napi.cpp" ] + sources = [ "src/el5_filekey_manager_napi.cpp" ] - deps = [ "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk" ] + deps = [ "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk" ] external_deps = [ + "c_utils:utils", "hilog:libhilog", "ipc:ipc_single", "napi:ace_napi", diff --git a/interfaces/kits/el5filekeymanager/napi/src/el5_filekey_manager_napi.cpp b/frameworks/js/napi/el5filekeymanager/src/el5_filekey_manager_napi.cpp similarity index 72% rename from interfaces/kits/el5filekeymanager/napi/src/el5_filekey_manager_napi.cpp rename to frameworks/js/napi/el5filekeymanager/src/el5_filekey_manager_napi.cpp index 132414ff52360fb30222d2a46140d2c58d760894..9b1053a56760c15511d0362f53e9ddbafb322ce0 100644 --- a/interfaces/kits/el5filekeymanager/napi/src/el5_filekey_manager_napi.cpp +++ b/frameworks/js/napi/el5filekeymanager/src/el5_filekey_manager_napi.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -81,6 +81,7 @@ bool CheckDataType(napi_env env, int32_t dataLockType) { if ((static_cast(dataLockType) != DEFAULT_DATA) && (static_cast(dataLockType) != MEDIA_DATA) && + (static_cast(dataLockType) != GROUP_ID_DATA) && (static_cast(dataLockType) != ALL_DATA)) { ThrowError(env, EFM_ERR_INVALID_DATATYPE); return false; @@ -150,6 +151,55 @@ napi_value ReleaseAccess(napi_env env, napi_callback_info info) return result; } +napi_value QueryAppKeyState(napi_env env, napi_callback_info info) +{ + size_t argc = MAX_PARAM_SIZE; + napi_value argv[MAX_PARAM_SIZE] = {nullptr}; + if (napi_get_cb_info(env, info, &argc, argv, NULL, NULL) != napi_ok) { + LOG_ERROR("napi_get_cb_info failed."); + ThrowError(env, EFM_ERR_INVALID_PARAMETER); + return nullptr; + } + + int32_t dataLockType = DEFAULT_DATA; + if ((argc == MAX_PARAM_SIZE) && !ParseDataType(env, argv[0], dataLockType)) { + return nullptr; + } + + if (!CheckDataType(env, dataLockType)) { + LOG_ERROR("Invalid DataType."); + return nullptr; + } + + int32_t retCode = El5FilekeyManagerKit::QueryAppKeyState(static_cast(dataLockType)); + switch (retCode) { + case EFM_SUCCESS: + retCode = KEY_EXIST; + break; + case EFM_ERR_ACCESS_RELEASED: + retCode = KEY_RELEASED; + break; + case EFM_ERR_FIND_ACCESS_FAILED: + retCode = KEY_NOT_EXIST; + break; + default: + ThrowError(env, retCode); + retCode = KEY_RELEASED; + break; + } + + napi_value result = nullptr; + NAPI_CALL(env, napi_create_int32(env, retCode, &result)); + return result; +} + +static void SetNamedProperty(napi_env env, napi_value dstObj, const int32_t objValue, const char *propName) +{ + napi_value prop = nullptr; + napi_create_int32(env, objValue, &prop); + napi_set_named_property(env, dstObj, propName, prop); +} + EXTERN_C_START /* * function for module exports @@ -158,48 +208,38 @@ static napi_value Init(napi_env env, napi_value exports) { napi_property_descriptor properties[] = { DECLARE_NAPI_FUNCTION("acquireAccess", AcquireAccess), - DECLARE_NAPI_FUNCTION("releaseAccess", ReleaseAccess) + DECLARE_NAPI_FUNCTION("releaseAccess", ReleaseAccess), + DECLARE_NAPI_FUNCTION("queryAppKeyState", QueryAppKeyState) }; napi_define_properties(env, exports, sizeof(properties) / sizeof(properties[0]), properties); napi_value dataType = nullptr; napi_create_object(env, &dataType); - - napi_value prop = nullptr; - napi_create_int32(env, MEDIA_DATA, &prop); - napi_set_named_property(env, dataType, "MEDIA_DATA", prop); - - prop = nullptr; - napi_create_int32(env, ALL_DATA, &prop); - napi_set_named_property(env, dataType, "ALL_DATA", prop); + SetNamedProperty(env, dataType, MEDIA_DATA, "MEDIA_DATA"); + SetNamedProperty(env, dataType, ALL_DATA, "ALL_DATA"); napi_value accessStatus = nullptr; napi_create_object(env, &accessStatus); - - prop = nullptr; - napi_create_int32(env, ACCESS_GRANTED, &prop); - napi_set_named_property(env, accessStatus, "ACCESS_GRANTED", prop); - - prop = nullptr; - napi_create_int32(env, ACCESS_DENIED, &prop); - napi_set_named_property(env, accessStatus, "ACCESS_DENIED", prop); + SetNamedProperty(env, accessStatus, ACCESS_GRANTED, "ACCESS_GRANTED"); + SetNamedProperty(env, accessStatus, ACCESS_DENIED, "ACCESS_DENIED"); napi_value releaseStatus = nullptr; napi_create_object(env, &releaseStatus); + SetNamedProperty(env, releaseStatus, RELEASE_GRANTED, "RELEASE_GRANTED"); + SetNamedProperty(env, releaseStatus, RELEASE_DENIED, "RELEASE_DENIED"); - prop = nullptr; - napi_create_int32(env, RELEASE_GRANTED, &prop); - napi_set_named_property(env, releaseStatus, "RELEASE_GRANTED", prop); - - prop = nullptr; - napi_create_int32(env, RELEASE_DENIED, &prop); - napi_set_named_property(env, releaseStatus, "RELEASE_DENIED", prop); + napi_value keyStatus = nullptr; + napi_create_object(env, &keyStatus); + SetNamedProperty(env, keyStatus, KEY_NOT_EXIST, "KEY_NOT_EXIST"); + SetNamedProperty(env, keyStatus, KEY_EXIST, "KEY_EXIST"); + SetNamedProperty(env, keyStatus, KEY_RELEASED, "KEY_RELEASED"); napi_property_descriptor exportFuncs[] = { DECLARE_NAPI_PROPERTY("DataType", dataType), DECLARE_NAPI_PROPERTY("AccessStatus", accessStatus), DECLARE_NAPI_PROPERTY("ReleaseStatus", releaseStatus), + DECLARE_NAPI_PROPERTY("KeyStatus", keyStatus), }; napi_define_properties(env, exports, sizeof(exportFuncs) / sizeof(exportFuncs[0]), exportFuncs); diff --git a/interfaces/kits/privacy/BUILD.gn b/frameworks/js/napi/privacy/BUILD.gn similarity index 84% rename from interfaces/kits/privacy/BUILD.gn rename to frameworks/js/napi/privacy/BUILD.gn index 14b8f850c4278a0ed821591ffae8f048dd6f0ecf..4621e476019064ad2a4560bb51c3b5b6b8c98f0e 100644 --- a/interfaces/kits/privacy/BUILD.gn +++ b/frameworks/js/napi/privacy/BUILD.gn @@ -12,7 +12,7 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") +import("../../../../access_token.gni") ohos_shared_library("libprivacymanager") { sanitize = { @@ -26,14 +26,14 @@ ohos_shared_library("libprivacymanager") { "${access_token_path}/frameworks/privacy/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", - "${access_token_path}/interfaces/kits/common/include", - "napi/include", + "${access_token_path}/interfaces/kits/js/napi/common/include", + "${access_token_path}/interfaces/kits/js/napi/privacy/include", ] sources = [ - "napi/src/napi_context_common.cpp", - "napi/src/native_module.cpp", - "napi/src/permission_record_manager_napi.cpp", + "src/napi_context_common.cpp", + "src/native_module.cpp", + "src/permission_record_manager_napi.cpp", ] deps = [ diff --git a/interfaces/kits/privacy/napi/src/napi_context_common.cpp b/frameworks/js/napi/privacy/src/napi_context_common.cpp similarity index 55% rename from interfaces/kits/privacy/napi/src/napi_context_common.cpp rename to frameworks/js/napi/privacy/src/napi_context_common.cpp index 116ae46481489c69631d3808eca7975c138f1c98..d6984aab890ca339523a278ed860662ad9c0b765 100644 --- a/interfaces/kits/privacy/napi/src/napi_context_common.cpp +++ b/frameworks/js/napi/privacy/src/napi_context_common.cpp @@ -13,13 +13,11 @@ * limitations under the License. */ #include "napi_context_common.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyContextCommonNapi"}; -} // namespace PrivacyAsyncWorkData::PrivacyAsyncWorkData(napi_env envValue) { env = envValue; @@ -53,59 +51,25 @@ PermActiveStatusPtr::~PermActiveStatusPtr() DeleteNapiRef(); } -void UvQueueWorkDeleteRef(uv_work_t *work, int32_t status) -{ - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work == nullptr : %{public}d", work == nullptr); - return; - } else if (work->data == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work->data == nullptr : %{public}d", work->data == nullptr); - return; - } - PermActiveStatusWorker* permActiveStatusWorker = - reinterpret_cast(work->data); - if (permActiveStatusWorker == nullptr) { - delete work; - return; - } - napi_delete_reference(permActiveStatusWorker->env, permActiveStatusWorker->ref); - delete permActiveStatusWorker; - permActiveStatusWorker = nullptr; - delete work; - ACCESSTOKEN_LOG_DEBUG(LABEL, "UvQueueWorkDeleteRef end"); -} - void PermActiveStatusPtr::DeleteNapiRef() { - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(env_, napi_get_uv_event_loop(env_, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; - } - - std::unique_ptr uvWorkPtr {work}; - PermActiveStatusWorker* permActiveStatusWorker = - new (std::nothrow) PermActiveStatusWorker(); + PermActiveStatusWorker* permActiveStatusWorker = new (std::nothrow) PermActiveStatusWorker(); if (permActiveStatusWorker == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for RegisterPermStateChangeWorker!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Insufficient memory for RegisterPermStateChangeWorker!"); return; } std::unique_ptr workPtr {permActiveStatusWorker}; permActiveStatusWorker->env = env_; permActiveStatusWorker->ref = ref_; - - work->data = reinterpret_cast(permActiveStatusWorker); - NAPI_CALL_RETURN_VOID(env_, - uv_queue_work_with_qos(loop, work, [](uv_work_t* work) {}, UvQueueWorkDeleteRef, uv_qos_default)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeleteNapiRef"); - uvWorkPtr.release(); - workPtr.release(); + auto task = [permActiveStatusWorker]() { + napi_delete_reference(permActiveStatusWorker->env, permActiveStatusWorker->ref); + delete permActiveStatusWorker; + }; + if (napi_status::napi_ok != napi_send_event(env_, task, napi_eprio_high)) { + LOGE(PRI_DOMAIN, PRI_TAG, "DeleteNapiRef: Failed to SendEvent"); + } else { + workPtr.release(); + } } void PermActiveStatusPtr::SetEnv(const napi_env& env) @@ -120,57 +84,36 @@ void PermActiveStatusPtr::SetCallbackRef(const napi_ref& ref) void PermActiveStatusPtr::ActiveStatusChangeCallback(ActiveChangeResponse& result) { - uv_loop_s* loop = nullptr; - NAPI_CALL_RETURN_VOID(env_, napi_get_uv_event_loop(env_, &loop)); - if (loop == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Loop instance is nullptr"); - return; - } - uv_work_t* work = new (std::nothrow) uv_work_t; - if (work == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for work!"); - return; - } - std::unique_ptr uvWorkPtr {work}; PermActiveStatusWorker* permActiveStatusWorker = new (std::nothrow) PermActiveStatusWorker(); if (permActiveStatusWorker == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for RegisterPermStateChangeWorker!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Insufficient memory for RegisterPermStateChangeWorker!"); return; } std::unique_ptr workPtr {permActiveStatusWorker}; permActiveStatusWorker->env = env_; permActiveStatusWorker->ref = ref_; permActiveStatusWorker->result = result; - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(PRI_DOMAIN, PRI_TAG, "result: tokenID = %{public}d, permissionName = %{public}s, type = %{public}d", result.tokenID, result.permissionName.c_str(), result.type); permActiveStatusWorker->subscriber = shared_from_this(); - work->data = reinterpret_cast(permActiveStatusWorker); - NAPI_CALL_RETURN_VOID(env_, - uv_queue_work_with_qos(loop, work, [](uv_work_t* work) {}, UvQueueWorkActiveStatusChange, uv_qos_default)); - uvWorkPtr.release(); - workPtr.release(); -} - -void UvQueueWorkActiveStatusChange(uv_work_t* work, int status) -{ - (void)status; - if (work == nullptr || work->data == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Work == nullptr || work->data == nullptr"); - return; + auto task = [permActiveStatusWorker]() { + napi_handle_scope scope = nullptr; + napi_open_handle_scope(permActiveStatusWorker->env, &scope); + if (scope == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Scope is null"); + delete permActiveStatusWorker; + return; + } + NotifyChangeResponse(permActiveStatusWorker); + napi_close_handle_scope(permActiveStatusWorker->env, scope); + delete permActiveStatusWorker; + }; + if (napi_status::napi_ok != napi_send_event(env_, task, napi_eprio_high)) { + LOGE(PRI_DOMAIN, PRI_TAG, "ActiveStatusChangeCallback: Failed to SendEvent"); + } else { + workPtr.release(); } - std::unique_ptr uvWorkPtr {work}; - PermActiveStatusWorker* permActiveStatusData = reinterpret_cast(work->data); - std::unique_ptr workPtr {permActiveStatusData}; - - napi_handle_scope scope = nullptr; - napi_open_handle_scope(permActiveStatusData->env, &scope); - if (scope == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Scope is null"); - return; - } - NotifyChangeResponse(permActiveStatusData); - napi_close_handle_scope(permActiveStatusData->env, scope); } void NotifyChangeResponse(const PermActiveStatusWorker* permActiveStatusData) @@ -179,7 +122,7 @@ void NotifyChangeResponse(const PermActiveStatusWorker* permActiveStatusData) NAPI_CALL_RETURN_VOID(permActiveStatusData->env, napi_create_object(permActiveStatusData->env, &result)); if (!ConvertActiveChangeResponse(permActiveStatusData->env, result, permActiveStatusData->result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ConvertActiveChangeResponse failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "ConvertActiveChangeResponse failed"); return; } napi_value undefined = nullptr; @@ -197,6 +140,9 @@ void NotifyChangeResponse(const PermActiveStatusWorker* permActiveStatusData) bool ConvertActiveChangeResponse(napi_env env, napi_value value, const ActiveChangeResponse& result) { napi_value element; + NAPI_CALL_BASE(env, napi_create_uint32(env, result.callingTokenID, &element), false); + NAPI_CALL_BASE(env, napi_set_named_property(env, value, "callingTokenId", element), false); + element = nullptr; NAPI_CALL_BASE(env, napi_create_uint32(env, result.tokenID, &element), false); NAPI_CALL_BASE(env, napi_set_named_property(env, value, "tokenId", element), false); element = nullptr; @@ -210,6 +156,9 @@ bool ConvertActiveChangeResponse(napi_env env, napi_value value, const ActiveCha element = nullptr; NAPI_CALL_BASE(env, napi_create_int32(env, result.type, &element), false); NAPI_CALL_BASE(env, napi_set_named_property(env, value, "activeStatus", element), false); + element = nullptr; + NAPI_CALL_BASE(env, napi_create_int32(env, result.usedType, &element), false); + NAPI_CALL_BASE(env, napi_set_named_property(env, value, "usedType", element), false); return true; } } // namespace AccessToken diff --git a/interfaces/kits/privacy/napi/src/native_module.cpp b/frameworks/js/napi/privacy/src/native_module.cpp similarity index 92% rename from interfaces/kits/privacy/napi/src/native_module.cpp rename to frameworks/js/napi/privacy/src/native_module.cpp index 51089269318857f79752a1a5693610e732a9a8fb..59b11aafb682eaba50c63d38975667e57be8397b 100644 --- a/interfaces/kits/privacy/napi/src/native_module.cpp +++ b/frameworks/js/napi/privacy/src/native_module.cpp @@ -33,11 +33,20 @@ static napi_value Init(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("getPermissionUsedRecords", GetPermissionUsedRecords), DECLARE_NAPI_FUNCTION("on", RegisterPermActiveChangeCallback), DECLARE_NAPI_FUNCTION("off", UnregisterPermActiveChangeCallback), - DECLARE_NAPI_FUNCTION("getPermissionUsedTypeInfos", GetPermissionUsedTypeInfos) + DECLARE_NAPI_FUNCTION("getPermissionUsedTypeInfos", GetPermissionUsedTypeInfos), + DECLARE_NAPI_FUNCTION("setPermissionUsedRecordToggleStatus", SetPermissionUsedRecordToggleStatus), + DECLARE_NAPI_FUNCTION("getPermissionUsedRecordToggleStatus", GetPermissionUsedRecordToggleStatus) }; napi_define_properties(env, exports, sizeof(descriptor) / sizeof(descriptor[0]), descriptor); + CreateObjects(env, exports); + + return exports; +} + +static void CreateObjects(const napi_env& env, const napi_value& exports) +{ napi_value permissionUsageFlag = nullptr; napi_create_object(env, &permissionUsageFlag); @@ -85,8 +94,6 @@ static napi_value Init(napi_env env, napi_value exports) DECLARE_NAPI_PROPERTY("PermissionUsedType", permissionUsedType) }; napi_define_properties(env, exports, sizeof(exportFuncs) / sizeof(exportFuncs[0]), exportFuncs); - - return exports; } EXTERN_C_END diff --git a/interfaces/kits/privacy/napi/src/permission_record_manager_napi.cpp b/frameworks/js/napi/privacy/src/permission_record_manager_napi.cpp similarity index 81% rename from interfaces/kits/privacy/napi/src/permission_record_manager_napi.cpp rename to frameworks/js/napi/privacy/src/permission_record_manager_napi.cpp index d8f3f53acda55cc9f376be7be3d473d29ec5c875..d5f55eb757c857318481da2482064ed82d191f51 100644 --- a/interfaces/kits/privacy/napi/src/permission_record_manager_napi.cpp +++ b/frameworks/js/napi/privacy/src/permission_record_manager_napi.cpp @@ -16,7 +16,7 @@ #include #include #include "privacy_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "napi_context_common.h" #include "napi_common.h" #include "napi_error.h" @@ -34,7 +34,8 @@ static constexpr int32_t ADD_PERMISSION_RECORD_MAX_PARAMS = 5; static constexpr int32_t ADD_PERMISSION_RECORD_MIN_PARAMS = 4; static constexpr int32_t GET_PERMISSION_RECORD_MAX_PARAMS = 2; static constexpr int32_t ON_OFF_MAX_PARAMS = 3; -static constexpr int32_t START_STOP_MAX_PARAMS = 3; +static constexpr int32_t START_STOP_MAX_PARAMS = 4; +static constexpr int32_t START_STOP_MIN_PARAMS = 2; static constexpr int32_t GET_PERMISSION_USED_TYPE_MAX_PARAMS = 2; static constexpr int32_t GET_PERMISSION_USED_TYPE_ONE_PARAMS = 1; static constexpr int32_t FIRST_PARAM = 0; @@ -42,10 +43,8 @@ static constexpr int32_t SECOND_PARAM = 1; static constexpr int32_t THIRD_PARAM = 2; static constexpr int32_t FOURTH_PARAM = 3; static constexpr int32_t FIFTH_PARAM = 4; +static constexpr int32_t SET_PERMISSION_USED_TOGGLE_STATUS_PARAMS = 1; -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermissionRecordManagerNapi"}; -} // namespace static int32_t GetJsErrorCode(int32_t errCode) { @@ -94,7 +93,7 @@ static int32_t GetJsErrorCode(int32_t errCode) jsCode = JS_ERROR_INNER; break; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetJsErrorCode nativeCode(%{public}d) jsCode(%{public}d).", errCode, jsCode); + LOGD(PRI_DOMAIN, PRI_TAG, "GetJsErrorCode nativeCode(%{public}d) jsCode(%{public}d).", errCode, jsCode); return jsCode; } @@ -161,6 +160,9 @@ static bool ParseAddPermissionFifthParam(const napi_env env, const napi_value& v ParamResolveErrorThrow(env, "callback", "AsyncCallback"); return false; } + } else { + ParamResolveErrorThrow(env, "fifth param", "options or AsyncCallback"); + return false; } return true; @@ -216,6 +218,59 @@ static bool ParseAddPermissionRecord( return true; } +static bool ParsePermissionUsedRecordToggleStatus( + const napi_env& env, const napi_callback_info& info, RecordManagerAsyncContext& asyncContext) +{ + size_t argc = SET_PERMISSION_USED_TOGGLE_STATUS_PARAMS; + napi_value argv[SET_PERMISSION_USED_TOGGLE_STATUS_PARAMS] = { nullptr }; + napi_value thisVar = nullptr; + void* data = nullptr; + + NAPI_CALL_BASE(env, napi_get_cb_info(env, info, &argc, argv, &thisVar, &data), false); + if (argc != SET_PERMISSION_USED_TOGGLE_STATUS_PARAMS) { + NAPI_CALL_BASE(env, + napi_throw(env, GenerateBusinessError(env, JS_ERROR_PARAM_ILLEGAL, "Parameter error.")), false); + return false; + } + + asyncContext.env = env; + // 0: the first parameter of argv + if (!ParseBool(env, argv[FIRST_PARAM], asyncContext.status)) { + ParamResolveErrorThrow(env, "status", "boolean"); + return false; + } + + return true; +} + +static bool ParseStartAndStopThirdParam(const napi_env env, const napi_value& value, + RecordManagerAsyncContext& asyncContext) +{ + napi_valuetype typeValue = napi_undefined; + if (napi_typeof(env, value, &typeValue) != napi_ok) { + return false; + } + + if (typeValue == napi_number) { + // pid + if (!ParseInt32(env, value, asyncContext.pid)) { + ParamResolveErrorThrow(env, "pid", "number"); + return false; + } + } else if (typeValue == napi_function) { + // callback + if (!IsUndefinedOrNull(env, value) && !ParseCallback(env, value, asyncContext.callbackRef)) { + ParamResolveErrorThrow(env, "callback", "AsyncCallback"); + return false; + } + } else { + ParamResolveErrorThrow(env, "third param", "pid or AsyncCallback"); + return false; + } + + return true; +} + static bool ParseStartAndStopUsingPermission( const napi_env env, const napi_callback_info info, RecordManagerAsyncContext& asyncContext) { @@ -225,30 +280,45 @@ static bool ParseStartAndStopUsingPermission( void* data = nullptr; NAPI_CALL_BASE(env, napi_get_cb_info(env, info, &argc, argv, &thisVar, &data), false); - if (argc < START_STOP_MAX_PARAMS - 1) { + if (argc < START_STOP_MIN_PARAMS) { NAPI_CALL_BASE(env, napi_throw(env, GenerateBusinessError(env, JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")), false); return false; } asyncContext.env = env; - // 0: the first parameter of argv - if (!ParseUint32(env, argv[0], asyncContext.tokenId)) { + // 0: the first parameter of argv is tokenId + if (!ParseUint32(env, argv[FIRST_PARAM], asyncContext.tokenId)) { ParamResolveErrorThrow(env, "tokenId", "number"); return false; } - // 1: the second parameter of argv - if (!ParseString(env, argv[1], asyncContext.permissionName)) { + // 1: the second parameter of argv is permissionName + if (!ParseString(env, argv[SECOND_PARAM], asyncContext.permissionName)) { ParamResolveErrorThrow(env, "permissionName", "string"); return false; } - if (argc == START_STOP_MAX_PARAMS) { - // 2: the third parameter of argv - if (!IsUndefinedOrNull(env, argv[2]) && !ParseCallback(env, argv[2], asyncContext.callbackRef)) { - ParamResolveErrorThrow(env, "callback", "AsyncCallback"); + + if (argc == START_STOP_MAX_PARAMS - 1) { + // 2: the third paramter of argv, may be callback or pid + if (!ParseStartAndStopThirdParam(env, argv[THIRD_PARAM], asyncContext)) { return false; } + } else if (argc == START_STOP_MAX_PARAMS) { + // 2: the third paramter of argv is pid + if (!ParseInt32(env, argv[THIRD_PARAM], asyncContext.pid)) { + ParamResolveErrorThrow(env, "pid", "number"); + return false; + } + + // 3: the fourth paramter of argv is usedType + uint32_t usedType = 0; + if (!ParseUint32(env, argv[FOURTH_PARAM], usedType)) { + ParamResolveErrorThrow(env, "usedType", "number"); + return false; + } + + asyncContext.type = static_cast(usedType); } return true; } @@ -474,7 +544,7 @@ static bool ParseGetPermissionUsedRecords( static void AddPermissionUsedRecordExecute(napi_env env, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "AddPermissionUsedRecord execute."); + LOGD(PRI_DOMAIN, PRI_TAG, "AddPermissionUsedRecord execute."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { return; @@ -491,7 +561,7 @@ static void AddPermissionUsedRecordExecute(napi_env env, void* data) static void AddPermissionUsedRecordComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "AddPermissionUsedRecord complete."); + LOGD(PRI_DOMAIN, PRI_TAG, "AddPermissionUsedRecord complete."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr callbackPtr {asyncContext}; @@ -505,11 +575,11 @@ static void AddPermissionUsedRecordComplete(napi_env env, napi_status status, vo napi_value AddPermissionUsedRecord(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "AddPermissionUsedRecord begin."); + LOGD(PRI_DOMAIN, PRI_TAG, "AddPermissionUsedRecord begin."); auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); return nullptr; } @@ -540,21 +610,143 @@ napi_value AddPermissionUsedRecord(napi_env env, napi_callback_info cbinfo) return result; } +static void SetPermissionUsedRecordToggleStatusExecute(napi_env env, void* data) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "SetPermissionUsedRecordToggleStatus execute."); + RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); + if (asyncContext == nullptr) { + return; + } + + int32_t userID = 0; + asyncContext->retCode = PrivacyKit::SetPermissionUsedRecordToggleStatus(userID, asyncContext->status); +} + +static void SetPermissionUsedRecordToggleStatusComplete(napi_env env, napi_status status, void* data) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "SetPermissionUsedRecordToggleStatus complete."); + RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); + std::unique_ptr callbackPtr {asyncContext}; + + napi_value result = GetNapiNull(env); + if (asyncContext->deferred != nullptr) { + ReturnPromiseResult(env, *asyncContext, result); + } +} + +napi_value SetPermissionUsedRecordToggleStatus(napi_env env, napi_callback_info cbinfo) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "SetPermissionUsedRecordToggleStatus begin."); + + auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); + if (asyncContext == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); + return nullptr; + } + + std::unique_ptr callbackPtr {asyncContext}; + if (!ParsePermissionUsedRecordToggleStatus(env, cbinfo, *asyncContext)) { + return nullptr; + } + + napi_value result = nullptr; + if (asyncContext->callbackRef == nullptr) { + NAPI_CALL(env, napi_create_promise(env, &(asyncContext->deferred), &result)); + } else { + NAPI_CALL(env, napi_get_undefined(env, &result)); + } + + napi_value resource = nullptr; + NAPI_CALL(env, napi_create_string_utf8(env, "SetPermissionUsedRecordToggleStatus", NAPI_AUTO_LENGTH, &resource)); + + NAPI_CALL(env, napi_create_async_work(env, + nullptr, + resource, + SetPermissionUsedRecordToggleStatusExecute, + SetPermissionUsedRecordToggleStatusComplete, + reinterpret_cast(asyncContext), + &(asyncContext->asyncWork))); + + NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->asyncWork, napi_qos_default)); + callbackPtr.release(); + return result; +} + +static void GetPermissionUsedRecordToggleStatusExecute(napi_env env, void* data) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordToggleStatus execute."); + RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); + if (asyncContext == nullptr) { + return; + } + + int32_t userID = 0; + asyncContext->retCode = PrivacyKit::GetPermissionUsedRecordToggleStatus(userID, asyncContext->status); +} + +static void GetPermissionUsedRecordToggleStatusComplete(napi_env env, napi_status status, void* data) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordToggleStatus complete."); + RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); + std::unique_ptr callbackPtr {asyncContext}; + + napi_value result = GetNapiNull(env); + NAPI_CALL_RETURN_VOID(env, napi_get_boolean(env, asyncContext->status, &result)); + if (asyncContext->deferred != nullptr) { + ReturnPromiseResult(env, *asyncContext, result); + } +} + +napi_value GetPermissionUsedRecordToggleStatus(napi_env env, napi_callback_info cbinfo) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordToggleStatus begin."); + + auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); + if (asyncContext == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); + return nullptr; + } + + std::unique_ptr callbackPtr {asyncContext}; + + napi_value result = nullptr; + if (asyncContext->callbackRef == nullptr) { + NAPI_CALL(env, napi_create_promise(env, &(asyncContext->deferred), &result)); + } else { + NAPI_CALL(env, napi_get_undefined(env, &result)); + } + + napi_value resource = nullptr; + NAPI_CALL(env, napi_create_string_utf8(env, "GetPermissionUsedRecordToggleStatus", NAPI_AUTO_LENGTH, &resource)); + + NAPI_CALL(env, napi_create_async_work(env, + nullptr, + resource, + GetPermissionUsedRecordToggleStatusExecute, + GetPermissionUsedRecordToggleStatusComplete, + reinterpret_cast(asyncContext), + &(asyncContext->asyncWork))); + + NAPI_CALL(env, napi_queue_async_work_with_qos(env, asyncContext->asyncWork, napi_qos_default)); + callbackPtr.release(); + return result; +} + static void StartUsingPermissionExecute(napi_env env, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StartUsingPermission execute."); + LOGD(PRI_DOMAIN, PRI_TAG, "StartUsingPermission execute."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { return; } asyncContext->retCode = PrivacyKit::StartUsingPermission(asyncContext->tokenId, - asyncContext->permissionName); + asyncContext->permissionName, asyncContext->pid, asyncContext->type); } static void StartUsingPermissionComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StartUsingPermission complete."); + LOGD(PRI_DOMAIN, PRI_TAG, "StartUsingPermission complete."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr callbackPtr{asyncContext}; @@ -568,10 +760,10 @@ static void StartUsingPermissionComplete(napi_env env, napi_status status, void* napi_value StartUsingPermission(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StartUsingPermission begin."); + LOGD(PRI_DOMAIN, PRI_TAG, "StartUsingPermission begin."); auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); return nullptr; } @@ -604,19 +796,19 @@ napi_value StartUsingPermission(napi_env env, napi_callback_info cbinfo) static void StopUsingPermissionExecute(napi_env env, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StopUsingPermission execute."); + LOGD(PRI_DOMAIN, PRI_TAG, "StopUsingPermission execute."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { return; } asyncContext->retCode = PrivacyKit::StopUsingPermission(asyncContext->tokenId, - asyncContext->permissionName); + asyncContext->permissionName, asyncContext->pid); } static void StopUsingPermissionComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StopUsingPermission complete."); + LOGD(PRI_DOMAIN, PRI_TAG, "StopUsingPermission complete."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr callbackPtr{asyncContext}; @@ -630,11 +822,11 @@ static void StopUsingPermissionComplete(napi_env env, napi_status status, void* napi_value StopUsingPermission(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StopUsingPermission begin."); + LOGD(PRI_DOMAIN, PRI_TAG, "StopUsingPermission begin."); auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); return nullptr; } @@ -667,7 +859,7 @@ napi_value StopUsingPermission(napi_env env, napi_callback_info cbinfo) static void GetPermissionUsedRecordsExecute(napi_env env, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionUsedRecords execute."); + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecords execute."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { return; @@ -678,7 +870,7 @@ static void GetPermissionUsedRecordsExecute(napi_env env, void* data) static void GetPermissionUsedRecordsComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionUsedRecords complete."); + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecords complete."); RecordManagerAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr callbackPtr{asyncContext}; @@ -694,10 +886,10 @@ static void GetPermissionUsedRecordsComplete(napi_env env, napi_status status, v napi_value GetPermissionUsedRecords(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionUsedRecords begin."); + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecords begin."); auto *asyncContext = new (std::nothrow) RecordManagerAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); return nullptr; } @@ -903,7 +1095,7 @@ napi_value RegisterPermActiveChangeCallback(napi_env env, napi_callback_info cbI RegisterPermActiveChangeContext* registerPermActiveChangeContext = new (std::nothrow) RegisterPermActiveChangeContext(); if (registerPermActiveChangeContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for registerPermActiveChangeContext!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Insufficient memory for registerPermActiveChangeContext!"); return nullptr; } std::unique_ptr callbackPtr {registerPermActiveChangeContext}; @@ -911,14 +1103,14 @@ napi_value RegisterPermActiveChangeCallback(napi_env env, napi_callback_info cbI return nullptr; } if (IsExistRegister(registerPermActiveChangeContext)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Subscribe failed. The current subscriber has been existed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Subscribe failed. The current subscriber has been existed"); std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); return nullptr; } int32_t result = PrivacyKit::RegisterPermActiveStatusCallback(registerPermActiveChangeContext->subscriber); if (result != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterPermActiveStatusCallback failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "RegisterPermActiveStatusCallback failed"); int32_t jsCode = GetJsErrorCode(result); std::string errMsg = GetErrorMessage(jsCode); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, jsCode, errMsg))); @@ -927,7 +1119,7 @@ napi_value RegisterPermActiveChangeCallback(napi_env env, napi_callback_info cbI { std::lock_guard lock(g_lockForPermActiveChangeSubscribers); if (g_permActiveChangeSubscribers.size() >= MAX_CALLBACK_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Subscribers size has reached max value"); + LOGE(PRI_DOMAIN, PRI_TAG, "Subscribers size has reached max value"); return nullptr; } g_permActiveChangeSubscribers.emplace_back(registerPermActiveChangeContext); @@ -941,7 +1133,7 @@ napi_value UnregisterPermActiveChangeCallback(napi_env env, napi_callback_info c UnregisterPermActiveChangeContext* unregisterPermActiveChangeContext = new (std::nothrow) UnregisterPermActiveChangeContext(); if (unregisterPermActiveChangeContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Insufficient memory for unregisterPermActiveChangeContext!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Insufficient memory for unregisterPermActiveChangeContext!"); return nullptr; } std::unique_ptr callbackPtr {unregisterPermActiveChangeContext}; @@ -950,7 +1142,7 @@ napi_value UnregisterPermActiveChangeCallback(napi_env env, napi_callback_info c } std::vector batchPermActiveChangeSubscribers; if (!FindAndGetSubscriber(unregisterPermActiveChangeContext, batchPermActiveChangeSubscribers)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Unsubscribe failed. The current subscriber does not exist"); + LOGE(PRI_DOMAIN, PRI_TAG, "Unsubscribe failed. The current subscriber does not exist"); std::string errMsg = GetErrorMessage(JsErrorCode::JS_ERROR_PARAM_INVALID); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_INVALID, errMsg))); return nullptr; @@ -960,7 +1152,7 @@ napi_value UnregisterPermActiveChangeCallback(napi_env env, napi_callback_info c if (result == RET_SUCCESS) { DeleteRegisterInVector(item); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnregisterPermActiveChangeCompleted failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "UnregisterPermActiveChangeCompleted failed"); int32_t jsCode = GetJsErrorCode(result); std::string errMsg = GetErrorMessage(jsCode); NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, jsCode, errMsg))); @@ -1011,7 +1203,7 @@ static bool ParseGetPermissionUsedType(const napi_env env, const napi_callback_i static void GetPermissionUsedTypeInfosExecute(napi_env env, void* data) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetPermissionUsedTypeInfos execute."); + LOGD(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedTypeInfos execute."); PermissionUsedTypeAsyncContext* asyncContext = reinterpret_cast(data); if (asyncContext == nullptr) { @@ -1041,7 +1233,7 @@ static void ConvertPermissionUsedTypeInfo(const napi_env& env, napi_value& value static void ProcessPermissionUsedTypeInfoResult(const napi_env& env, napi_value& value, const std::vector& results) { - ACCESSTOKEN_LOG_INFO(LABEL, "Size is %{public}zu", results.size()); + LOGI(PRI_DOMAIN, PRI_TAG, "Size is %{public}zu", results.size()); size_t index = 0; NAPI_CALL_RETURN_VOID(env, napi_create_array(env, &value)); for (const auto& result : results) { @@ -1055,7 +1247,7 @@ static void ProcessPermissionUsedTypeInfoResult(const napi_env& env, napi_value& static void GetPermissionUsedTypeInfosComplete(napi_env env, napi_status status, void* data) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetPermissionUsedTypeInfos complete."); + LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedTypeInfos complete."); PermissionUsedTypeAsyncContext* asyncContext = reinterpret_cast(data); std::unique_ptr callbackPtr{asyncContext}; @@ -1075,11 +1267,11 @@ static void GetPermissionUsedTypeInfosComplete(napi_env env, napi_status status, napi_value GetPermissionUsedTypeInfos(napi_env env, napi_callback_info cbinfo) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetPermissionUsedTypeInfos begin."); + LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedTypeInfos begin."); auto *asyncContext = new (std::nothrow) PermissionUsedTypeAsyncContext(env); if (asyncContext == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New struct fail."); + LOGE(PRI_DOMAIN, PRI_TAG, "New struct fail."); return nullptr; } diff --git a/frameworks/privacy/BUILD.gn b/frameworks/privacy/BUILD.gn index ea20efc2f503e696b37dbba1c97e32698988add3..b452f0cda89a9310f87a1c980fb21a5b32c4ff2b 100644 --- a/frameworks/privacy/BUILD.gn +++ b/frameworks/privacy/BUILD.gn @@ -27,6 +27,7 @@ ohos_shared_library("privacy_communication_adapter_cxx") { include_dirs = [ "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/privacy/src", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "include", diff --git a/frameworks/privacy/include/i_privacy_manager.h b/frameworks/privacy/include/i_privacy_manager.h index 973219d96d383eff867f5af92878b6e7e634641d..6c8cf6a2af1d260f00c8834d0e497fe8fa670056 100644 --- a/frameworks/privacy/include/i_privacy_manager.h +++ b/frameworks/privacy/include/i_privacy_manager.h @@ -44,11 +44,14 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.IPrivacyManager"); virtual int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) = 0; - virtual int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const sptr& callback) = 0; - virtual int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) = 0; + virtual int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) = 0; + virtual int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) = 0; + virtual int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& anonyStub) = 0; + virtual int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& callback, const sptr& anonyStub) = 0; + virtual int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) = 0; + virtual int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) = 0; virtual int32_t GetPermissionUsedRecords( const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) = 0; virtual int32_t GetPermissionUsedRecords( @@ -56,8 +59,8 @@ public: virtual int32_t RegisterPermActiveStatusCallback( std::vector& permList, const sptr& callback) = 0; virtual int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) = 0; - virtual bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName) = 0; - virtual int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) = 0; + virtual bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) = 0; + virtual int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) = 0; virtual int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) = 0; #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE virtual int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) = 0; diff --git a/frameworks/privacy/include/privacy_service_ipc_interface_code.h b/frameworks/privacy/include/privacy_service_ipc_interface_code.h index 8e227660a8025fde1c92631b18f19f1867451af0..db02228f2c991d1d1230a6700e5aaa9ed13c8898 100644 --- a/frameworks/privacy/include/privacy_service_ipc_interface_code.h +++ b/frameworks/privacy/include/privacy_service_ipc_interface_code.h @@ -40,6 +40,8 @@ enum class PrivacyInterfaceCode { GET_PERMISSION_USED_TYPE_INFOS, SET_MUTE_POLICY, SET_HAP_WITH_FOREGROUND_REMINDER, + SET_PERMISSION_USED_RECORD_TOGGLE_STATUS, + GET_PERMISSION_USED_RECORD_TOGGLE_STATUS }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/privacy/src/perm_active_response_parcel.cpp b/frameworks/privacy/src/perm_active_response_parcel.cpp index 49617f9d70b046a6d95d7f96d61725d3786744b8..4e22232557fef2e6a8ef5ad0168ca7e828613cc2 100644 --- a/frameworks/privacy/src/perm_active_response_parcel.cpp +++ b/frameworks/privacy/src/perm_active_response_parcel.cpp @@ -21,10 +21,13 @@ namespace Security { namespace AccessToken { bool ActiveChangeResponseParcel::Marshalling(Parcel& out) const { + RETURN_IF_FALSE(out.WriteUint32(this->changeResponse.callingTokenID)); RETURN_IF_FALSE(out.WriteUint32(this->changeResponse.tokenID)); RETURN_IF_FALSE(out.WriteString(this->changeResponse.permissionName)); RETURN_IF_FALSE(out.WriteString(this->changeResponse.deviceId)); RETURN_IF_FALSE(out.WriteInt32(this->changeResponse.type)); + RETURN_IF_FALSE(out.WriteInt32(this->changeResponse.usedType)); + RETURN_IF_FALSE(out.WriteInt32(this->changeResponse.pid)); return true; } @@ -35,6 +38,8 @@ ActiveChangeResponseParcel* ActiveChangeResponseParcel::Unmarshalling(Parcel& in return nullptr; } + RELEASE_IF_FALSE(in.ReadUint32(activeChangeResponseParcel->changeResponse.callingTokenID), + activeChangeResponseParcel); RELEASE_IF_FALSE(in.ReadUint32(activeChangeResponseParcel->changeResponse.tokenID), activeChangeResponseParcel); RELEASE_IF_FALSE(in.ReadString(activeChangeResponseParcel->changeResponse.permissionName), activeChangeResponseParcel); @@ -43,6 +48,10 @@ ActiveChangeResponseParcel* ActiveChangeResponseParcel::Unmarshalling(Parcel& in int32_t type; RELEASE_IF_FALSE(in.ReadInt32(type), activeChangeResponseParcel); activeChangeResponseParcel->changeResponse.type = static_cast(type); + int32_t usedType; + RELEASE_IF_FALSE(in.ReadInt32(usedType), activeChangeResponseParcel); + activeChangeResponseParcel->changeResponse.usedType = static_cast(usedType); + RELEASE_IF_FALSE(in.ReadInt32(activeChangeResponseParcel->changeResponse.pid), activeChangeResponseParcel); return activeChangeResponseParcel; } } // namespace AccessToken diff --git a/frameworks/privacy/src/permission_used_record_parcel.cpp b/frameworks/privacy/src/permission_used_record_parcel.cpp index 390ba2eb15bf87142aac4cc4eb226a0ba11bdc55..8c475c6df601c735320da8b11adb21aa0b9a366c 100644 --- a/frameworks/privacy/src/permission_used_record_parcel.cpp +++ b/frameworks/privacy/src/permission_used_record_parcel.cpp @@ -26,6 +26,7 @@ bool PermissionUsedRecordParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteString(this->permissionRecord.permissionName)); RETURN_IF_FALSE(out.WriteInt32(this->permissionRecord.accessCount)); + RETURN_IF_FALSE(out.WriteInt32(this->permissionRecord.secAccessCount)); RETURN_IF_FALSE(out.WriteInt32(this->permissionRecord.rejectCount)); RETURN_IF_FALSE(out.WriteInt64(this->permissionRecord.lastAccessTime)); RETURN_IF_FALSE(out.WriteInt64(this->permissionRecord.lastRejectTime)); @@ -56,6 +57,7 @@ PermissionUsedRecordParcel* PermissionUsedRecordParcel::Unmarshalling(Parcel& in RELEASE_IF_FALSE(in.ReadString(permissionRecordParcel->permissionRecord.permissionName), permissionRecordParcel); RELEASE_IF_FALSE(in.ReadInt32(permissionRecordParcel->permissionRecord.accessCount), permissionRecordParcel); + RELEASE_IF_FALSE(in.ReadInt32(permissionRecordParcel->permissionRecord.secAccessCount), permissionRecordParcel); RELEASE_IF_FALSE(in.ReadInt32(permissionRecordParcel->permissionRecord.rejectCount), permissionRecordParcel); RELEASE_IF_FALSE(in.ReadInt64(permissionRecordParcel->permissionRecord.lastAccessTime), permissionRecordParcel); RELEASE_IF_FALSE(in.ReadInt64(permissionRecordParcel->permissionRecord.lastRejectTime), permissionRecordParcel); diff --git a/frameworks/privacy/src/permission_used_type_info_parcel.cpp b/frameworks/privacy/src/permission_used_type_info_parcel.cpp index ea6ed8db68a2e96997353e7e675ac9c7488d2880..b9b9537564032d9cf2f8146ba4b98e9033e2dc27 100644 --- a/frameworks/privacy/src/permission_used_type_info_parcel.cpp +++ b/frameworks/privacy/src/permission_used_type_info_parcel.cpp @@ -24,6 +24,7 @@ bool PermissionUsedTypeInfoParcel::Marshalling(Parcel& out) const { RETURN_IF_FALSE(out.WriteUint32(this->info.tokenId)); RETURN_IF_FALSE(out.WriteString(this->info.permissionName)); + RETURN_IF_FALSE(out.WriteInt32(this->info.pid)); RETURN_IF_FALSE(out.WriteUint32(static_cast(this->info.type))); return true; } @@ -37,10 +38,11 @@ PermissionUsedTypeInfoParcel* PermissionUsedTypeInfoParcel::Unmarshalling(Parcel RELEASE_IF_FALSE(in.ReadUint32(parcel->info.tokenId), parcel); RELEASE_IF_FALSE(in.ReadString(parcel->info.permissionName), parcel); + RELEASE_IF_FALSE(in.ReadInt32(parcel->info.pid), parcel); + uint32_t type = 0; RELEASE_IF_FALSE(in.ReadUint32(type), parcel); parcel->info.type = static_cast(type); - return parcel; } } // namespace AccessToken diff --git a/frameworks/test/unittest/BUILD.gn b/frameworks/test/unittest/BUILD.gn index f8a2c20eac4626ae6c1e9efc0e478b95202c08b9..36b40804cf398b0adfefbea0657da44211ccd1f5 100644 --- a/frameworks/test/unittest/BUILD.gn +++ b/frameworks/test/unittest/BUILD.gn @@ -55,7 +55,6 @@ ohos_unittest("libaccesstoken_framework_test") { external_deps = [ "c_utils:utils", "ipc:ipc_single", - "json:nlohmann_json_static", "openssl:libcrypto_shared", ] } diff --git a/frameworks/test/unittest/accesstoken_parcel_test.cpp b/frameworks/test/unittest/accesstoken_parcel_test.cpp index a97c4c43f2d6be7eab4bd5c175ba73f5d1cfc0c8..ebafe0eb737d453bd0fafb944f36f45a3fd75c48 100644 --- a/frameworks/test/unittest/accesstoken_parcel_test.cpp +++ b/frameworks/test/unittest/accesstoken_parcel_test.cpp @@ -23,15 +23,13 @@ #include "hap_policy_parcel.h" #include "hap_token_info_parcel.h" #include "hap_token_info_for_sync_parcel.h" -#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "parcel.h" #include "parcel_utils.h" #include "permission_grant_info_parcel.h" #include "permission_state_change_scope_parcel.h" #include "permission_state_change_info_parcel.h" -#include "permission_state_full.h" -#include "permission_state_full_parcel.h" +#include "permission_status_parcel.h" using namespace testing::ext; @@ -66,19 +64,15 @@ PermissionDef g_permDefBeta = { .descriptionId = 1 }; -PermissionStateFull g_permStatAlpha = { +PermissionStatus g_permStatAlpha = { .permissionName = TEST_PERMISSION_NAME_ALPHA, - .isGeneral = true, - .resDeviceID = {"device"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET }; -PermissionStateFull g_permStatBeta = { +PermissionStatus g_permStatBeta = { .permissionName = TEST_PERMISSION_NAME_BETA, - .isGeneral = true, - .resDeviceID = {"device"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED }; } class AccessTokenParcelTest : public testing::Test { @@ -136,12 +130,12 @@ HWTEST_F(AccessTokenParcelTest, HapPolicyParcel001, TestSize.Level1) { HapPolicyParcel hapPolicyParcel; - hapPolicyParcel.hapPolicyParameter.apl = ATokenAplEnum::APL_NORMAL; - hapPolicyParcel.hapPolicyParameter.domain = "test.domain"; - hapPolicyParcel.hapPolicyParameter.permList.emplace_back(g_permDefAlpha); - hapPolicyParcel.hapPolicyParameter.permList.emplace_back(g_permDefBeta); - hapPolicyParcel.hapPolicyParameter.permStateList.emplace_back(g_permStatAlpha); - hapPolicyParcel.hapPolicyParameter.permStateList.emplace_back(g_permStatBeta); + hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; + hapPolicyParcel.hapPolicy.domain = "test.domain"; + hapPolicyParcel.hapPolicy.permList.emplace_back(g_permDefAlpha); + hapPolicyParcel.hapPolicy.permList.emplace_back(g_permDefBeta); + hapPolicyParcel.hapPolicy.permStateList.emplace_back(g_permStatAlpha); + hapPolicyParcel.hapPolicy.permStateList.emplace_back(g_permStatBeta); Parcel parcel; EXPECT_EQ(true, hapPolicyParcel.Marshalling(parcel)); @@ -149,42 +143,38 @@ HWTEST_F(AccessTokenParcelTest, HapPolicyParcel001, TestSize.Level1) std::shared_ptr readedData(HapPolicyParcel::Unmarshalling(parcel)); EXPECT_NE(nullptr, readedData); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.apl, readedData->hapPolicyParameter.apl); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.domain, readedData->hapPolicyParameter.domain); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList.size(), readedData->hapPolicyParameter.permList.size()); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList.size(), - readedData->hapPolicyParameter.permStateList.size()); - - for (uint32_t i = 0; i < hapPolicyParcel.hapPolicyParameter.permList.size(); i++) { - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].permissionName, - readedData->hapPolicyParameter.permList[i].permissionName); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].bundleName, - readedData->hapPolicyParameter.permList[i].bundleName); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].grantMode, - readedData->hapPolicyParameter.permList[i].grantMode); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].availableLevel, - readedData->hapPolicyParameter.permList[i].availableLevel); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].label, - readedData->hapPolicyParameter.permList[i].label); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].labelId, - readedData->hapPolicyParameter.permList[i].labelId); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].description, - readedData->hapPolicyParameter.permList[i].description); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permList[i].descriptionId, - readedData->hapPolicyParameter.permList[i].descriptionId); + EXPECT_EQ(hapPolicyParcel.hapPolicy.apl, readedData->hapPolicy.apl); + EXPECT_EQ(hapPolicyParcel.hapPolicy.domain, readedData->hapPolicy.domain); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList.size(), readedData->hapPolicy.permList.size()); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permStateList.size(), + readedData->hapPolicy.permStateList.size()); + + for (uint32_t i = 0; i < hapPolicyParcel.hapPolicy.permList.size(); i++) { + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].permissionName, + readedData->hapPolicy.permList[i].permissionName); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].bundleName, + readedData->hapPolicy.permList[i].bundleName); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].grantMode, + readedData->hapPolicy.permList[i].grantMode); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].availableLevel, + readedData->hapPolicy.permList[i].availableLevel); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].label, + readedData->hapPolicy.permList[i].label); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].labelId, + readedData->hapPolicy.permList[i].labelId); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].description, + readedData->hapPolicy.permList[i].description); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permList[i].descriptionId, + readedData->hapPolicy.permList[i].descriptionId); } - for (uint32_t i = 0; i < hapPolicyParcel.hapPolicyParameter.permStateList.size(); i++) { - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList[i].permissionName, - readedData->hapPolicyParameter.permStateList[i].permissionName); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList[i].isGeneral, - readedData->hapPolicyParameter.permStateList[i].isGeneral); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList[i].resDeviceID, - readedData->hapPolicyParameter.permStateList[i].resDeviceID); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList[i].grantStatus, - readedData->hapPolicyParameter.permStateList[i].grantStatus); - EXPECT_EQ(hapPolicyParcel.hapPolicyParameter.permStateList[i].grantFlags, - readedData->hapPolicyParameter.permStateList[i].grantFlags); + for (uint32_t i = 0; i < hapPolicyParcel.hapPolicy.permStateList.size(); i++) { + EXPECT_EQ(hapPolicyParcel.hapPolicy.permStateList[i].permissionName, + readedData->hapPolicy.permStateList[i].permissionName); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permStateList[i].grantStatus, + readedData->hapPolicy.permStateList[i].grantStatus); + EXPECT_EQ(hapPolicyParcel.hapPolicy.permStateList[i].grantFlag, + readedData->hapPolicy.permStateList[i].grantFlag); } } @@ -251,15 +241,12 @@ HWTEST_F(AccessTokenParcelTest, HapTokenInfoForSyncParcel001, TestSize.Level1) HapTokenInfoForSyncParcel hapTokenInfoSync; HapTokenInfo hapTokenInfo; - hapTokenInfo.apl = ATokenAplEnum::APL_NORMAL; hapTokenInfo.ver = 0; hapTokenInfo.userID = 2; hapTokenInfo.bundleName = "bundle1"; hapTokenInfo.apiVersion = 8; hapTokenInfo.instIndex = 0; hapTokenInfo.dlpType = 0; - hapTokenInfo.appID = "test1"; - hapTokenInfo.deviceID = "0"; hapTokenInfo.tokenID = 0x53100000; hapTokenInfo.tokenAttr = 0; hapTokenInfoSync.hapTokenInfoForSyncParams.baseInfo = hapTokenInfo; @@ -275,15 +262,15 @@ static void WriteParcelable( Parcel& out, const Parcelable& baseInfoParcel, uint32_t size) { out.WriteParcelable(&baseInfoParcel); - std::vector permStateList; + std::vector permStateList; for (uint32_t i = 0; i < size; i++) { permStateList.emplace_back(g_permStatBeta); } uint32_t permStateListSize = permStateList.size(); out.WriteUint32(permStateListSize); for (uint32_t i = 0; i < permStateListSize; i++) { - PermissionStateFullParcel permStateParcel; - permStateParcel.permStatFull = permStateList[i]; + PermissionStatusParcel permStateParcel; + permStateParcel.permState = permStateList[i]; out.WriteParcelable(&permStateParcel); } @@ -293,8 +280,8 @@ static void WriteParcelable( permStateListSize = permStateList.size(); out.WriteUint32(permStateListSize); for (uint32_t i = 0; i < permStateListSize; i++) { - PermissionStateFullParcel permStateParcel; - permStateParcel.permStatFull = permStateList[i]; + PermissionStatusParcel permStateParcel; + permStateParcel.permState = permStateList[i]; out.WriteParcelable(&permStateParcel); } } @@ -310,15 +297,12 @@ HWTEST_F(AccessTokenParcelTest, HapTokenInfoForSyncParcel002, TestSize.Level1) HapTokenInfoForSyncParcel hapTokenInfoSync; HapTokenInfo hapTokenInfo; - hapTokenInfo.apl = ATokenAplEnum::APL_NORMAL; hapTokenInfo.ver = 0; hapTokenInfo.userID = 2; hapTokenInfo.bundleName = "bundle2"; hapTokenInfo.apiVersion = 8; hapTokenInfo.instIndex = 0; hapTokenInfo.dlpType = 0; - hapTokenInfo.appID = "test2"; - hapTokenInfo.deviceID = "0"; hapTokenInfo.tokenID = 0x53100000; hapTokenInfo.tokenAttr = 0; @@ -331,250 +315,30 @@ HWTEST_F(AccessTokenParcelTest, HapTokenInfoForSyncParcel002, TestSize.Level1) EXPECT_NE(nullptr, readedData); Parcel out1; - WriteParcelable(out, baseInfoParcel, MAX_PERMLIST_SIZE + 1); + WriteParcelable(out1, baseInfoParcel, MAX_PERMLIST_SIZE + 1); std::shared_ptr readedData1(HapTokenInfoForSyncParcel::Unmarshalling(out1)); EXPECT_EQ(true, readedData1 == nullptr); } -/** - * @tc.name: NativeTokenInfoForSyncParcel001 - * @tc.desc: Test HapTokenInfoForSync Marshalling/Unmarshalling. - * @tc.type: FUNC - * @tc.require: issueI5QKZF - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoForSyncParcel001, TestSize.Level1) -{ - NativeTokenInfoForSyncParcel nativeTokenInfoSync; - - NativeTokenInfo baseInfo; - baseInfo.apl = APL_NORMAL, - baseInfo.ver = 1, - baseInfo.processName = "native_token_test1", - baseInfo.tokenID = 0x28100000, // 0x28100000 tokenid - baseInfo.tokenAttr = 0, - baseInfo.dcap = {"AT_CAP", "ST_CAP"}; - baseInfo.nativeAcls = {"ohos.permission.LOCATION"}; - - Parcel out; - NativeTokenInfoParcel baseInfoParcel; - baseInfoParcel.nativeTokenInfoParams = baseInfo; - WriteParcelable(out, baseInfoParcel, MAX_PERMLIST_SIZE); - - std::shared_ptr readedData(NativeTokenInfoForSyncParcel::Unmarshalling(out)); - EXPECT_NE(nullptr, readedData); - - Parcel outInvalid; - WriteParcelable(outInvalid, baseInfoParcel, MAX_PERMLIST_SIZE + 1); - std::shared_ptr readedData1(NativeTokenInfoForSyncParcel::Unmarshalling(outInvalid)); - EXPECT_EQ(true, readedData1 == nullptr); -} - -/** - * @tc.name: NativeTokenInfoForSyncParcel002 - * @tc.desc: Test HapTokenInfoForSync Marshalling/Unmarshalling. - * @tc.type: FUNC - * @tc.require: issueI5QKZF - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoForSyncParcel002, TestSize.Level1) -{ - NativeTokenInfoForSyncParcel nativeTokenInfoSync; - - NativeTokenInfo baseInfo; - baseInfo.apl = APL_NORMAL, - baseInfo.ver = 1, - baseInfo.processName = "native_token_test2", - baseInfo.tokenID = 0x28100000, // 0x28100000 tokenid - baseInfo.tokenAttr = 0, - baseInfo.dcap = {"AT_CAP", "ST_CAP"}; - baseInfo.nativeAcls = {"ohos.permission.LOCATION"}; - - nativeTokenInfoSync.nativeTokenInfoForSyncParams.baseInfo = baseInfo; - nativeTokenInfoSync.nativeTokenInfoForSyncParams.permStateList.emplace_back(g_permStatBeta); - - Parcel parcel; - EXPECT_EQ(true, nativeTokenInfoSync.Marshalling(parcel)); - std::shared_ptr readedData(NativeTokenInfoForSyncParcel::Unmarshalling(parcel)); - EXPECT_NE(nullptr, readedData); -} - -static void PutData(Parcel& out, uint32_t deviceSize, uint32_t statusSize, uint32_t flagSize) -{ - out.WriteString("ohos.permission.LOCATION"); - out.WriteBool(true); - out.WriteUint32(deviceSize); - for (uint32_t i = 0; i < deviceSize; i++) { - out.WriteString("deviceName"); - } - out.WriteUint32(statusSize); - for (uint32_t i = 0; i < statusSize; i++) { - out.WriteInt32(0); - } - out.WriteUint32(flagSize); - for (uint32_t i = 0; i < flagSize; i++) { - out.WriteInt32(0); - } -} - -/** - * @tc.name: PermissionStateFullParcel001 - * @tc.desc: Test permissionStateFullParcel Marshalling/Unmarshalling. - * @tc.type: FUNC - * @tc.require: issueI5QKZF - */ -HWTEST_F(AccessTokenParcelTest, PermissionStateFullParcel001, TestSize.Level1) -{ - Parcel out; - PutData(out, MAX_DEVICE_ID_SIZE, MAX_DEVICE_ID_SIZE, MAX_DEVICE_ID_SIZE + 1); - std::shared_ptr readedData(PermissionStateFullParcel::Unmarshalling(out)); - EXPECT_EQ(nullptr, readedData); - - Parcel out1; - PutData(out1, MAX_DEVICE_ID_SIZE, MAX_DEVICE_ID_SIZE + 1, MAX_DEVICE_ID_SIZE + 1); - std::shared_ptr readedData1(PermissionStateFullParcel::Unmarshalling(out1)); - EXPECT_EQ(readedData1, nullptr); - - Parcel out2; - PutData(out2, MAX_DEVICE_ID_SIZE + 1, MAX_DEVICE_ID_SIZE + 1, MAX_DEVICE_ID_SIZE + 1); - std::shared_ptr readedData2(PermissionStateFullParcel::Unmarshalling(out2)); - EXPECT_EQ(readedData2, nullptr); - - Parcel out3; - PutData(out3, MAX_DEVICE_ID_SIZE, MAX_DEVICE_ID_SIZE, MAX_DEVICE_ID_SIZE); - std::shared_ptr readedData3(PermissionStateFullParcel::Unmarshalling(out3)); - EXPECT_NE(readedData3, nullptr); -} - /** * @tc.name: PermissionStateFullParcel002 - * @tc.desc: Test permissionStateFullParcel Marshalling/Unmarshalling. + * @tc.desc: Test permissionStateParcel Marshalling/Unmarshalling. * @tc.type: FUNC * @tc.require: issueI5QKZF */ HWTEST_F(AccessTokenParcelTest, PermissionStateFullParcel002, TestSize.Level1) { - PermissionStateFullParcel permissionStateFullParcel; - permissionStateFullParcel.permStatFull.permissionName = "permissionName"; - permissionStateFullParcel.permStatFull.isGeneral = false; - permissionStateFullParcel.permStatFull.resDeviceID = {"device"}; - permissionStateFullParcel.permStatFull.grantStatus = {1}; - permissionStateFullParcel.permStatFull.grantFlags = {0}; + PermissionStatusParcel permissionStateParcel; + permissionStateParcel.permState.permissionName = "permissionName"; + permissionStateParcel.permState.grantStatus = 1; + permissionStateParcel.permState.grantFlag = 0; Parcel parcel; - EXPECT_EQ(true, permissionStateFullParcel.Marshalling(parcel)); - - std::shared_ptr readedData(PermissionStateFullParcel::Unmarshalling(parcel)); - EXPECT_NE(nullptr, readedData); -} - - -static void PutNativeTokenInfoData(Parcel& out, uint32_t dcapSize, uint32_t aclSize) -{ - EXPECT_EQ(true, out.WriteInt32(APL_NORMAL)); - EXPECT_EQ(true, out.WriteUint8(1)); - EXPECT_EQ(true, out.WriteString("native_token_test0")); - EXPECT_EQ(true, out.WriteUint32(0x28100000)); // 0x28100000 tokenid - EXPECT_EQ(true, out.WriteUint32(0)); - - EXPECT_EQ(true, out.WriteUint32(dcapSize)); - for (uint32_t i = 0; i < dcapSize; i++) { - EXPECT_EQ(true, out.WriteString("dcapItem")); - } - EXPECT_EQ(true, out.WriteUint32(aclSize)); - for (uint32_t i = 0; i < aclSize; i++) { - EXPECT_EQ(true, out.WriteString("ohos.permission.LOCATION")); - } -} - -/** - * @tc.name: NativeTokenInfoParcel001 - * @tc.desc: Test NativeTokenInfoParcel Marshalling/Unmarshalling. - * @tc.type: FUNC - * @tc.require: issueI5QKZF - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoParcel001, TestSize.Level1) -{ - Parcel out; - PutNativeTokenInfoData(out, MAX_DCAP_SIZE, MAX_ACL_SIZE); - std::shared_ptr readedData(NativeTokenInfoParcel::Unmarshalling(out)); - EXPECT_NE(nullptr, readedData); - - Parcel out1; - PutNativeTokenInfoData(out1, MAX_DCAP_SIZE, MAX_ACL_SIZE + 1); - std::shared_ptr readedData1(NativeTokenInfoParcel::Unmarshalling(out1)); - EXPECT_EQ(readedData1, nullptr); - - Parcel out2; - PutNativeTokenInfoData(out2, MAX_DCAP_SIZE + 1, MAX_ACL_SIZE + 1); - std::shared_ptr readedData2(NativeTokenInfoParcel::Unmarshalling(out2)); - EXPECT_EQ(readedData2, nullptr); -} - -/** - * @tc.name: NativeTokenInfoParcel002 - * @tc.desc: Test NativeTokenInfoParcel Marshalling/Unmarshalling. - * @tc.type: FUNC - * @tc.require: issueI5QKZF - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoParcel002, TestSize.Level1) -{ - NativeTokenInfoParcel nativeTokenInfoParcel; - nativeTokenInfoParcel.nativeTokenInfoParams.apl = APL_NORMAL; - nativeTokenInfoParcel.nativeTokenInfoParams.ver = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.processName = "processName"; - nativeTokenInfoParcel.nativeTokenInfoParams.dcap = {"AT_CAP"}; - nativeTokenInfoParcel.nativeTokenInfoParams.tokenID = 12; // 12 : tokenid - nativeTokenInfoParcel.nativeTokenInfoParams.tokenAttr = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.nativeAcls = {}; + EXPECT_EQ(true, permissionStateParcel.Marshalling(parcel)); - Parcel parcel; - EXPECT_EQ(true, nativeTokenInfoParcel.Marshalling(parcel)); - std::shared_ptr readedData(NativeTokenInfoParcel::Unmarshalling(parcel)); + std::shared_ptr readedData(PermissionStatusParcel::Unmarshalling(parcel)); EXPECT_NE(nullptr, readedData); } -/* - * @tc.name: NativeTokenInfoParcel003 - * @tc.desc: NativeTokenInfoParcel::Marshalling function test dcap size > 32 - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoParcel003, TestSize.Level1) -{ - std::vector vec(33, "AT_CAP"); - NativeTokenInfoParcel nativeTokenInfoParcel; - nativeTokenInfoParcel.nativeTokenInfoParams.apl = APL_NORMAL; - nativeTokenInfoParcel.nativeTokenInfoParams.ver = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.processName = "processName"; - nativeTokenInfoParcel.nativeTokenInfoParams.dcap = vec; // size is 33 - nativeTokenInfoParcel.nativeTokenInfoParams.tokenID = 12; // 12 : tokenid - nativeTokenInfoParcel.nativeTokenInfoParams.tokenAttr = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.nativeAcls = {}; - - Parcel parcel; - EXPECT_NE(true, nativeTokenInfoParcel.Marshalling(parcel)); -} - -/* - * @tc.name: NativeTokenInfoParcel004 - * @tc.desc: NativeTokenInfoParcel::Marshalling function test nativeAcls size > 64 - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(AccessTokenParcelTest, NativeTokenInfoParcel004, TestSize.Level1) -{ - std::vector vec(65, "AT_CAP"); - NativeTokenInfoParcel nativeTokenInfoParcel; - nativeTokenInfoParcel.nativeTokenInfoParams.apl = APL_NORMAL; - nativeTokenInfoParcel.nativeTokenInfoParams.ver = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.processName = "processName"; - nativeTokenInfoParcel.nativeTokenInfoParams.dcap = {"AT_CAP"}; - nativeTokenInfoParcel.nativeTokenInfoParams.tokenID = 12; // 12 : tokenid - nativeTokenInfoParcel.nativeTokenInfoParams.tokenAttr = 0; - nativeTokenInfoParcel.nativeTokenInfoParams.nativeAcls = vec; // size is 65 - - Parcel parcel; - EXPECT_NE(true, nativeTokenInfoParcel.Marshalling(parcel)); -} - /** * @tc.name: PermissionGrantInfoParcel001 * @tc.desc: Test PermissionGrantInfo Marshalling/Unmarshalling. diff --git a/frameworks/test/unittest/common_test.cpp b/frameworks/test/unittest/common_test.cpp index a303ec35283b599d92e979ea41e62b3bd68e98e6..0ab1a2fbd8908ac80bd8332d2db61f77fb8d541e 100644 --- a/frameworks/test/unittest/common_test.cpp +++ b/frameworks/test/unittest/common_test.cpp @@ -23,7 +23,6 @@ #define private public #include "permission_map.h" #undef private -#include "json_parser.h" using namespace testing::ext; @@ -32,19 +31,6 @@ namespace Security { namespace AccessToken { namespace { const static uint32_t MAX_PERM_SIZE = 2048; -const static uint32_t MAX_CONFIG_FILE_SIZE = 5 * 1024; -const static std::string TEST_JSON_PATH = "/data/test.json"; -const static std::string TEST_STR = - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA" - "iVBORw0KGgoAAAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0AA"; } class CommonTest : public testing::Test { public: @@ -104,58 +90,6 @@ HWTEST_F(CommonTest, TransferOpcodeToPermission002, TestSize.Level1) EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE, permissionName)); EXPECT_FALSE(TransferOpcodeToPermission(MAX_PERM_SIZE - 1, permissionName)); } - -/* - * @tc.name: GetUnsignedIntFromJson001 - * @tc.desc: GetUnsignedIntFromJson - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, GetUnsignedIntFromJson001, TestSize.Level1) -{ - const nlohmann::json json; - u_int32_t out = 0; - EXPECT_FALSE(JsonParser::GetUnsignedIntFromJson(json, "tokenId", out)); - EXPECT_EQ(0, out); -} - -/* - * @tc.name: ReadCfgFile001 - * @tc.desc: GetUnsignedIntFromJson json invalid - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, ReadCfgFile001, TestSize.Level1) -{ - int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); - EXPECT_NE(-1, fd); - std::string rawData; - EXPECT_EQ(ERR_PARAM_INVALID, JsonParser::ReadCfgFile(TEST_JSON_PATH, rawData)); - for (int i = 0; i < MAX_CONFIG_FILE_SIZE; i++) { - size_t strLen = strlen(TEST_STR.c_str()); - write(fd, TEST_STR.c_str(), strLen); - } - EXPECT_EQ(ERR_OVERSIZE, JsonParser::ReadCfgFile(TEST_JSON_PATH, rawData)); - close(fd); - sleep(5); - - remove(TEST_JSON_PATH.c_str()); -} - -/* - * @tc.name: IsDirExsit001 - * @tc.desc: IsDirExsit input param error - * @tc.type: FUNC - * @tc.require: issueI6024A - */ -HWTEST_F(CommonTest, IsDirExsit001, TestSize.Level1) -{ - EXPECT_FALSE(JsonParser::IsDirExsit("")); - int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); - EXPECT_NE(-1, fd); - - EXPECT_FALSE(JsonParser::IsDirExsit(TEST_JSON_PATH.c_str())); -} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/frameworks/test/unittest/privacy_parcel_test.cpp b/frameworks/test/unittest/privacy_parcel_test.cpp index ecfaa99471dba3a04b30e8fc5ca578b8c21b41c9..aa38f6dd6ae319611a9abf91eb1d4f081140ca11 100644 --- a/frameworks/test/unittest/privacy_parcel_test.cpp +++ b/frameworks/test/unittest/privacy_parcel_test.cpp @@ -159,10 +159,13 @@ HWTEST_F(PrivacyParcelTest, ActiveChangeResponseParcel001, TestSize.Level1) ActiveChangeResponseParcel activeChangeResponseParcel; activeChangeResponseParcel.changeResponse = { + .callingTokenID = 100, .tokenID = 100, .permissionName = "ohos.permission.CAMERA", .deviceId = "device", .type = PERM_INACTIVE, + .usedType = NORMAL_TYPE, + .pid = -1, }; Parcel parcel; @@ -171,10 +174,13 @@ HWTEST_F(PrivacyParcelTest, ActiveChangeResponseParcel001, TestSize.Level1) std::shared_ptr readedData(ActiveChangeResponseParcel::Unmarshalling(parcel)); EXPECT_EQ(true, readedData != nullptr); + EXPECT_EQ(activeChangeResponseParcel.changeResponse.callingTokenID, readedData->changeResponse.callingTokenID); EXPECT_EQ(activeChangeResponseParcel.changeResponse.tokenID, readedData->changeResponse.tokenID); EXPECT_EQ(activeChangeResponseParcel.changeResponse.permissionName, readedData->changeResponse.permissionName); EXPECT_EQ(activeChangeResponseParcel.changeResponse.deviceId, readedData->changeResponse.deviceId); EXPECT_EQ(activeChangeResponseParcel.changeResponse.type, readedData->changeResponse.type); + EXPECT_EQ(activeChangeResponseParcel.changeResponse.usedType, readedData->changeResponse.usedType); + EXPECT_EQ(activeChangeResponseParcel.changeResponse.pid, readedData->changeResponse.pid); } /** @@ -387,6 +393,7 @@ void DataMarshalling(Parcel& out, uint32_t accessSize, uint32_t rejectSize) UsedRecordDetail detailIns = {0, 0, 0L, 0L, 0}; EXPECT_EQ(true, out.WriteString("permissionName")); EXPECT_EQ(true, out.WriteInt32(1)); + EXPECT_EQ(true, out.WriteInt32(0)); EXPECT_EQ(true, out.WriteInt32(1)); EXPECT_EQ(true, out.WriteInt64(0L)); EXPECT_EQ(true, out.WriteInt64(0L)); diff --git a/hisysevent.yaml b/hisysevent.yaml index 068404e071c830a9f09e609177881d7e2ac539b4..9db48c4d2eaea49c94f6ddf5676e6e03c28dfd36 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. +# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -13,6 +13,19 @@ domain: ACCESS_TOKEN +ACCESSTOKEN_SERVICE_START: + __BASE: {type: STATISTIC, level: CRITICAL, tag: usability, desc: service startup} + PID: {type: INT32, desc: access token service pid} + HAP_SIZE: {type: UINT32, desc: hap token size} + NATIVE_SIZE: {type: UINT32, desc: native token size} + PERM_DEFINITION_SIZE: {type: UINT32, desc: permission definition size} + +ACCESSTOKEN_SERVICE_START_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: service startup error} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + PERMISSION_VERIFY_REPORT: __BASE: {type: SECURITY, level: CRITICAL, desc: permission verification error} CODE: {type: INT32, desc: error code} @@ -73,3 +86,53 @@ REQUEST_PERMISSIONS_FROM_USER: __BASE: {type: BEHAVIOR, level: MINOR, desc: request permissions from user} BUNDLENAME: {type: STRING, desc: bundle name} UIEXTENSION_FLAG: {type: BOOL, desc: uiextension flag} + +UPDATE_PERMISSION: + __BASE: {type: BEHAVIOR, level: MINOR, desc: grant or revoke permission} + TOKENID: {type: UINT32, desc: tokenID} + PERMISSION_NAME: {type: STRING, desc: permission name} + PERMISSION_FLAG: {type: UINT32, desc: permission flag} + GRANTED_FLAG: {type: BOOL, desc: grant or revoke} + +UPDATE_HAP: + __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device} + TOKENID: {type: UINT32, desc: token id} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} + +CLEAR_USER_PERMISSION_STATE: + __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state} + TOKENID: {type: UINT32, desc: tokenid to be cleared} + TOKENID_LEN: {type: UINT32, desc: amount of realated sandbox app accesstoken} + +SET_PERMISSION_DIALOG_CAP: + __BASE: {type: BEHAVIOR, level: MINOR, desc: set permission dialog capability} + TOKENID: {type: UINT32, desc: token id} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} + ENABLE: {type: BOOL, desc: enable or disable} + +REQ_PERM_FROM_USER_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to request permission from user} + ERROR_CODE: {type: INT32, desc: error code} + SELF_TOKENID: {type: UINT32, desc: self tokenID} + CONTEXT_TOKENID: {type: UINT32, desc: context tokenID} + +UPDATE_PERMISSION_STATUS_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to grant or revoke permission} + ERROR_CODE: {type: INT32, desc: error code} + TOKENID: {type: UINT32, desc: tokenID} + PERM: {type: STRING, desc: permission name} + BUNDLE_NAME: {type: STRING, desc: bundle name} + INT_VAL1: {type: INT32, desc: hap dlp type/return value} + INT_VAL2: {type: INT32, desc: permission dlp mode/update permission flag} + NEED_KILL: {type: BOOL, desc: need kill hap} + +VERIFY_ACCESS_TOKEN_EVENT: + __BASE: {type: STATISTIC, level: CRITICAL, desc: verify access token event} + EVENT_CODE: {type: INT32, desc: event code} + SELF_TOKENID: {type: UINT32, desc: self tokenID} + CONTEXT_TOKENID: {type: UINT32, desc: context tokenID} + diff --git a/interfaces/innerkits/el5filekeymanager/BUILD.gn b/interfaces/inner_api/el5filekeymanager/BUILD.gn similarity index 82% rename from interfaces/innerkits/el5filekeymanager/BUILD.gn rename to interfaces/inner_api/el5filekeymanager/BUILD.gn index 09cb33fb7b83fc9eb74c3723a699c6dbf7bbd567..d4c36ca0dc8166aa6c5b2e4acde8ca20689b62f2 100644 --- a/interfaces/innerkits/el5filekeymanager/BUILD.gn +++ b/interfaces/inner_api/el5filekeymanager/BUILD.gn @@ -18,7 +18,7 @@ config("efm_innerkits") { visibility = [ ":*" ] include_dirs = [ "include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] } @@ -30,20 +30,26 @@ ohos_shared_library("el5_filekey_manager_sdk") { } branch_protector_ret = "pac_ret" + cflags_cc = [ + "-fdata-sections", + "-ffunction-sections", + "-fno-asynchronous-unwind-tables", + "-fno-unwind-tables", + "-Os", + ] + public_configs = [ ":efm_innerkits" ] include_dirs = [ "${access_token_path}/frameworks/common/include", - "src", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] sources = [ "src/app_key_info.cpp", "src/el5_filekey_callback_stub.cpp", "src/el5_filekey_manager_client.cpp", - "src/el5_filekey_manager_death_recipient.cpp", "src/el5_filekey_manager_kit.cpp", - "src/el5_filekey_manager_load_callback.cpp", "src/el5_filekey_manager_proxy.cpp", ] diff --git a/interfaces/innerkits/el5filekeymanager/include/app_key_info.h b/interfaces/inner_api/el5filekeymanager/include/app_key_info.h similarity index 71% rename from interfaces/innerkits/el5filekeymanager/include/app_key_info.h rename to interfaces/inner_api/el5filekeymanager/include/app_key_info.h index 28fca00615b756fbd17a60a698d8c6cfc7d69472..5ab9004456f53d03c7e2db904c81dcd438827e74 100644 --- a/interfaces/innerkits/el5filekeymanager/include/app_key_info.h +++ b/interfaces/inner_api/el5filekeymanager/include/app_key_info.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -24,10 +24,21 @@ namespace OHOS { namespace Security { namespace AccessToken { +enum AppKeyType { + APP = 1, + GROUPID, +}; + struct AppKeyInfo : public Parcelable { - uint32_t uid; + AppKeyType type = AppKeyType::APP; + uint32_t uid = 0; std::string bundleName; - int32_t userId; + int32_t userId = -1; + std::string groupID; + + AppKeyInfo() {} + AppKeyInfo(AppKeyType type, uint32_t uid, const std::string &bundleName, int32_t userId, + const std::string &groupID) : type(type), uid(uid), bundleName(bundleName), userId(userId), groupID(groupID) {} bool Marshalling(Parcel &parcel) const override; static AppKeyInfo *Unmarshalling(Parcel &parcel); diff --git a/frameworks/el5filekeymanager/include/data_lock_type.h b/interfaces/inner_api/el5filekeymanager/include/data_lock_type.h similarity index 92% rename from frameworks/el5filekeymanager/include/data_lock_type.h rename to interfaces/inner_api/el5filekeymanager/include/data_lock_type.h index f123b07c9e8d7d1adb810490f6026eac9baeef41..b5f1f4c7445bec68d06775e217b9be15f8de47e5 100644 --- a/frameworks/el5filekeymanager/include/data_lock_type.h +++ b/interfaces/inner_api/el5filekeymanager/include/data_lock_type.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,6 +22,7 @@ namespace AccessToken { enum DataLockType { DEFAULT_DATA = 0x0, MEDIA_DATA = 0x01, + GROUP_ID_DATA = 0x02, ALL_DATA = 0xFFFFFFFF }; } // namespace AccessToken diff --git a/frameworks/el5filekeymanager/include/el5_filekey_callback_interface.h b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_callback_interface.h similarity index 100% rename from frameworks/el5filekeymanager/include/el5_filekey_callback_interface.h rename to interfaces/inner_api/el5filekeymanager/include/el5_filekey_callback_interface.h diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_callback_stub.h b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_callback_stub.h similarity index 96% rename from interfaces/innerkits/el5filekeymanager/include/el5_filekey_callback_stub.h rename to interfaces/inner_api/el5filekeymanager/include/el5_filekey_callback_stub.h index c00b63f4c86ed56b90ccdda8a33ccbf6e02747a0..94b03ddb582ebbf15738270c8f8fcd50fc74d195 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_callback_stub.h +++ b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_callback_stub.h @@ -25,7 +25,7 @@ namespace AccessToken { class El5FilekeyCallbackStub : public IRemoteStub { public: El5FilekeyCallbackStub(); - ~El5FilekeyCallbackStub(); + virtual ~El5FilekeyCallbackStub(); int32_t OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) override; }; diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_error.h b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_manager_error.h similarity index 100% rename from interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_error.h rename to interfaces/inner_api/el5filekeymanager/include/el5_filekey_manager_error.h diff --git a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_manager_kit.h similarity index 74% rename from interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h rename to interfaces/inner_api/el5filekeymanager/include/el5_filekey_manager_kit.h index d33322298d5fc92a7515cc702042ced032b63421..61b4077e5f90715aa3a236de08a81ae28595d286 100644 --- a/interfaces/innerkits/el5filekeymanager/include/el5_filekey_manager_kit.h +++ b/interfaces/inner_api/el5filekeymanager/include/el5_filekey_manager_kit.h @@ -54,10 +54,11 @@ public: static int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId); /** * @brief Delete app key of the uninstalled application. - * @param keyId KeyId of the uninstalled application + * @param bundleName bundle name + * @param userId The user id * @return error code, see el5_filekey_manager_error.h */ - static int32_t DeleteAppKey(const std::string& keyId); + static int32_t DeleteAppKey(const std::string& bundleName, int32_t userId); /** * @brief Get key infos of the specified user, the state is unloaded. * @param userId The user id @@ -90,6 +91,30 @@ public: * @return error code, see el5_filekey_manager_error.h */ static int32_t GetUserAllAppKey(int32_t userId, std::vector> &keyInfos); + /** + * @brief Generate app key of the installed data group. + * @param uid The uid + * @param groupID ID of the data group + * @param keyId Return keyId of the installed data group + * @return error code, see el5_filekey_manager_error.h + */ + static int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId); + /** + * @brief Delete app key of the uninstalled data group. + * @param uid The uid + * @param groupID ID of the data group + * @return error code, see el5_filekey_manager_error.h + */ + static int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID); + /** + * @brief Query specified type of app key's state. + * If acquiring MEDIA_DATA, you need to apply for ohos.permission.ACCESS_SCREEN_LOCK_MEDIA_DATA permission, + * if acquiring ALL_DATA, you need to apply for ohos.permission.ACCESS_SCREEN_LOCK_ALL_DATA permission. + * @permission ohos.permission.ACCESS_SCREEN_LOCK_MEDIA_DATA or ohos.permission.ACCESS_SCREEN_LOCK_ALL_DATA + * @param type Type of data accessed + * @return error code, see el5_filekey_manager_error.h + */ + static int32_t QueryAppKeyState(DataLockType type); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/el5filekeymanager/src/app_key_info.cpp b/interfaces/inner_api/el5filekeymanager/src/app_key_info.cpp similarity index 81% rename from interfaces/innerkits/el5filekeymanager/src/app_key_info.cpp rename to interfaces/inner_api/el5filekeymanager/src/app_key_info.cpp index a5cccb0e1ae743abafc73219829ad3d0b392aa4a..7210ef1415e8abaaffd121b88402242e58c4d1fb 100644 --- a/interfaces/innerkits/el5filekeymanager/src/app_key_info.cpp +++ b/interfaces/inner_api/el5filekeymanager/src/app_key_info.cpp @@ -21,9 +21,11 @@ namespace Security { namespace AccessToken { bool AppKeyInfo::Marshalling(Parcel &parcel) const { + RETURN_IF_FALSE(parcel.WriteUint32(static_cast(this->type))); RETURN_IF_FALSE(parcel.WriteUint32(this->uid)); RETURN_IF_FALSE(parcel.WriteString(this->bundleName)); RETURN_IF_FALSE(parcel.WriteInt32(this->userId)); + RETURN_IF_FALSE(parcel.WriteString(this->groupID)); return true; } @@ -33,9 +35,14 @@ AppKeyInfo *AppKeyInfo::Unmarshalling(Parcel &parcel) if (info == nullptr) { return nullptr; } + + uint32_t type; + RELEASE_IF_FALSE(parcel.ReadUint32(type), info); + info->type = static_cast(type); RELEASE_IF_FALSE(parcel.ReadUint32(info->uid), info); RELEASE_IF_FALSE(parcel.ReadString(info->bundleName), info); RELEASE_IF_FALSE(parcel.ReadInt32(info->userId), info); + RELEASE_IF_FALSE(parcel.ReadString(info->groupID), info); return info; } } // namespace AccessToken diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_callback_stub.cpp b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_callback_stub.cpp similarity index 97% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_callback_stub.cpp rename to interfaces/inner_api/el5filekeymanager/src/el5_filekey_callback_stub.cpp index 7c98c4090b8594e30fc2ccf047ba27d788c6c6d3..7ead6d8b4b91267519c89f2600c9c23da29640f3 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_callback_stub.cpp +++ b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_callback_stub.cpp @@ -33,7 +33,7 @@ int32_t El5FilekeyCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { if (data.ReadInterfaceToken() != El5FilekeyCallbackInterface::GetDescriptor()) { - LOG_ERROR("get unexpected descriptor"); + LOG_ERROR("Get unexpected descriptor"); return EFM_ERR_IPC_TOKEN_INVALID; } if (code == static_cast(El5FilekeyCallbackInterface::Code::ON_REGENERATE_APP_KEY)) { diff --git a/interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_client.cpp b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_client.cpp new file mode 100644 index 0000000000000000000000000000000000000000..0faf46438fb70ca877f5efb71d629a7b8d80e8e0 --- /dev/null +++ b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_client.cpp @@ -0,0 +1,201 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "el5_filekey_manager_client.h" + +#include "el5_filekey_manager_log.h" +#include "el5_filekey_manager_proxy.h" +#include "iservice_registry.h" +#include "refbase.h" +#include "system_ability_definition.h" +#include "sys_binder.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr int32_t LOAD_SA_TIMEOUT_SECOND = 4; +constexpr int32_t LOAD_SA_RETRY_TIMES = 5; +constexpr int32_t SA_REQUEST_RETRY_TIMES = 3; +static const int32_t SENDREQ_FAIL_ERR = 32; +static const std::vector RETRY_CODE_LIST = { BR_DEAD_REPLY, BR_FAILED_REPLY, SENDREQ_FAIL_ERR }; +} +El5FilekeyManagerClient::El5FilekeyManagerClient() {} + +El5FilekeyManagerClient::~El5FilekeyManagerClient() {} + +El5FilekeyManagerClient &El5FilekeyManagerClient::GetInstance() +{ + static El5FilekeyManagerClient instance; + return instance; +} + +int32_t El5FilekeyManagerClient::AcquireAccess(DataLockType type) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->AcquireAccess(type); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::ReleaseAccess(DataLockType type) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->ReleaseAccess(type); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::GenerateAppKey(uint32_t uid, const std::string &bundleName, std::string &keyId) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->GenerateAppKey(uid, bundleName, keyId); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::DeleteAppKey(const std::string &bundleName, int32_t userId) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->DeleteAppKey(bundleName, userId); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::GetUserAppKey(int32_t userId, bool getAllFlag, + std::vector> &keyInfos) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->GetUserAppKey(userId, getAllFlag, keyInfos); + }; + return CallProxyWithRetry(func, __FUNCTION__, SA_REQUEST_RETRY_TIMES); +} + +int32_t El5FilekeyManagerClient::ChangeUserAppkeysLoadInfo(int32_t userId, + std::vector> &loadInfos) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->ChangeUserAppkeysLoadInfo(userId, loadInfos); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::SetFilePathPolicy() +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->SetFilePathPolicy(); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::RegisterCallback(const sptr &callback) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->RegisterCallback(callback); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->GenerateGroupIDKey(uid, groupID, keyId); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::DeleteGroupIDKey(uint32_t uid, const std::string &groupID) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->DeleteGroupIDKey(uid, groupID); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +int32_t El5FilekeyManagerClient::QueryAppKeyState(DataLockType type) +{ + std::function &)> func = [&](sptr &proxy) { + return proxy->QueryAppKeyState(type); + }; + return CallProxyWithRetry(func, __FUNCTION__); +} + +sptr El5FilekeyManagerClient::GetProxy() +{ + std::unique_lock lock(proxyMutex_); + auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (systemAbilityManager == nullptr) { + LOG_ERROR("Get system ability manager failed."); + return nullptr; + } + + auto el5FilekeyService = systemAbilityManager->CheckSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID); + if (el5FilekeyService != nullptr) { + LOG_INFO("get el5 filekey manager proxy success"); + return iface_cast(el5FilekeyService); + } + + for (int i = 0; i <= LOAD_SA_RETRY_TIMES; i++) { + el5FilekeyService = + systemAbilityManager->LoadSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID, LOAD_SA_TIMEOUT_SECOND); + if (el5FilekeyService != nullptr) { + LOG_INFO("load el5 filekey manager success"); + return iface_cast(el5FilekeyService); + } + LOG_INFO("load el5 filekey manager failed, retry count:%{public}d", i); + } + LOG_ERROR("get el5 filekey manager proxy failed"); + return nullptr; +} + +int32_t El5FilekeyManagerClient::CallProxyWithRetry( + const std::function &)> &func, const char *funcName, int32_t retryTimes) +{ + LOG_INFO("call proxy with retry function:%s", funcName); + auto proxy = GetProxy(); + if (proxy != nullptr) { + int32_t ret = func(proxy); + if (!IsRequestNeedRetry(ret)) { + return ret; + } + LOG_WARN("First try cal %{public}s failed ret:%{public}d. Begin retry", funcName, ret); + } else { + LOG_WARN("First try call %{public}s failed, proxy is NULL. Begin retry.", funcName); + } + + for (int32_t i = 0; i < retryTimes; i++) { + proxy = GetProxy(); + if (proxy == nullptr) { + LOG_WARN("Get proxy %{public}s failed, retry time = %{public}d.", funcName, i); + continue; + } + int32_t ret = func(proxy); + if (!IsRequestNeedRetry(ret)) { + return ret; + } + LOG_WARN("Call %{public}s failed, retry time = %{public}d, result = %{public}d", funcName, i, ret); + } + LOG_ERROR("Retry call service %{public}s error, tried %{public}d times.", funcName, retryTimes); + return EFM_ERR_REMOTE_CONNECTION; +} + +bool El5FilekeyManagerClient::IsRequestNeedRetry(int32_t ret) +{ + auto it = std::find(RETRY_CODE_LIST.begin(), RETRY_CODE_LIST.end(), ret); + return it != RETRY_CODE_LIST.end(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_kit.cpp similarity index 76% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp rename to interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_kit.cpp index 3b02a8df62f397842efed7490c9e07ede4d56ca5..e385485669d9356a4043deab5240915e5caaca2b 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_kit.cpp +++ b/interfaces/inner_api/el5filekeymanager/src/el5_filekey_manager_kit.cpp @@ -35,9 +35,9 @@ int32_t El5FilekeyManagerKit::GenerateAppKey(uint32_t uid, const std::string& bu return El5FilekeyManagerClient::GetInstance().GenerateAppKey(uid, bundleName, keyId); } -int32_t El5FilekeyManagerKit::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerKit::DeleteAppKey(const std::string& bundleName, int32_t userId) { - return El5FilekeyManagerClient::GetInstance().DeleteAppKey(keyId); + return El5FilekeyManagerClient::GetInstance().DeleteAppKey(bundleName, userId); } int32_t El5FilekeyManagerKit::GetUserAppKey(int32_t userId, std::vector> &keyInfos) @@ -65,6 +65,20 @@ int32_t El5FilekeyManagerKit::GetUserAllAppKey(int32_t userId, std::vector remote = Remote(); + if (remote == nullptr) { + LOG_ERROR("Remote service is null."); + return EFM_ERR_REMOTE_CONNECTION; + } + int32_t result = remote->SendRequest( + static_cast(EFMInterfaceCode::GENERATE_GROUPID_KEY), data, reply, option); + if (result != NO_ERROR) { + LOG_ERROR("SendRequest failed, result: %{public}d.", result); + } else { + result = reply.ReadInt32(); + keyId = reply.ReadString(); + } + return result; +} + +int32_t El5FilekeyManagerProxy::DeleteGroupIDKey(uint32_t uid, const std::string &groupID) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())) { + LOG_ERROR("Failed to write WriteInterfaceToken."); + return EFM_ERR_IPC_WRITE_DATA; + } + if (!data.WriteUint32(uid)) { + LOG_ERROR("Failed to WriteInt32(%{public}d).", uid); + return EFM_ERR_IPC_WRITE_DATA; + } + if (!data.WriteString(groupID)) { + LOG_ERROR("Failed to WriteString(%{public}s).", groupID.c_str()); + return EFM_ERR_IPC_WRITE_DATA; + } + + MessageParcel reply; + MessageOption option; + sptr remote = Remote(); + if (remote == nullptr) { + LOG_ERROR("Remote service is null."); + return EFM_ERR_REMOTE_CONNECTION; + } + int32_t result = remote->SendRequest( + static_cast(EFMInterfaceCode::DELETE_GROUPID_KEY), data, reply, option); + if (result != NO_ERROR) { + LOG_ERROR("SendRequest failed, result: %{public}d.", result); + } else { + result = reply.ReadInt32(); + } + return result; +} + +int32_t El5FilekeyManagerProxy::QueryAppKeyState(DataLockType type) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())) { + LOG_ERROR("Failed to write WriteInterfaceToken."); + return EFM_ERR_IPC_WRITE_DATA; + } + if (!data.WriteInt32(static_cast(type))) { + LOG_ERROR("Failed to WriteInt32(%{public}d).", type); + return EFM_ERR_IPC_WRITE_DATA; + } + + MessageParcel reply; + MessageOption option; + sptr remote = Remote(); + if (remote == nullptr) { + LOG_ERROR("Remote service is null."); + return EFM_ERR_REMOTE_CONNECTION; + } + int32_t result = remote->SendRequest( + static_cast(EFMInterfaceCode::QUERY_APP_KEY_STATE), data, reply, option); + if (result != NO_ERROR) { + LOG_ERROR("SendRequest failed, result: %{public}d.", result); + } else { + result = reply.ReadInt32(); + } + return result; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/el5filekeymanager/test/BUILD.gn b/interfaces/inner_api/el5filekeymanager/test/BUILD.gn similarity index 91% rename from interfaces/innerkits/el5filekeymanager/test/BUILD.gn rename to interfaces/inner_api/el5filekeymanager/test/BUILD.gn index dc5d30b89cf93f4fd9c6504cbf55de953395ec02..a334f3e6c3f2a40530321318ab5e551be6fe14de 100644 --- a/interfaces/innerkits/el5filekeymanager/test/BUILD.gn +++ b/interfaces/inner_api/el5filekeymanager/test/BUILD.gn @@ -27,9 +27,8 @@ ohos_unittest("el5_filekey_manager_kit_unittest") { include_dirs = [ "../include", - "../src", "unittest/include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] sources = [ "unittest/src/el5_filekey_manager_kit_unittest.cpp" ] @@ -37,8 +36,8 @@ ohos_unittest("el5_filekey_manager_kit_unittest") { configs = [ "${access_token_path}/config:coverage_flags" ] deps = [ + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", ] diff --git a/interfaces/innerkits/el5filekeymanager/test/unittest/include/el5_filekey_manager_kit_unittest.h b/interfaces/inner_api/el5filekeymanager/test/unittest/include/el5_filekey_manager_kit_unittest.h similarity index 100% rename from interfaces/innerkits/el5filekeymanager/test/unittest/include/el5_filekey_manager_kit_unittest.h rename to interfaces/inner_api/el5filekeymanager/test/unittest/include/el5_filekey_manager_kit_unittest.h diff --git a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp b/interfaces/inner_api/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp similarity index 73% rename from interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp rename to interfaces/inner_api/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp index 33969199ff70b2064d33c67408ca249bce8e540b..d5f0d2cae0e37f876d32af97b4c6e1719c0feb2d 100644 --- a/interfaces/innerkits/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp +++ b/interfaces/inner_api/el5filekeymanager/test/unittest/src/el5_filekey_manager_kit_unittest.cpp @@ -112,14 +112,15 @@ HWTEST_F(El5FilekeyManagerKitTest, GenerateAppKey001, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId without permission. + * @tc.desc: Delete app key by bundle name and user id without permission. * @tc.type: FUNC * @tc.require: issueI9JGMV */ HWTEST_F(El5FilekeyManagerKitTest, DeleteAppKey001, TestSize.Level1) { - std::string keyId = ""; - ASSERT_EQ(El5FilekeyManagerKit::DeleteAppKey(keyId), EFM_ERR_NO_PERMISSION); + std::string bundleName = ""; + int32_t userId = 100; + ASSERT_EQ(El5FilekeyManagerKit::DeleteAppKey(bundleName, userId), EFM_ERR_NO_PERMISSION); } /** @@ -168,7 +169,7 @@ HWTEST_F(El5FilekeyManagerKitTest, SetFilePathPolicy001, TestSize.Level1) */ HWTEST_F(El5FilekeyManagerKitTest, RegisterCallback001, TestSize.Level1) { - ASSERT_EQ(El5FilekeyManagerKit::RegisterCallback((new TestEl5FilekeyCallback())), EFM_ERR_IPC_READ_DATA); + ASSERT_NE(El5FilekeyManagerKit::RegisterCallback((new TestEl5FilekeyCallback())), EFM_SUCCESS); } /** @@ -183,4 +184,55 @@ HWTEST_F(El5FilekeyManagerKitTest, GetUserAllAppKey001, TestSize.Level1) std::vector> keyInfos; keyInfos.emplace_back(std::make_pair(100, "")); ASSERT_EQ(El5FilekeyManagerKit::GetUserAllAppKey(userId, keyInfos), EFM_ERR_NO_PERMISSION); -} \ No newline at end of file +} + +/** + * @tc.name: GenerateGroupIDKey001 + * @tc.desc: Generate data group key by userId and group id without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerKitTest, GenerateGroupIDKey001, TestSize.Level1) +{ + uint32_t uid = 100; + std::string groupID = "abcdefghijklmn"; + std::string keyId; + ASSERT_EQ(El5FilekeyManagerKit::GenerateGroupIDKey(uid, groupID, keyId), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: DeleteGroupIDKey001 + * @tc.desc: Delete data group key by user id and group id without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerKitTest, DeleteGroupIDKey001, TestSize.Level1) +{ + uint32_t uid = 100; + std::string groupID = ""; + ASSERT_EQ(El5FilekeyManagerKit::DeleteGroupIDKey(uid, groupID), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: QueryAppKeyState001 + * @tc.desc: Query media type app key without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerKitTest, QueryAppKeyState001, TestSize.Level1) +{ + DataLockType type = MEDIA_DATA; + ASSERT_EQ(El5FilekeyManagerKit::QueryAppKeyState(static_cast(type)), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: QueryAppKeyState002 + * @tc.desc: Query all type app key without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerKitTest, QueryAppKeyState002, TestSize.Level1) +{ + DataLockType type = ALL_DATA; + ASSERT_EQ(El5FilekeyManagerKit::QueryAppKeyState(static_cast(type)), EFM_ERR_NO_PERMISSION); +} diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 92a07dcac2661542df1f9fdc7be4951a96702118..72f24f1d600b94427e6e990ccc29233df29e3ee5 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -60,7 +60,6 @@ if (is_standard_system) { ] deps = [ - ":libtokenid_sdk", "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", @@ -69,7 +68,6 @@ if (is_standard_system) { external_deps = [ "c_utils:utils", "hilog:libhilog", - "hisysevent:libhisysevent", "init:libbegetutil", "ipc:ipc_single", "samgr:samgr_proxy", diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 578b02637574eeb4c387d0b2ccf4f40c1088a74f..a398581ce8c8ed3a05f6b8d53ad523f9d8b6c351 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -114,6 +114,7 @@ typedef enum TypeATokenAplEnum { APL_NORMAL = 1, APL_SYSTEM_BASIC = 2, APL_SYSTEM_CORE = 3, + APL_ENUM_BUTT, } ATokenAplEnum; /** @@ -126,6 +127,7 @@ typedef enum TypeATokenAvailableTypeEnum { MDM, SYSTEM_AND_MDM, SERVICE, + ENTERPRISE_NORMAL, AVAILABLE_TYPE_BUTT, } ATokenAvailableTypeEnum; @@ -230,6 +232,27 @@ typedef enum TypePermissionOper { BUTT_OPER, } PermissionOper; + +/** + * @brief Permission operation result details + */ +typedef enum TypePermissionErrorReason { + /** The operation is successful */ + REQ_SUCCESS = 0, + /** The permission name is invalid */ + PERM_INVALID = 1, + /** The requested has not been declared */ + PERM_NOT_DECLEARED = 2, + /** The conditions for requesting the permission are not met */ + CONDITIONS_NOT_MET = 3, + /** The user does not agree to the Privacy Statement */ + PRIVACY_STATEMENT_NOT_AGREED = 4, + /** The permission cannot be requested in a pop-up window */ + UNABLE_POP_UP = 5, + /** The service is abnormal */ + SERVICE_ABNORMAL = 12, +} PermissionErrorReason; + /** * @brief Dlp types */ @@ -240,6 +263,16 @@ typedef enum DlpType { BUTT_DLP_TYPE, } HapDlpType; +/** + * @brief User permission policy status. + */ +typedef struct { + /** user id */ + int32_t userId; + /** active status */ + bool isActive; +} UserState; + /** * @brief Dlp permission type */ @@ -249,6 +282,16 @@ typedef enum TypeDlpPerm { DLP_PERM_NONE = 2, } DlpPermMode; +/** + * @brief Atm toggle mode type + */ +typedef enum TypeToggleModeType { + /** toggle mode is request */ + TOGGLE_REQUEST = 0, + /** toggle mode is record */ + TOGGLE_RECORD, +} ToggleModeType; + /** * @brief Atm tools operate type */ @@ -267,11 +310,40 @@ typedef enum TypeOptType { PERM_GRANT, /** revoke permission */ PERM_REVOKE, - /** set toggle status */ + /** set toggle request/record status */ TOGGLE_SET, - /** get toggle status */ + /** get toggle request/record status */ TOGGLE_GET, } OptType; + +/** + * @brief PermssionRule + */ +typedef enum TypePermissionRulesEnum { + PERMISSION_EDM_RULE = 0, + PERMISSION_ACL_RULE +} PermissionRulesEnum; + +/** + * @brief Permission change registration type + */ +typedef enum RegisterPermissionChangeType { + /** system app register permissions state change info of selected haps */ + SYSTEM_REGISTER_TYPE = 0, + /** app register permissions state change info of itself */ + SELF_REGISTER_TYPE = 1, +} RegisterPermChangeType; + +/** + * @brief Whether acl check + */ +typedef enum HapPolicyCheckIgnoreType { + /** normal */ + NONE = 0, + /** ignore acl check */ + ACL_IGNORE_CHECK, +} HapPolicyCheckIgnore; + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/access_token_error.h b/interfaces/innerkits/accesstoken/include/access_token_error.h index 80eabbf922447946a364d4b697d3e855cbcfcf34..4e3f4e30c6f588fbf3d04726358fe9b659e4e400 100644 --- a/interfaces/innerkits/accesstoken/include/access_token_error.h +++ b/interfaces/innerkits/accesstoken/include/access_token_error.h @@ -74,6 +74,11 @@ enum AccessTokenError { ERR_SIZE_NOT_EQUAL, ERR_PERM_REQUEST_CFG_FAILED, ERR_LOAD_SO_FAILED, + ERR_USER_POLICY_INITIALIZED, + ERR_USER_POLICY_NOT_INITIALIZED, + ERR_REMOTE_CONNECTION, + ERR_ADD_DEATH_RECIPIENT_FAILED, + ERR_PRASE_RAW_DATA_FAILED }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 01c8240f93636e634684356f185edb2a22be68c9..32bf54fbf262e57fbb6fe11a2aeb099b70b64bc2 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -41,6 +41,7 @@ #define INTERFACES_INNER_KITS_ACCESSTOKEN_KIT_H #include +#include #include #include "access_token.h" @@ -71,7 +72,18 @@ public: * @param permissionName permission to be checked * @return enum PermUsedTypeEnum, see access_token.h */ - static PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + + /** + * @brief Grant input permission to input tokenID flag for specified time. + * @param tokenID token id + * @param permissionName permission name quote + * @param onceTime the time it takes to work, the unit is second. + * @return error code, see access_token_error.h + */ + static int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); + /** * @brief Create a unique hap token by input values. * @param info struct HapInfoParams quote, see hap_token_info.h @@ -86,6 +98,15 @@ public: * @return union AccessTokenIDEx, see access_token.h */ static int32_t InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId); + /** + * @brief Create a unique hap token by input values and init the permission state. + * @param info struct HapInfoParams quote, see hap_token_info.h + * @param policy struct HapPolicyParams quote, see hap_token_info.h + * @param result struct HapInfoCheckResult, see hap_token_info.h + * @return union AccessTokenIDEx, see access_token.h + */ + static int32_t InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result); /** * @brief Create a unique mapping token binding remote tokenID and DeviceID. * @param remoteDeviceID remote device deviceID @@ -104,6 +125,18 @@ public: */ static int32_t UpdateHapToken( AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy); + /** + * @brief Update hap token info. + * @param tokenIdEx union AccessTokenIDEx quote, see access_token.h + * @param isSystemApp is system app or not + * @param appIDDesc app id description quote + * @param apiVersion app api version + * @param policy struct HapPolicyParams quote, see hap_token_info.h + * @param result struct HapInfoCheckResult, see hap_token_info.h + * @return error code, see access_token_error.h + */ + static int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParams& policy, HapInfoCheckResult& result); /** * @brief Delete token info. * @param tokenID token id @@ -136,12 +169,12 @@ public: */ static ATokenTypeEnum GetTokenTypeFlag(FullTokenID tokenID); /** - * @brief Check native token dcap by token id. - * @param tokenID token id - * @param dcap dcap to be checked + * @brief Get token id by user id. + * @param userID user id + * @param tokenIdList token id list * @return error code, see access_token_error.h */ - static int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); + static int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); /** * @brief Query hap tokenID by input prarms. * @param userID user id @@ -188,7 +221,7 @@ public: */ static int VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName); - /** + /** * @brief Check if the input tokenID has been granted the input permission. * @param tokenID token id * @param permissionName permission to be checked @@ -206,6 +239,16 @@ public: */ static int VerifyAccessToken(AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName, bool crossIpc); + /** + * @brief Check if the input tokenID has been granted the input permission list. + * @param tokenID token id + * @param permissionList permission list to be checked + * @param permStateList enum PermissionState list, as result + * @param crossIpc whether to cross ipc + * @return error code, see access_token_error.h + */ + static int VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, + std::vector& permStateList, bool crossIpc = false); /** * @brief Get permission definition by permission name. @@ -255,6 +298,12 @@ public: */ static int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); + /** + * @brief Starts the permission manager page of an application. + * @param tokenID token id + * @return error code, see access_token_error.h + */ + static int32_t RequestAppPermOnSetting(AccessTokenID tokenID); /** * @brief Get requsted permission grant result * @param permList PermissionListState list quote, as input and query result @@ -303,6 +352,20 @@ public: * @return error code, see access_token_error.h */ static int32_t UnRegisterPermStateChangeCallback(const std::shared_ptr& callback); + /** + * @brief Register permission state change callback for app. + * @param callback smart point of class PermStateChangeCallbackCustomize quote + * @return error code, see access_token_error.h + */ + static int32_t RegisterSelfPermStateChangeCallback( + const std::shared_ptr& callback); + /** + * @brief Unregister permission state change callback for app. + * @param callback smart point of class PermStateChangeCallbackCustomize quote + * @return error code, see access_token_error.h + */ + static int32_t UnRegisterSelfPermStateChangeCallback( + const std::shared_ptr& callback); /** * @brief Get current version. * @param version access token version. @@ -327,6 +390,14 @@ public: */ static AccessTokenID GetNativeTokenId(const std::string& processName); + /** + * @brief Get hap token extension info by token id. + * @param tokenID token id + * @param info HapTokenInfoExt include appID + * @return error code, see access_token_error.h + */ + static int GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info); + /** * @brief Set permission dialog capability * @param hapBaseInfo base infomation of hap @@ -343,13 +414,7 @@ public: * @return error code, see access_token_error.h */ static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - /** - * @brief Get all native token infos. - * @param nativeTokenInfosRes NativeTokenInfoForSync list quote - * as input and query result - * @return error code, see access_token_error.h - */ - static int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); + /** * @brief Set remote hap token info with remote deviceID. * @param deviceID remote deviceID @@ -357,14 +422,6 @@ public: * @return error code, see access_token_error.h */ static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); - /** - * @brief Set remote native token info list with remote deviceID. - * @param deviceID remote deviceID - * @param nativeTokenInfoList native token info list to set - * @return error code, see access_token_error.h - */ - static int SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList); /** * @brief Delete remote token by remote deviceID and remote tokenID. * @param deviceID remote deviceID @@ -405,24 +462,46 @@ public: * @param dumpInfo all token info */ static void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); - /** - * @brief Dump all permission definition infos. - * @param dumpInfo all permission definition info - * @return error code, see access_token_error.h - */ - static int32_t DumpPermDefInfo(std::string& dumpInfo); /** * @brief Get application info of permission manager. * @param info application info of permission manager */ static void GetPermissionManagerInfo(PermissionGrantInfo& info); + + /** + * @brief Set user permission policy + * @param userList list of user id. + * @param permList list of permission + * @return error code, see access_token_error.h + */ + static int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + + /** + * @brief Update user permission policy + * @param userList list of user id. + * @return error code, see access_token_error.h + */ + static int32_t UpdateUserPolicy(const std::vector& userList); + /** - * @brief Get the name of native token by the specific tokenId. - * @param tokenId native token id - * @param name name of the native token + * @brief Clear user permission policy * @return error code, see access_token_error.h */ - static int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + static int32_t ClearUserPolicy(); + + /** + * @brief Whether it is a system application + * @param tokenId token id. + * @return bool + */ + static bool IsSystemAppByFullTokenID(uint64_t tokenId); + + /** + * @brief Gets the render process tokenId. + * @param tokenId token id. + * @return tokenId + */ + static uint64_t GetRenderTokenID(uint64_t tokenId); }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/accesstoken/include/accesstoken_state_change_ipc_interface_code.h b/interfaces/innerkits/accesstoken/include/accesstoken_state_change_ipc_interface_code.h similarity index 100% rename from frameworks/accesstoken/include/accesstoken_state_change_ipc_interface_code.h rename to interfaces/innerkits/accesstoken/include/accesstoken_state_change_ipc_interface_code.h diff --git a/interfaces/innerkits/accesstoken/include/atm_tools_param_info.h b/interfaces/innerkits/accesstoken/include/atm_tools_param_info.h index 6634dfb4d53094679b1aa76bd799f56ab7660179..bdd8aa7b75bd7d358320bd752ef5b9fd7fea28c7 100644 --- a/interfaces/innerkits/accesstoken/include/atm_tools_param_info.h +++ b/interfaces/innerkits/accesstoken/include/atm_tools_param_info.h @@ -46,6 +46,9 @@ namespace OHOS { namespace Security { namespace AccessToken { +namespace { +static constexpr uint32_t INVALID_ATM_SET_STATUS = 2; +} /** * @brief Declares atm tools param class */ @@ -64,10 +67,11 @@ public: AccessTokenID tokenId = 0; int32_t userID; }; - uint32_t status = 0; + uint32_t status = INVALID_ATM_SET_STATUS; std::string permissionName; std::string bundleName; std::string processName; + ToggleModeType toggleMode = TOGGLE_REQUEST; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 7810408415a0ad265c065520045fc82dd8678a37..0f090e7561103f9353596d1ff8ab9333d0bf3686 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -43,6 +43,7 @@ #include "access_token.h" #include "permission_def.h" #include "permission_state_full.h" +#include "permission_status.h" #include #include @@ -70,6 +71,8 @@ public: bool isSystemApp; /* app type */ std::string appDistributionType; + bool isRestore = false; + AccessTokenID tokenID = INVALID_TOKENID; }; /** @@ -91,11 +94,6 @@ public: */ class HapTokenInfo final { public: - /** - * apl level, for details about the valid values, - * see the definition of ATokenAplEnum in the access_token.h file. - */ - ATokenAplEnum apl; char ver; int userID; std::string bundleName; @@ -108,8 +106,6 @@ public: * see the definition of HapDlpType in the access_token.h file. */ int dlpType; - std::string appID; - std::string deviceID; AccessTokenID tokenID; /** token attribute */ AccessTokenAttr tokenAttr; @@ -123,7 +119,15 @@ public: /** hap token info */ HapTokenInfo baseInfo; /** permission state list */ - std::vector permStateList; + std::vector permStateList; +}; + +class HapTokenInfoExt final { +public: + /** hap token info */ + HapTokenInfo baseInfo; + /** hap app id */ + std::string appID; }; /** @@ -161,8 +165,43 @@ public: std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::NONE; +}; + +/** + * @brief Declares the result after failing to update or install hap + */ +class PermissionInfoCheckResult final { +public: + std::string permissionName; + PermissionRulesEnum rule; }; +class HapInfoCheckResult final { +public: + /** + * permission detail after failing to install or update hap + */ + PermissionInfoCheckResult permCheckResult; +}; + +/** + * @brief Declares hap policy params class + */ +class HapPolicy final { +public: + /** + * apl level, for details about the valid values, + * see the definition of ATokenAplEnum in the access_token.h file. + */ + ATokenAplEnum apl; + std::string domain; + std::vector permList; + std::vector permStateList; + std::vector aclRequestedList; + std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::NONE; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/frameworks/accesstoken/include/hap_token_info_for_sync_parcel.h b/interfaces/innerkits/accesstoken/include/hap_token_info_for_sync_parcel.h similarity index 100% rename from frameworks/accesstoken/include/hap_token_info_for_sync_parcel.h rename to interfaces/innerkits/accesstoken/include/hap_token_info_for_sync_parcel.h diff --git a/frameworks/accesstoken/include/i_permission_state_callback.h b/interfaces/innerkits/accesstoken/include/i_permission_state_callback.h similarity index 100% rename from frameworks/accesstoken/include/i_permission_state_callback.h rename to interfaces/innerkits/accesstoken/include/i_permission_state_callback.h diff --git a/frameworks/accesstoken/include/i_token_sync_callback.h b/interfaces/innerkits/accesstoken/include/i_token_sync_callback.h similarity index 100% rename from frameworks/accesstoken/include/i_token_sync_callback.h rename to interfaces/innerkits/accesstoken/include/i_token_sync_callback.h diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h index 109f2a78cf94b9c944fd1358e449779a81ab0477..787def86fd9e35e3cfbec7bea520808e192bfeab 100644 --- a/interfaces/innerkits/accesstoken/include/native_token_info.h +++ b/interfaces/innerkits/accesstoken/include/native_token_info.h @@ -58,27 +58,8 @@ public: * see the definition of ATokenAplEnum in the access_token.h file. */ ATokenAplEnum apl; - unsigned char ver; /** native process name */ std::string processName; - /** capsbility list */ - std::vector dcap; - AccessTokenID tokenID; - /** token attribute */ - AccessTokenAttr tokenAttr; - /** native process access control permission list */ - std::vector nativeAcls; -}; - -/** - * @brief Declares native token info for distributed synchronize class - */ -class NativeTokenInfoForSync final { -public: - /** native token info */ - NativeTokenInfo baseInfo; - /** permission state list */ - std::vector permStateList; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/include/permission_grant_info.h b/interfaces/innerkits/accesstoken/include/permission_grant_info.h index a706ab4c5c82202561cd96076246467c30d16c9d..5b09266f6bfd39e5885dc77a7cd5c9de3d83b970 100644 --- a/interfaces/innerkits/accesstoken/include/permission_grant_info.h +++ b/interfaces/innerkits/accesstoken/include/permission_grant_info.h @@ -58,6 +58,10 @@ public: * permission grant ability name */ std::string grantAbilityName; + /** + * permission grant service ability name + */ + std::string grantServiceAbilityName; /** * permission state sheet ability name */ diff --git a/interfaces/innerkits/accesstoken/include/permission_list_state.h b/interfaces/innerkits/accesstoken/include/permission_list_state.h index 73dac2d3dc63a44a18182006bc832be4cb5f07f8..29a7f3d7b2039fbdf15a4b87e40f3345dac673c1 100644 --- a/interfaces/innerkits/accesstoken/include/permission_list_state.h +++ b/interfaces/innerkits/accesstoken/include/permission_list_state.h @@ -58,6 +58,12 @@ public: * see the definition of PermissionOper in the access_token.h file. */ PermissionOper state; + + /** + * permission request state, for details about the valid values, + * see the definition of PermissionErrorReason in the access_token.h file. + */ + PermissionErrorReason errorReason; }; } // namespace AccessToken } // namespace Security diff --git a/services/common/window_manager/include/window_manager_loader.h b/interfaces/innerkits/accesstoken/include/permission_status.h similarity index 37% rename from services/common/window_manager/include/window_manager_loader.h rename to interfaces/innerkits/accesstoken/include/permission_status.h index 5577e7cd0039107b9db344e06d8b06a28c47edd2..764da4b3a793fe6148a8e0eb375e2f49392b2e88 100644 --- a/services/common/window_manager/include/window_manager_loader.h +++ b/interfaces/innerkits/accesstoken/include/permission_status.h @@ -1,59 +1,69 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef WINDOW_MANAGER_LOADER_H -#define WINDOW_MANAGER_LOADER_H -#include -namespace OHOS { -namespace Security { -namespace AccessToken { -const std::string WINDOW_MANAGER_PATH = "libaccesstoken_window_manager.z.so"; - -using WindowChangeCallback = void (*)(uint32_t, bool); -class WindowManagerLoaderInterface { -public: - WindowManagerLoaderInterface() {} - virtual ~WindowManagerLoaderInterface() {} - virtual int32_t RegisterFloatWindowListener(const WindowChangeCallback& callback); - virtual int32_t UnregisterFloatWindowListener(const WindowChangeCallback& callback); - - virtual int32_t RegisterPipWindowListener(const WindowChangeCallback& callback); - virtual int32_t UnregisterPipWindowListener(const WindowChangeCallback& callback); - - virtual void AddDeathCallback(void (*callback)()); -}; - -class WindowManagerLoader final: public WindowManagerLoaderInterface { - int32_t RegisterFloatWindowListener(const WindowChangeCallback& callback); - int32_t UnregisterFloatWindowListener(const WindowChangeCallback& callback); - - int32_t RegisterPipWindowListener(const WindowChangeCallback& callback); - int32_t UnregisterPipWindowListener(const WindowChangeCallback& callback); - - void AddDeathCallback(void (*callback)()); -}; - -#ifdef __cplusplus -extern "C" { -#endif - void* Create(); - void Destroy(void* loaderPtr); -#ifdef __cplusplus -} -#endif -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // WINDOW_MANAGER_LOADER_H \ No newline at end of file +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup AccessToken + * @{ + * + * @brief Provides permission management interfaces. + * + * Provides tokenID-based application permission verification mechanism. + * When an application accesses sensitive data or APIs, this module can check + * whether the application has the corresponding permission. Allows applications + * to query their access token information or APL levcels based on token IDs. + * + * @since 7.0 + * @version 7.0 + */ + +/** + * @file permission_state.h + * + * @brief Declares permission status class. + * + * @since 7.0 + * @version 7.0 + */ + +#ifndef INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATUS_H +#define INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATUS_H + +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +/** + * @brief Declares permission status class + */ +class PermissionStatus final { +public: + std::string permissionName; + /** + * permission grant status, for details about the valid values, + * see the definition of PermissionState in the access_token.h file. + */ + int32_t grantStatus; + /** + * permission grant flag, for details about the valid values, + * see the definition of PermissionFlag in the access_token.h file. + */ + uint32_t grantFlag; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // INTERFACES_INNER_KITS_ACCESSTOKEN_PERMISSION_STATUS_H diff --git a/interfaces/innerkits/accesstoken/include/sec_comp_enhance_data.h b/interfaces/innerkits/accesstoken/include/sec_comp_enhance_data.h index c5be2919cca3229dda34b492dfb652300c1f1946..011572703f4cf23d8ca2a796d171ca12b7ca9c9d 100644 --- a/interfaces/innerkits/accesstoken/include/sec_comp_enhance_data.h +++ b/interfaces/innerkits/accesstoken/include/sec_comp_enhance_data.h @@ -71,6 +71,10 @@ struct SecCompEnhanceData { * sequence number of session. */ uint32_t seqNum; + /** + * mark whether sceneboard application or not. + */ + bool isSceneBoard; /** * key to encrypt ipc message. */ diff --git a/frameworks/accesstoken/include/tokensync_callback_ipc_interface_code.h b/interfaces/innerkits/accesstoken/include/tokensync_callback_ipc_interface_code.h similarity index 100% rename from frameworks/accesstoken/include/tokensync_callback_ipc_interface_code.h rename to interfaces/innerkits/accesstoken/include/tokensync_callback_ipc_interface_code.h diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 6a40388ac44f13ea95329c309475cab5fdd7dfe2..69b329fffcf42472699562974f9b223a429da8fb 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -17,12 +17,14 @@ "OHOS::Security::AccessToken::AccessTokenKit::AllocHapToken(OHOS::Security::AccessToken::HapInfoParams const&, OHOS::Security::AccessToken::HapPolicyParams const&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenIDEx(int, std::__h::basic_string, std::__h::allocator> const&, int)"; "OHOS::Security::AccessToken::AccessTokenKit::InitHapToken(OHOS::Security::AccessToken::HapInfoParams const&, OHOS::Security::AccessToken::HapPolicyParams&, OHOS::Security::AccessToken::AccessTokenIDEx&)"; + "OHOS::Security::AccessToken::AccessTokenKit::InitHapToken(OHOS::Security::AccessToken::HapInfoParams const&, OHOS::Security::AccessToken::HapPolicyParams&, OHOS::Security::AccessToken::AccessTokenIDEx&, OHOS::Security::AccessToken::HapInfoCheckResult&)"; "OHOS::Security::AccessToken::AccessTokenKit::AllocLocalTokenID(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::UpdateHapToken(OHOS::Security::AccessToken::AccessTokenIDEx&, OHOS::Security::AccessToken::UpdateHapInfoParams const&, OHOS::Security::AccessToken::HapPolicyParams const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::UpdateHapToken(OHOS::Security::AccessToken::AccessTokenIDEx&, OHOS::Security::AccessToken::UpdateHapInfoParams const&, OHOS::Security::AccessToken::HapPolicyParams const&, OHOS::Security::AccessToken::HapInfoCheckResult&)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteToken(unsigned int)"; - "OHOS::Security::AccessToken::AccessTokenKit::CheckNativeDCap(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenID(int, std::__h::basic_string, std::__h::allocator> const&, int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfo(unsigned int, OHOS::Security::AccessToken::HapTokenInfo&)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetTokenIDByUserID(int, std::__h::unordered_set, std::__h::equal_to, std::__h::allocator>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(unsigned int, OHOS::Security::AccessToken::NativeTokenInfo&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionFlag(unsigned int, std::__h::basic_string, std::__h::allocator> const&, unsigned int&)"; "OHOS::Security::AccessToken::AccessTokenKit::GrantPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; @@ -31,14 +33,13 @@ "OHOS::Security::AccessToken::PermStateChangeCallbackCustomize::PermStateChangeCallbackCustomize(OHOS::Security::AccessToken::PermStateChangeScope const&)"; "OHOS::Security::AccessToken::AccessTokenKit::RegisterPermStateChangeCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::AccessTokenKit::UnRegisterPermStateChangeCallback(std::__h::shared_ptr const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::RegisterSelfPermStateChangeCallback(std::__h::shared_ptr const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::UnRegisterSelfPermStateChangeCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo()"; "OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenId(std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::DumpTokenInfo(OHOS::Security::AccessToken::AtmToolsParamInfo const&, std::__h::basic_string, std::__h::allocator>&)"; - "OHOS::Security::AccessToken::AccessTokenKit::DumpPermDefInfo(std::__h::basic_string, std::__h::allocator>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfoFromRemote(unsigned int, OHOS::Security::AccessToken::HapTokenInfoForSync&)"; - "OHOS::Security::AccessToken::AccessTokenKit::GetAllNativeTokenInfo(std::__h::vector>&)"; "OHOS::Security::AccessToken::AccessTokenKit::SetRemoteHapTokenInfo(std::__h::basic_string, std::__h::allocator> const&, OHOS::Security::AccessToken::HapTokenInfoForSync const&)"; - "OHOS::Security::AccessToken::AccessTokenKit::SetRemoteNativeTokenInfo(std::__h::basic_string, std::__h::allocator> const&, std::__h::vector> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteRemoteToken(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetRemoteNativeTokenID(std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::DeleteRemoteDeviceTokens(std::__h::basic_string, std::__h::allocator> const&)"; @@ -53,11 +54,15 @@ "OHOS::Security::AccessToken::AccessTokenKit::GetTokenType(unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetHapDlpFlag(unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(unsigned int)"; + "OHOS::Security::AccessToken::AccessTokenKit::InitUserPolicy(std::__h::vector> const&, std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::UpdateUserPolicy(std::__h::vector> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::ClearUserPolicy()"; "OHOS::Security::AccessToken::AccessTokenKit::GetSelfPermissionsState(std::__h::vector>&, OHOS::Security::AccessToken::PermissionGrantInfo&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionsStatus(unsigned int, std::__h::vector>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetVersion(unsigned int&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionManagerInfo(OHOS::Security::AccessToken::PermissionGrantInfo&)"; "OHOS::Security::AccessToken::PermissionStateChangeCallback::PermissionStateChangeCallback(std::__h::shared_ptr const&)"; + "OHOS::Security::AccessToken::PermissionStateChangeCallback::Stop()"; "OHOS::Security::AccessToken::PermissionStateChangeCallbackStub::OnRemoteRequest(unsigned int, OHOS::MessageParcel&, OHOS::MessageParcel&, OHOS::MessageOption&)"; "OHOS::Security::AccessToken::AccessTokenManagerClient::GetInstance()"; "OHOS::Security::AccessToken::AccessTokenManagerClient::InitProxy()"; @@ -65,15 +70,20 @@ "OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(unsigned int, unsigned int, std::__h::basic_string, std::__h::allocator> const&, bool)"; "OHOS::Security::AccessToken::PermStateChangeCallbackCustomize::GetScope(OHOS::Security::AccessToken::PermStateChangeScope&) const"; "OHOS::Security::AccessToken::AccessTokenKit::SetPermDialogCap(OHOS::Security::AccessToken::HapBaseInfo const&, bool)"; - "OHOS::Security::AccessToken::AccessTokenKit::GetUserGrantedPermissionUsedType(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetPermissionUsedType(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::Security::AccessToken::AccessTokenKit::RegisterTokenSyncCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::AccessTokenKit::UnRegisterTokenSyncCallback()"; - "OHOS::Security::AccessToken::AccessTokenKit::GetNativeTokenName(unsigned int, std::__h::basic_string, std::__h::allocator>&)"; "OHOS::Security::AccessToken::TokenSyncCallbackStub::OnRemoteRequest(unsigned int, OHOS::MessageParcel&, OHOS::MessageParcel&, OHOS::MessageOption&)"; "OHOS::Security::AccessToken::TokenSyncCallback::TokenSyncCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::TokenSyncCallback::~TokenSyncCallback()"; "OHOS::Security::AccessToken::TokenSyncKitInterface::TokenSyncKitInterface()"; "OHOS::Security::AccessToken::TokenSyncKitInterface::~TokenSyncKitInterface()"; + "OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(unsigned int, std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&, std::__h::vector>&, bool)"; + "OHOS::Security::AccessToken::AccessTokenKit::GrantPermissionForSpecifiedTime(unsigned int, std::__h::basic_string, std::__h::allocator> const&, unsigned int)"; + "OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenInfoExtension(unsigned int, OHOS::Security::AccessToken::HapTokenInfoExt&)"; + "OHOS::Security::AccessToken::AccessTokenKit::RequestAppPermOnSetting(unsigned int)"; + OHOS::Security::AccessToken::AccessTokenKit::IsSystemAppByFullTokenID*; + OHOS::Security::AccessToken::AccessTokenKit::GetRenderTokenID*; ""; ""; }; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_callback_stubs.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_callback_stubs.cpp index bfa1c4dde208004fab0d4bad2f0c009a155002bf..f338f93602e4b9512cedb36f51f7376b19fe92ae 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_callback_stubs.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_callback_stubs.cpp @@ -17,7 +17,7 @@ #include "access_token.h" #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "permission_state_change_info_parcel.h" #include "string_ex.h" @@ -30,9 +30,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenCallbackStubs" -}; #ifdef TOKEN_SYNC_ENABLE static const int32_t ACCESSTOKEN_UID = 3020; #endif // TOKEN_SYNC_ENABLE @@ -41,10 +38,10 @@ static const int32_t ACCESSTOKEN_UID = 3020; int32_t PermissionStateChangeCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry, code: 0x%{public}x", code); + LOGD(ATM_DOMAIN, ATM_TAG, "Entry, code: 0x%{public}x", code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != IPermissionStateCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -53,7 +50,7 @@ int32_t PermissionStateChangeCallbackStub::OnRemoteRequest( PermStateChangeInfo result; sptr resultSptr = data.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); return ERR_READ_PARCEL_FAILED; } @@ -68,10 +65,10 @@ int32_t PermissionStateChangeCallbackStub::OnRemoteRequest( int32_t TokenSyncCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called."); + LOGI(ATM_DOMAIN, ATM_TAG, "Called."); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != ITokenSyncCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor, descriptor = %{public}s", + LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor, descriptor = %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -95,7 +92,7 @@ int32_t TokenSyncCallbackStub::OnRemoteRequest( void TokenSyncCallbackStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, func = %{public}s", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, func = %{public}s", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } @@ -110,7 +107,7 @@ void TokenSyncCallbackStub::GetRemoteHapTokenInfoInner(MessageParcel& data, Mess void TokenSyncCallbackStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, func = %{public}s", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, func = %{public}s", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } @@ -123,7 +120,7 @@ void TokenSyncCallbackStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, M void TokenSyncCallbackStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, func = %{public}s", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, func = %{public}s", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp index 164badc90b4d699a959066ff56ae096b1b5b4706..b9c4372ec59c8e2e4bee881034086bb8b87d0bf8 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp @@ -16,14 +16,11 @@ #include "accesstoken_callbacks.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenCallbacks" -}; PermissionStateChangeCallback::PermissionStateChangeCallback( const std::shared_ptr& customizedCallback) @@ -36,7 +33,7 @@ PermissionStateChangeCallback::~PermissionStateChangeCallback() void PermissionStateChangeCallback::PermStateChangeCallback(PermStateChangeInfo& result) { if (customizedCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CustomizedCallback_ is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "CustomizedCallback_ is nullptr"); return; } @@ -57,7 +54,7 @@ TokenSyncCallback::~TokenSyncCallback() int32_t TokenSyncCallback::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) { if (tokenSyncCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get nullptr, name = tokenSyncCallback_."); + LOGE(ATM_DOMAIN, ATM_TAG, "Get nullptr, name = tokenSyncCallback_."); return TOKEN_SYNC_PARAMS_INVALID; } return tokenSyncCallback_->GetRemoteHapTokenInfo(deviceID, tokenID); @@ -66,7 +63,7 @@ int32_t TokenSyncCallback::GetRemoteHapTokenInfo(const std::string& deviceID, Ac int32_t TokenSyncCallback::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) { if (tokenSyncCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get nullptr, name = tokenSyncCallback_."); + LOGE(ATM_DOMAIN, ATM_TAG, "Get nullptr, name = tokenSyncCallback_."); return TOKEN_SYNC_PARAMS_INVALID; } return tokenSyncCallback_->DeleteRemoteHapTokenInfo(tokenID); @@ -75,7 +72,7 @@ int32_t TokenSyncCallback::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) int32_t TokenSyncCallback::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) { if (tokenSyncCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get nullptr, name = tokenSyncCallback_."); + LOGE(ATM_DOMAIN, ATM_TAG, "Get nullptr, name = tokenSyncCallback_."); return TOKEN_SYNC_PARAMS_INVALID; } return tokenSyncCallback_->UpdateRemoteHapTokenInfo(tokenInfo); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_death_recipient.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_death_recipient.cpp index 095981870380b80fe7e1068bfc8903106b0ac157..cedc49cb04fd7554bd73f8e8c2ed5d3e313dd5c1 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_death_recipient.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_death_recipient.cpp @@ -13,20 +13,16 @@ * limitations under the License. */ #include "accesstoken_death_recipient.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "accesstoken_manager_client.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenDeathRecipient"}; -} // namespace void AccessTokenDeathRecipient::OnRemoteDied(const wptr& object) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called", __func__); AccessTokenManagerClient::GetInstance().OnRemoteDiedHandle(); } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index f550662cdc44450d87a3512d6328e2051c281fc6..1ee63594d9c5c7b39f2557382165afbe3e42e250 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -16,8 +16,7 @@ #include "accesstoken_kit.h" #include #include -#include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "accesstoken_manager_client.h" #include "constant_common.h" @@ -34,62 +33,106 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKit"}; +static const uint64_t SYSTEM_APP_MASK = (static_cast(1) << 32); static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff; static const int INVALID_DLP_TOKEN_FLAG = -1; static const int FIRSTCALLER_TOKENID_DEFAULT = 0; } // namespace -PermUsedTypeEnum AccessTokenKit::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.", tokenID, permissionName.c_str()); if ((tokenID == INVALID_TOKENID) || (!DataValidator::IsPermissionNameValid(permissionName))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return AccessTokenManagerClient::GetInstance().GetUserGrantedPermissionUsedType(tokenID, permissionName); + return AccessTokenManagerClient::GetInstance().GetPermissionUsedType(tokenID, permissionName); +} + +int AccessTokenKit::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, onceTime=%{public}d.", + tokenID, permissionName.c_str(), onceTime); + if (tokenID == INVALID_TOKENID) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenID"); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!DataValidator::IsPermissionNameValid(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid permissionName"); + return AccessTokenError::ERR_PARAM_INVALID; + } + return AccessTokenManagerClient::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); +} + +static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& policyOut) +{ + policyOut.apl = policyIn.apl; + policyOut.domain = policyIn.domain; + policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); + policyOut.aclRequestedList.assign(policyIn.aclRequestedList.begin(), policyIn.aclRequestedList.end()); + policyOut.preAuthorizationInfo.assign(policyIn.preAuthorizationInfo.begin(), policyIn.preAuthorizationInfo.end()); + for (const auto& perm : policyIn.permStateList) { + PermissionStatus tmp; + tmp.permissionName = perm.permissionName; + tmp.grantStatus = perm.grantStatus[0]; + tmp.grantFlag = perm.grantFlags[0]; + policyOut.permStateList.emplace_back(tmp); + } + policyOut.checkIgnore = policyIn.checkIgnore; } AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) { AccessTokenIDEx res = {0}; - ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu", - info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ +permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d", + info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), policy.checkIgnore); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed"); return res; } - return AccessTokenManagerClient::GetInstance().AllocHapToken(info, policy); + HapPolicy newPolicy; + TransferHapPolicyParams(policy, newPolicy); + return AccessTokenManagerClient::GetInstance().AllocHapToken(info, newPolicy); } int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId) { - ACCESSTOKEN_LOG_INFO(LABEL, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu", - info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); + HapInfoCheckResult result; + return InitHapToken(info, policy, fullTokenId, result); +} + +int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ +permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d", + info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size(), policy.checkIgnore); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || !DataValidator::IsDomainValid(policy.domain) || !DataValidator::IsDlpTypeValid(info.dlpType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed"); return AccessTokenError::ERR_PARAM_INVALID; } - return AccessTokenManagerClient::GetInstance().InitHapToken(info, policy, fullTokenId); + HapPolicy newPolicy; + TransferHapPolicyParams(policy, newPolicy); + return AccessTokenManagerClient::GetInstance().InitHapToken(info, newPolicy, fullTokenId, result); } AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID=%{public}s, tokenID=%{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); #ifdef DEBUG_API_PERFORMANCE - ACCESSTOKEN_LOG_DEBUG(LABEL, "Api_performance:start call"); + LOGD(ATM_DOMAIN, ATM_TAG, "Api_performance:start call"); AccessTokenID resID = AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Api_performance:end call"); + LOGD(ATM_DOMAIN, ATM_TAG, "Api_performance:end call"); return resID; #else return AccessTokenManagerClient::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); @@ -99,22 +142,31 @@ AccessTokenID AccessTokenKit::AllocLocalTokenID(const std::string& remoteDeviceI int32_t AccessTokenKit::UpdateHapToken( AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, isSystemApp: %{public}d, \ -permList: %{public}zu, stateList: %{public}zu", - tokenIdEx.tokenIdExStruct.tokenID, info.isSystemApp, policy.permList.size(), policy.permStateList.size()); + HapInfoCheckResult result; + return UpdateHapToken(tokenIdEx, info, policy, result); +} + +int32_t AccessTokenKit::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParams& policy, HapInfoCheckResult& result) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, isSystemApp: %{public}d, \ +permList: %{public}zu, stateList: %{public}zu, checkIgnore: %{public}d", + tokenIdEx.tokenIdExStruct.tokenID, info.isSystemApp, policy.permList.size(), policy.permStateList.size(), + policy.checkIgnore); if ((tokenIdEx.tokenIdExStruct.tokenID == INVALID_TOKENID) || (!DataValidator::IsAppIDDescValid(info.appIDDesc)) || (!DataValidator::IsAplNumValid(policy.apl))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input param failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Input param failed"); return AccessTokenError::ERR_PARAM_INVALID; } - return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenIdEx, info, policy); + HapPolicy newPolicy; + TransferHapPolicyParams(policy, newPolicy); + return AccessTokenManagerClient::GetInstance().UpdateHapToken(tokenIdEx, info, newPolicy, result); } int AccessTokenKit::DeleteToken(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d.", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().DeleteToken(tokenID); @@ -122,9 +174,9 @@ int AccessTokenKit::DeleteToken(AccessTokenID tokenID) ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID) __attribute__((no_sanitize("cfi"))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid."); return TOKEN_INVALID; } return AccessTokenManagerClient::GetInstance().GetTokenType(tokenID); @@ -132,9 +184,9 @@ ATokenTypeEnum AccessTokenKit::GetTokenType(AccessTokenID tokenID) __attribute__ ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return TOKEN_INVALID; } AccessTokenIDInner *idInner = reinterpret_cast(&tokenID); @@ -144,9 +196,9 @@ ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(AccessTokenID tokenID) ATokenTypeEnum AccessTokenKit::GetTokenType(FullTokenID tokenID) { AccessTokenID id = tokenID & TOKEN_ID_LOWMASK; - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", id); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", id); if (id == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return TOKEN_INVALID; } return AccessTokenManagerClient::GetInstance().GetTokenType(id); @@ -155,36 +207,22 @@ ATokenTypeEnum AccessTokenKit::GetTokenType(FullTokenID tokenID) ATokenTypeEnum AccessTokenKit::GetTokenTypeFlag(FullTokenID tokenID) { AccessTokenID id = tokenID & TOKEN_ID_LOWMASK; - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", id); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", id); if (id == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return TOKEN_INVALID; } AccessTokenIDInner *idInner = reinterpret_cast(&id); return static_cast(idInner->type); } -int AccessTokenKit::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, dcap=%{public}s.", tokenID, dcap.c_str()); - if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!DataValidator::IsDcapValid(dcap)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dcap is invalid"); - return AccessTokenError::ERR_PARAM_INVALID; - } - return AccessTokenManagerClient::GetInstance().CheckNativeDCap(tokenID, dcap); -} - AccessTokenID AccessTokenKit::GetHapTokenID( int32_t userID, const std::string& bundleName, int32_t instIndex) __attribute__((no_sanitize("cfi"))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.", userID, bundleName.c_str(), instIndex); if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token param check failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param check failed"); return INVALID_TOKENID; } AccessTokenIDEx tokenIdEx = @@ -195,21 +233,31 @@ AccessTokenID AccessTokenKit::GetHapTokenID( AccessTokenIDEx AccessTokenKit::GetHapTokenIDEx(int32_t userID, const std::string& bundleName, int32_t instIndex) { AccessTokenIDEx tokenIdEx = {0}; - ACCESSTOKEN_LOG_DEBUG(LABEL, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d, bundleName=%{public}s, instIndex=%{public}d.", userID, bundleName.c_str(), instIndex); if ((!DataValidator::IsUserIdValid(userID)) || (!DataValidator::IsBundleNameValid(bundleName))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token param check failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param check failed"); return tokenIdEx; } return AccessTokenManagerClient::GetInstance().GetHapTokenID(userID, bundleName, instIndex); } +int32_t AccessTokenKit::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d.", userID); + if (!DataValidator::IsUserIdValid(userID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserID=%{public}d is invalid", userID); + return AccessTokenError::ERR_PARAM_INVALID; + } + return AccessTokenManagerClient::GetInstance().GetTokenIDByUserID(userID, tokenIdList); +} + int AccessTokenKit::GetHapTokenInfo( AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) __attribute__((no_sanitize("cfi"))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (GetTokenTypeFlag(tokenID) != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID =%{public}d is invalid", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } @@ -219,9 +267,9 @@ int AccessTokenKit::GetHapTokenInfo( int AccessTokenKit::GetNativeTokenInfo( AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes) __attribute__((no_sanitize("cfi"))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (GetTokenTypeFlag(tokenID) != TOKEN_NATIVE && GetTokenTypeFlag(tokenID) != TOKEN_SHELL) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID =%{public}d is invalid", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes); @@ -230,15 +278,15 @@ int AccessTokenKit::GetNativeTokenInfo( PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector& permList, PermissionGrantInfo& info) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList.size=%{public}zu.", permList.size()); + LOGD(ATM_DOMAIN, ATM_TAG, "PermList.size=%{public}zu.", permList.size()); return AccessTokenManagerClient::GetInstance().GetSelfPermissionsState(permList, info); } int32_t AccessTokenKit::GetPermissionsStatus(AccessTokenID tokenID, std::vector& permList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permList.size=%{public}zu.", tokenID, permList.size()); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permList.size=%{public}zu.", tokenID, permList.size()); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GetPermissionsStatus(tokenID, permList); @@ -246,15 +294,14 @@ int32_t AccessTokenKit::GetPermissionsStatus(AccessTokenID tokenID, std::vector< int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName, bool crossIpc) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, crossIpc=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, crossIpc=%{public}d.", tokenID, permissionName.c_str(), crossIpc); - if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid"); + uint32_t code; + if (!TransferPermissionToOpcode(permissionName, code)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionName.c_str()); return PERMISSION_DENIED; } - - uint32_t code; - if (crossIpc || !TransferPermissionToOpcode(permissionName, code)) { + if (crossIpc) { return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName); } bool isGranted = false; @@ -268,7 +315,7 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& int AccessTokenKit::VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName, bool crossIpc) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.", callerTokenID, firstTokenID, permissionName.c_str()); int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName, crossIpc); if (ret != PERMISSION_GRANTED) { @@ -282,11 +329,12 @@ int AccessTokenKit::VerifyAccessToken( int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.", tokenID, permissionName.c_str()); uint32_t code; if (!TransferPermissionToOpcode(permissionName, code)) { - return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionName.c_str()); + return PERMISSION_DENIED; } bool isGranted = false; int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted); @@ -299,7 +347,7 @@ int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::string& int AccessTokenKit::VerifyAccessToken( AccessTokenID callerTokenID, AccessTokenID firstTokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "CallerToken=%{public}d, firstToken=%{public}d, permissionName=%{public}s.", callerTokenID, firstTokenID, permissionName.c_str()); int ret = AccessTokenKit::VerifyAccessToken(callerTokenID, permissionName); if (ret != PERMISSION_GRANTED) { @@ -311,16 +359,61 @@ int AccessTokenKit::VerifyAccessToken( return AccessTokenKit::VerifyAccessToken(firstTokenID, permissionName); } +int AccessTokenKit::VerifyAccessToken(AccessTokenID tokenID, const std::vector& permissionList, + std::vector& permStateList, bool crossIpc) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionlist.size=%{public}zu, crossIpc=%{public}d.", + tokenID, permissionList.size(), crossIpc); + permStateList.clear(); + if (crossIpc) { + return AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, permissionList, permStateList); + } + + permStateList.resize(permissionList.size(), PERMISSION_DENIED); + std::vector permListCrossIpc; + std::unordered_map permToState; + for (size_t i = 0; i < permissionList.size(); i++) { + bool isGranted = false; + uint32_t code; + if (!TransferPermissionToOpcode(permissionList[i], code)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName(%{public}s) is not exist.", permissionList[i].c_str()); + permStateList[i] = PERMISSION_DENIED; + continue; + } + int32_t ret = GetPermissionFromKernel(tokenID, code, isGranted); + if (ret != 0) { + permToState[permListCrossIpc.size()] = i; + permListCrossIpc.emplace_back(permissionList[i]); + continue; + } + permStateList[i] = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; + } + if (!permListCrossIpc.empty()) { + std::vector permStateCrossIpc; + int ret = AccessTokenManagerClient::GetInstance().VerifyAccessToken(tokenID, + permListCrossIpc, permStateCrossIpc); + if (ret != ERR_OK) { + return ret; + } + for (size_t i = 0; i < permStateCrossIpc.size(); i++) { + if (permToState.find(i) != permToState.end()) { + permStateList[permToState[i]] = permStateCrossIpc[i]; + } + } + } + return ERR_OK; +} + int AccessTokenKit::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s.", permissionName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s.", permissionName.c_str()); if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } int ret = AccessTokenManagerClient::GetInstance().GetDefPermission(permissionName, permissionDefResult); - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "GetDefPermission bundleName = %{public}s", permissionDefResult.bundleName.c_str()); return ret; } @@ -328,9 +421,9 @@ int AccessTokenKit::GetDefPermission(const std::string& permissionName, Permissi int AccessTokenKit::GetDefPermissions( AccessTokenID tokenID, std::vector& permDefList) __attribute__((no_sanitize("cfi"))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -340,9 +433,9 @@ int AccessTokenKit::GetDefPermissions( int AccessTokenKit::GetReqPermissions( AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, isSystemGrant=%{public}d.", tokenID, isSystemGrant); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, isSystemGrant=%{public}d.", tokenID, isSystemGrant); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -351,14 +444,14 @@ int AccessTokenKit::GetReqPermissions( int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s.", tokenID, permissionName.c_str()); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GetPermissionFlag(tokenID, permissionName, flag); @@ -366,18 +459,18 @@ int AccessTokenKit::GetPermissionFlag(AccessTokenID tokenID, const std::string& int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.", tokenID, permissionName.c_str(), flag); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsPermissionFlagValid(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Flag is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "Flag is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GrantPermission(tokenID, permissionName, flag); @@ -385,18 +478,18 @@ int AccessTokenKit::GrantPermission(AccessTokenID tokenID, const std::string& pe int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permissionName=%{public}s, flag=%{public}d.", tokenID, permissionName.c_str(), flag); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenID"); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permissionName"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid permissionName"); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsPermissionFlagValid(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid flag"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid flag"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().RevokePermission(tokenID, permissionName, flag); @@ -404,9 +497,9 @@ int AccessTokenKit::RevokePermission(AccessTokenID tokenID, const std::string& p int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().ClearUserGrantedPermissionState(tokenID); @@ -415,18 +508,18 @@ int AccessTokenKit::ClearUserGrantedPermissionState(AccessTokenID tokenID) int32_t AccessTokenKit::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID = 0) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s, status=%{public}d, userID=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s, status=%{public}d, userID=%{public}d.", permissionName.c_str(), status, userID); if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsToggleStatusValid(status)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Toggle status is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Toggle status is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "UserID is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); @@ -435,38 +528,58 @@ int32_t AccessTokenKit::SetPermissionRequestToggleStatus(const std::string& perm int32_t AccessTokenKit::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID = 0) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName=%{public}s, userID=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName=%{public}s, userID=%{public}d.", permissionName.c_str(), userID); if (!DataValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } if (!DataValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "UserID is invalid."); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); } +int32_t AccessTokenKit::RequestAppPermOnSetting(AccessTokenID tokenID) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "tokenID=%{public}d.", tokenID); + if (tokenID == INVALID_TOKENID) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); + return AccessTokenError::ERR_PARAM_INVALID; + } + return AccessTokenManagerClient::GetInstance().RequestAppPermOnSetting(tokenID); +} + int32_t AccessTokenKit::RegisterPermStateChangeCallback( const std::shared_ptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback); + return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback, SYSTEM_REGISTER_TYPE); } int32_t AccessTokenKit::UnRegisterPermStateChangeCallback( const std::shared_ptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback); + return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback, SYSTEM_REGISTER_TYPE); +} + +int32_t AccessTokenKit::RegisterSelfPermStateChangeCallback( + const std::shared_ptr& callback) +{ + return AccessTokenManagerClient::GetInstance().RegisterPermStateChangeCallback(callback, SELF_REGISTER_TYPE); +} + +int32_t AccessTokenKit::UnRegisterSelfPermStateChangeCallback( + const std::shared_ptr& callback) +{ + return AccessTokenManagerClient::GetInstance().UnRegisterPermStateChangeCallback(callback, SELF_REGISTER_TYPE); } int32_t AccessTokenKit::GetHapDlpFlag(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return INVALID_DLP_TOKEN_FLAG; } AccessTokenIDInner *idInner = reinterpret_cast(&tokenID); @@ -482,10 +595,21 @@ int32_t AccessTokenKit::ReloadNativeTokenInfo() #endif } +int AccessTokenKit::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); + if (GetTokenTypeFlag(tokenID) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID =%{public}d is invalid.", tokenID); + return AccessTokenError::ERR_PARAM_INVALID; + } + + return AccessTokenManagerClient::GetInstance().GetHapTokenInfoExtension(tokenID, info); +} + AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName) { if (!DataValidator::IsProcessNameValid(processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ProcessName is invalid, processName=%{public}s", processName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "ProcessName is invalid, processName=%{public}s", processName.c_str()); return INVALID_TOKENID; } return AccessTokenManagerClient::GetInstance().GetNativeTokenId(processName); @@ -494,83 +618,63 @@ AccessTokenID AccessTokenKit::GetNativeTokenId(const std::string& processName) #ifdef TOKEN_SYNC_ENABLE int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d.", tokenID); if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return AccessTokenError::ERR_PARAM_INVALID; } return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync); } -int AccessTokenKit::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called"); - - return AccessTokenManagerClient::GetInstance().GetAllNativeTokenInfo(nativeTokenInfosRes); -} - int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s, tokenID=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d.", ConstantCommon::EncryptDevId(deviceID).c_str(), hapSync.baseInfo.tokenID); return AccessTokenManagerClient::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSync); } -int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str()); - return AccessTokenManagerClient::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); -} - int AccessTokenKit::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s, tokenID=%{public}d.", + LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s, tokenID=%{public}d.", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); return AccessTokenManagerClient::GetInstance().DeleteRemoteToken(deviceID, tokenID); } int AccessTokenKit::DeleteRemoteDeviceTokens(const std::string& deviceID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s.", ConstantCommon::EncryptDevId(deviceID).c_str()); return AccessTokenManagerClient::GetInstance().DeleteRemoteDeviceTokens(deviceID); } AccessTokenID AccessTokenKit::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DeviceID=%{public}s., tokenID=%{public}d", + LOGD(ATM_DOMAIN, ATM_TAG, "DeviceID=%{public}s., tokenID=%{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); return AccessTokenManagerClient::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); } int32_t AccessTokenKit::RegisterTokenSyncCallback(const std::shared_ptr& syncCallback) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Call RegisterTokenSyncCallback."); + LOGD(ATM_DOMAIN, ATM_TAG, "Call RegisterTokenSyncCallback."); return AccessTokenManagerClient::GetInstance().RegisterTokenSyncCallback(syncCallback); } int32_t AccessTokenKit::UnRegisterTokenSyncCallback() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Call UnRegisterTokenSyncCallback."); + LOGD(ATM_DOMAIN, ATM_TAG, "Call UnRegisterTokenSyncCallback."); return AccessTokenManagerClient::GetInstance().UnRegisterTokenSyncCallback(); } #endif void AccessTokenKit::DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d, bundleName=%{public}s, processName=%{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, bundleName=%{public}s, processName=%{public}s.", info.tokenId, info.bundleName.c_str(), info.processName.c_str()); AccessTokenManagerClient::GetInstance().DumpTokenInfo(info, dumpInfo); } -int32_t AccessTokenKit::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called."); - return AccessTokenManagerClient::GetInstance().DumpPermDefInfo(dumpInfo); -} - int32_t AccessTokenKit::GetVersion(uint32_t& version) { return AccessTokenManagerClient::GetInstance().GetVersion(version); @@ -586,22 +690,42 @@ void AccessTokenKit::GetPermissionManagerInfo(PermissionGrantInfo& info) AccessTokenManagerClient::GetInstance().GetPermissionManagerInfo(info); } -int32_t AccessTokenKit::GetNativeTokenName(AccessTokenID tokenId, std::string& name) +int32_t AccessTokenKit::InitUserPolicy( + const std::vector& userList, const std::vector& permList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID=%{public}d.", tokenId); + LOGI(ATM_DOMAIN, ATM_TAG, "Enter."); + return AccessTokenManagerClient::GetInstance().InitUserPolicy(userList, permList); +} - if (tokenId == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u is invalid.", tokenId); - return AccessTokenError::ERR_PARAM_INVALID; - } +int32_t AccessTokenKit::UpdateUserPolicy(const std::vector& userList) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Enter."); + return AccessTokenManagerClient::GetInstance().UpdateUserPolicy(userList); +} - ATokenTypeEnum type = GetTokenTypeFlag(static_cast(tokenId)); - if ((type != ATokenTypeEnum::TOKEN_NATIVE) && (type != ATokenTypeEnum::TOKEN_SHELL)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token type %{public}u is invalid.", type); - return AccessTokenError::ERR_PARAM_INVALID; +int32_t AccessTokenKit::ClearUserPolicy() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Enter."); + return AccessTokenManagerClient::GetInstance().ClearUserPolicy(); +} + +bool AccessTokenKit::IsSystemAppByFullTokenID(uint64_t tokenId) +{ + return (tokenId & SYSTEM_APP_MASK) == SYSTEM_APP_MASK; +} + +uint64_t AccessTokenKit::GetRenderTokenID(uint64_t tokenId) +{ + AccessTokenID id = tokenId & TOKEN_ID_LOWMASK; + if (id == INVALID_TOKENID) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); + return tokenId; } + AccessTokenIDInner *idInner = reinterpret_cast(&id); + idInner->renderFlag = 1; - return AccessTokenManagerClient::GetInstance().GetNativeTokenName(tokenId, name); + id = *reinterpret_cast(idInner); + return static_cast(id); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index b67a5796d21421d250ba960154d6860f2df1a822..66df084ada76083ba6816493658086196b035bdc 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -15,15 +15,13 @@ #include "accesstoken_manager_client.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "accesstoken_manager_proxy.h" #include "atm_tools_param_info_parcel.h" #include "hap_token_info.h" #include "hap_token_info_for_sync_parcel.h" #include "iservice_registry.h" -#include "native_token_info_for_sync_parcel.h" -#include "native_token_info.h" #include "parameter.h" #include "permission_grant_info_parcel.h" #include "accesstoken_callbacks.h" @@ -32,9 +30,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenManagerClient" -}; static constexpr int32_t VALUE_MAX_LEN = 32; static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init"; std::recursive_mutex g_instanceMutex; @@ -47,7 +42,8 @@ AccessTokenManagerClient& AccessTokenManagerClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenManagerClient(); + AccessTokenManagerClient* tmp = new AccessTokenManagerClient(); + instance = std::move(tmp); } } return *instance; @@ -58,20 +54,20 @@ AccessTokenManagerClient::AccessTokenManagerClient() AccessTokenManagerClient::~AccessTokenManagerClient() { - ACCESSTOKEN_LOG_ERROR(LABEL, "~AccessTokenManagerClient"); + LOGE(ATM_DOMAIN, ATM_TAG, "~AccessTokenManagerClient"); std::lock_guard lock(proxyMutex_); ReleaseProxy(); } -PermUsedTypeEnum AccessTokenManagerClient::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerClient::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return PermUsedTypeEnum::INVALID_USED_TYPE; } - return proxy->GetUserGrantedPermissionUsedType(tokenID, permissionName); + return proxy->GetPermissionUsedType(tokenID, permissionName); } int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -83,24 +79,35 @@ int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, const std char value[VALUE_MAX_LEN] = {0}; int32_t ret = GetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, "", value, VALUE_MAX_LEN - 1); if ((ret < 0) || (static_cast(std::atoll(value)) != 0)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "At service has been started."); + LOGE(ATM_DOMAIN, ATM_TAG, "At service has been started, ret=%{public}d.", ret); return PERMISSION_DENIED; } AccessTokenIDInner *idInner = reinterpret_cast(&tokenID); if (static_cast(idInner->type) == TOKEN_NATIVE) { - ACCESSTOKEN_LOG_INFO(LABEL, "At service has not been started."); + LOGI(ATM_DOMAIN, ATM_TAG, "At service has not been started."); return PERMISSION_GRANTED; } - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return PERMISSION_DENIED; } +int AccessTokenManagerClient::VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->VerifyAccessToken(tokenID, permissionList, permStateList); +} + int AccessTokenManagerClient::GetDefPermission( const std::string& permissionName, PermissionDef& permissionDefResult) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } PermissionDefParcel permissionDefParcel; @@ -113,7 +120,7 @@ int AccessTokenManagerClient::GetDefPermissions(AccessTokenID tokenID, std::vect { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } std::vector parcelList; @@ -130,13 +137,18 @@ int AccessTokenManagerClient::GetReqPermissions( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - std::vector parcelList; + std::vector parcelList; int result = proxy->GetReqPermissions(tokenID, parcelList, isSystemGrant); for (const auto& permParcel : parcelList) { - PermissionStateFull perm = permParcel.permStatFull; + PermissionStateFull perm; + perm.permissionName = permParcel.permState.permissionName; + perm.isGeneral = true; + perm.resDeviceID.emplace_back("PHONE-001"); + perm.grantStatus.emplace_back(permParcel.permState.grantStatus); + perm.grantFlags.emplace_back(permParcel.permState.grantFlag); reqPermList.emplace_back(perm); } return result; @@ -147,7 +159,7 @@ int AccessTokenManagerClient::GetPermissionFlag( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->GetPermissionFlag(tokenID, permissionName, flag); @@ -158,13 +170,13 @@ PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vectorGrantPermission(tokenID, permissionName, flag); @@ -235,17 +248,28 @@ int AccessTokenManagerClient::RevokePermission(AccessTokenID tokenID, const std: { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->RevokePermission(tokenID, permissionName, flag); } +int AccessTokenManagerClient::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); +} + int AccessTokenManagerClient::ClearUserGrantedPermissionState(AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->ClearUserGrantedPermissionState(tokenID); @@ -256,7 +280,7 @@ int32_t AccessTokenManagerClient::SetPermissionRequestToggleStatus(const std::st { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->SetPermissionRequestToggleStatus(permissionName, status, userID); @@ -267,30 +291,40 @@ int32_t AccessTokenManagerClient::GetPermissionRequestToggleStatus(const std::st { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->GetPermissionRequestToggleStatus(permissionName, status, userID); } +int32_t AccessTokenManagerClient::RequestAppPermOnSetting(AccessTokenID tokenID) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->RequestAppPermOnSetting(tokenID); +} + int32_t AccessTokenManagerClient::CreatePermStateChangeCallback( const std::shared_ptr& customizedCb, sptr& callback) { std::lock_guard lock(callbackMutex_); if (callbackMap_.size() == MAX_CALLBACK_MAP_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "The maximum number of callback has been reached"); + LOGE(ATM_DOMAIN, ATM_TAG, "The maximum number of callback has been reached"); return AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION; } auto goalCallback = callbackMap_.find(customizedCb); if (goalCallback != callbackMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Already has the same callback"); + LOGE(ATM_DOMAIN, ATM_TAG, "Already has the same callback"); return AccessTokenError::ERR_CALLBACK_ALREADY_EXIST; } else { callback = new (std::nothrow) PermissionStateChangeCallback(customizedCb); if (!callback) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Memory allocation for callback failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Memory allocation for callback failed!"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } } @@ -298,10 +332,10 @@ int32_t AccessTokenManagerClient::CreatePermStateChangeCallback( } int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( - const std::shared_ptr& customizedCb) + const std::shared_ptr& customizedCb, RegisterPermChangeType type) { if (customizedCb == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CustomizedCb is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "CustomizedCb is nullptr"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -312,18 +346,30 @@ int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } PermStateChangeScopeParcel scopeParcel; customizedCb->GetScope(scopeParcel.scope); - if (scopeParcel.scope.permList.size() > PERMS_LIST_SIZE_MAX || - scopeParcel.scope.tokenIDs.size() > TOKENIDS_LIST_SIZE_MAX) { + if (scopeParcel.scope.permList.size() > PERMS_LIST_SIZE_MAX) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermList scope oversize"); return AccessTokenError::ERR_PARAM_INVALID; } - result = proxy->RegisterPermStateChangeCallback(scopeParcel, callback->AsObject()); + if (type == SYSTEM_REGISTER_TYPE) { + if (scopeParcel.scope.tokenIDs.size() > TOKENIDS_LIST_SIZE_MAX) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope oversize"); + return AccessTokenError::ERR_PARAM_INVALID; + } + result = proxy->RegisterPermStateChangeCallback(scopeParcel, callback->AsObject()); + } else { + if (scopeParcel.scope.tokenIDs.size() != 1) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenIDs scope invalid"); + return AccessTokenError::ERR_PARAM_INVALID; + } + result = proxy->RegisterSelfPermStateChangeCallback(scopeParcel, callback->AsObject()); + } if (result == RET_SUCCESS) { std::lock_guard lock(callbackMutex_); callbackMap_[customizedCb] = callback; @@ -332,65 +378,69 @@ int32_t AccessTokenManagerClient::RegisterPermStateChangeCallback( } int32_t AccessTokenManagerClient::UnRegisterPermStateChangeCallback( - const std::shared_ptr& customizedCb) + const std::shared_ptr& customizedCb, RegisterPermChangeType type) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } std::lock_guard lock(callbackMutex_); auto goalCallback = callbackMap_.find(customizedCb); if (goalCallback == callbackMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GoalCallback already is not exist"); + LOGE(ATM_DOMAIN, ATM_TAG, "GoalCallback already is not exist"); return AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER; } - - int32_t result = proxy->UnRegisterPermStateChangeCallback(goalCallback->second->AsObject()); + int32_t result; + if (type == SYSTEM_REGISTER_TYPE) { + result = proxy->UnRegisterPermStateChangeCallback(goalCallback->second->AsObject()); + } else { + result = proxy->UnRegisterSelfPermStateChangeCallback(goalCallback->second->AsObject()); + } if (result == RET_SUCCESS) { callbackMap_.erase(goalCallback); } return result; } -AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) +AccessTokenIDEx AccessTokenManagerClient::AllocHapToken(const HapInfoParams& info, const HapPolicy& policy) { AccessTokenIDEx tokenIdEx = { 0 }; auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return tokenIdEx; } HapInfoParcel hapInfoParcel; HapPolicyParcel hapPolicyParcel; hapInfoParcel.hapInfoParameter = info; - hapPolicyParcel.hapPolicyParameter = policy; + hapPolicyParcel.hapPolicy = policy; return proxy->AllocHapToken(hapInfoParcel, hapPolicyParcel); } -int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, - AccessTokenIDEx& fullTokenId) +int32_t AccessTokenManagerClient::InitHapToken(const HapInfoParams& info, HapPolicy& policy, + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } HapInfoParcel hapInfoParcel; HapPolicyParcel hapPolicyParcel; hapInfoParcel.hapInfoParameter = info; - hapPolicyParcel.hapPolicyParameter = policy; + hapPolicyParcel.hapPolicy = policy; - return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId); + return proxy->InitHapToken(hapInfoParcel, hapPolicyParcel, fullTokenId, result); } int AccessTokenManagerClient::DeleteToken(AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->DeleteToken(tokenID); @@ -400,29 +450,19 @@ ATokenTypeEnum AccessTokenManagerClient::GetTokenType(AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_INVALID; } return static_cast(proxy->GetTokenType(tokenID)); } -int AccessTokenManagerClient::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - return proxy->CheckNativeDCap(tokenID, dcap); -} - AccessTokenIDEx AccessTokenManagerClient::GetHapTokenID( int32_t userID, const std::string& bundleName, int32_t instIndex) { AccessTokenIDEx result = {0}; auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return result; } return proxy->GetHapTokenID(userID, bundleName, instIndex); @@ -433,30 +473,40 @@ AccessTokenID AccessTokenManagerClient::AllocLocalTokenID( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } return proxy->AllocLocalTokenID(remoteDeviceID, remoteTokenID); } -int32_t AccessTokenManagerClient::UpdateHapToken( - AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy) +int32_t AccessTokenManagerClient::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicy& policy, HapInfoCheckResult& result) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } HapPolicyParcel hapPolicyParcel; - hapPolicyParcel.hapPolicyParameter = policy; - return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel); + hapPolicyParcel.hapPolicy = policy; + return proxy->UpdateHapToken(tokenIdEx, info, hapPolicyParcel, result); +} + +int32_t AccessTokenManagerClient::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->GetTokenIDByUserID(userID, tokenIdList); } int AccessTokenManagerClient::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } HapTokenInfoParcel hapTokenInfoParcel; @@ -470,7 +520,7 @@ int AccessTokenManagerClient::GetNativeTokenInfo(AccessTokenID tokenID, NativeTo { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } NativeTokenInfoParcel nativeTokenInfoParcel; @@ -484,18 +534,32 @@ int32_t AccessTokenManagerClient::ReloadNativeTokenInfo() { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->ReloadNativeTokenInfo(); } #endif +int AccessTokenManagerClient::GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + + HapTokenInfoParcel hapTokenInfoParcel; + int res = proxy->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, info.appID); + info.baseInfo = hapTokenInfoParcel.hapTokenInfoParams; + return res; +} + AccessTokenID AccessTokenManagerClient::GetNativeTokenId(const std::string& processName) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } return proxy->GetNativeTokenId(processName); @@ -506,7 +570,7 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } @@ -516,29 +580,11 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H return res; } -int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - - std::vector parcelList; - int result = proxy->GetAllNativeTokenInfo(parcelList); - for (const auto& nativeTokenParcel : parcelList) { - NativeTokenInfoForSync native = nativeTokenParcel.nativeTokenInfoForSyncParams; - nativeTokenInfosRes.emplace_back(native); - } - - return result; -} - int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } @@ -549,30 +595,11 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID, return res; } -int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - std::vector nativeTokenInfoParcels; - for (const auto& native : nativeTokenInfoList) { - NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; - nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; - nativeTokenInfoParcels.emplace_back(nativeTokenInfoForSyncParcel); - } - PermissionStateFullParcel permStateParcel; - int res = proxy->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcels); - return res; -} - int AccessTokenManagerClient::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } @@ -584,7 +611,7 @@ AccessTokenID AccessTokenManagerClient::GetRemoteNativeTokenID(const std::string { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return INVALID_TOKENID; } @@ -596,7 +623,7 @@ int AccessTokenManagerClient::DeleteRemoteDeviceTokens(const std::string& device { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } @@ -609,12 +636,12 @@ int32_t AccessTokenManagerClient::RegisterTokenSyncCallback( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } if (syncCallback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input callback is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Input callback is null."); return AccessTokenError::ERR_PARAM_INVALID; } @@ -633,7 +660,7 @@ int32_t AccessTokenManagerClient::UnRegisterTokenSyncCallback() { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } std::lock_guard lock(tokenSyncCallbackMutex_); @@ -650,7 +677,7 @@ void AccessTokenManagerClient::DumpTokenInfo(const AtmToolsParamInfo& info, std: { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return; } @@ -663,36 +690,25 @@ int32_t AccessTokenManagerClient::GetVersion(uint32_t& version) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return AccessTokenError::ERR_SERVICE_ABNORMAL; } return proxy->GetVersion(version); } -int32_t AccessTokenManagerClient::DumpPermDefInfo(std::string& dumpInfo) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - - return proxy->DumpPermDefInfo(dumpInfo); -} - void AccessTokenManagerClient::InitProxy() { - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null"); return; } sptr accesstokenSa = sam->GetSystemAbility(IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); if (accesstokenSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", IAccessTokenManager::SA_ID_ACCESSTOKEN_MANAGER_SERVICE); return; } @@ -701,9 +717,9 @@ void AccessTokenManagerClient::InitProxy() if (serviceDeathObserver_ != nullptr) { accesstokenSa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = iface_cast(accesstokenSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); + proxy_ = new AccessTokenManagerProxy(accesstokenSa); + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null"); } } } @@ -726,7 +742,7 @@ void AccessTokenManagerClient::OnRemoteDiedHandle() sptr AccessTokenManagerClient::GetProxy() { std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { InitProxy(); } return proxy_; @@ -736,7 +752,7 @@ int32_t AccessTokenManagerClient::SetPermDialogCap(const HapBaseInfo& hapBaseInf { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } HapBaseInfoParcel hapBaseInfoParcel; @@ -748,7 +764,7 @@ void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& inf { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return; } PermissionGrantInfoParcel infoParcel; @@ -756,14 +772,35 @@ void AccessTokenManagerClient::GetPermissionManagerInfo(PermissionGrantInfo& inf info = infoParcel.info; } -int32_t AccessTokenManagerClient::GetNativeTokenName(AccessTokenID tokenId, std::string& name) +int32_t AccessTokenManagerClient::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->InitUserPolicy(userList, permList); +} + +int32_t AccessTokenManagerClient::ClearUserPolicy() +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return proxy->ClearUserPolicy(); +} + +int32_t AccessTokenManagerClient::UpdateUserPolicy(const std::vector& userList) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return AccessTokenError::ERR_SERVICE_ABNORMAL; } - return proxy->GetNativeTokenName(tokenId, name); + return proxy->UpdateUserPolicy(userList); } void AccessTokenManagerClient::ReleaseProxy() diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 7dbb33c4cb763ae24fd2381eb56d0469803e2e54..c185a95f6f33a1fa0087c19d85f1ccbb7edc032f 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -29,7 +29,6 @@ #include "hap_policy_parcel.h" #include "hap_token_info.h" #include "i_accesstoken_manager.h" -#include "native_token_info.h" #include "nocopyable.h" #include "permission_def.h" #include "permission_grant_info.h" @@ -49,8 +48,10 @@ public: virtual ~AccessTokenManagerClient(); - PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + int VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( @@ -58,37 +59,40 @@ public: int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); + int32_t RequestAppPermOnSetting(AccessTokenID tokenID); PermissionOper GetSelfPermissionsState(std::vector& permList, PermissionGrantInfo& info); int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& permList); int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); int ClearUserGrantedPermissionState(AccessTokenID tokenID); - AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy); - int32_t InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId); + AccessTokenIDEx AllocHapToken(const HapInfoParams& info, const HapPolicy& policy); + int32_t InitHapToken(const HapInfoParams& info, HapPolicy& policy, + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result); int DeleteToken(AccessTokenID tokenID); ATokenTypeEnum GetTokenType(AccessTokenID tokenID); - int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParams& policy); + int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicy& policy, HapInfoCheckResult& result); + int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenList); int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& hapTokenInfoRes); int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& nativeTokenInfoRes); #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo(); #endif + int GetHapTokenInfoExtension(AccessTokenID tokenID, HapTokenInfoExt& info); AccessTokenID GetNativeTokenId(const std::string& processName); int32_t RegisterPermStateChangeCallback( - const std::shared_ptr& customizedCb); + const std::shared_ptr& customizedCb, RegisterPermChangeType type); int32_t UnRegisterPermStateChangeCallback( - const std::shared_ptr& customizedCb); + const std::shared_ptr& customizedCb, RegisterPermChangeType type); #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync); - int SetRemoteNativeTokenInfo(const std::string& deviceID, - const std::vector& nativeTokenInfoList); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); @@ -97,12 +101,13 @@ public: #endif void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); - int32_t DumpPermDefInfo(std::string& dumpInfo); int32_t GetVersion(uint32_t& version); void OnRemoteDiedHandle(); int32_t SetPermDialogCap(const HapBaseInfo& hapBaseInfo, bool enable); void GetPermissionManagerInfo(PermissionGrantInfo& info); - int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + int32_t UpdateUserPolicy(const std::vector& userList); + int32_t ClearUserPolicy(); private: AccessTokenManagerClient(); diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp index 274436c40e3f48fdff7131859fc232c2fdb8f942..78b220a7c8536f0a9416263fa23cf97590ccc03d 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp @@ -16,6 +16,7 @@ #include "accesstoken_manager_proxy.h" #include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "parcel.h" @@ -27,9 +28,7 @@ namespace AccessToken { namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMProxy"}; static const int MAX_PERMISSION_SIZE = 1000; -#ifdef TOKEN_SYNC_ENABLE -static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; -#endif +static const int32_t MAX_USER_POLICY_SIZE = 1024; } AccessTokenManagerProxy::AccessTokenManagerProxy(const sptr& impl) @@ -46,32 +45,32 @@ bool AccessTokenManagerProxy::SendRequest( sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Code: %{public}d remote service null.", code); + LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d remote service null.", code); return false; } int32_t requestResult = remote->SendRequest( static_cast(code), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Code: %{public}d request fail, result: %{public}d", code, requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Code: %{public}d request fail, result: %{public}d", code, requestResult); return false; } return true; } -PermUsedTypeEnum AccessTokenManagerProxy::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerProxy::GetPermissionUsedType( AccessTokenID tokenID, const std::string &permissionName) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } @@ -82,11 +81,11 @@ PermUsedTypeEnum AccessTokenManagerProxy::GetUserGrantedPermissionUsedType( int32_t ret; if (!reply.ReadInt32(ret)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32t failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32t failed."); return PermUsedTypeEnum::INVALID_USED_TYPE; } PermUsedTypeEnum result = static_cast(ret); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (type=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); return result; } @@ -94,15 +93,15 @@ int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std: { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return PERMISSION_DENIED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return PERMISSION_DENIED; } if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return PERMISSION_DENIED; } @@ -112,20 +111,50 @@ int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, const std: } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (status=%{public}d).", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); return result; } +int AccessTokenManagerProxy::VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteStringVector(permissionList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteStringVector failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + if (!reply.ReadInt32Vector(&permStateList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32Vector failed."); + return ERR_READ_PARCEL_FAILED; + } + + return ERR_OK; +} + int AccessTokenManagerProxy::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -135,13 +164,13 @@ int AccessTokenManagerProxy::GetDefPermission( } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } sptr resultSptr = reply.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return ERR_READ_PARCEL_FAILED; } permissionDefResult = *resultSptr; @@ -153,11 +182,11 @@ int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID, { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -167,13 +196,13 @@ int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID, } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } uint32_t defPermSize = reply.ReadUint32(); if (defPermSize > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}u) is oversize.", defPermSize); + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", defPermSize); return ERR_OVERSIZE; } for (uint32_t i = 0; i < defPermSize; i++) { @@ -186,19 +215,19 @@ int AccessTokenManagerProxy::GetDefPermissions(AccessTokenID tokenID, } int AccessTokenManagerProxy::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteInt32(isSystemGrant)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -208,17 +237,17 @@ int AccessTokenManagerProxy::GetReqPermissions( } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (error=%{public}d).", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } uint32_t reqPermSize = reply.ReadUint32(); if (reqPermSize > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}u) is oversize.", reqPermSize); + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}u) is oversize.", reqPermSize); return ERR_OVERSIZE; } for (uint32_t i = 0; i < reqPermSize; i++) { - sptr permissionReq = reply.ReadParcelable(); + sptr permissionReq = reply.ReadParcelable(); if (permissionReq != nullptr) { reqPermList.emplace_back(*permissionReq); } @@ -231,19 +260,19 @@ int32_t AccessTokenManagerProxy::SetPermissionRequestToggleStatus(const std::str { MessageParcel sendData; if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteUint32(status)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteInt32(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -253,7 +282,7 @@ int32_t AccessTokenManagerProxy::SetPermissionRequestToggleStatus(const std::str } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -262,15 +291,15 @@ int32_t AccessTokenManagerProxy::GetPermissionRequestToggleStatus(const std::str { MessageParcel sendData; if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteInt32(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -283,7 +312,33 @@ int32_t AccessTokenManagerProxy::GetPermissionRequestToggleStatus(const std::str if (result == RET_SUCCESS) { status = reply.ReadUint32(); } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, status=%{public}d).", result, status); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status); + return result; +} + +int32_t AccessTokenManagerProxy::RequestAppPermOnSetting(AccessTokenID tokenID) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); + return ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); return result; } @@ -291,15 +346,15 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: { MessageParcel sendData; if (!sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } if (!sendData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -312,7 +367,7 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std: if (result == RET_SUCCESS) { flag = reply.ReadUint32(); } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, flag=%{public}d).", result, flag); return result; } @@ -321,16 +376,16 @@ PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector(reply.ReadInt32()); size_t size = reply.ReadUint32(); if (size != permListParcel.size()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", size, permListParcel.size()); return INVALID_OPER; } if (size > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}zu) is oversize.", size); + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) is oversize.", size); return INVALID_OPER; } for (uint32_t i = 0; i < size; i++) { sptr permissionReq = reply.ReadParcelable(); if (permissionReq != nullptr) { permListParcel[i].permsState.state = permissionReq->permsState.state; + permListParcel[i].permsState.errorReason = permissionReq->permsState.errorReason; } } sptr resultSptr = reply.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return INVALID_OPER; } infoParcel = *resultSptr; - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (status=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (status=%{public}d).", result); return result; } @@ -374,20 +430,20 @@ int32_t AccessTokenManagerProxy::GetPermissionsStatus(AccessTokenID tokenID, { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(permListParcel.size())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } for (const auto& permission : permListParcel) { if (!data.WriteParcelable(&permission)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return ERR_WRITE_PARCEL_FAILED; } } @@ -398,13 +454,13 @@ int32_t AccessTokenManagerProxy::GetPermissionsStatus(AccessTokenID tokenID, } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } size_t size = reply.ReadUint32(); if (size != permListParcel.size()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", + LOGE(ATM_DOMAIN, ATM_TAG, "Size(%{public}zu) from server is not equal inputSize(%{public}zu)!", size, permListParcel.size()); return ERR_SIZE_NOT_EQUAL; } @@ -421,19 +477,19 @@ int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::s { MessageParcel inData; if (!inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!inData.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } if (!inData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } if (!inData.WriteUint32(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -443,7 +499,7 @@ int AccessTokenManagerProxy::GrantPermission(AccessTokenID tokenID, const std::s } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -451,19 +507,19 @@ int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std:: { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -473,7 +529,42 @@ int AccessTokenManagerProxy::RevokePermission(AccessTokenID tokenID, const std:: } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return result; +} + +int AccessTokenManagerProxy::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteString(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(onceTime)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); + return ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (result=%{public}d).", result); return result; } @@ -481,11 +572,11 @@ int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID token { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -495,7 +586,7 @@ int AccessTokenManagerProxy::ClearUserGrantedPermissionState(AccessTokenID token } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -504,15 +595,15 @@ int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback( { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteParcelable(&scope)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(callback)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteRemoteObject failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); return ERR_WRITE_PARCEL_FAILED; } MessageParcel reply; @@ -522,10 +613,10 @@ int32_t AccessTokenManagerProxy::RegisterPermStateChangeCallback( int32_t ret; if (!reply.ReadInt32(ret)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return ERR_READ_PARCEL_FAILED; } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", ret); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); return ret; } @@ -533,11 +624,11 @@ int32_t AccessTokenManagerProxy::UnRegisterPermStateChangeCallback(const sptr& callback) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteParcelable(&scope)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteRemoteObject(callback)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); + return ERR_WRITE_PARCEL_FAILED; + } + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t ret; + if (!reply.ReadInt32(ret)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); + return ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", ret); + return ret; +} + +int32_t AccessTokenManagerProxy::UnRegisterSelfPermStateChangeCallback(const sptr& callback) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteRemoteObject(callback)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteRemoteObject failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest( + AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); + return ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -562,16 +710,16 @@ AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( MessageParcel data; AccessTokenIDEx res = { 0 }; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return res; } if (!data.WriteParcelable(&hapInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return res; } if (!data.WriteParcelable(&policyParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return res; } @@ -581,26 +729,26 @@ AccessTokenIDEx AccessTokenManagerProxy::AllocHapToken( } unsigned long long result = reply.ReadUint64(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (id=%{public}llu).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", result); res.tokenIDEx = result; return res; } int32_t AccessTokenManagerProxy::InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId) + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteParcelable(&hapInfoParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteParcelable(&policyParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -610,18 +758,28 @@ int32_t AccessTokenManagerProxy::InitHapToken(const HapInfoParcel& hapInfoParcel } int32_t result = 0; if (!reply.ReadInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return ERR_READ_PARCEL_FAILED; } if (result == RET_SUCCESS) { uint64_t tokenId = 0; if (!reply.ReadUint64(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadUint64 faild."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint64 faild."); return ERR_READ_PARCEL_FAILED; } fullTokenId.tokenIDEx = tokenId; + } else { + if (reply.GetDataSize() > reply.GetReadPosition()) { + IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), + ERR_READ_PARCEL_FAILED, "ReadString faild."); + + int32_t rule; + IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), + ERR_READ_PARCEL_FAILED, "ReadString faild."); + resultInfo.permCheckResult.rule = static_cast(rule); + } } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, id=%{public}llu).", + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}llu).", result, fullTokenId.tokenIDEx); return result; } @@ -630,12 +788,12 @@ int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -645,7 +803,7 @@ int AccessTokenManagerProxy::DeleteToken(AccessTokenID tokenID) } int result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, id=%{public}u).", result, tokenID); return result; } @@ -653,12 +811,12 @@ int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); return ERR_WRITE_PARCEL_FAILED; } @@ -668,33 +826,7 @@ int AccessTokenManagerProxy::GetTokenType(AccessTokenID tokenID) } int result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(dcap)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap"); - return ERR_WRITE_PARCEL_FAILED; - } - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (type=%{public}d).", result); return result; } @@ -703,20 +835,20 @@ AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std AccessTokenIDEx tokenIdEx = {0}; MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return tokenIdEx; } if (!data.WriteInt32(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); return tokenIdEx; } if (!data.WriteString(bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); return tokenIdEx; } if (!data.WriteInt32(instIndex)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); return tokenIdEx; } MessageParcel reply; @@ -725,7 +857,7 @@ AccessTokenIDEx AccessTokenManagerProxy::GetHapTokenID(int32_t userID, const std } tokenIdEx.tokenIDEx = reply.ReadUint64(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}llu).", tokenIdEx.tokenIDEx); return tokenIdEx; } @@ -734,16 +866,16 @@ AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID( { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return 0; } if (!data.WriteString(remoteDeviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); return 0; } if (!data.WriteUint32(remoteTokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write dcap"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write dcap"); return 0; } MessageParcel reply; @@ -752,7 +884,7 @@ AccessTokenID AccessTokenManagerProxy::AllocLocalTokenID( } AccessTokenID result = reply.ReadUint32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (id=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", result); return result; } @@ -760,11 +892,11 @@ int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTok { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -774,28 +906,70 @@ int AccessTokenManagerProxy::GetNativeTokenInfo(AccessTokenID tokenID, NativeTok } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (error=%{public}d).", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } sptr resultSptr = reply.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); return ERR_READ_PARCEL_FAILED; } nativeTokenInfoRes = *resultSptr; return result; } +int32_t AccessTokenManagerProxy::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(userID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = 0; + if (!reply.ReadInt32(result)) { + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + return ERR_READ_PARCEL_FAILED; + } + if (result != RET_SUCCESS) { + return result; + } + + uint32_t tokenIDListSize = 0; + if (!reply.ReadUint32(tokenIDListSize)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); + return ERR_READ_PARCEL_FAILED; + } + for (uint32_t i = 0; i < tokenIDListSize; i++) { + AccessTokenID tokenId = 0; + if (!reply.ReadUint32(tokenId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); + return ERR_READ_PARCEL_FAILED; + } + tokenIdList.emplace(tokenId); + } + return result; +} + int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -805,44 +979,50 @@ int AccessTokenManagerProxy::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (error=%{public}d).", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } sptr resultSptr = reply.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return ERR_READ_PARCEL_FAILED; } hapTokenInfoRes = *resultSptr; return result; } -int32_t AccessTokenManagerProxy::UpdateHapToken( - AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel) +int32_t AccessTokenManagerProxy::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write tokenID failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteBool(info.isSystemApp)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write isSystemApp failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(info.appIDDesc)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write appIDDesc failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteInt32(info.apiVersion)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write apiVersion failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(info.appDistributionType)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write appDistributionType failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteParcelable(&policyParcel)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write policyParcel failed."); return ERR_WRITE_PARCEL_FAILED; } @@ -852,7 +1032,16 @@ int32_t AccessTokenManagerProxy::UpdateHapToken( } int32_t result = reply.ReadInt32(); tokenIdEx.tokenIdExStruct.tokenAttr = reply.ReadUint32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + if (result != RET_SUCCESS && reply.GetDataSize() > reply.GetReadPosition()) { + IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadString(resultInfo.permCheckResult.permissionName), + ERR_READ_PARCEL_FAILED, "ReadString faild."); + + int32_t rule; + IF_FALSE_RETURN_VALUE_LOG(LABEL, reply.ReadInt32(rule), + ERR_READ_PARCEL_FAILED, "ReadString faild."); + resultInfo.permCheckResult.rule = static_cast(rule); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -861,7 +1050,7 @@ int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } MessageParcel reply; @@ -870,21 +1059,59 @@ int32_t AccessTokenManagerProxy::ReloadNativeTokenInfo() } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } + #endif +int AccessTokenManagerProxy::GetHapTokenInfoExtension(AccessTokenID tokenID, + HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 fail"); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT, data, reply)) { + return ERR_SERVICE_ABNORMAL; + } + + int32_t result = reply.ReadInt32(); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); + if (result != RET_SUCCESS) { + return result; + } + sptr hapResult = reply.ReadParcelable(); + if (hapResult == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail."); + return ERR_READ_PARCEL_FAILED; + } + hapTokenInfoRes = *hapResult; + if (!reply.ReadString(appID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail."); + return ERR_READ_PARCEL_FAILED; + } + + return result; +} + AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& processName) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return INVALID_TOKENID; } if (!data.WriteString(processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed."); return INVALID_TOKENID; } MessageParcel reply; @@ -893,10 +1120,10 @@ AccessTokenID AccessTokenManagerProxy::GetNativeTokenId(const std::string& proce } AccessTokenID id; if (!reply.ReadUint32(id)) { - ACCESSTOKEN_LOG_INFO(LABEL, "ReadInt32 failed."); + LOGI(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return INVALID_TOKENID; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Result from server (process=%{public}s, id=%{public}d).", processName.c_str(), id); + LOGD(ATM_DOMAIN, ATM_TAG, "Result from server (process=%{public}s, id=%{public}d).", processName.c_str(), id); return id; } @@ -906,7 +1133,7 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenID)) { @@ -919,57 +1146,25 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID, } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); if (result != RET_SUCCESS) { return result; } sptr hapResult = reply.ReadParcelable(); if (hapResult == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable fail"); return ERR_READ_PARCEL_FAILED; } hapSyncParcel = *hapResult; return result; } -int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - uint32_t size = 0; - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - size = reply.ReadUint32(); - if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size(%{public}d) is oversize.", size); - return ERR_OVERSIZE; - } - for (uint32_t i = 0; i < size; i++) { - sptr nativeResult = reply.ReadParcelable(); - if (nativeResult != nullptr) { - nativeTokenInfoRes.emplace_back(*nativeResult); - } - } - } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, size=%{public}d).", result, size); - return result; -} - int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(deviceID)) { @@ -985,37 +1180,7 @@ int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID, } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); - return result; -} - -int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) -{ - MessageParcel data; - if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - return ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) { - return ERR_WRITE_PARCEL_FAILED; - } - for (const NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) { - if (!data.WriteParcelable(&parcel)) { - return ERR_WRITE_PARCEL_FAILED; - } - } - - MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO, data, reply)) { - return ERR_SERVICE_ABNORMAL; - } - - int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -1037,7 +1202,7 @@ int AccessTokenManagerProxy::DeleteRemoteToken(const std::string& deviceID, Acce } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -1045,7 +1210,7 @@ AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return 0; } if (!data.WriteString(deviceID)) { @@ -1062,7 +1227,7 @@ AccessTokenID AccessTokenManagerProxy::GetRemoteNativeTokenID(const std::string& } AccessTokenID id = reply.ReadUint32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (id=%{public}d).", id); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (id=%{public}d).", id); return id; } @@ -1070,7 +1235,7 @@ int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceI { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteString(deviceID)) { @@ -1083,7 +1248,7 @@ int AccessTokenManagerProxy::DeleteRemoteDeviceTokens(const std::string& deviceI } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d).", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d).", result); return result; } @@ -1091,11 +1256,11 @@ int32_t AccessTokenManagerProxy::RegisterTokenSyncCallback(const sptr parcel = reply.ReadParcelable(); if (parcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return; } infoParcel = *parcel; } -int32_t AccessTokenManagerProxy::GetNativeTokenName(AccessTokenID tokenId, std::string& name) +int32_t AccessTokenManagerProxy::InitUserPolicy( + const std::vector& userList, const std::vector& permList) { MessageParcel data; if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); return ERR_WRITE_PARCEL_FAILED; } - if (!data.WriteUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + + size_t userLen = userList.size(); + size_t permLen = permList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE) || (permLen == 0) || (permLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu or permLen %{public}zu is invalid", userLen, permLen); + return ERR_PARAM_INVALID; + } + + if (!data.WriteUint32(userLen)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(permLen)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permLen size."); return ERR_WRITE_PARCEL_FAILED; } + for (const auto& userInfo : userList) { + if (!data.WriteInt32(userInfo.userId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); + return ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteBool(userInfo.isActive)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); + return ERR_WRITE_PARCEL_FAILED; + } + } + for (const auto& permission : permList) { + if (!data.WriteString(permission)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write permission."); + return ERR_WRITE_PARCEL_FAILED; + } + } MessageParcel reply; - if (!SendRequest(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_NAME, data, reply)) { + if (!SendRequest(AccessTokenInterfaceCode::INIT_USER_POLICY, data, reply)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); return ERR_SERVICE_ABNORMAL; } + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); + return result; +} - int32_t result = reply.ReadInt32(); - if (result == RET_SUCCESS) { - if (!reply.ReadString(name)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed."); - return ERR_READ_PARCEL_FAILED; +int32_t AccessTokenManagerProxy::ClearUserPolicy() +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::CLEAR_USER_POLICY, data, reply)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); + return ERR_SERVICE_ABNORMAL; + } + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); + return result; +} + +int32_t AccessTokenManagerProxy::UpdateUserPolicy(const std::vector& userList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "Write interface token failed."); + return ERR_WRITE_PARCEL_FAILED; + } + + size_t userLen = userList.size(); + if ((userLen == 0) || (userLen > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserLen %{public}zu is invalid.", userLen); + return ERR_PARAM_INVALID; + } + + if (!data.WriteUint32(userLen)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userLen size."); + return ERR_WRITE_PARCEL_FAILED; + } + + for (const auto& userInfo : userList) { + if (!data.WriteInt32(userInfo.userId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write userId."); + return ERR_WRITE_PARCEL_FAILED; } + if (!data.WriteBool(userInfo.isActive)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write isActive."); + return ERR_WRITE_PARCEL_FAILED; + } + } + + MessageParcel reply; + if (!SendRequest(AccessTokenInterfaceCode::UPDATE_USER_POLICY, data, reply)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read replay failed"); + return ERR_SERVICE_ABNORMAL; + } + int32_t result; + if (!reply.ReadInt32(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read Int32 failed"); + return AccessTokenError::ERR_READ_PARCEL_FAILED; } - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server (error=%{public}d, name=%{public}s).", result, name.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Result from server data = %{public}d", result); return result; } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h index fd00b563a01f862d21d698f372cf0bbdc16db2fe..3c79708d665cd1db76e130d7ff83d24502eb6025 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h @@ -28,12 +28,11 @@ #include "hap_token_info_for_sync_parcel.h" #include "i_accesstoken_manager.h" #include "iremote_proxy.h" -#include "native_token_info_for_sync_parcel.h" #include "native_token_info_parcel.h" #include "permission_def_parcel.h" #include "permission_grant_info_parcel.h" #include "permission_list_state_parcel.h" -#include "permission_state_full_parcel.h" +#include "permission_status_parcel.h" namespace OHOS { namespace Security { @@ -43,51 +42,61 @@ public: explicit AccessTokenManagerProxy(const sptr& impl); ~AccessTokenManagerProxy() override; - PermUsedTypeEnum GetUserGrantedPermissionUsedType( + PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; + int VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) override; int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID) override; int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID) override; + int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; PermissionOper GetSelfPermissionsState(std::vector& permListParcel, PermissionGrantInfoParcel& infoParcel) override; int32_t GetPermissionsStatus( AccessTokenID tokenID, std::vector& permListParcel) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; - int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) override; AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; AccessTokenIDEx AllocHapToken(const HapInfoParcel& hapInfo, const HapPolicyParcel& policyParcel) override; int32_t InitHapToken(const HapInfoParcel& hapInfoParcel, HapPolicyParcel& policyParcel, - AccessTokenIDEx& fullTokenId) override; + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& resultInfo) override; int DeleteToken(AccessTokenID tokenID) override; - int32_t UpdateHapToken( - AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel) override; + int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& resultInfo) override; + int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& hapTokenInfoRes) override; int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& nativeTokenInfoRes) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; #endif - int32_t RegisterPermStateChangeCallback( - const PermStateChangeScopeParcel& scope, const sptr& callback) override; + int32_t RegisterPermStateChangeCallback(const PermStateChangeScopeParcel& scope, + const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; + int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, + const sptr& callback) override; + int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) override; AccessTokenID GetNativeTokenId(const std::string& processName) override; + int GetHapTokenInfoExtension(AccessTokenID tokenID, + HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t ClearUserPolicy() override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfoRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; @@ -97,10 +106,8 @@ public: int32_t SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfo, bool enable) override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name) override; private: bool SendRequest(AccessTokenInterfaceCode code, MessageParcel& data, MessageParcel& reply); diff --git a/interfaces/innerkits/accesstoken/src/tokenid_kit.cpp b/interfaces/innerkits/accesstoken/src/tokenid_kit.cpp index a28015b4398415d9c398fd655ee06fcb741d1157..5c2864384454a768a15be4ea25bb693ad7b71ae4 100644 --- a/interfaces/innerkits/accesstoken/src/tokenid_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/tokenid_kit.cpp @@ -17,21 +17,20 @@ #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenIdKit"}; static const uint64_t SYSTEM_APP_MASK = (static_cast(1) << 32); static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff; } bool TokenIdKit::IsSystemAppByFullTokenID(uint64_t tokenId) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called, tokenId=%{public}" PRId64, tokenId); + LOGD(ATM_DOMAIN, ATM_TAG, "Called, tokenId=%{public}" PRId64, tokenId); return (tokenId & SYSTEM_APP_MASK) == SYSTEM_APP_MASK; } @@ -39,7 +38,7 @@ uint64_t TokenIdKit::GetRenderTokenID(uint64_t tokenId) { AccessTokenID id = tokenId & TOKEN_ID_LOWMASK; if (id == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); return tokenId; } AccessTokenIDInner *idInner = reinterpret_cast(&id); diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn index 084a6cb8ea7f3215266179dc9c1b46417f2cf7f6..5daa2becf51e1c378b680c0e23988e28225135f6 100644 --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -12,139 +12,11 @@ # limitations under the License. import("//build/test.gni") -import("../../../../access_token.gni") - -ohos_unittest("libaccesstoken_sdk_test") { - subsystem_name = "security" - part_name = "access_token" - module_out_path = part_name + "/" + part_name - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - - include_dirs = [ - "${access_token_path}/frameworks/accesstoken/include", - "${access_token_path}/frameworks/common/include", - "${access_token_path}/frameworks/tokensync/include", - "../include", - "../src", - "${access_token_path}/interfaces/innerkits/nativetoken/include", - "${access_token_path}/interfaces/innerkits/token_setproc/include", - ] - - sources = [ - "unittest/src/accesstoken_deny_test.cpp", - "unittest/src/accesstoken_kit_extension_test.cpp", - "unittest/src/accesstoken_kit_test.cpp", - "unittest/src/accesstoken_location_request_test.cpp", - "unittest/src/app_installation_optimized_test.cpp", - "unittest/src/clone_app_permission_test.cpp", - "unittest/src/remote_token_kit_test.cpp", - "unittest/src/security_component_grant_test.cpp", - ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - - configs = [ "${access_token_path}/config:coverage_flags" ] - - deps = [ - "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", - "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", - "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../:libaccesstoken_sdk", - "../:libtokenid_sdk", - ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - "ipc:ipc_single", - "samgr:samgr_proxy", - ] - if (token_sync_enable == true) { - cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] - external_deps += [ "device_manager:devicemanagersdk" ] - } - if (dlp_permission_enable == true) { - cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - sources += [ "unittest/src/share_permission_with_sandbox_test.cpp" ] - } -} - -ohos_unittest("accesstoken_mock_test") { - subsystem_name = "security" - part_name = "access_token" - module_out_path = part_name + "/" + part_name - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - - include_dirs = [ - "${access_token_path}/frameworks/common/include", - "${access_token_path}/frameworks/accesstoken/include", - "${access_token_path}/frameworks/tokensync/include", - "${access_token_path}/interfaces/innerkits/nativetoken/include", - "../../token_setproc/include", - "../include", - "../src", - ] - - sources = [ - "../src/accesstoken_callback_stubs.cpp", - "../src/accesstoken_callbacks.cpp", - "../src/accesstoken_death_recipient.cpp", - "../src/accesstoken_kit.cpp", - "../src/accesstoken_manager_client.cpp", - "../src/accesstoken_manager_proxy.cpp", - "../src/perm_state_change_callback_customize.cpp", - "mock/src/iservice_registry.cpp", - "unittest/accesstoken_mock_test/accesstoken_kit_test.cpp", - ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ "${access_token_path}/config:coverage_flags" ] - - deps = [ - "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", - "${access_token_path}/frameworks/common:accesstoken_common_cxx", - "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", - "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../:libtokenid_sdk", - ] - - external_deps = [ - "c_utils:utils", - "googletest:gmock", - "googletest:gtest_main", - "hilog:libhilog", - "hisysevent:libhisysevent", - "init:libbeget_proxy", - "init:libbegetutil", - "ipc:ipc_core", - "ipc:libdbinder", - "safwk:system_ability_fwk", - "samgr:samgr_proxy", - ] - if (eventhandler_enable == true) { - cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] - external_deps += [ "eventhandler:libeventhandler" ] - } - if (token_sync_enable == true) { - cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] - } -} group("unittest") { testonly = true deps = [ - ":accesstoken_mock_test", - ":libaccesstoken_sdk_test", - "tool:SetPermDialogCapTest", + "unittest:accesstoken_mock_test", + "unittest:libaccesstoken_sdk_test", ] } diff --git a/interfaces/innerkits/accesstoken/test/tool/BUILD.gn b/interfaces/innerkits/accesstoken/test/tool/BUILD.gn index 0c86e4cdafb5ae2e3628f69f5a04b44089367d88..5e05c5810d8a7f5f96fc0e54bded041d4952629d 100644 --- a/interfaces/innerkits/accesstoken/test/tool/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/tool/BUILD.gn @@ -39,3 +39,48 @@ ohos_executable("SetPermDialogCapTest") { subsystem_name = "security" part_name = "access_token" } + +ohos_executable("GrantShortTermWriteImageVideo") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "grant_short_term_write_imagevideo.cpp" ] + + include_dirs = [ + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken", + "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + subsystem_name = "security" + part_name = "access_token" +} + +ohos_executable("VerifyAccessToken") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "verify_acesstoken.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp b/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp new file mode 100644 index 0000000000000000000000000000000000000000..134d617e648b69ca2c82331dbef516ed20c231d0 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/tool/grant_short_term_write_imagevideo.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // size of array + perms[0] = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; // 0: index + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, // size of permission list + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "GrantShortTermWriteImageVideo"; + tokenID = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenID); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +void PrintCurrentTime() +{ + std::chrono::milliseconds ms = std::chrono::duration_cast( + std::chrono::system_clock::now().time_since_epoch() + ); + + int64_t timestampMs = ms.count(); + time_t timestampS = static_cast(timestampMs / 1000); + struct tm t = {0}; + // localtime is not thread safe, localtime_r first param unit is second, timestamp unit is ms, so divided by 1000 + localtime_r(×tampS, &t); + + std::cout << "[" << t.tm_hour << ":" << t.tm_min << ":" << t.tm_sec << "] "; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 4) { // 4: size + std::cout << "Help: ./GrantShortTermWriteImageVideo tokenid permisisionName time(s)\n" << std::endl; + return 0; + } + + NativeTokenGet(); + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + uint32_t time = static_cast(atoi(argv[3])); // 3: index + + PrintCurrentTime(); + std::cout << "GrantPermissionForSpecifiedTime begin" << std::endl; + int32_t ret = AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permisisionName, time); + PrintCurrentTime(); + std::cout << "GrantPermissionForSpecifiedTime end, " << ret << std::endl; + return 0; +} diff --git a/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp b/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp index beb9ae02ab8ece730b0e75132fca041180ab09cb..671de4813d94c6667b2619c830f3c0874de31f7c 100644 --- a/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp +++ b/interfaces/innerkits/accesstoken/test/tool/set_pern_dialog_cap.cpp @@ -55,6 +55,7 @@ int32_t main(int argc, char *argv[]) { if (argc < 3) { // 3: size std::cout << "Help: ./SetPermDialogCapTest bundleName 0/1 (0: allow, 1: forbid)\n" << std::endl; + return 0; } NativeTokenGet(); diff --git a/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp b/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1d3353e34d6574b68800391149f1ea610c0a0359 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/tool/verify_acesstoken.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +void PrintCurrentTime() +{ + std::chrono::milliseconds ms = std::chrono::duration_cast( + std::chrono::system_clock::now().time_since_epoch() + ); + + int64_t timestampMs = ms.count(); + time_t timestampS = static_cast(timestampMs / 1000); + struct tm t = {0}; + // localtime is not thread safe, localtime_r first param unit is second, timestamp unit is ms, so divided by 1000 + localtime_r(×tampS, &t); + + std::cout << "[" << t.tm_hour << ":" << t.tm_min << ":" << t.tm_sec << "] "; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 4) { // 4: size + std::cout << "Help: ./VerifyAccessToken tokenid permisisionName\n" << std::endl; + return 0; + } + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + uint32_t count = static_cast(atoi(argv[3])); // 3: index + uint32_t i = 0; + while (i < count) { + int32_t status = AccessTokenKit::VerifyAccessToken(tokenId, permisisionName); + PrintCurrentTime(); + std::cout << "tokenId: " << tokenId << ", perm: " << permisisionName << ", status: " << status << std::endl; + i++; + sleep(1); + } + return 0; +} diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn new file mode 100755 index 0000000000000000000000000000000000000000..690a6054d657bba0a36d08bed5f43fb16502510e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn @@ -0,0 +1,182 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../../access_token.gni") + +ohos_unittest("libaccesstoken_sdk_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/frameworks/tokensync/include", + "${access_token_innerkit_path}/include", + "${access_token_innerkit_path}/src", + "common", + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + ] + + sources = [ + "DistributedTest/alloc_local_token_id_test.cpp", + "DistributedTest/delete_remote_device_tokens_test.cpp", + "DistributedTest/delete_remote_token_test.cpp", + "DistributedTest/get_hap_token_info_from_remote_test.cpp", + "DistributedTest/get_remote_native_tokenid_test.cpp", + "DistributedTest/register_token_sync_callback_test.cpp", + "DistributedTest/set_remote_hap_token_info_test.cpp", + "HapAttributeTest/get_hap_dlp_flag_test.cpp", + "HapAttributeTest/get_permission_flag_test.cpp", + "HapAttributeTest/get_permissions_status_test.cpp", + "HapAttributeTest/get_self_permissions_state_test.cpp", + "HapAttributeTest/permission_request_toggle_status_test.cpp", + "HapAttributeTest/set_perm_dialog_cap_test.cpp", + "HapAttributeTest/user_policy_test.cpp", + "HapTokenTest/delete_token_test.cpp", + "HapTokenTest/get_hap_token_test.cpp", + "HapTokenTest/get_token_type_test.cpp", + "HapTokenTest/init_hap_token_test.cpp", + "HapTokenTest/update_hap_token_test.cpp", + "PermDenyTest/accesstoken_deny_test.cpp", + "PermissionsTest/check_permission_map_test.cpp", + "PermissionsTest/clear_user_granted__permission_state_test.cpp", + "PermissionsTest/get_permission_test.cpp", + "PermissionsTest/grant_permission_for_specified_time_test.cpp", + "PermissionsTest/grant_permission_test.cpp", + "PermissionsTest/revoke_permission_test.cpp", + "PermissionsTest/verify_access_token_test.cpp", + "RegisterCallbackTest/register_perm_state_change_callback_test.cpp", + "RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp", + "SaTest/dump_token_info_test.cpp", + "SaTest/get_native_token_id_test.cpp", + "SaTest/get_native_token_info_test.cpp", + "SaTest/get_version_test.cpp", + "common/test_common.cpp", + "src/accesstoken_kit_extension_test.cpp", + "src/accesstoken_kit_test.cpp", + "src/accesstoken_location_request_test.cpp", + "src/accesstoken_short_time_permission_test.cpp", + "src/app_installation_optimized_test.cpp", + "src/clone_app_permission_test.cpp", + "src/edm_policy_set_test.cpp", + "src/get_self_permission_state_test.cpp", + "src/security_component_grant_test.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + deps = [ + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + ] + + external_deps = [ + "cJSON:cjson", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "samgr:samgr_proxy", + ] + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + external_deps += [ + "device_manager:devicemanagersdk", + "json:nlohmann_json_static", + ] + } + if (dlp_permission_enable == true) { + cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] + sources += [ "src/share_permission_with_sandbox_test.cpp" ] + } +} + +ohos_unittest("accesstoken_mock_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/tokensync/include", + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "${access_token_innerkit_path}/include", + "${access_token_innerkit_path}/src", + ] + + sources = [ + "${access_token_innerkit_path}/src/accesstoken_callback_stubs.cpp", + "${access_token_innerkit_path}/src/accesstoken_callbacks.cpp", + "${access_token_innerkit_path}/src/accesstoken_death_recipient.cpp", + "${access_token_innerkit_path}/src/accesstoken_kit.cpp", + "${access_token_innerkit_path}/src/accesstoken_manager_client.cpp", + "${access_token_innerkit_path}/src/accesstoken_manager_proxy.cpp", + "${access_token_innerkit_path}/src/perm_state_change_callback_customize.cpp", + "../mock/src/iservice_registry.cpp", + "ProxyMockTest/accesstoken_mock_test.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ "${access_token_path}/config:coverage_flags" ] + + deps = [ + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + ] + + external_deps = [ + "c_utils:utils", + "googletest:gmock", + "googletest:gtest_main", + "hilog:libhilog", + "init:libbeget_proxy", + "init:libbegetutil", + "ipc:ipc_single", + "ipc:libdbinder", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + if (eventhandler_enable == true) { + cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] + external_deps += [ "eventhandler:libeventhandler" ] + } + if (token_sync_enable == true) { + cflags_cc += [ "-DTOKEN_SYNC_ENABLE" ] + } +} diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d79656982359c59eeb8934327bcde36803a5d4f2 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.cpp @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "alloc_local_token_id_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void AllocLocalTokenIDTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void AllocLocalTokenIDTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void AllocLocalTokenIDTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void AllocLocalTokenIDTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: AllocLocalTokenIDFuncTest001 + * @tc.desc: get already mapping tokenInfo, makesure ipc right + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(AllocLocalTokenIDTest, AllocLocalTokenIDFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "AllocLocalTokenIDFuncTest001 start."); + std::string deviceID1 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + PermissionStatus infoManagerTestState_1 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList1; + permStateList1.emplace_back(infoManagerTestState_1); + + HapTokenInfoForSync remoteTokenInfo1 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList1 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); +} +#endif \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.h new file mode 100644 index 0000000000000000000000000000000000000000..c84bdbcb5118e6bee19e18330a1309f5edc74d88 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/alloc_local_token_id_test.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ALLOC_LOCAL_TOKEN_ID_TEST_H +#define ALLOC_LOCAL_TOKEN_ID_TEST_H + +#include + +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif +class AllocLocalTokenIDTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ALLOC_LOCAL_TOKEN_ID_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..150a9f163273661ac8fa51efc7f3c3bf3c813d02 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.cpp @@ -0,0 +1,235 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "delete_remote_device_tokens_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void DeleteRemoteDeviceTokensTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void DeleteRemoteDeviceTokensTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void DeleteRemoteDeviceTokensTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void DeleteRemoteDeviceTokensTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: DeleteRemoteDeviceTokensFuncTest001 + * @tc.desc: delete all mapping tokens of exist device + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(DeleteRemoteDeviceTokensTest, DeleteRemoteDeviceTokensFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteDeviceTokensFuncTest001 start."); + std::string deviceID1 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100001); + PermissionStatus infoManagerTestState4 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList1; + permStateList1.emplace_back(infoManagerTestState4); + + HapTokenInfoForSync remoteTokenInfo1 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList1 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo2 = remoteTokenInfo1; + remoteTokenInfo2.baseInfo.tokenID = 0x20100001; + remoteTokenInfo2.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo2); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens(deviceID1); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); + ret = AccessTokenKit::GetHapTokenInfo(mapID1, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceTokensFuncTest002 + * @tc.desc: delete all mapping tokens of NOT exist device + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(DeleteRemoteDeviceTokensTest, DeleteRemoteDeviceTokensFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteDeviceTokensFuncTest002 start."); + std::string deviceID2 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100001); + PermissionStatus infoManagerTestState2 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList2; + permStateList2.emplace_back(infoManagerTestState2); + + HapTokenInfoForSync remoteTokenInfo2 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList2 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo2; + remoteTokenInfo1.baseInfo.tokenID = 0x20100001; + remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens("1111111"); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100001); +} + +/** + * @tc.name: DeleteRemoteDeviceTokensAbnormalTest001 + * @tc.desc: DeleteRemoteDeviceTokens with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(DeleteRemoteDeviceTokensTest, DeleteRemoteDeviceTokensAbnormalTest001, TestSize.Level1) +{ + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteDeviceTokensAbnormalTest001 start."); + std::string device = "device"; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteDeviceTokens(device)); +} +#endif \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.h new file mode 100644 index 0000000000000000000000000000000000000000..afd4167099cb29020510c5fac0f90936eb45300e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_device_tokens_test.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DELETE_REMOTE_DEVICE_TOKENS_TEST_H +#define DELETE_REMOTE_DEVICE_TOKENS_TEST_H + +#include + +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif +class DeleteRemoteDeviceTokensTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // DELETE_REMOTE_DEVICE_TOKENS_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f80754b116012f0246cfea4b84d0a491619a060e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.cpp @@ -0,0 +1,276 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "delete_remote_token_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void DeleteRemoteTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void DeleteRemoteTokenTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void DeleteRemoteTokenTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void DeleteRemoteTokenTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: DeleteRemoteTokenAbnormalTest001 + * @tc.desc: DeleteRemoteToken with invalid parameters. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(DeleteRemoteTokenTest, DeleteRemoteTokenAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteTokenAbnormalTest001 start."); + + std::string deviceId = "device"; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + int res = AccessTokenKit::DeleteRemoteToken("", tokenID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + res = AccessTokenKit::DeleteRemoteToken(deviceId, tokenID); + ASSERT_NE(RET_SUCCESS, res); +} + +/** + * @tc.name: DeleteRemoteTokenAbnormalTest002 + * @tc.desc: DeleteRemoteToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(DeleteRemoteTokenTest, DeleteRemoteTokenAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteTokenAbnormalTest002 start."); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteToken(device, tokenId)); +} + +/** + * @tc.name: DeleteRemoteTokenFuncTest001 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(DeleteRemoteTokenTest, DeleteRemoteTokenFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteTokenFuncTest001 start."); + std::string deviceID1 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + PermissionStatus infoManagerTestState_3 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList1; + permStateList1.emplace_back(infoManagerTestState_3); + + HapTokenInfoForSync remoteTokenInfo11 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList1 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo11); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteTokenFuncTest002 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(DeleteRemoteTokenTest, DeleteRemoteTokenFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteTokenFuncTest002 start."); + std::string deviceID2 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + PermissionStatus infoManagerTestState_2 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList2; + permStateList2.emplace_back(infoManagerTestState_2); + + HapTokenInfoForSync remoteTokenInfo2 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList2 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID2, 0); + ASSERT_NE(ret, RET_SUCCESS); + + // deviceID is wrong + std::string wrongStr(10241, 'x'); + deviceID2 = wrongStr; + ret = AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteTokenFuncTest003 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(DeleteRemoteTokenTest, DeleteRemoteTokenFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteTokenFuncTest003 start."); + std::string deviceID3 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); + + int ret = AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} +#endif \ No newline at end of file diff --git a/services/common/ability_manager/include/ability_manager_access_death_recipient.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.h similarity index 49% rename from services/common/ability_manager/include/ability_manager_access_death_recipient.h rename to interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.h index fa063157d8df6218a00aa41e94f4e14f1fe60fbc..24085e0187e877bd30e6fa8768c3edde1d10dc6f 100644 --- a/services/common/ability_manager/include/ability_manager_access_death_recipient.h +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/delete_remote_token_test.h @@ -13,23 +13,39 @@ * limitations under the License. */ +#ifndef DELETE_REMOTE_TOKEN_TEST_H +#define DELETE_REMOTE_TOKEN_TEST_H -#ifndef ABILITY_MANAGER_ACCESS_DEATH_RECIPIENT_H -#define ABILITY_MANAGER_ACCESS_DEATH_RECIPIENT_H - -#include "iremote_object.h" +#include +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" namespace OHOS { namespace Security { namespace AccessToken { -class AbilityManagerAccessDeathRecipient : public IRemoteObject::DeathRecipient { +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif + +class DeleteRemoteTokenTest : public testing::Test { public: - AbilityManagerAccessDeathRecipient() {} - virtual ~AbilityManagerAccessDeathRecipient() override = default; - void OnRemoteDied(const wptr& object) override; + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; }; -} // namespace AccessToken +} // namespace AccessToken } // namespace Security -} // namespace OHOS -#endif // ABILITY_MANAGER_ACCESS_DEATH_RECIPIENT_H - +} // namespace OHOS +#endif // DELETE_REMOTE_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b6431bb8cc175a8a129098ef4f332491f383c602 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.cpp @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_hap_token_info_from_remote_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void GetHapTokenInfoFromRemoteTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void GetHapTokenInfoFromRemoteTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void GetHapTokenInfoFromRemoteTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void GetHapTokenInfoFromRemoteTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: GetHapTokenInfoFromRemoteFuncTest001 + * @tc.desc: get normal local tokenInfo + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(GetHapTokenInfoFromRemoteTest, GetHapTokenInfoFromRemoteFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoFromRemoteFuncTest001 start."); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID localTokenID = tokenIdEx.tokenIdExStruct.tokenID; + + HapTokenInfoForSync infoSync; + int ret = AccessTokenKit::GetHapTokenInfoFromRemote(localTokenID, infoSync); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(infoSync.permStateList.size(), static_cast(2)); + + ASSERT_EQ(infoSync.permStateList[0].permissionName, g_infoManagerTestPolicyPrams.permStateList[0].permissionName); + ASSERT_EQ(infoSync.permStateList[0].grantFlag, g_infoManagerTestPolicyPrams.permStateList[0].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[0].grantStatus, g_infoManagerTestPolicyPrams.permStateList[0].grantStatus[0]); + + ASSERT_EQ(infoSync.permStateList[1].permissionName, g_infoManagerTestPolicyPrams.permStateList[1].permissionName); + ASSERT_EQ(infoSync.permStateList[1].grantFlag, g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[1].grantStatus, g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[0]); + + ASSERT_EQ(infoSync.baseInfo.bundleName, g_infoManagerTestInfoParms.bundleName); + ASSERT_EQ(infoSync.baseInfo.userID, g_infoManagerTestInfoParms.userID); + ASSERT_EQ(infoSync.baseInfo.instIndex, g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(infoSync.baseInfo.ver, 1); + ASSERT_EQ(infoSync.baseInfo.tokenID, localTokenID); + ASSERT_EQ(infoSync.baseInfo.tokenAttr, 0); + + AccessTokenKit::DeleteToken(localTokenID); +} + +/** + * @tc.name: GetHapTokenInfoFromRemoteFuncTest002 + * @tc.desc: get remote mapping tokenInfo + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(GetHapTokenInfoFromRemoteTest, GetHapTokenInfoFromRemoteFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoFromRemoteFuncTest002 start."); + std::string deviceID2 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + PermissionStatus infoManagerTestState2 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList2; + permStateList2.emplace_back(infoManagerTestState2); + + HapTokenInfoForSync remoteTokenInfo2 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList2 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfoForSync infoSync; + ret = AccessTokenKit::GetHapTokenInfoFromRemote(mapID, infoSync); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); +} + +/** + * @tc.name: GetHapTokenInfoFromRemoteAbnormalTest001 + * @tc.desc: get wrong tokenInfo + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(GetHapTokenInfoFromRemoteTest, GetHapTokenInfoFromRemoteAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoFromRemoteAbnormalTest001 start."); + HapTokenInfoForSync infoSync; + int ret = AccessTokenKit::GetHapTokenInfoFromRemote(0, infoSync); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: GetHapTokenInfoFromRemoteAbnormalTest002 + * @tc.desc: GetHapTokenInfoFromRemote with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetHapTokenInfoFromRemoteTest, GetHapTokenInfoFromRemoteAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoFromRemoteAbnormalTest002 start."); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + AccessTokenID tokenId = 123; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); +} +#endif \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.h new file mode 100644 index 0000000000000000000000000000000000000000..751bafa9ef39d2fbe749cba303caf029a6e1edfd --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_hap_token_info_from_remote_test.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_HAP_TOKEN_INFO_FROM_REMOTE_TEST_H +#define GET_HAP_TOKEN_INFO_FROM_REMOTE_TEST_H + +#include + +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif +class GetHapTokenInfoFromRemoteTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_HAP_TOKEN_INFO_FROM_REMOTE_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ebb724c43780b6acdc9ef707aa5de5684b8421e3 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_remote_native_tokenid_test.h" +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "token_setproc.h" +#ifdef TOKEN_SYNC_ENABLE +#include "token_sync_kit_interface.h" +#endif + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; +namespace { +static AccessTokenID g_selfTokenId = 0; +static AccessTokenIDEx g_testTokenIDEx = {0}; +static int32_t g_selfUid; + +static HapPolicyParams g_PolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", +}; + +static HapInfoParams g_InfoParms = { + .userID = 1, + .bundleName = "ohos.test.bundle", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + return FAKE_SYNC_RET; + }; +}; +#endif +} +using namespace testing::ext; + +void GetRemoteNativeTokenIDTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + g_selfUid = getuid(); +} + +void GetRemoteNativeTokenIDTest::TearDownTestCase() +{ + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << GetSelfTokenID(); + GTEST_LOG_(INFO) << "PermStateChangeCallback, uid is " << getuid(); +} + +void GetRemoteNativeTokenIDTest::SetUp() +{ + AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); + + g_testTokenIDEx = AccessTokenKit::GetHapTokenIDEx(g_InfoParms.userID, + g_InfoParms.bundleName, + g_InfoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, g_testTokenIDEx.tokenIDEx); + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx)); + setuid(1234); // 1234: UID +} + +void GetRemoteNativeTokenIDTest::TearDown() +{ + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + setuid(g_selfUid); +} +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: GetRemoteNativeTokenIDAbnormalTest001 + * @tc.desc: GetRemoteNativeTokenID with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetRemoteNativeTokenIDTest, GetRemoteNativeTokenIDAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteNativeTokenIDAbnormalTest001 start."); + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId)); +} +#endif \ No newline at end of file diff --git a/services/privacymanager/include/record/permission_record_node.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.h similarity index 65% rename from services/privacymanager/include/record/permission_record_node.h rename to interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.h index 2d2c2c915fedf52471e4294049a7076e3f3dc3d6..2d89cfd87efb594c2c25b10449903d526bd26b51 100644 --- a/services/privacymanager/include/record/permission_record_node.h +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/get_remote_native_tokenid_test.h @@ -13,23 +13,22 @@ * limitations under the License. */ -#ifndef PERMISSION_UESD_RECORD_NODE_H -#define PERMISSION_UESD_RECORD_NODE_H +#ifndef GET_REMOTE_NATIVE_TOKEN_ID_TEST_H +#define GET_REMOTE_NATIVE_TOKEN_ID_TEST_H + +#include -#include -#include "permission_record.h" -#include "rwlock.h" namespace OHOS { namespace Security { namespace AccessToken { -struct PermissionUsedRecordNode { - std::weak_ptr pre; - std::shared_ptr next; - PermissionRecord record; - - PermissionUsedRecordNode() = default; +class GetRemoteNativeTokenIDTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // PERMISSION_UESD_RECORD_NODE_H +#endif // GET_REMOTE_NATIVE_TOKEN_ID_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6706bb5fa339ef6ee862154670629acd9510973a --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.cpp @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "register_token_sync_callback_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void RegisterTokenSyncCallbackTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void RegisterTokenSyncCallbackTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void RegisterTokenSyncCallbackTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void RegisterTokenSyncCallbackTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: RegisterTokenSyncCallbackAbnormalTest001 + * @tc.desc: set token sync callback with invalid pointer + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(RegisterTokenSyncCallbackTest, RegisterTokenSyncCallbackAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterTokenSyncCallbackAbnormalTest001 start."); + int32_t ret = AccessTokenKit::RegisterTokenSyncCallback(nullptr); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: RegisterTokenSyncCallbackAbnormalTest002 + * @tc.desc: RegisterTokenSyncCallback with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(RegisterTokenSyncCallbackTest, RegisterTokenSyncCallbackAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterTokenSyncCallbackAbnormalTest002 start."); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterTokenSyncCallback()); +} + +/** + * @tc.name: RegisterTokenSyncCallbackFuncTest001 + * @tc.desc: set token sync callback with right pointer + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(RegisterTokenSyncCallbackTest, RegisterTokenSyncCallbackFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterTokenSyncCallbackFuncTest001 start."); + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::AllocLocalTokenID(networkId_, 0)); // invalid input, would ret 0 + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterTokenSyncCallback()); +} +#endif \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.h new file mode 100644 index 0000000000000000000000000000000000000000..7c7aaf3c06d3e36e46b6a7113f87f20b67d536eb --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/register_token_sync_callback_test.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef REGISTER_TOKEN_SYNC_CALLBACK_TEST_H +#define REGISTER_TOKEN_SYNC_CALLBACK_TEST_H + +#include + +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif +class RegisterTokenSyncCallbackTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // REGISTER_TOKEN_SYNC_CALLBACK_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..eeda26c24cb6a8804fd3cf772eae1f001d61823b --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.cpp @@ -0,0 +1,587 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "set_remote_hap_token_info_test.h" +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static AccessTokenID g_selfTokenId = 0; + +HapTokenInfo g_baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 +}; + +void NativeTokenGet() +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(tokenId, INVALID_TOKENID); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); +} + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { +public: + ~TokenSyncCallbackImpl() + {} + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); + return FAKE_SYNC_RET; + }; +}; +#endif +} + +void SetRemoteHapTokenInfoTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + NativeTokenGet(); + +#ifdef TOKEN_SYNC_ENABLE + std::shared_ptr ptrDmInitCallback = std::make_shared(); + int32_t res = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(TEST_PKG_NAME, ptrDmInitCallback); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void SetRemoteHapTokenInfoTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +#ifdef TOKEN_SYNC_ENABLE + int32_t res = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(TEST_PKG_NAME); + ASSERT_EQ(res, RET_SUCCESS); +#endif +} + +void SetRemoteHapTokenInfoTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + +#ifdef TOKEN_SYNC_ENABLE + DistributedHardware::DmDeviceInfo deviceInfo; + int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TEST_PKG_NAME, deviceInfo); + ASSERT_EQ(res, RET_SUCCESS); + + networkId_ = std::string(deviceInfo.networkId); + ASSERT_NE(networkId_, ""); + + res = DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TEST_PKG_NAME, networkId_, udid_); + ASSERT_EQ(res, RET_SUCCESS); + ASSERT_NE(udid_, ""); +#endif + + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void SetRemoteHapTokenInfoTest::TearDown() +{ + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + udid_.clear(); + networkId_.clear(); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: SetRemoteHapTokenInfoFuncTest001 + * @tc.desc: set remote hap token info success + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoFuncTest001 start."); + std::string deviceID1 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + PermissionStatus infoManagerTestState2 = { + .permissionName = "ohos.permission.CAMERA", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList1; + permStateList1.emplace_back(infoManagerTestState2); + + HapTokenInfoForSync remoteTokenInfo1 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList1 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + // check local map token + HapTokenInfo resultInfo; + ret = AccessTokenKit::GetHapTokenInfo(mapID, resultInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(resultInfo.ver, remoteTokenInfo1.baseInfo.ver); + ASSERT_EQ(resultInfo.userID, remoteTokenInfo1.baseInfo.userID); + ASSERT_EQ(resultInfo.bundleName, remoteTokenInfo1.baseInfo.bundleName); + ASSERT_EQ(resultInfo.instIndex, remoteTokenInfo1.baseInfo.instIndex); + ASSERT_NE(resultInfo.tokenID, remoteTokenInfo1.baseInfo.tokenID); // tokenID already is map tokenID + ASSERT_EQ(resultInfo.tokenAttr, remoteTokenInfo1.baseInfo.tokenAttr); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +void SetRemoteHapTokenInfoWithWrongInfo1(HapTokenInfo &wrongBaseInfo, const HapTokenInfo &rightBaseInfo, + HapTokenInfoForSync &remoteTokenInfo, const std::string &deviceID) +{ + std::string wrongStr(10241, 'x'); // 10241 means the invalid string length + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.bundleName = wrongStr; // wrong bundleName + remoteTokenInfo.baseInfo = wrongBaseInfo; + int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + EXPECT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.tokenID = 0; // wrong tokenID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + EXPECT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoFuncTest002 + * @tc.desc: set remote hap token info, token info is wrong + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoFuncTest002 start."); + std::string deviceID2 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); + HapTokenInfo rightBaseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + HapTokenInfo wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.userID = -11; // wrong userid + + PermissionStatus infoManagerTestState_2 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList2; + permStateList2.emplace_back(infoManagerTestState_2); + + HapTokenInfoForSync remoteTokenInfo2 = { + .baseInfo = wrongBaseInfo, + .permStateList = permStateList2 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); + ASSERT_NE(ret, RET_SUCCESS); + + SetRemoteHapTokenInfoWithWrongInfo1(wrongBaseInfo, rightBaseInfo, remoteTokenInfo2, deviceID2); +} + +/** + * @tc.name: SetRemoteHapTokenInfoFuncTest003 + * @tc.desc: set remote hap token wrong permission grant + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoFuncTest003 start."); + std::string deviceID3 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); + + PermissionStatus infoManagerTestState_3 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = 11, // wrong flags + }; + std::vector permStateList3; + permStateList3.emplace_back(infoManagerTestState_3); + + HapTokenInfoForSync remoteTokenInfo3 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList3 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID3, remoteTokenInfo3); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoFuncTest004 + * @tc.desc: update remote hap token when remote exist + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoFuncTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoFuncTest004 start."); + std::string deviceID4 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID4, 0x20100000); + PermissionStatus infoManagerTestState_4 = { + .permissionName = "ohos.permission.CAMERA", + .grantStatus = PermissionState::PERMISSION_DENIED, // first denied + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList4; + permStateList4.emplace_back(infoManagerTestState_4); + + HapTokenInfoForSync remoteTokenInfo4 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList4 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID4, remoteTokenInfo4); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + remoteTokenInfo4.permStateList[0].grantStatus = PermissionState::PERMISSION_GRANTED; // second granted + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID4, remoteTokenInfo4); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID4, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest001 + * @tc.desc: add remote hap token, it can not grant by GrantPermission + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest001 start."); + std::string deviceID5 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID5, 0x20100000); + PermissionStatus infoManagerTestState5 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_DENIED, // first denied + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList5; + permStateList5.emplace_back(infoManagerTestState5); + + HapTokenInfoForSync remoteTokenInfo5 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList5 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID5, remoteTokenInfo5); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::GrantPermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + ASSERT_EQ(ret, ERR_PERMISSION_NOT_EXIST); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID5, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest002 + * @tc.desc: add remote hap token, it can not revoke by RevokePermission + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest002 start."); + std::string deviceID6 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID6, 0x20100000); + PermissionStatus infoManagerTestState6 = { + .permissionName = "ohos.permission.READ_AUDIO", + .grantStatus = PermissionState::PERMISSION_GRANTED, // first grant + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + PermissionStatus infoManagerTestState7 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, // first grant + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList6; + permStateList6.emplace_back(infoManagerTestState6); + permStateList6.emplace_back(infoManagerTestState7); + + HapTokenInfoForSync remoteTokenInfo6 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList6 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID6, remoteTokenInfo6); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.READ_AUDIO", false); + EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::RevokePermission( + mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + EXPECT_EQ(ret, ERR_PERMISSION_NOT_EXIST); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.READ_AUDIO", false); + EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID6, 0x20100000); + EXPECT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest003 + * @tc.desc: add remote hap token, it can not delete by DeleteToken + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest003 start."); + std::string deviceID7 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID7, 0x20100000); + PermissionStatus infoManagerTestState7 = { + .permissionName = "ohos.permission.READ_AUDIO", + .grantStatus = PermissionState::PERMISSION_DENIED, // first denied + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList7; + permStateList7.emplace_back(infoManagerTestState7); + + HapTokenInfoForSync remoteTokenInfo7 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList7 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID7, remoteTokenInfo7); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::DeleteToken(mapID); + ASSERT_NE(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID7, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest004 + * @tc.desc: add remote hap token, it can not update by UpdateHapToken + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest004 start."); + std::string deviceID8 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID8, 0x20100000); + int32_t DEFAULT_API_VERSION = 8; + PermissionStatus infoManagerTestState8 = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_DENIED, // first denied + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList8; + permStateList8.emplace_back(infoManagerTestState8); + + HapTokenInfoForSync remoteTokenInfo8 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList8 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID8, remoteTokenInfo8); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenIDEx tokenIdEx { + .tokenIdExStruct.tokenID = mapID, + .tokenIdExStruct.tokenAttr = 0, + }; + HapPolicyParams policy; + UpdateHapInfoParams info; + info.appIDDesc = std::string("updateFailed"); + info.apiVersion = DEFAULT_API_VERSION; + info.isSystemApp = false; + ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); + ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID8, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest005 + * @tc.desc: add remote hap token, it can not clear by ClearUserGrantedPermissionState + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest005 start."); + std::string deviceID9 = udid_; + AccessTokenKit::DeleteRemoteToken(deviceID9, 0x20100000); + PermissionStatus infoManagerTestState9 = { + .permissionName = "ohos.permission.CAMERA", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList9; + permStateList9.emplace_back(infoManagerTestState9); + + HapTokenInfoForSync remoteTokenInfo9 = { + .baseInfo = g_baseInfo, + .permStateList = permStateList9 + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID9, remoteTokenInfo9); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(mapID); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID9, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoSpecTest006 + * @tc.desc: tokenID is not hap token + * @tc.type: FUNC + * @tc.require:issue I5R4UF + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoSpecTest006, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoSpecTest006 start."); + std::string deviceID = udid_; + HapTokenInfo baseInfo = { + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .tokenID = 0x28100000, + .tokenAttr = 0 + }; + + PermissionStatus infoManagerTestState = { + .permissionName = "ohos.permission.test1", + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_USER_SET}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList = permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfoAbnormalTest001 + * @tc.desc: SetRemoteHapTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SetRemoteHapTokenInfoTest, SetRemoteHapTokenInfoAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetRemoteHapTokenInfoAbnormalTest001 start."); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + std::string device = "device"; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); +} +#endif \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.h b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.h new file mode 100644 index 0000000000000000000000000000000000000000..c7fb9fcc01adf081e3a71b521e6fea4e09ca9170 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/DistributedTest/set_remote_hap_token_info_test.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_REMOTE_HAP_TOKEN_INFO_TEST_H +#define GET_REMOTE_HAP_TOKEN_INFO_TEST_H + +#include + +#include "access_token.h" +#ifdef TOKEN_SYNC_ENABLE +#include "device_manager.h" +#endif +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +#ifdef TOKEN_SYNC_ENABLE +class TestDmInitCallback final : public OHOS::DistributedHardware::DmInitCallback { + void OnRemoteDied() override + {} +}; +#endif +class SetRemoteHapTokenInfoTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + + uint64_t selfTokenId_; + std::string udid_; + std::string networkId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_REMOTE_HAP_TOKEN_INFO_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..14d93ee134129976da830e578f1af57cd78dfe7e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_hap_dlp_flag_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const int INVALID_DLP_TOKEN_FLAG = -1; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void GetHapDlpFlagTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GetHapDlpFlagTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetHapDlpFlagTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetHapDlpFlagTest::TearDown() +{ +} + +/** + * @tc.name: GetHapDlpFlagFuncTest001 + * @tc.desc: GetHapDlpFlag function abnormal branch. + * @tc.type: FUNC + * @tc.require Issue Number:I5RJBB + */ +HWTEST_F(GetHapDlpFlagTest, GetHapDlpFlagFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapDlpFlagFuncTest001"); + + AccessTokenID tokenID = 0; + int32_t ret = AccessTokenKit::GetHapDlpFlag(tokenID); + ASSERT_EQ(INVALID_DLP_TOKEN_FLAG, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.h new file mode 100644 index 0000000000000000000000000000000000000000..2a19b172abb62cf76110d03412de476529d8d2f5 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_hap_dlp_flag_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_HAP_DLP_FLAG_TEST_H +#define GET_HAP_DLP_FLAG_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetHapDlpFlagTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_HAP_DLP_FLAG_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..23ec9a6620dd74605cf7fc2b97dc67d90409b395 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.cpp @@ -0,0 +1,251 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_permission_flag_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +static const int INVALID_PERMNAME_LEN = 260; +static const int CYCLE_TIMES = 100; +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void GetPermissionFlagTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GetPermissionFlagTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetPermissionFlagTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetPermissionFlagTest::TearDown() +{ +} + +/** + * @tc.name: GetPermissionFlagFuncTest001 + * @tc.desc: Get permission flag after grant permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionFlagTest, GetPermissionFlagFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionFlagFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + uint32_t flag; + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(PERMISSION_USER_FIXED, flag); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetPermissionFlagAbnormalTest001 + * @tc.desc: Get permission flag that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionFlagTest, GetPermissionFlagAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionFlagAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + uint32_t flag; + int ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.GAMMA", flag); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, "", flag); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GetPermissionFlag(tokenID, invalidPerm, flag); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.ALPHA", flag); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); +} + +/** + * @tc.name: GetPermissionFlagSpecTest001 + * @tc.desc: GetPermissionFlag is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionFlagTest, GetPermissionFlagSpecTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionFlagSpecTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t flag; + for (int i = 0; i < CYCLE_TIMES; i++) { + int32_t ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_USER_FIXED, flag); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetPermissionFlagSpecTest002 + * @tc.desc: GetPermissionFlag caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(GetPermissionFlagTest, GetPermissionFlagSpecTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionFlagSpecTest002"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + + uint32_t flag; + int ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetPermissionFlagSpecTest003 + * @tc.desc: GetPermissionFlag caller is system app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(GetPermissionFlagTest, GetPermissionFlagSpecTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionFlagSpecTest003"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + uint32_t flag; + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(PERMISSION_USER_FIXED, flag); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.h new file mode 100644 index 0000000000000000000000000000000000000000..370ea3f05e5fe1e2b4e2d988015d4413067d3455 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permission_flag_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_PERMISSION_FLAG_TEST_H +#define GET_PERMISSION_FLAG_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetPermissionFlagTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_PERMISSION_FLAG_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b6c20e92719b91e12fa32f2f7451440f525b7512 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.cpp @@ -0,0 +1,414 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_permissions_status_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +static constexpr int32_t TOKENID_NOT_EXIST = 123; +static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void GetPermissionsStatusTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + + TestCommon::GetNativeTokenTest(); +} + +void GetPermissionsStatusTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +} + +void PreparePermStateListExt1(HapPolicyParams &policy) +{ + PermissionStateFull permStatBeta = { + .permissionName = "ohos.permission.BETA", + .isGeneral = true, + .resDeviceID = {"device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permTestState5 = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permTestState6 = { + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + policy.permStateList.emplace_back(permStatBeta); + policy.permStateList.emplace_back(permTestState5); + policy.permStateList.emplace_back(permTestState6); +} + +void PreparePermStateList1(HapPolicyParams &policy) +{ + PermissionStateFull permTestState1 = { + .permissionName = "ohos.permission.LOCATION", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG}, + }; + + PermissionStateFull permTestState3 = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} + }; + + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState3); + PreparePermStateListExt1(policy); +} + +void PreparePermDefList1(HapPolicyParams &policy) +{ + PermissionDef permissionDefBeta; + permissionDefBeta.permissionName = "ohos.permission.BETA"; + permissionDefBeta.bundleName = TEST_BUNDLE_NAME; + permissionDefBeta.grantMode = GrantMode::SYSTEM_GRANT; + permissionDefBeta.availableLevel = APL_NORMAL; + permissionDefBeta.provisionEnable = false; + permissionDefBeta.distributedSceneEnable = false; + + policy.permList.emplace_back(permissionDefBeta); +} + +void GetPermissionsStatusTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION, + .isSystemApp = true + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + PreparePermDefList1(policy); + PreparePermStateList1(policy); + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +void GetPermissionsStatusTest::TearDown() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); +} + +/** + * @tc.name: GetPermissionsStatusFuncTest001 + * @tc.desc: get different permissions status + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusFuncTest001, TestSize.Level1) +{ + AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); + + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.LOCATION", + .state = SETTING_OPER + }; + PermissionListState tmpB = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .state = SETTING_OPER + }; + PermissionListState tmpC = { + .permissionName = "ohos.permission.BETA", + .state = SETTING_OPER + }; + PermissionListState tmpD = { + .permissionName = "ohos.permission.xxx", + .state = SETTING_OPER + }; + PermissionListState tmpE = { + .permissionName = "ohos.permission.CAMERA", + .state = SETTING_OPER + }; + + permsList.emplace_back(tmpA); + permsList.emplace_back(tmpB); + permsList.emplace_back(tmpC); + permsList.emplace_back(tmpD); + permsList.emplace_back(tmpE); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); + ASSERT_EQ(SETTING_OPER, permsList[1].state); + ASSERT_EQ(INVALID_OPER, permsList[2].state); + ASSERT_EQ(INVALID_OPER, permsList[3].state); + ASSERT_EQ(INVALID_OPER, permsList[4].state); +} + +/** + * @tc.name: GetPermissionsStatusFuncTest002 + * @tc.desc: get different permissions status after set perm dialog cap + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusFuncTest002, TestSize.Level1) +{ + AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); + + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.LOCATION", + .state = SETTING_OPER + }; + PermissionListState tmpB = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .state = SETTING_OPER + }; + PermissionListState tmpC = { + .permissionName = "ohos.permission.BETA", + .state = SETTING_OPER + }; + PermissionListState tmpD = { + .permissionName = "ohos.permission.xxx", + .state = SETTING_OPER + }; + PermissionListState tmpE = { + .permissionName = "ohos.permission.CAMERA", + .state = SETTING_OPER + }; + + permsList.emplace_back(tmpA); + permsList.emplace_back(tmpB); + permsList.emplace_back(tmpC); + permsList.emplace_back(tmpD); + permsList.emplace_back(tmpE); + + HapBaseInfo hapBaseInfo = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0 + }; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + ASSERT_EQ(FORBIDDEN_OPER, permsList[0].state); + ASSERT_EQ(FORBIDDEN_OPER, permsList[1].state); + ASSERT_EQ(INVALID_OPER, permsList[2].state); + ASSERT_EQ(INVALID_OPER, permsList[3].state); + ASSERT_EQ(INVALID_OPER, permsList[4].state); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); +} + +/** + * @tc.name: GetPermissionsStatusAbnormalTest001 + * @tc.desc: invalid input param: tokenID is 0 or permissionList is empty + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest001, TestSize.Level1) +{ + AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); + + std::vector permsList; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + PermissionListState tmpA = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + permsList.emplace_back(tmpA); + + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(0, permsList)); + ASSERT_EQ(SETTING_OPER, permsList[0].state); +} + +/** + * @tc.name: GetPermissionsStatusAbnormalTest002 + * @tc.desc: tokenID not exit + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest002, TestSize.Level1) +{ + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + permsList.emplace_back(tmpA); + + ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenKit::GetPermissionsStatus(TOKENID_NOT_EXIST, permsList)); + ASSERT_EQ(SETTING_OPER, permsList[0].state); +} + +/** + * @tc.name: GetPermissionsStatusAbnormalTest003 + * @tc.desc: callling without permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusAbnormalTest003, TestSize.Level1) +{ + AccessTokenIDEx tokenIDEx = {0}; + tokenIDEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); + + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + + permsList.emplace_back(tmpA); + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + ASSERT_EQ(ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + ASSERT_EQ(SETTING_OPER, permsList[0].state); + setuid(selfUid); +} + +/** + * @tc.name: GetPermissionsStatusSpecTest001 + * @tc.desc: callling is normal hap + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusSpecTest001, TestSize.Level1) +{ + AccessTokenIDEx tokenIDEx = {0}; + tokenIDEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); + + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + + permsList.emplace_back(tmpA); + + ASSERT_EQ(ERR_NOT_SYSTEM_APP, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + ASSERT_EQ(SETTING_OPER, permsList[0].state); +} + +/** + * @tc.name: GetPermissionsStatusSpecTest002 + * @tc.desc: callling is native SA + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionsStatusTest, GetPermissionsStatusSpecTest002, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + std::vector permsList; + PermissionListState tmpA = { + .permissionName = "ohos.permission.LOCATION", + .state = SETTING_OPER + }; + + permsList.emplace_back(tmpA); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); + ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.h new file mode 100644 index 0000000000000000000000000000000000000000..f7a0f40720c8cdb3856a43c5425694113fa7db51 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_permissions_status_test.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_PERMISSIONS_STATUS_TEST_H +#define GET_PERMISSIONS_STATUS_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetPermissionsStatusTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_PERMISSIONS_STATUS_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..0384d965737c82b6eb479532f6e7655efa87338b --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.cpp @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_self_permissions_state_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +static const int32_t INDEX_ZERO = 0; +static const int32_t INDEX_ONE = 1; +static const int32_t INDEX_TWO = 2; +static const int32_t INDEX_THREE = 3; +static const int32_t INDEX_FOUR = 4; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +uint64_t GetNativeTokenTestGetSelfPermissionsState(const char *processName, const char **perms, int32_t permNum) +{ + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permNum, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = processName, + }; + + tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + return tokenId; +} + +void NativeTokenGetSelfPermissionsState() +{ + uint64_t tokenID; + const char **perms = new const char *[5]; // 5: array size + perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC"; + perms[INDEX_ONE] = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; + perms[INDEX_TWO] = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; + perms[INDEX_THREE] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + perms[INDEX_FOUR] = "ohos.permission.DISABLE_PERMISSION_DIALOG"; + + tokenID = GetNativeTokenTestGetSelfPermissionsState("TestCase", perms, 5); // 5: array size + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; +} + +void GetSelfPermissionsStateTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + NativeTokenGetSelfPermissionsState(); +} + +void GetSelfPermissionsStateTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetSelfPermissionsStateTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetSelfPermissionsStateTest::TearDown() +{ +} + +/** + * @tc.name: GetSelfPermissionsStateAbnormalTest001 + * @tc.desc: get self permissions state with wrong token type. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionsStateTest, GetSelfPermissionsStateAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetSelfPermissionsStateAbnormalTest001"); + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + HapBaseInfo hapBaseInfo = { + .userID = g_infoManagerTestInfoParms.userID, + .bundleName = g_infoManagerTestInfoParms.bundleName, + .instIndex = g_infoManagerTestInfoParms.instIndex, + }; + + std::vector permsList; + PermissionListState tmp = { + .permissionName = g_infoManagerTestPolicyPrams.permStateList[0].permissionName, + .state = BUTT_OPER + }; + permsList.emplace_back(tmp); + + // test dialog isn't forbiddedn + ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.h new file mode 100644 index 0000000000000000000000000000000000000000..5bac4f6fa9aa7aa222d689b899fb05eb3706120f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/get_self_permissions_state_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_SELF_PERMISSIONS_STATE_TEST_H +#define GET_SELF_PERMISSIONS_STATE_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetSelfPermissionsStateTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_SELF_PERMISSIONS_STATE_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..cb1bfeaaf297889930e1395ccde6e7cb421c0da5 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.cpp @@ -0,0 +1,428 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_request_toggle_status_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void PermissionRequestToggleStatusTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void PermissionRequestToggleStatusTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void PermissionRequestToggleStatusTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void PermissionRequestToggleStatusTest::TearDown() +{ +} + +/** + * @tc.name: SetPermissionRequestToggleStatusAbnormalTest001 + * @tc.desc: Set permission request toggle status that userId, permission or status is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, SetPermissionRequestToggleStatusAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatusAbnormalTest001"); + + int32_t userID = 100; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + + // Permission name is invalid. + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus("", status, userID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + // Status is invalid. + status = 2; + ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, userID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + // UserID is invalid. + userID = -1; + status = PermissionRequestToggleStatus::CLOSED; + ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, userID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus001 + * @tc.desc: SetPermissionRequestToggleStatus caller is a normal app, not a system app. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, SetPermissionRequestToggleStatus001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatus001"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + uint32_t status = PermissionRequestToggleStatus::CLOSED; + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestNormalInfoParms.userID); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus002 + * @tc.desc: SetPermissionRequestToggleStatus caller is a system app without related permissions. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, SetPermissionRequestToggleStatus002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatus002"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + uint32_t status = PermissionRequestToggleStatus::CLOSED; + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + + status = PermissionRequestToggleStatus::OPEN; + ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + + // restore environment + setuid(selfUid); +} + +/** + * @tc.name: SetPermissionRequestToggleStatusSpecTest003 + * @tc.desc: SetPermissionRequestToggleStatus caller is a system app with related permissions. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, SetPermissionRequestToggleStatusSpecTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionRequestToggleStatusSpecTest003"); + + AccessTokenIDEx tokenIdEx = {0}; + + PermissionDef infoManagerTestPermDef = { + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableType = MDM + }; + + PermissionStateFull infoManagerTestState = { + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permList = {infoManagerTestPermDef}, + .permStateList = {infoManagerTestState} + }; + + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + uint32_t status = PermissionRequestToggleStatus::CLOSED; + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + + status = PermissionRequestToggleStatus::OPEN; + ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + + // restore environment + setuid(selfUid); +} + +/** + * @tc.name: GetPermissionRequestToggleStatusAbnormalTest001 + * @tc.desc: Get permission request toggle status that userId, permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, GetPermissionRequestToggleStatusAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatusAbnormalTest001"); + + int32_t userID = 100; + uint32_t status; + + // Permission name is invalid. + int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus("", status, userID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + // UserId is invalid. + userID = -1; + ret = AccessTokenKit::GetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, userID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: GetPermissionRequestToggleStatusSpecTest001 + * @tc.desc: GetPermissionRequestToggleStatus caller is a normal app, not a system app. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, GetPermissionRequestToggleStatusSpecTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatusSpecTest001"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + uint32_t status; + int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestNormalInfoParms.userID); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); +} + +/** + * @tc.name: GetPermissionRequestToggleStatusSpecTest002 + * @tc.desc: GetPermissionRequestToggleStatus caller is a system app without related permissions. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, GetPermissionRequestToggleStatusSpecTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatusSpecTest002"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + uint32_t getStatus; + int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", getStatus, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + + // restore environment + setuid(selfUid); +} + +static void AllocAndSetHapToken(void) +{ + AccessTokenIDEx tokenIdEx = {0}; + + PermissionDef infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableType = MDM + }; + + PermissionStateFull infoManagerTestState1 = { + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + + PermissionDef infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS_TEST", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableType = MDM + }; + + PermissionStateFull infoManagerTestState2 = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + + HapPolicyParams infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permList = {infoManagerTestPermDef1, infoManagerTestPermDef2}, + .permStateList = {infoManagerTestState1, infoManagerTestState2} + }; + + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatusSpecTest003 + * @tc.desc: GetPermissionRequestToggleStatus caller is a system app with related permissions. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(PermissionRequestToggleStatusTest, GetPermissionRequestToggleStatusSpecTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionRequestToggleStatusSpecTest003"); + + AllocAndSetHapToken(); + + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + // Set a closed status value. + uint32_t status = PermissionRequestToggleStatus::CLOSED; + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + + // Get a closed status value. + uint32_t getStatus; + ret = AccessTokenKit::GetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", getStatus, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PermissionRequestToggleStatus::CLOSED, getStatus); + + // Set a open status value. + status = PermissionRequestToggleStatus::OPEN; + ret = AccessTokenKit::SetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", status, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + + // Get a open status value. + ret = AccessTokenKit::GetPermissionRequestToggleStatus("ohos.permission.MICROPHONE", getStatus, + g_infoManagerTestSystemInfoParms.userID); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PermissionRequestToggleStatus::OPEN, getStatus); + + // restore environment + setuid(selfUid); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.h new file mode 100644 index 0000000000000000000000000000000000000000..d9888b161f8b1cf5d5fd39b8c240b7809b39304f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/permission_request_toggle_status_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_REQUEST_TOGGLE_STATUS_TEST_H +#define PERMISSION_REQUEST_TOGGLE_STATUS_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PermissionRequestToggleStatusTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PERMISSION_REQUEST_TOGGLE_STATUS_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..36dc387529978ae5dbb247a9fded4ea7f7d2af68 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.cpp @@ -0,0 +1,212 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "set_perm_dialog_cap_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA"; +static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; +static const std::string TEST_PKG_NAME = "com.softbus.test"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +static const std::string TEST_PERMISSION_NAME_A_MICRO = "ohos.permission.MICROPHONE"; +static const std::string TEST_PERMISSION_NAME_A_CAMERA = "ohos.permission.SET_WIFI_INFO"; +static const int32_t INDEX_ZERO = 0; +static const int32_t INDEX_ONE = 1; +static const int32_t INDEX_TWO = 2; +static const int32_t INDEX_THREE = 3; +static const int32_t INDEX_FOUR = 4; + +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); + +HapInfoParams g_infoManagerTestInfoParmsBak = g_infoManagerTestInfoParms; +HapPolicyParams g_infoManagerTestPolicyPramsBak = g_infoManagerTestPolicyPrams; +} +uint64_t GetNativeToken(const char *processName, const char **perms, int32_t permNum) +{ + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permNum, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = processName, + }; + + tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + return tokenId; +} + +void NativeTokenGet1() +{ + uint64_t tokenID; + const char **perms = new const char *[5]; // 5: array size + perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC"; + perms[INDEX_ONE] = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; + perms[INDEX_TWO] = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; + perms[INDEX_THREE] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + perms[INDEX_FOUR] = "ohos.permission.DISABLE_PERMISSION_DIALOG"; + + tokenID = GetNativeToken("TestCase", perms, 5); // 5: array size + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; +} + +void SetPermDialogCapTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + setuid(0); + // make test case clean + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + NativeTokenGet1(); +} + +void SetPermDialogCapTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfTokenId); +} + +void SetPermDialogCapTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak; + g_infoManagerTestInfoParms = g_infoManagerTestInfoParmsBak; + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +void SetPermDialogCapTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); +} + +/** + * @tc.name: SetPermDialogCapAbnormalTest001 + * @tc.desc: Set permission dialog capability with noexist app. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(SetPermDialogCapTest, SetPermDialogCapAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermDialogCapAbnormalTest001"); + HapBaseInfo hapBaseInfo = { + .userID = 111, // 111: user id + .bundleName = "noexist bundle", + .instIndex = 0, + }; + + HapTokenInfo hapInfo; + ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); +} + +/** + * @tc.name: SetPermDialogCapFuncTest001 + * @tc.desc: Set permission dialog capability, and get set permissionState. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SetPermDialogCapTest, SetPermDialogCapFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermDialogCapFuncTest001"); + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + HapBaseInfo hapBaseInfo = { + .userID = g_infoManagerTestInfoParms.userID, + .bundleName = g_infoManagerTestInfoParms.bundleName, + .instIndex = g_infoManagerTestInfoParms.instIndex, + }; + + std::vector permsList; + PermissionListState tmp = { + .permissionName = g_infoManagerTestPolicyPrams.permStateList[0].permissionName, + .state = PASS_OPER + }; + permsList.emplace_back(tmp); + + // test dialog is forbiddedn + ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + ASSERT_EQ(FORBIDDEN_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + SetSelfTokenID(selfTokenId_); + + // test dialog is not forbiddedn + ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); + SetSelfTokenID(tokenID); + ASSERT_NE(FORBIDDEN_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + SetSelfTokenID(selfTokenId_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.h new file mode 100644 index 0000000000000000000000000000000000000000..d3e51868f60b4bff91a3454b9c4d2ca9081b8221 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/set_perm_dialog_cap_test.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SET_PERM_DIALOG_CAP_TEST_H +#define SET_PERM_DIALOG_CAP_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class SetPermDialogCapTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void DeleteTestToken() const; + AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) const; + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // SET_PERM_DIALOG_CAP_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..37cb159ade3372d97adf79c41243f2b0e7b1617f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.cpp @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "user_policy_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static const int32_t INDEX_ZERO = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void UserPolicyTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void UserPolicyTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void UserPolicyTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void UserPolicyTest::TearDown() +{ +} + +/** + * @tc.name: UserPolicyFuncTest001 + * @tc.desc: UserPolicyTest. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UserPolicyTest, UserPolicyFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UserPolicyFuncTest001"); + + setuid(0); + const char **perms = new const char *[1]; + perms[INDEX_ZERO] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + uint64_t tokenID = TestCommon::GetNativeToken("TestCase", perms, 1); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(ret, 0); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.h new file mode 100644 index 0000000000000000000000000000000000000000..98c5ab84067b0dca3bb040ea42803029b33de71b --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapAttributeTest/user_policy_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef USER_POLICY_TEST_H +#define USER_POLICY_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class UserPolicyTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // USER_POLICY_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1a8a7a94206f6ca42520850f8b8eec4d36cae554 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.cpp @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "delete_token_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +}; + +void DeleteTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void DeleteTokenTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void DeleteTokenTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void DeleteTokenTest::TearDown() +{ +} + +/** + * @tc.name: DeleteTokenFuncTest001 + * @tc.desc: Cannot get permission definition info after DeleteToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DeleteTokenTest, DeleteTokenFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteTokenFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + PermissionDef permDefResultAlpha; + int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); + ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + PermissionDef defResult; + ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", defResult); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); +} + +/** + * @tc.name: DeleteTokenFuncTest002 + * @tc.desc: Cannot get haptoken info after DeleteToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DeleteTokenTest, DeleteTokenFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteTokenFuncTest002"); + + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, ret); +} + +/** + * @tc.name: DeleteTokenAbnormalTest001 + * @tc.desc: Delete invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DeleteTokenTest, DeleteTokenAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteTokenAbnormalTest001"); + + int ret = AccessTokenKit::DeleteToken(TEST_TOKENID_INVALID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: DeleteTokenSpecTest001 + * @tc.desc: alloc a tokenId successfully, delete it successfully the first time and fail to delete it again. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(DeleteTokenTest, DeleteTokenSpecTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteTokenSpecTest001"); + + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + ASSERT_NE(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.h new file mode 100644 index 0000000000000000000000000000000000000000..d931ea64934f35342cd405b4fe306ced7c1efd2d --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/delete_token_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DELETE_TOKEN_TEST_H +#define DELETE_TOKEN_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class DeleteTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // DELETE_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ef9162c90c00fc7c3b2c9263064ef048b63fcaa7 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.cpp @@ -0,0 +1,300 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_hap_token_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +static const int TEST_USER_ID_INVALID = -1; +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +} + +void GetHapTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GetHapTokenTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetHapTokenTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetHapTokenTest::TearDown() +{ +} + +/** + * @tc.name: GetHapTokenIDFuncTest001 + * @tc.desc: get hap tokenid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDFuncTest001"); + + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: GetHapTokenIDAbnormalTest001 + * @tc.desc: cannot get hap tokenid with invalid userId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID_INVALID, TEST_BUNDLE_NAME, 0); + ASSERT_EQ(INVALID_TOKENID, tokenID); +} + +/** + * @tc.name: GetHapTokenIDAbnormalTest002 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDAbnormalTest002"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "invalid bundlename", 0); + ASSERT_EQ(INVALID_TOKENID, tokenID); +} + +/** + * @tc.name: GetHapTokenIDAbnormalTest003 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDAbnormalTest003"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0xffff); + ASSERT_EQ(INVALID_TOKENID, tokenID); +} + +/** + * @tc.name: GetHapTokenIDExFuncTest001 + * @tc.desc: get hap tokenid. + * @tc.type: FUNC + * @tc.require: issueI60F1M + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDExFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDExFuncTest001"); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + g_infoManagerTestPolicyPrams); + + AccessTokenIDEx tokenIdEx1 = AccessTokenKit::GetHapTokenIDEx(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + + ASSERT_EQ(tokenIdEx.tokenIDEx, tokenIdEx1.tokenIDEx); + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(hapTokenInfoRes.bundleName, g_infoManagerTestSystemInfoParms.bundleName); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetHapTokenIDExAbnormalTest001 + * @tc.desc: cannot get hap tokenid with invalid userId. + * @tc.type: FUNC + * @tc.require: issueI60F1M + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDExAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDExAbnormalTest001"); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID_INVALID, TEST_BUNDLE_NAME, 0); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIDEx); +} + +/** + * @tc.name: GetHapTokenIDExAbnormalTest002 + * @tc.desc: cannot get hap tokenid with invalid bundlename. + * @tc.type: FUNC + * @tc.require: issueI60F1M + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDExAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDExAbnormalTest002"); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, "invalid bundlename", 0); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIDEx); +} + +/** + * @tc.name: GetHapTokenIDExAbnormalTest003 + * @tc.desc: cannot get hap tokenid with invalid instIndex. + * @tc.type: FUNC + * @tc.require: issueI60F1M + */ +HWTEST_F(GetHapTokenTest, GetHapTokenIDExAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenIDExAbnormalTest003"); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0xffff); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIDEx); +} + +/** + * @tc.name: GetHapTokenInfoFuncTest001 + * @tc.desc: get the token info and verify. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenInfoFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoFuncTest001"); + + HapTokenInfo hapTokenInfoRes; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(hapTokenInfoRes.userID, TEST_USER_ID); + ASSERT_EQ(hapTokenInfoRes.tokenID, tokenID); + ASSERT_EQ(hapTokenInfoRes.tokenAttr, static_cast(0)); + ASSERT_EQ(hapTokenInfoRes.instIndex, 0); + + ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetHapTokenInfoAbnormalTest001 + * @tc.desc: try to get the token info with invalid tokenId. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetHapTokenTest, GetHapTokenInfoAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoAbnormalTest001"); + + HapTokenInfo hapTokenInfoRes; + int ret = AccessTokenKit::GetHapTokenInfo(TEST_TOKENID_INVALID, hapTokenInfoRes); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: GetHapTokenInfoExtensionFuncTest001 + * @tc.desc: GetHapTokenInfoExt001. + * @tc.type: FUNC + * @tc.require: IAZTZD + */ +HWTEST_F(GetHapTokenTest, GetHapTokenInfoExtensionFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfoExtensionFuncTest001"); + setuid(0); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + HapTokenInfoExt hapTokenInfoExt; + int ret = AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapTokenInfoExt); + ASSERT_EQ(ret, 0); + ASSERT_EQ(TEST_BUNDLE_NAME, hapTokenInfoExt.baseInfo.bundleName); + ASSERT_EQ("appIDDesc", hapTokenInfoExt.appID); + + ret = AccessTokenKit::GetHapTokenInfoExtension(INVALID_TOKENID, hapTokenInfoExt); + ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.h new file mode 100644 index 0000000000000000000000000000000000000000..a53c643cae2eb8b1bf9c56d68fa36074c88aa22e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_hap_token_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_HAP_TOKEN_TEST_H +#define GET_HAP_TOKEN_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetHapTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_HAP_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..cd7c0dccfbdcae704fb7d50d1abce8238ea39bcf --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.cpp @@ -0,0 +1,212 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_token_type_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +} + +void GetTokenTypeTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GetTokenTypeTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetTokenTypeTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetTokenTypeTest::TearDown() +{ +} + +/** + * @tc.name: GetTokenTypeFuncTest001 + * @tc.desc: get the token type. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetTokenTypeTest, GetTokenTypeFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetTokenTypeFuncTest001"); + + // type = TOKEN_SHELL + AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId("hdcd"); + int ret = AccessTokenKit::GetTokenType(tokenID); + ASSERT_EQ(TOKEN_SHELL, ret); + + // type = TOKEN_NATIVE + tokenID = AccessTokenKit::GetNativeTokenId("foundation"); + ret = AccessTokenKit::GetTokenType(tokenID); + ASSERT_EQ(TOKEN_NATIVE, ret); + + // type = TOKEN_HAP + tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ret = AccessTokenKit::GetTokenType(tokenID); + ASSERT_EQ(TOKEN_HAP, ret); + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ret = AccessTokenKit::DeleteToken(tokenID); + if (tokenID != 0) { + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +/** + * @tc.name: GetTokenTypeAbnormalTest001 + * @tc.desc: get the token type abnormal branch. + * @tc.type: FUNC + * @tc.require Issue I5RJBB + */ +HWTEST_F(GetTokenTypeTest, GetTokenTypeAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetTokenTypeAbnormalTest001"); + + AccessTokenID tokenID = 0; + int32_t ret = AccessTokenKit::GetTokenType(tokenID); + ASSERT_EQ(TOKEN_INVALID, ret); +} + +/** + * @tc.name: GetTokenTypeFlagAbnormalTest001 + * @tc.desc: cannot get token type with tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetTokenTypeTest, GetTokenTypeFlagAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetTokenTypeFlagAbnormalTest001"); + + AccessTokenID tokenID = 0; + ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); + ASSERT_EQ(ret, TOKEN_INVALID); +} + +/** + * @tc.name: GetTokenTypeFlagFuncTest001 + * @tc.desc: Get token type with native tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetTokenTypeTest, GetTokenTypeFlagFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetTokenTypeFlagFuncTest001"); + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 0, + .aclsNum = 0, + .dcaps = nullptr, + .perms = nullptr, + .acls = nullptr, + .processName = "GetTokenTypeFlag002", + .aplStr = "system_core", + }; + uint64_t tokenId01 = GetAccessTokenId(&infoInstance); + + AccessTokenID tokenID = tokenId01 & 0xffffffff; + ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID); + ASSERT_EQ(ret, TOKEN_NATIVE); +} + +/** + * @tc.name: GetTokenTypeFlagFuncTest002 + * @tc.desc: Get token type with hap tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetTokenTypeTest, GetTokenTypeFlagFuncTest002, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); + + ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(ret, TOKEN_HAP); + + int res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.h new file mode 100644 index 0000000000000000000000000000000000000000..8cecd5e4b788d36095eea6f9a79b192791489fda --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/get_token_type_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_TOKEN_TYPE_TEST_H +#define GET_TOKEN_TYPE_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetTokenTypeTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_TOKEN_TYPE_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..911a6ada6acf51884776a0656c3301a5d8568ab5 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -0,0 +1,1012 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "init_hap_token_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "nativetoken_kit.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static constexpr int32_t THIRTY_TIME_CYCLES = 30; +const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; +const std::string APP_DISTRIBUTION_TYPE_NONE = "none"; +const std::string OVER_SIZE_STR = + "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A" + "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM" + "vj3He5vIaUEjV0UAfe85X83KMBT7N75JEXVdSlfEAVfPRyZ5yfIrBoUkVlMU82Hkp8wu9ddt1vFew4sIiIiKwgzcXIvN7GTZOvpZ" + "D3I1NZvmdCXz+XOv5wJANKHOVYjRTAghxIyh0FHKb+0QQH5+kXf2zkYGAG0oFr5RfnK8DAGkwY19wliRT2L448vjv0YGQFVa8VKd"; + +PermissionStateFull g_infoManagerManageHapState = { + .permissionName = "ohos.permission.MANAGE_HAP_TOKENID", + .isGeneral = true, + .resDeviceID = {"test_device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_infoManagerCameraState = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerMicrophoneState = { + .permissionName = "ohos.permission.MICROPHONE", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerCertState = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +HapInfoParams g_testHapInfoParams = { + .userID = 0, + .bundleName = "InitHapTokenTest", + .instIndex = 0, + .appIDDesc = "InitHapTokenTest", + .apiVersion = TestCommon::DEFAULT_API_VERSION, + .isSystemApp = true, + .appDistributionType = "" +}; + +HapPolicyParams g_testPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test_domain", + .permList = {}, + .permStateList = { g_infoManagerManageHapState }, + .aclRequestedList = {}, + .preAuthorizationInfo = {} +}; +}; + +void InitHapTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_testHapInfoParams.userID, + g_testHapInfoParams.bundleName, + g_testHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_testHapInfoParams, g_testPolicyParams); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void InitHapTokenTest::TearDownTestCase() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_testHapInfoParams.userID, + g_testHapInfoParams.bundleName, + g_testHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); + SetSelfTokenID(g_selfTokenId); +} + +void InitHapTokenTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void InitHapTokenTest::TearDown() +{ +} + +/** + * @tc.name: InitHapTokenFuncTest001 + * @tc.desc: Install normal applications(isSystemApp = false). + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.isSystemApp = false; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(0, hapInfo.userID); + EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName); + EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion); + EXPECT_EQ(0, hapInfo.instIndex); + EXPECT_EQ(tokenID, hapInfo.tokenID); + EXPECT_EQ(0, hapInfo.tokenAttr); + + HapTokenInfoExt hapInfoExt; + AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt); + EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest002 + * @tc.desc: Install systrem applications(isSystemApp = true). + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(0, hapInfo.userID); + EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName); + EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion); + EXPECT_EQ(0, hapInfo.instIndex); + EXPECT_EQ(tokenID, hapInfo.tokenID); + EXPECT_EQ(1, hapInfo.tokenAttr); + + HapTokenInfoExt hapInfoExt; + AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt); + EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest003 + * @tc.desc: Test the isGeneral field in the permission authorization list(isGeneral is false or true). + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER", + .isGeneral = false, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER_INTERNAL"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest004 + * @tc.desc:Init a tokenId successfully, delete it successfully the first time and fail to delete it again. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest004"); + + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); + ASSERT_NE(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest005 + * @tc.desc: InitHapToken with dlp type. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_BASIC; + policyParams.permStateList = { g_infoManagerCameraState, g_infoManagerMicrophoneState, g_infoManagerCertState }; + + AccessTokenIDEx fullTokenId; + int32_t res = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, res); + + HapInfoParams infoParams1 = infoParams; + infoParams1.dlpType = DLP_FULL_CONTROL; + infoParams1.instIndex++; + AccessTokenIDEx dlpFullTokenId1; + res = AccessTokenKit::InitHapToken(infoParams1, policyParams, dlpFullTokenId1); + EXPECT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, "ohos.permission.CAMERA"); + EXPECT_EQ(res, PERMISSION_DENIED); + + (void)AccessTokenKit::GrantPermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_SET); + (void)AccessTokenKit::RevokePermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_SET); + + infoParams1.instIndex++; + AccessTokenIDEx dlpFullTokenId2; + res = AccessTokenKit::InitHapToken(infoParams1, policyParams, dlpFullTokenId2); + EXPECT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId2.tokenIdExStruct.tokenID, "ohos.permission.CAMERA"); + EXPECT_EQ(res, PERMISSION_GRANTED); + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, "ohos.permission.CAMERA"); + EXPECT_EQ(res, PERMISSION_GRANTED); + + std::vector permStatList1; + res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false); + ASSERT_EQ(RET_SUCCESS, res); + std::vector permStatList2; + res = AccessTokenKit::GetReqPermissions(dlpFullTokenId2.tokenIdExStruct.tokenID, permStatList2, false); + ASSERT_EQ(permStatList2.size(), permStatList1.size()); + EXPECT_EQ("ohos.permission.CAMERA", permStatList2[0].permissionName); + EXPECT_EQ(permStatList2[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(permStatList2[0].grantFlags[0], PERMISSION_USER_SET); + EXPECT_EQ("ohos.permission.MICROPHONE", permStatList2[1].permissionName); + EXPECT_EQ(permStatList2[1].grantStatus[0], PERMISSION_DENIED); + EXPECT_EQ(permStatList2[1].grantFlags[0], PERMISSION_USER_SET); + ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(dlpFullTokenId1.tokenIdExStruct.tokenID)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(dlpFullTokenId2.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest006 + * @tc.desc: Install normal app success with input param result + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest006, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest006"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.isSystemApp = false; + AccessTokenIDEx fullTokenId; + HapInfoCheckResult result; + result.permCheckResult.permissionName = "test"; // invalid Name + result.permCheckResult.rule = static_cast(-1); // invalid reasan + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "test"); + ASSERT_EQ(result.permCheckResult.rule, -1); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenFuncTest007 + * @tc.desc: Install normal app ignore acl check. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenFuncTest007, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenFuncTest007"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + PermissionStateFull permStatDump = { + .permissionName = "ohos.permission.DUMP", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList.emplace_back(permStatDump); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + policyParams.checkIgnore = HapPolicyCheckIgnore::ACL_IGNORE_CHECK; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest001 + * @tc.desc: Test the high-level permission authorized by acl. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest002 + * @tc.desc: Test apl level does not match application level. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + + HapInfoCheckResult result; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ACCESS_DDK_USB"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); +} + +/** + * @tc.name: InitHapTokenSpecsTest003 + * @tc.desc: Initialize system_grant&&user_grant permission. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.READ_HEALTH_MOTION", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_HEALTH_MOTION"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + uint32_t flag; + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.READ_HEALTH_MOTION", flag); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", flag); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(PERMISSION_DEFAULT_FLAG, flag); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest004 + * @tc.desc: Initialize cancelable/un-cancelable permission. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest004"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_NEARLINK", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + PreAuthorizationInfo preAuthorizationInfo001 = { + .permissionName = "ohos.permission.ACCESS_NEARLINK", + .userCancelable = true + }; + PreAuthorizationInfo preAuthorizationInfo002 = { + .permissionName = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", + .userCancelable = false + }; + policyParams.preAuthorizationInfo = {preAuthorizationInfo001, preAuthorizationInfo002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_NEARLINK"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + std::vector permStatList; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetReqPermissions(tokenID, permStatList, false)); + ASSERT_EQ(static_cast(2), permStatList.size()); + ASSERT_EQ("ohos.permission.ACCESS_NEARLINK", permStatList[0].permissionName); + EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY); + ASSERT_EQ("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY", permStatList[1].permissionName); + EXPECT_EQ(permStatList[1].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(permStatList[1].grantFlags[0], PERMISSION_SYSTEM_FIXED); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest005 + * @tc.desc: User grant permission not pre-authorized, grant state is PERMISSION_DENIED + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + policyParams.permStateList = { g_infoManagerMicrophoneState }; + AccessTokenIDEx fullTokenId; + int32_t res = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, res); + int32_t ret = AccessTokenKit::VerifyAccessToken( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE"); + EXPECT_EQ(ret, PERMISSION_DENIED); + uint32_t flag; + AccessTokenKit::GetPermissionFlag( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", flag); + EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest006 + * @tc.desc: Initialize MDM permission for a MDM hap. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest006, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest006"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + uint32_t flag; + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", flag); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenSpecsTest007 + * @tc.desc: Initialize MDM permission for a Non-MDM hap. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest007, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest007"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" }; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + + HapInfoCheckResult result; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId, result); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: InitHapTokenSpecsTest008 + * @tc.desc: Initialize MDM permission for a debug hap. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest008, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenSpecsTest008"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_NONE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + uint32_t flag; + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", flag); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(PERMISSION_SYSTEM_FIXED, flag); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenAbnormalTest001 + * @tc.desc: Invaild HapInfoParams. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.userID = -1; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.bundleName = ""; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + infoParams.bundleName = OVER_SIZE_STR; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + for (int i = 0; i < THIRTY_TIME_CYCLES; i++) { + infoParams.appIDDesc += OVER_SIZE_STR; + } + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: InitHapTokenAbnormalTest002 + * @tc.desc: Invaild HapPolicyParams. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = static_cast(-1); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_ENUM_BUTT; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.domain = ""; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.domain = OVER_SIZE_STR; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: InitHapTokenAbnormalTest003 + * @tc.desc: Invaild permStateList. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + + PermissionStateFull permissionStateFull001 = { + .permissionName = "", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.test", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList.emplace_back(permissionStateFull001); + policyParams.permStateList.emplace_back(permissionStateFull002); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + std::vector reqPermList; + ret = AccessTokenKit::GetReqPermissions(tokenID, reqPermList, false); + EXPECT_TRUE(reqPermList.empty()); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: InitHapTokenAbnormalTest004 + * @tc.desc: Invaild aclRequestedList. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest004"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.AGENT_REQUIRE_FORM", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.aclRequestedList = {""}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + EXPECT_EQ(PERMISSION_DENIED, ret); + + policyParams.aclRequestedList = {"ohos.permission.test"}; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + policyParams.aclRequestedList = {"ohos.permission.AGENT_REQUIRE_FORM"}; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + policyParams.permStateList.emplace_back(permissionStateFull002); + policyParams.aclRequestedList.emplace_back("ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"); + + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: InitHapTokenAbnormalTest005 + * @tc.desc: Invaild preAuthorizationInfo. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "InitHapTokenAbnormalTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + + PreAuthorizationInfo preAuthorizationInfo; + preAuthorizationInfo.permissionName = ""; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + EXPECT_EQ(PERMISSION_DENIED, ret); + + preAuthorizationInfo.permissionName = "ohos.permission.test"; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + preAuthorizationInfo.permissionName = "ohos.permission.AGENT_REQUIRE_FORM"; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: InitHapTokenAbnormalTest006 + * @tc.desc: InitHapToken isRestore with INVALID_TOKENID + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenAbnormalTest006, TestSize.Level1) +{ + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + + infoParams.isRestore = true; + infoParams.tokenID = INVALID_TOKENID; + + PreAuthorizationInfo preAuthorizationInfo; + preAuthorizationInfo.permissionName = ""; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: InitHapTokenSpecsTest009 + * @tc.desc: InitHapToken isRestore with real token + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest009, TestSize.Level1) +{ + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER", + .isGeneral = false, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, g_infoManagerCameraState}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + (void)AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", PERMISSION_USER_SET); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + EXPECT_EQ(ret, PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); + + infoParams.isRestore = true; + infoParams.tokenID = tokenID; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_CERT_MANAGER"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA"); + EXPECT_EQ(ret, PERMISSION_DENIED); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.h new file mode 100644 index 0000000000000000000000000000000000000000..66d8f079c97a09dd24206e5dd1d425b517ca9fb8 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef INIT_HAP_TOKEN_TEST_H +#define INIT_HAP_TOKEN_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class InitHapTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // INIT_HAP_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..df8d70174ab9d0c87627b45394c95318686c45af --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -0,0 +1,1239 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "update_hap_token_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "nativetoken_kit.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static constexpr int32_t API_VERSION_EIGHT = 8; +static constexpr int32_t THIRTY_TIME_CYCLES = 30; +const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; +const std::string OVER_SIZE_STR = + "AAANSUhEUgAAABUAAAAXCAIAAABrvZPKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAEXRFWHRTb2Z0d2FyZQBTbmlwYXN0ZV0Xzt0A" + "FBSURBVDiN7ZQ/S8NQFMVPxU/QCx06GBzrkqUZ42rBbHWUBDqYxSnUoTxXydCSycVsgltfBiFDR8HNdHGxY4nQQAPvMzwHsWn+KM" + "vj3He5vIaUEjV0UAfe85X83KMBT7N75JEXVdSlfEAVfPRyZ5yfIrBoUkVlMU82Hkp8wu9ddt1vFew4sIiIiKwgzcXIvN7GTZOvpZ" + "D3I1NZvmdCXz+XOv5wJANKHOVYjRTAghxIyh0FHKb+0QQH5+kXf2zkYGAG0oFr5RfnK8DAGkwY19wliRT2L448vjv0YGQFVa8VKd"; + +PermissionStateFull g_testPermReq = { + .permissionName = "ohos.permission.MANAGE_HAP_TOKENID", + .isGeneral = true, + .resDeviceID = {"test_device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_infoManagerCameraState = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerMicrophoneState = { + .permissionName = "ohos.permission.MICROPHONE", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerCertState = { + .permissionName = "ohos.permission.ACCESS_CERT_MANAGER", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +HapInfoParams g_testHapInfoParams = { + .userID = 0, + .bundleName = "UpdateHapTokenTest", + .instIndex = 0, + .appIDDesc = "UpdateHapTokenTest", + .apiVersion = TestCommon::DEFAULT_API_VERSION, + .isSystemApp = true, + .appDistributionType = "" +}; + +HapPolicyParams g_testPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test_domain", + .permList = {}, + .permStateList = { g_testPermReq }, + .aclRequestedList = {}, + .preAuthorizationInfo = {} +}; +}; + +void UpdateHapTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_testHapInfoParams.userID, + g_testHapInfoParams.bundleName, + g_testHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_testHapInfoParams, g_testPolicyParams); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void UpdateHapTokenTest::TearDownTestCase() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_testHapInfoParams.userID, + g_testHapInfoParams.bundleName, + g_testHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); + SetSelfTokenID(g_selfTokenId); +} + +void UpdateHapTokenTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + setuid(0); +} + +void UpdateHapTokenTest::TearDown() +{ +} + +/** + * @tc.name: UpdateHapTokenFuncTest001 + * @tc.desc: test update appIDDesc + * 1.appIDDesc = AccessTokenTestAppID. + * 2.appIDDesc = HapTokenTestAppID_1, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = "HapTokenTestAppID_1", + .apiVersion = infoParams.apiVersion, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(0, hapInfo.userID); + EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName); + EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion); + EXPECT_EQ(0, hapInfo.instIndex); + EXPECT_EQ(tokenID, hapInfo.tokenID); + EXPECT_EQ(1, hapInfo.tokenAttr); + + HapTokenInfoExt hapInfoExt; + AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt); + EXPECT_EQ("HapTokenTestAppID_1", hapInfoExt.appID); +} + +/** + * @tc.name: UpdateHapTokenFuncTest002 + * @tc.desc: test update apiVersion + * 1.apiVersion = DEFAULT_API_VERSION. + * 2.apiVersion = API_VERSION_EIGHT, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = API_VERSION_EIGHT, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(0, hapInfo.userID); + EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName); + EXPECT_EQ(API_VERSION_EIGHT, hapInfo.apiVersion); + EXPECT_EQ(0, hapInfo.instIndex); + EXPECT_EQ(tokenID, hapInfo.tokenID); + EXPECT_EQ(1, hapInfo.tokenAttr); + + HapTokenInfoExt hapInfoExt; + AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt); + EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID); +} + +/** + * @tc.name: UpdateHapTokenFuncTest003 + * @tc.desc: test update isSystemApp + * 1.isSystemApp = true. + * 2.isSystemApp = false, Update success. + * 3.isSystemApp = true, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(0, hapInfo.userID); + EXPECT_EQ("com.ohos.AccessTokenTestBundle", hapInfo.bundleName); + EXPECT_EQ(TestCommon::DEFAULT_API_VERSION, hapInfo.apiVersion); + EXPECT_EQ(0, hapInfo.instIndex); + EXPECT_EQ(tokenID, hapInfo.tokenID); + EXPECT_EQ(0, hapInfo.tokenAttr); + + HapTokenInfoExt hapInfoExt; + AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapInfoExt); + EXPECT_EQ("AccessTokenTestAppID", hapInfoExt.appID); + + updateHapInfoParams.isSystemApp = true; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + EXPECT_EQ(1, hapInfo.tokenAttr); +} + +void GetPermissions(string permissionName, PermissionStateFull& stateFull, PreAuthorizationInfo& info) +{ + stateFull = { + .permissionName = permissionName, + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + info = { + .permissionName = permissionName, + .userCancelable = false + }; +} +/** + * @tc.name: UpdateHapTokenFuncTest004 + * @tc.desc: test permission list number is increased from 0 to 2. + * 1.permStateList = {}. + * 2.permStateList = {permissionStateFull001, permissionStateFull002}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest004"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS"); + EXPECT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_MMS"); + EXPECT_EQ(PERMISSION_DENIED, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + + PermissionStateFull permissionStateFull001; + PermissionStateFull permissionStateFull002; + PreAuthorizationInfo info1; + PreAuthorizationInfo info2; + GetPermissions("ohos.permission.RECEIVE_SMS", permissionStateFull001, info1); + GetPermissions("ohos.permission.RECEIVE_MMS", permissionStateFull002, info2); + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.preAuthorizationInfo = {info1, info2}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + std::vector permStatList; + int32_t res = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(static_cast(2), permStatList.size()); + ASSERT_EQ("ohos.permission.RECEIVE_SMS", permStatList[0].permissionName); + EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); + ASSERT_EQ("ohos.permission.RECEIVE_MMS", permStatList[1].permissionName); + EXPECT_EQ(permStatList[1].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(permStatList[1].grantFlags[0], PERMISSION_SYSTEM_FIXED); +} + +/** + * @tc.name: UpdateHapTokenFuncTest005 + * @tc.desc: test permission list number is decreased from 2 to 0. + * 1.permStateList = {permissionStateFull001, permissionStateFull002}. + * 2.permStateList={}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: UpdateHapTokenFuncTest006 + * @tc.desc: test permission list number is changed from permissionStateFull001 to permissionStateFull003. + * 1.permStateList = {permissionStateFull001} + * 2.permStateList = {permissionStateFull003}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenFuncTest006, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenFuncTest006"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"); + EXPECT_EQ(PERMISSION_DENIED, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + PermissionStateFull permissionStateFull003 = { + .permissionName = "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = { permissionStateFull003 }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER"); + EXPECT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest001 + * @tc.desc: test aclRequestedList does not exist before update and add one after update. + * 1.aclRequestedList = {}. + * 2.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}, Update success. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest002 + * @tc.desc: test aclRequestedList exist before update and remove after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"} + * 2.aclRequestedList = {}, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.aclRequestedList = {}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest003 + * @tc.desc: test permission not available after apl update from APL_SYSTEM_CORE to APL_NORMAL. + * 1.apl = APL_SYSTEM_CORE. + * 2.apl = APL_NORMAL, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.RUN_DYN_CODE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RUN_DYN_CODE"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ACCESS_DDK_USB"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.apl = APL_NORMAL; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest004 + * @tc.desc: Update to a MDM app, system permission is unavailable. + * 1.appDistributionType = "" + * 2.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, Update success + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest004"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM + }; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + // MDM Control not apply, verify result is PERMISSION_GRANTED + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"); + EXPECT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest005 + * @tc.desc: Update to a non-MDM app, MDM permission is unavailable. + * 1.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM, permission is GRANTED. + * 2.appDistributionType ="", Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + infoParams.appDistributionType = APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM; + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.MANAGE_FINGERPRINT_AUTH", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + // MDM Control not apply, verify result is PERMISSION_GRANTED + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MANAGE_FINGERPRINT_AUTH"); + EXPECT_EQ(PERMISSION_GRANTED, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = "" + }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + + HapInfoCheckResult result; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest006 + * @tc.desc: App user_grant permission has not been operated, update with pre-authorization. + * 1.preAuthorizationInfo = {info1}, pre-authorization update success + * 2.GetReqPermissions success. permission is GRANTED. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest006, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest006"); + + HapPolicyParams testPolicyParams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState} + }; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = TestCommon::DEFAULT_API_VERSION; + info.isSystemApp = true; + PreAuthorizationInfo info1 = { + .permissionName = "ohos.permission.CAMERA", + .userCancelable = false + }; + HapPolicyParams testPolicyParams2 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState}, + .preAuthorizationInfo = {info1} + }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2); + ASSERT_EQ(RET_SUCCESS, ret); + std::vector state; + int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); + ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(static_cast(1), state.size()); + ASSERT_EQ("ohos.permission.CAMERA", state[0].permissionName); + EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest007 + * @tc.desc: App user_grant permission has been granted or revoked by user, update with pre-authorization + * 1.user_grant permission1 has been granted. + * 2.user_grant permission2 has been revoked. + * 3.preAuthorizationInfo = {info1, info2}, update pre-authorization success. + * 4.GetReqPermissions success. permission1 is GRANTED, permission2 is DENIED. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest007, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest007"); + + HapPolicyParams testPolicyParams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState} + }; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GrantPermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::RevokePermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + EXPECT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = TestCommon::DEFAULT_API_VERSION; + info.isSystemApp = true; + PreAuthorizationInfo info1 = { + .permissionName = "ohos.permission.CAMERA", + .userCancelable = false + }; + PreAuthorizationInfo info2 = { + .permissionName = "ohos.permission.MICROPHONE", + .userCancelable = false + }; + HapPolicyParams testPolicyParams2 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}, + .preAuthorizationInfo = {info1, info2} + }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2); + ASSERT_EQ(RET_SUCCESS, ret); + std::vector state; + AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); + ASSERT_EQ(static_cast(2), state.size()); + ASSERT_EQ("ohos.permission.CAMERA", state[0].permissionName); + EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(state[0].grantFlags[0], PERMISSION_USER_FIXED); + ASSERT_EQ("ohos.permission.MICROPHONE", state[1].permissionName); + EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED); + EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest008 + * @tc.desc: App user_grant permission has been pre-authorized with userUnCancelable flag, + * update with userCancelable pre-authorization. + * 1.userCancelable = false. + * 2.userCancelable = true, update pre-authorization success, GetReqPermissions success. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest008, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest008"); + + PreAuthorizationInfo info1 = { + .permissionName = "ohos.permission.CAMERA", + .userCancelable = false + }; + PreAuthorizationInfo info2 = { + .permissionName = "ohos.permission.MICROPHONE", + .userCancelable = false + }; + HapPolicyParams testPolicyParams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}, + .preAuthorizationInfo = {info1, info2} + }; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GrantPermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", PERMISSION_USER_FIXED); + EXPECT_NE(RET_SUCCESS, ret); + ret = AccessTokenKit::RevokePermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + EXPECT_NE(RET_SUCCESS, ret); + + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = TestCommon::DEFAULT_API_VERSION; + info.isSystemApp = true; + info1.userCancelable = true; + testPolicyParams1.preAuthorizationInfo = {info1}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1); + ASSERT_EQ(RET_SUCCESS, ret); + std::vector state; + AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); + ASSERT_EQ(static_cast(2), state.size()); + EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(state[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY); + EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED); + EXPECT_EQ(state[1].grantFlags[0], PERMISSION_DEFAULT_FLAG); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest009 + * @tc.desc: App user_grant permission has been pre-authorized with userCancelable flag, + * update with userCancelable pre-authorization. + * 1.userCancelable = true. + * 2.userCancelable = false, update success, GetReqPermissions success. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest009, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest009"); + + PreAuthorizationInfo info1 = { + .permissionName = "ohos.permission.CAMERA", + .userCancelable = true + }; + PreAuthorizationInfo info2 = { + .permissionName = "ohos.permission.MICROPHONE", + .userCancelable = true + }; + HapPolicyParams testPolicyParams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permStateList = {g_infoManagerCameraState, g_infoManagerMicrophoneState}, + .preAuthorizationInfo = {info1, info2} + }; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId); + EXPECT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::RevokePermission( + fullTokenId.tokenIdExStruct.tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + EXPECT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = TestCommon::DEFAULT_API_VERSION; + info.isSystemApp = true; + info1.userCancelable = false; + testPolicyParams1.preAuthorizationInfo = {info1}; + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams1); + ASSERT_EQ(RET_SUCCESS, ret); + std::vector state; + AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); + ASSERT_EQ(static_cast(2), state.size()); + EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); + EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); + EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED); + EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED | PERMISSION_GRANTED_BY_POLICY); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: UpdateHapTokenSpecsTest010 + * @tc.desc: test aclRequestedList exist before update and remove after update. + * 1.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"} + * 2.aclRequestedList = {}, Update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenSpecsTest010"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.ACCESS_DDK_USB", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + policyParams.permStateList = {permissionStateFull001}; + policyParams.aclRequestedList = {"ohos.permission.ACCESS_DDK_USB"}; + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.aclRequestedList = {}; + HapInfoCheckResult result; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ACCESS_DDK_USB"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); + + result.permCheckResult.permissionName = "test"; // invalid Name + result.permCheckResult.rule = static_cast(-1); // invalid reasan + policyParams.aclRequestedList = { "ohos.permission.ACCESS_DDK_USB" }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams, result); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(result.permCheckResult.permissionName, "test"); + ASSERT_EQ(result.permCheckResult.rule, -1); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: UpdateHapTokenAbnormalTest001 + * @tc.desc: test invaild UpdateHapInfoParams.appIDDesc + * 1.appIDDesc is too long + * 2.update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest001"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + + for (int i = 0; i < THIRTY_TIME_CYCLES; i++) { + updateHapInfoParams.appIDDesc += OVER_SIZE_STR; + } + + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: UpdateHapTokenAbnormalTest002 + * @tc.desc: test invaild HapPolicyParams.apl + * 1.apl is invaild. + * 2.update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest002"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = false, + .appDistributionType = infoParams.appDistributionType + }; + policyParams.apl = static_cast(-1); + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + EXPECT_EQ(ERR_PARAM_INVALID, ret); + + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_ENUM_BUTT; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + EXPECT_EQ(ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: UpdateHapTokenAbnormalTest003 + * @tc.desc: test invaild permStateList.permissionName + * 1.permissionName is empty. + * 2.permissionName is invaild. + * 3.update success, GetReqPermissions is empty. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest003"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.test", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.permStateList.emplace_back(permissionStateFull001); + policyParams.permStateList.emplace_back(permissionStateFull002); + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + std::vector reqPermList; + ret = AccessTokenKit::GetReqPermissions(tokenID, reqPermList, false); + EXPECT_TRUE(reqPermList.empty()); +} + +/** + * @tc.name: UpdateHapTokenAbnormalTest004 + * @tc.desc: test invaild aclRequestedList. + * 1.aclRequestedList is empty, update success, virify is DENIED. + * 2.aclRequestedList is invaild, update success, virify is DENIED. + * 3.aclRequestedList is not in permStateList, update success, virify is DENIED. + * 4.aclRequestedList does not support acl, update failed. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest004"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_NORMAL; + AccessTokenIDEx fullTokenId; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId)); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + + PermissionStateFull permissionStateFull001 = { + .permissionName = "ohos.permission.AGENT_REQUIRE_FORM", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permissionStateFull002 = { + .permissionName = "ohos.permission.MANAGE_DEVICE_AUTH_CRED", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + policyParams.aclRequestedList = {""}; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "")); + + policyParams.aclRequestedList = {"ohos.permission.test"}; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test")); + + policyParams.aclRequestedList = {"ohos.permission.AGENT_REQUIRE_FORM"}; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); + EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM")); + + policyParams.permStateList.emplace_back(permissionStateFull002); + policyParams.aclRequestedList.emplace_back("ohos.permission.MANAGE_DEVICE_AUTH_CRED"); + + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams)); +} + +/** + * @tc.name: UpdateHapTokenAbnormalTest005 + * @tc.desc: test invaild preAuthorizationInfo.permissionName + * 1.preAuthorizationInfo.permissionName is empty, update success, virify is DENIED. + * 2.preAuthorizationInfo.permissionName is invaild, update success, virify is DENIED. + * 3.preAuthorizationInfo.permissionName is not in permStateList, update success, virify is DENIED. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenAbnormalTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateHapTokenAbnormalTest005"); + + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + UpdateHapInfoParams updateHapInfoParams = { + .appIDDesc = infoParams.appIDDesc, + .apiVersion = infoParams.apiVersion, + .isSystemApp = infoParams.isSystemApp, + .appDistributionType = infoParams.appDistributionType + }; + PreAuthorizationInfo preAuthorizationInfo; + preAuthorizationInfo.permissionName = ""; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + EXPECT_EQ(RET_SUCCESS, ret); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + EXPECT_EQ(PERMISSION_DENIED, ret); + + preAuthorizationInfo.permissionName = "ohos.permission.test"; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.test"); + EXPECT_EQ(PERMISSION_DENIED, ret); + + preAuthorizationInfo.permissionName = "ohos.permission.AGENT_REQUIRE_FORM"; + policyParams.preAuthorizationInfo = {preAuthorizationInfo}; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateHapInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.AGENT_REQUIRE_FORM"); + EXPECT_EQ(PERMISSION_DENIED, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.h b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.h new file mode 100644 index 0000000000000000000000000000000000000000..a212a4a806b3dae53c5b7ec88547ac8caae33214 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UPDATE_HAP_TOKEN_TEST_H +#define UPDATE_HAP_TOKEN_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class UpdateHapTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // UPDATE_HAP_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ddffa941fdaea958a7a23cf451056a9839de7f52 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.cpp @@ -0,0 +1,542 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_deny_test.h" +#include "accesstoken_kit.h" +#include "access_token_error.h" +#include "token_setproc.h" +#ifdef TOKEN_SYNC_ENABLE +#include "token_sync_kit_interface.h" +#endif + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static AccessTokenIDEx g_testTokenIDEx = {0}; +static int32_t g_selfUid; + +static HapPolicyParams g_PolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", +}; + +static HapInfoParams g_InfoParms = { + .userID = 1, + .bundleName = "ohos.test.bundle", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; + +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + return FAKE_SYNC_RET; + }; +}; +#endif +} +using namespace testing::ext; + +void AccessTokenDenyTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + g_selfUid = getuid(); +} + +void AccessTokenDenyTest::TearDownTestCase() +{ + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + GTEST_LOG_(INFO) << "PermStateChangeCallback, tokenID is " << GetSelfTokenID(); + GTEST_LOG_(INFO) << "PermStateChangeCallback, uid is " << getuid(); +} + +void AccessTokenDenyTest::SetUp() +{ + AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); + + g_testTokenIDEx = AccessTokenKit::GetHapTokenIDEx(g_InfoParms.userID, + g_InfoParms.bundleName, + g_InfoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, g_testTokenIDEx.tokenIDEx); + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx)); + setuid(1234); // 1234: UID +} + +void AccessTokenDenyTest::TearDown() +{ + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + setuid(g_selfUid); +} + +/** + * @tc.name: InitUserPolicy001 + * @tc.desc: InitUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, InitUserPolicy001, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + +/** + * @tc.name: UpdateUserPolicy001 + * @tc.desc: UpdateUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, UpdateUserPolicy001, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + int32_t ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + +/** + * @tc.name: AllocHapToken001 + * @tc.desc: AllocHapToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, AllocHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: InitHapToken001 + * @tc.desc: InitHapToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, InitHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenKit::InitHapToken(g_InfoParms, g_PolicyPrams, tokenIdEx); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: AllocLocalTokenID001 + * @tc.desc: AllocLocalTokenID with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, AllocLocalTokenID001, TestSize.Level1) +{ + std::string remoteDevice = "remote device"; + AccessTokenID tokenId = 123; + AccessTokenID localTokenId = AccessTokenKit::AllocLocalTokenID(remoteDevice, tokenId); + ASSERT_EQ(INVALID_TOKENID, localTokenId); +} + +/** + * @tc.name: UpdateHapToken001 + * @tc.desc: UpdateHapToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, UpdateHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx.tokenIdExStruct.tokenID = 123; + UpdateHapInfoParams info; + info.appIDDesc = "appId desc"; + info.apiVersion = 9; + info.isSystemApp = false; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_PolicyPrams)); +} + +/** + * @tc.name: DeleteToken001 + * @tc.desc: DeleteToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, DeleteToken001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteToken(tokenId)); +} + +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: GetHapTokenID with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetHapTokenID001, TestSize.Level1) +{ + int32_t userID = 0; + std::string bundleName = "test"; + int32_t instIndex = 0; + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenId); +} + +/** + * @tc.name: GetHapTokenInfo001 + * @tc.desc: GetHapTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetHapTokenInfo001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + HapTokenInfo tokenInfo; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo)); +} + +/** + * @tc.name: GetNativeTokenInfo001 + * @tc.desc: GetNativeTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetNativeTokenInfo001, TestSize.Level1) +{ + AccessTokenID tokenId = 805920561; //805920561 is a native tokenId. + NativeTokenInfo tokenInfo; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenInfo(tokenId, tokenInfo)); +} + +/** + * @tc.name: GetPermissionFlag001 + * @tc.desc: GetPermissionFlag with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetPermissionFlag001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + uint32_t flag; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionFlag(tokenId, permission, flag)); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus001 + * @tc.desc: SetPermissionRequestToggleStatus with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, SetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + std::string permission = "ohos.permission.CAMERA"; + + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermissionRequestToggleStatus( + permission, status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus001 + * @tc.desc: GetPermissionRequestToggleStatus with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t status; + std::string permission = "ohos.permission.CAMERA"; + + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionRequestToggleStatus( + permission, status, userID)); +} + +/** + * @tc.name: GrantPermission001 + * @tc.desc: GrantPermission with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GrantPermission001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::GrantPermission(tokenId, permission, PERMISSION_USER_FIXED)); +} + +/** + * @tc.name: RevokePermission001 + * @tc.desc: RevokePermission with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, RevokePermission001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::RevokePermission(tokenId, permission, PERMISSION_USER_FIXED)); +} + +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: ClearUserGrantedPermissionState with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, ClearUserGrantedPermissionState001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ClearUserGrantedPermissionState(tokenId)); +} + +class CbCustomizeTest1 : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest1(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + ~CbCustomizeTest1() {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + } +}; + +/** + * @tc.name: RegisterPermStateChangeCallback001 + * @tc.desc: RegisterPermStateChangeCallback with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, RegisterPermStateChangeCallback001, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr)); +} + +/** + * @tc.name: UnregisterPermStateChangeCallback001 + * @tc.desc: UnRegisterPermStateChangeCallback with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, UnregisterPermStateChangeCallback001, TestSize.Level1) +{ + setuid(g_selfUid); + + PermissionStateFull testState = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + HapPolicyParams policyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {testState} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, policyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr)); + + EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx)); + + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr)); + + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr)); + + setuid(g_selfUid); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: ReloadNativeTokenInfo001 + * @tc.desc: ReloadNativeTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, ReloadNativeTokenInfo001, TestSize.Level1) +{ + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::ReloadNativeTokenInfo()); +} + +/** + * @tc.name: GetNativeTokenId001 + * @tc.desc: Verify the GetNativeTokenId abnormal branch return nullptr proxy. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenDenyTest, GetNativeTokenId001, TestSize.Level1) +{ + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_EQ(INVALID_TOKENID, tokenID); +} + +/** + * @tc.name: DumpTokenInfo001 + * @tc.desc: Verify the DumpTokenInfo abnormal branch return nullptr proxy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, DumpTokenInfo001, TestSize.Level1) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("", dumpInfo); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: GetHapTokenInfoFromRemote001 + * @tc.desc: GetHapTokenInfoFromRemote with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetHapTokenInfoFromRemote001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); +} + +/** + * @tc.name: SetRemoteHapTokenInfo001 + * @tc.desc: SetRemoteHapTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, SetRemoteHapTokenInfo001, TestSize.Level1) +{ + std::string device = "device"; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); +} + +/** + * @tc.name: DeleteRemoteToken001 + * @tc.desc: DeleteRemoteToken with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, DeleteRemoteToken001, TestSize.Level1) +{ + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteToken(device, tokenId)); +} + +/** + * @tc.name: GetRemoteNativeTokenID001 + * @tc.desc: GetRemoteNativeTokenID with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GetRemoteNativeTokenID001, TestSize.Level1) +{ + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId)); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens001 + * @tc.desc: DeleteRemoteDeviceTokens with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, DeleteRemoteDeviceTokens001, TestSize.Level1) +{ + std::string device = "device"; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteDeviceTokens(device)); +} + +HWTEST_F(AccessTokenDenyTest, RegisterTokenSyncCallback001, TestSize.Level1) +{ + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterTokenSyncCallback()); +} +#endif + +/** + * @tc.name: SetPermDialogCap001 + * @tc.desc: SetPermDialogCap with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, SetPermDialogCap001, TestSize.Level1) +{ + HapBaseInfo hapBaseInfo; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDenyTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS + diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.h new file mode 100644 index 0000000000000000000000000000000000000000..09212ef203249e0e6be7d7d1dd2ad345cfc97525 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermDenyTest/accesstoken_deny_test.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_KIT_PERM_TEST_H +#define ACCESSTOKEN_KIT_PERM_TEST_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenDenyTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_KIT_PERM_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..bb184830e179035be8aa91a96ec79405284716d9 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.cpp @@ -0,0 +1,227 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "check_permission_map_test.h" +#include "gtest/gtest.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#include "access_token.h" +#include "cJSON.h" + +#include "permission_def.h" +#include "permission_map.h" + +using namespace testing::ext; +typedef cJSON CJson; +typedef std::unique_ptr> CJsonUnique; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::string DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; +static const std::string SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; +static const std::string USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; +static const std::string PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; +constexpr int32_t MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M +constexpr size_t BUFFER_SIZE = 1024; +constexpr uint32_t ACCESS_TOKEN_UID = 3020; +} + +void CheckPermissionMapTest::SetUpTestCase() +{ +} + +void CheckPermissionMapTest::TearDownTestCase() +{ +} + +void CheckPermissionMapTest::SetUp() +{ +} + +void CheckPermissionMapTest::TearDown() +{ +} + +static int32_t GetPermissionGrantMode(const std::string &mode) +{ + if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { + return AccessToken::GrantMode::SYSTEM_GRANT; + } + return AccessToken::GrantMode::USER_GRANT; +} + +static bool ReadCfgFile(const std::string& file, std::string& rawData) +{ + int32_t selfUid = getuid(); + setuid(ACCESS_TOKEN_UID); + char filePath[PATH_MAX] = {0}; + if (realpath(file.c_str(), filePath) == NULL) { + setuid(selfUid); + return false; + } + int32_t fd = open(filePath, O_RDONLY); + if (fd < 0) { + setuid(selfUid); + return false; + } + struct stat statBuffer; + + if (fstat(fd, &statBuffer) != 0) { + close(fd); + setuid(selfUid); + return false; + } + + if (statBuffer.st_size == 0) { + close(fd); + setuid(selfUid); + return false; + } + if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { + close(fd); + setuid(selfUid); + return false; + } + rawData.reserve(statBuffer.st_size); + + char buff[BUFFER_SIZE] = { 0 }; + ssize_t readLen = 0; + while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { + rawData.append(buff, readLen); + } + close(fd); + setuid(selfUid); + return true; +} + +void FreeJson(CJson* jsonObj) +{ + cJSON_Delete(jsonObj); + jsonObj = nullptr; +} + +CJsonUnique CreateJsonFromString(const std::string& jsonStr) +{ + if (jsonStr.empty()) { + CJsonUnique aPtr(cJSON_CreateObject(), FreeJson); + return aPtr; + } + CJsonUnique aPtr(cJSON_Parse(jsonStr.c_str()), FreeJson); + return aPtr; +} + +static CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsArray(objValue)) { + return objValue; + } + return nullptr; +} + +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out) +{ + if (jsonObj == nullptr || key.empty()) { + return false; + } + + cJSON *jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsString(jsonObjTmp)) { + out = cJSON_GetStringValue(jsonObjTmp); + return true; + } + return false; +} + +static bool GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, + const std::string& type, std::vector& permDefList) +{ + cJSON *permDefObj = GetArrayFromJson(json.get(), type); + if (permDefObj == nullptr) { + return false; + } + CJson *j = nullptr; + cJSON_ArrayForEach(j, permDefObj) { + PermissionDef result; + GetStringFromJson(j, "name", result.permissionName); + std::string grantModeStr = ""; + GetStringFromJson(j, "grantMode", grantModeStr); + result.grantMode = GetPermissionGrantMode(grantModeStr); + permDefList.emplace_back(result); + } + return true; +} + +static bool ParserPermsRawData(const std::string& permsRawData, + std::vector& permDefList) +{ + CJsonUnique jsonRes = CreateJsonFromString(permsRawData); + if (jsonRes == nullptr) { + return false; + } + + bool ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); + if (!ret) { + return false; + } + + return GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); +} + +/** + * @tc.name: CheckPermissionMapFuncTest001 + * @tc.desc: Check if permissions in permission_definitions.json are consistent with g_permMap in permission_map.cpp + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(CheckPermissionMapTest, CheckPermissionMapFuncTest001, TestSize.Level1) +{ + std::string permsRawData; + EXPECT_TRUE(ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData)); + + std::vector permDefList; + EXPECT_TRUE(ParserPermsRawData(permsRawData, permDefList)); + + uint32_t opCode; + for (const auto& perm : permDefList) { + // Check if permissions exist + bool isExsit = TransferPermissionToOpcode(perm.permissionName, opCode); + if (!isExsit) { + GTEST_LOG_(INFO) << "permission name is " << perm.permissionName; + } + EXPECT_TRUE(isExsit); + // Check true-user_grant/false-system_grant + if (perm.grantMode == AccessToken::GrantMode::USER_GRANT) { + EXPECT_TRUE(IsUserGrantPermission(perm.permissionName)); + } else if (perm.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { + EXPECT_FALSE(IsUserGrantPermission(perm.permissionName)); + } + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h new file mode 100644 index 0000000000000000000000000000000000000000..f539a211d5ff1d782c6dee3996d79b4850584013 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/check_permission_map_test.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHECK_PERMISSION_MAP_TEST_H +#define CHECK_PERMISSION_MAP_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" +#include "nocopyable.h" +#include "permission_def.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +struct PermissionDefParseRet { + PermissionDef permDef; + bool isSuccessful = false; +}; +class CheckPermissionMapTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // CHECK_PERMISSION_MAP_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..11e901037793827df485fea8c2cc9bf065219810 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.cpp @@ -0,0 +1,237 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "clear_user_granted__permission_state_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int CYCLE_TIMES = 100; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapInfoParams g_infoManagerTestInfoParmsBak = g_infoManagerTestInfoParms; +}; + +void ClearUserGrantedPermissionStateTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void ClearUserGrantedPermissionStateTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void ClearUserGrantedPermissionStateTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void ClearUserGrantedPermissionStateTest::TearDown() +{ +} + +/** + * @tc.name: ClearUserGrantedPermissionStateFuncTest001 + * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionStateFuncTest002 + * @tc.desc: Clear user/system granted permission after ClearUserGrantedPermissionState has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateFuncTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateFuncTest002"); + + PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableType = MDM + }; + OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState1 = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED}, + .grantFlags = {PERMISSION_GRANTED_BY_POLICY | PERMISSION_DEFAULT_FLAG} + }; + OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState2 = { + .permissionName = "ohos.permission.SEND_MESSAGES", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED}, + .grantFlags = {PERMISSION_GRANTED_BY_POLICY | PERMISSION_USER_FIXED} + }; + OHOS::Security::AccessToken::PermissionStateFull infoManagerTestState3 = { + .permissionName = "ohos.permission.RECEIVE_SMS", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_USER_FIXED} + }; + OHOS::Security::AccessToken::HapPolicyParams infoManagerTestPolicyPrams = { + .apl = OHOS::Security::AccessToken::ATokenAplEnum::APL_NORMAL, + .domain = "test.domain", + .permList = {g_infoManagerTestPermDef1}, + .permStateList = {infoManagerTestState1, infoManagerTestState2, infoManagerTestState3} + }; + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenID); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ClearUserGrantedPermissionState(tokenID)); + + ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false)); + + ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SEND_MESSAGES", false)); + + ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.RECEIVE_SMS", false)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: ClearUserGrantedPermissionStateAbnormalTest001 + * @tc.desc: Clear user/system granted permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::ClearUserGrantedPermissionState(TEST_TOKENID_INVALID); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: ClearUserGrantedPermissionStateSpecTets001 + * @tc.desc: ClearUserGrantedPermissionState is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(ClearUserGrantedPermissionStateTest, ClearUserGrantedPermissionStateSpecTets001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "ClearUserGrantedPermissionStateSpecTets001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + for (int i = 0; i < CYCLE_TIMES; i++) { + int32_t ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.h new file mode 100644 index 0000000000000000000000000000000000000000..82f403b94ebaf658e94ef24749e42746738f94c2 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/clear_user_granted__permission_state_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CLEAR_USER_GRANTED_PERMISSION_STATE_TEST_H +#define CLEAR_USER_GRANTED_PERMISSION_STATE_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class ClearUserGrantedPermissionStateTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // CLEAR_USER_GRANTED_PERMISSION_STATE_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..927de028f11451060e43c2c202e68bb51dc0cd00 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -0,0 +1,497 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_permission_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int INVALID_PERMNAME_LEN = 260; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int CYCLE_TIMES = 100; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +} + +void GetPermissionTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GetPermissionTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetPermissionTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetPermissionTest::TearDown() +{ +} + +/** + * @tc.name: GetPermissionUsedTypeAbnormalTest001 + * @tc.desc: Get hap permission visit type return invalid. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetPermissionUsedTypeAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeAbnormalTest001"); + + std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; + + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(g_selfTokenId, accessBluetooth)); + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenID); + + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(0, accessBluetooth)); + + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER")); + + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.xxxxx")); + + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetPermissionUsedTypeFuncTest001 + * @tc.desc: Different grant permission modes get different visit type. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetPermissionUsedTypeFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionUsedTypeFuncTest001"); + + std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; + std::string sendMessages = "ohos.permission.SEND_MESSAGES"; + std::string writeCalendar = "ohos.permission.WRITE_CALENDAR"; + PermissionStateFull testState1 = { + .permissionName = accessBluetooth, + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_COMPONENT_SET} + }; + PermissionStateFull testState2 = { + .permissionName = sendMessages, + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + PermissionStateFull testState3 = { + .permissionName = writeCalendar, + .isGeneral = false, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} + }; + HapPolicyParams testPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permStateList = {testState1, testState2, testState3} + }; + AccessTokenID tokenID = TestCommon::AllocTestToken(g_infoManagerTestInfoParms, testPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenID); + + EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); + + EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, sendMessages)); + + int32_t selfUid = getuid(); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + setuid(1); + EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, + AccessTokenKit::GetPermissionUsedType(tokenID, writeCalendar)); + setuid(selfUid); + ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); +} + +/** + * @tc.name: GetDefPermissionFuncTest001 + * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionFuncTest001"); + + PermissionDef permDefResultAlpha; + int ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); + + PermissionDef permDefResultBeta; + ret = AccessTokenKit::GetDefPermission("ohos.permission.BETA", permDefResultBeta); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("ohos.permission.BETA", permDefResultBeta.permissionName); +} + +/** + * @tc.name: GetDefPermissionAbnormalTest001 + * @tc.desc: Get permission definition info that permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionAbnormalTest001"); + + PermissionDef permDefResult; + int ret = AccessTokenKit::GetDefPermission("ohos.permission.GAMMA", permDefResult); + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::GetDefPermission("", permDefResult); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GetDefPermission(invalidPerm, permDefResult); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: GetDefPermissionSpecTest001 + * @tc.desc: GetDefPermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionSpecTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionSpecTest001"); + + for (int j = 0; j < CYCLE_TIMES; j++) { + PermissionDef permDefResultAlpha; + int32_t ret = AccessTokenKit::GetDefPermission("ohos.permission.ALPHA", permDefResultAlpha); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("ohos.permission.ALPHA", permDefResultAlpha.permissionName); + } +} + +/** + * @tc.name: GetDefPermissionsFuncTest001 + * @tc.desc: Get permission definition info list after AllocHapToken function has been invoked. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionsFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + std::vector permDefList; + int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(2), permDefList.size()); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: GetDefPermissionsFuncTest002 + * @tc.desc: Get permission definition info list after clear permission definition list + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionsFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsFuncTest002"); + + HapPolicyParams testPolicyPrams = g_infoManagerTestPolicyPrams; + testPolicyPrams.permList.clear(); + AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, testPolicyPrams); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + + std::vector permDefList; + int ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(0), permDefList.size()); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: GetDefPermissionsAbnormalTest001 + * @tc.desc: Get permission definition info list that tokenID is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionsAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsAbnormalTest001"); + + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenId); + int ret = AccessTokenKit::DeleteToken(tokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permDefList; + ret = AccessTokenKit::GetDefPermissions(TEST_TOKENID_INVALID, permDefList); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); +} + +/** + * @tc.name: GetDefPermissionsSpecTest001 + * @tc.desc: GetDefPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetDefPermissionsSpecTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetDefPermissionsSpecTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + for (int i = 0; i < CYCLE_TIMES; i++) { + std::vector permDefList; + int32_t ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(2), permDefList.size()); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetReqPermissionsFuncTest001 + * @tc.desc: Get user granted permission state info. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + std::vector permStatList; + int res = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(static_cast(1), permStatList.size()); + ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName); + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(res, permStatList[0].grantStatus[0]); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetReqPermissionsFuncTest002 + * @tc.desc: Get system granted permission state info. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest002"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + std::vector permStatList; + int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(1), permStatList.size()); + ASSERT_EQ("ohos.permission.SET_WIFI_INFO", permStatList[0].permissionName); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(ret, permStatList[0].grantStatus[0]); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetReqPermissionsFuncTest003 + * @tc.desc: Get user granted permission state info after clear request permission list. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetReqPermissionsFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsFuncTest003"); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + HapTokenInfo hapInfo; + int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + policy.permStateList.clear(); + UpdateHapInfoParams info; + info.appIDDesc = g_infoManagerTestInfoParms.appIDDesc; + info.apiVersion = DEFAULT_API_VERSION; + info.isSystemApp = false; + ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatUserList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatUserList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(0), permStatUserList.size()); + + std::vector permStatSystemList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatSystemList, true); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(0), permStatSystemList.size()); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetReqPermissionsAbnormalTest001 + * @tc.desc: Get permission state info list that tokenID is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetReqPermissionsAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + std::vector permStatList; + int ret = AccessTokenKit::GetReqPermissions(TEST_TOKENID_INVALID, permStatList, false); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + AccessTokenKit::DeleteToken(tokenID); + + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret); + ASSERT_EQ(static_cast(0), permStatList.size()); +} + +/** + * @tc.name: GetReqPermissionsSpecTest001 + * @tc.desc: GetReqPermissions is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetPermissionTest, GetReqPermissionsSpecTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetReqPermissionsSpecTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + for (int i = 0; i < CYCLE_TIMES; i++) { + std::vector permStatList; + int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(static_cast(1), permStatList.size()); + ASSERT_EQ("ohos.permission.MICROPHONE", permStatList[0].permissionName); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetPermissionManagerInfoFuncTest001 + * @tc.desc: + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetPermissionManagerInfoFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetPermissionManagerInfoFuncTest001"); + + PermissionGrantInfo info; + AccessTokenKit::GetPermissionManagerInfo(info); + ASSERT_EQ(false, info.grantBundleName.empty()); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.h new file mode 100644 index 0000000000000000000000000000000000000000..22d31ca9f70cab1755d0f5e03460281833a10c05 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_PERMISSION_TEST_H +#define GET_PERMISSION_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetPermissionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_PERMISSION_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1cd1e84ba1c4b384255b980259321180c3197703 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.cpp @@ -0,0 +1,264 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "grant_permission_for_specified_time_test.h" +#include "accesstoken_kit.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "test_common.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const int32_t INDEX_ZERO = 0; +static AccessTokenID g_selfTokenId = 0; +static int32_t g_selfUid; +static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; +static PermissionStateFull g_permiState = { + .permissionName = SHORT_TEMP_PERMISSION, + .isGeneral = true, + .resDeviceID = {"localC"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +static HapPolicyParams g_policyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permStateList = {g_permiState} +}; + +static HapInfoParams g_infoParms = { + .userID = 1, + .bundleName = "GrantPermissionForSpecifiedTimeTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +} + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // 1: array size + perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC"; + + tokenID = TestCommon::GetNativeToken("GrantPermissionForSpecifiedTimeTest", perms, 1); // 1: array size + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; +} + +using namespace testing::ext; + +void GrantPermissionForSpecifiedTimeTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + g_selfUid = getuid(); + + NativeTokenGet(); +} + +void GrantPermissionForSpecifiedTimeTest::TearDownTestCase() +{ + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); +} + +void GrantPermissionForSpecifiedTimeTest::SetUp() +{ + setuid(0); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::AllocHapToken(g_infoParms, g_policyPrams); +} + +void GrantPermissionForSpecifiedTimeTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest001 + * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest001"); + AccessTokenID tokenId = INVALID_TOKENID; + uint32_t onceTime = 0; + + /* 0 is invalid token id */ + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime)); + + tokenId = 123; + /* 0 is invalid permissionName length */ + const std::string invalidPerm1 = ""; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime)); + + /* 256 is invalid permissionName length */ + const std::string invalidPerm2 (257, 'x'); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime)); + + /* 0 is invalid time */ + uint32_t invalidOnceTime1 = 0; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1)); + + /* 301 is invalid time */ + uint32_t invalidOnceTime2 = 301; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest002 + * @tc.desc: permission is not request. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest002"); + HapPolicyParams policyPrams = g_policyPrams; + HapInfoParams infoParms = g_infoParms; + policyPrams.permStateList.clear(); + + AccessTokenKit::AllocHapToken(infoParms, policyPrams); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(infoParms.userID, + infoParms.bundleName, + infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest003 + * @tc.desc: test unsupport permission. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest003"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + std::string permission = "ohos.permission.CAMERA"; + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeAbnormalTest004 + * @tc.desc: GrantPermissionForSpecifiedTime with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeAbnormalTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeAbnormalTest004"); + setuid(1234); + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); + setuid(g_selfUid); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest001 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after onceTime is reached. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest001"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 2; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(onceTime); + + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTimeSpecsTest002 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. onceTime is update when GrantPermissionForSpecifiedTime is called twice. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(GrantPermissionForSpecifiedTimeTest, GrantPermissionForSpecifiedTimeSpecsTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionForSpecifiedTimeSpecsTest002"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 3; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + sleep(onceTime - 1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // update onceTime + onceTime = 5; + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + // first onceTime is reached, permission is not revoked + sleep(1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // second onceTime is reached, permission is revoked + sleep(onceTime); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.h new file mode 100644 index 0000000000000000000000000000000000000000..1412938d692f8f3abc15e9e90f7dbefa502868d8 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_for_specified_time_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GRANT_PERMISSION_FOR_SPECIFIED_TIME_TEST_H +#define GRANT_PERMISSION_FOR_SPECIFIED_TIME_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GrantPermissionForSpecifiedTimeTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GRANT_PERMISSION_FOR_SPECIFIED_TIME_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..cfe154f4e6d745f77f0c76dbbc0ee5cd5e506d20 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.cpp @@ -0,0 +1,271 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "grant_permission_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int INVALID_PERMNAME_LEN = 260; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int CYCLE_TIMES = 100; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +}; + +void GrantPermissionTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void GrantPermissionTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GrantPermissionTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GrantPermissionTest::TearDown() +{ +} + +/** + * @tc.name: GrantPermissionFuncTest001 + * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantPermissionTest, GrantPermissionFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GrantPermissionAbnormalTest001 + * @tc.desc: Grant permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantPermissionTest, GrantPermissionAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GAMMA", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::GrantPermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::GrantPermission(TEST_TOKENID_INVALID, "ohos.permission.BETA", PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.BETA", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret); +} + +/** + * @tc.name: GrantPermissionAbnormalTest002 + * @tc.desc: GrantPermission function abnormal branch + * @tc.type: FUNC + * @tc.require:Issue I5RJBB + */ +HWTEST_F(GrantPermissionTest, GrantPermissionAbnormalTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionAbnormalTest002"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int32_t invalidFlag = -1; + int32_t ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", invalidFlag); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GrantPermissionSpecsTest001 + * @tc.desc: GrantPermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t flag; + for (int i = 0; i < CYCLE_TIMES; i++) { + int32_t ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(PERMISSION_USER_FIXED, flag); + ASSERT_EQ(RET_SUCCESS, ret); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GrantPermissionSpecsTest002 + * @tc.desc: GrantPermission caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest002"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GrantPermissionSpecsTest003 + * @tc.desc: GrantPermission caller is system app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(GrantPermissionTest, GrantPermissionSpecsTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GrantPermissionSpecsTest003"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.h new file mode 100644 index 0000000000000000000000000000000000000000..d8889961e126ab5cfd52e26fc5ee34b2d5ab8526 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/grant_permission_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GRANT_PERMISSION_TEST_H +#define GRANT_PERMISSION_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GrantPermissionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GRANT_PERMISSION_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..edbf36f60e5a053f800c35bf4a1b0e82c0f0790f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.cpp @@ -0,0 +1,298 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "revoke_permission_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int INVALID_PERMNAME_LEN = 260; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int CYCLE_TIMES = 100; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +}; + +void RevokePermissionTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void RevokePermissionTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void RevokePermissionTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void RevokePermissionTest::TearDown() +{ +} + +/** + * @tc.name: RevokePermissionFuncTest001 + * @tc.desc: Revoke permission that has ohos.permission.REVOKE_SENSITIVE_PERMISSIONS + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RevokePermissionTest, RevokePermissionFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionFuncTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RevokePermissionAbnormalTest001 + * @tc.desc: Revoke permission that tokenID is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GAMMA", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RevokePermissionAbnormalTest002 + * @tc.desc: Revoke permission that permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest002"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::RevokePermission(tokenID, "", PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::RevokePermission(tokenID, invalidPerm, PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::RevokePermission(TEST_TOKENID_INVALID, "ohos.permission.BETA", PERMISSION_USER_FIXED); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.BETA", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, ret); +} + +/** + * @tc.name: RevokePermissionAbnormalTest003 + * @tc.desc: Revoke permission that flag is invalid. + * @tc.type: FUNC + * @tc.require:Issue I5RJBB + */ +HWTEST_F(RevokePermissionTest, RevokePermissionAbnormalTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionAbnormalTest003"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int invalidFlag = -1; + int32_t ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", invalidFlag); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: RevokePermissionSpecsTest001 + * @tc.desc: RevokePermission is invoked multiple times. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest001"); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t flag; + for (int i = 0; i < CYCLE_TIMES; i++) { + int32_t ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.MICROPHONE", flag); + ASSERT_EQ(PERMISSION_USER_FIXED, flag); + ASSERT_EQ(RET_SUCCESS, ret); + } + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: RevokePermissionSpecsTest002 + * @tc.desc: Revoke permission caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest002"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RevokePermissionSpecsTest003 + * @tc.desc: Revoke permission caller is system app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(RevokePermissionTest, RevokePermissionSpecsTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RevokePermissionSpecsTest003"); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.h new file mode 100644 index 0000000000000000000000000000000000000000..99e92b1e18b5deadd4f20ab723c2e6e36b386f73 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/revoke_permission_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef REVOKE_PERMISSION_TEST_H +#define REVOKE_PERMISSION_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class RevokePermissionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // REVOKE_PERMISSION_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..37bb41c59f4518391165c253e88a2a9d7ce882be --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.cpp @@ -0,0 +1,348 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "verify_access_token_test.h" +#include "gtest/gtest.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int INVALID_PERMNAME_LEN = 260; +static const unsigned int TEST_TOKENID_INVALID = 0; +static const int TEST_USER_ID = 0; +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +}; + +void VerifyAccessTokenTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, + TestCommon::GetTestPolicyParams()); + SetSelfTokenID(tokenIdEx.tokenIDEx); +} + +void VerifyAccessTokenTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void VerifyAccessTokenTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = DEFAULT_API_VERSION + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void VerifyAccessTokenTest::TearDown() +{ +} + +/** + * @tc.name: VerifyAccessTokenFuncTest001 + * @tc.desc: Verify user granted permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenFuncTest001"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessTokenFuncTest002 + * @tc.desc: Verify system granted permission. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenFuncTest002, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenFuncTest002"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessTokenFuncTest003 + * @tc.desc: Verify permission after update. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenFuncTest003, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenFuncTest003"); + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + HapTokenInfo hapInfo; + ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapInfo); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permDefList; + ret = AccessTokenKit::GetDefPermissions(tokenID, permDefList); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permStatList; + ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); + ASSERT_EQ(RET_SUCCESS, ret); + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain", + .permList = permDefList, + .permStateList = permStatList + }; + UpdateHapInfoParams info; + info.appIDDesc = "appIDDesc"; + info.apiVersion = DEFAULT_API_VERSION; + info.isSystemApp = false; + ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); + ASSERT_EQ(RET_SUCCESS, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE", false); + ASSERT_EQ(PERMISSION_GRANTED, ret); +} + +/** + * @tc.name: VerifyAccessTokenAbnormalTest001 + * @tc.desc: Verify permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenAbnormalTest001"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GAMMA", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenKit::VerifyAccessToken(tokenID, ""); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenKit::VerifyAccessToken(tokenID, "", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm, false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, "ohos.permission.SET_WIFI_INFO"); + ASSERT_EQ(PERMISSION_DENIED, ret); + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(PERMISSION_DENIED, ret); + + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO"); + ASSERT_EQ(PERMISSION_DENIED, ret); + AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.SET_WIFI_INFO", false); + ASSERT_EQ(PERMISSION_DENIED, ret); +} + +/** + * @tc.name: VerifyAccessTokenWithListFuncTest001 + * @tc.desc: Verify permission with list. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenWithListFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenWithListFuncTest001"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permissionList; + permissionList.emplace_back("ohos.permission.MICROPHONE"); + permissionList.emplace_back("ohos.permission.SET_WIFI_INFO"); + + std::vector permStateList; + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + for (int i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]); + } + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true); + for (int i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]); + } + + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.SET_WIFI_INFO", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + for (int i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_DENIED, permStateList[i]); + } + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true); + for (int i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_DENIED, permStateList[i]); + } +} + +/** + * @tc.name: VerifyAccessTokenWithListAbnormalTest001 + * @tc.desc: Verify permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(VerifyAccessTokenTest, VerifyAccessTokenWithListAbnormalTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "VerifyAccessTokenWithListAbnormalTest001"); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + std::vector permissionList; + permissionList.emplace_back("ohos.permission.GAMMA"); + std::vector permStateList; + int ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + permissionList.clear(); + permissionList.emplace_back(""); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + permissionList.clear(); + permissionList.emplace_back(invalidPerm); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + permissionList.clear(); + permissionList.emplace_back("ohos.permission.MICROPHONE"); + permissionList.emplace_back("ohos.permission.SET_WIFI_INFO"); + permissionList.emplace_back(invalidPerm); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + ASSERT_EQ(PERMISSION_DENIED, permStateList[1]); + ASSERT_EQ(PERMISSION_DENIED, permStateList[2]); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.h new file mode 100644 index 0000000000000000000000000000000000000000..7d94711e84455b159d62f1e02bb3d1db9f345ad4 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/verify_access_token_test.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef VERIFY_ACCESS_TOKEN_TEST_H +#define VERIFY_ACCESS_TOKEN_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class VerifyAccessTokenTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // VERIFY_ACCESS_TOKEN_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a808101e03dd252c18b6c171b797b074dcb9c995 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp @@ -0,0 +1,629 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_mock_test.h" +#include +#include "access_token_error.h" +#include "permission_grant_info.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DEFAULT_API_VERSION = 8; +HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "test1", + .apiVersion = DEFAULT_API_VERSION +}; +HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", +}; +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + return FAKE_SYNC_RET; + }; +}; +#endif +} +void AccessTokenMockTest::SetUpTestCase() +{ +} + +void AccessTokenMockTest::TearDownTestCase() +{ +} + +void AccessTokenMockTest::SetUp() +{ +} + +void AccessTokenMockTest::TearDown() +{ +} + +/** + * @tc.name: InitHapToken001 + * @tc.desc: InitHapToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, InitHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenKit::InitHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(ret, AccessTokenError::ERR_SERVICE_ABNORMAL); +} + +/** + * @tc.name: AllocHapToken001 + * @tc.desc: AllocHapToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, AllocHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: AllocLocalTokenID001 + * @tc.desc: AllocLocalTokenID with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, AllocLocalTokenID001, TestSize.Level1) +{ + std::string remoteDevice = "remote device"; + AccessTokenID tokenId = 123; + AccessTokenID localTokenId = AccessTokenKit::AllocLocalTokenID(remoteDevice, tokenId); + ASSERT_EQ(INVALID_TOKENID, localTokenId); +} + +/** + * @tc.name: UpdateHapToken001 + * @tc.desc: UpdateHapToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, UpdateHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx.tokenIdExStruct.tokenID = 123; + UpdateHapInfoParams info; + info.appIDDesc = "appId desc"; + info.apiVersion = 9; + info.isSystemApp = false; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::UpdateHapToken(tokenIdEx, info, g_infoManagerTestPolicyPrams)); +} + +/** + * @tc.name: DeleteToken001 + * @tc.desc: DeleteToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, DeleteToken001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DeleteToken(tokenId)); +} + +/** + * @tc.name: GetTokenType001 + * @tc.desc: GetTokenType with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetTokenType001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(TOKEN_INVALID, AccessTokenKit::GetTokenType(tokenId)); +} + +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: GetHapTokenID with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetHapTokenID001, TestSize.Level1) +{ + int32_t userID = 0; + std::string bundleName = "test"; + int32_t instIndex = 0; + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenId); +} + +/** + * @tc.name: GetHapTokenID001 + * @tc.desc: GetHapTokenIDEx with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetHapTokenIDEx001, TestSize.Level1) +{ + int32_t userID = 0; + std::string bundleName = "test"; + int32_t instIndex = 0; + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); +} + +/** + * @tc.name: GetHapTokenInfo001 + * @tc.desc: GetHapTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetHapTokenInfo001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + HapTokenInfo tokenInfo; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo)); +} + +/** + * @tc.name: GetNativeTokenInfo001 + * @tc.desc: GetNativeTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetNativeTokenInfo001, TestSize.Level1) +{ + AccessTokenID tokenId = 805920561; //805920561 is a native tokenId. + NativeTokenInfo tokenInfo; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetNativeTokenInfo(tokenId, tokenInfo)); +} + +/** + * @tc.name: VerifyAccessToken001 + * @tc.desc: VerifyAccessToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, VerifyAccessToken001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenId, permission)); + ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenId, permission, true)); +} + +/** + * @tc.name: VerifyAccessToken002 + * @tc.desc: VerifyAccessToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, VerifyAccessToken002, TestSize.Level1) +{ + AccessTokenID callerTokenID = 123; + AccessTokenID firstTokenID = 456; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(callerTokenID, firstTokenID, permission)); + ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(callerTokenID, firstTokenID, permission, true)); +} + +/** + * @tc.name: VerifyAccessTokenWithList001 + * @tc.desc: VerifyAccessTokenWithList with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, VerifyAccessTokenWithList001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permissionList = {"ohos.permission.CAMERA"}; + std::vector permStateList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::VerifyAccessToken(tokenId, permissionList, permStateList, true)); + + permStateList.clear(); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::VerifyAccessToken(tokenId, permissionList, permStateList, false)); +} + +/** + * @tc.name: GetDefPermission001 + * @tc.desc: GetDefPermission with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetDefPermission001, TestSize.Level1) +{ + std::string permission = "ohos.permission.CAMERA"; + PermissionDef def; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetDefPermission(permission, def)); +} + +/** + * @tc.name: GetDefPermissions001 + * @tc.desc: GetDefPermissions with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetDefPermissions001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetDefPermissions(tokenId, permList)); +} + +/** + * @tc.name: GetReqPermissions001 + * @tc.desc: GetReqPermissions with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetReqPermissions001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetReqPermissions(tokenId, permList, false)); +} + +/** + * @tc.name: GetTokenIDByUserID001 + * @tc.desc: GetTokenIDByUserID with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetTokenIDByUserID001, TestSize.Level1) +{ + int32_t userID = 1; + std::unordered_set tokenIdList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList)); +} + +/** + * @tc.name: GetPermissionFlag001 + * @tc.desc: GetPermissionFlag with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetPermissionFlag001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + uint32_t flag; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetPermissionFlag(tokenId, permission, flag)); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus001 + * @tc.desc: SetPermissionRequestToggleStatus with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, SetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = 123; + std::string permission = "ohos.permission.CAMERA"; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetPermissionRequestToggleStatus(permission, + status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus001 + * @tc.desc: GetPermissionRequestToggleStatus with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = 123; + std::string permission = "ohos.permission.CAMERA"; + uint32_t status; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetPermissionRequestToggleStatus(permission, + status, userID)); +} + +/** + * @tc.name: GetSelfPermissionsState001 + * @tc.desc: GetSelfPermissionsState with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetSelfPermissionsState001, TestSize.Level1) +{ + std::vector permList; + PermissionGrantInfo info; + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permList, info)); +} + +/** + * @tc.name: GetPermissionsStatus001 + * @tc.desc: GetPermissionsStatus with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetPermissionsStatus001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permsList; + PermissionListState perm = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + permsList.emplace_back(perm); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GetPermissionsStatus(tokenId, permsList)); +} + +/** + * @tc.name: GrantPermission001 + * @tc.desc: GrantPermission with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GrantPermission001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GrantPermission(tokenId, permission, PERMISSION_USER_FIXED)); +} + +/** + * @tc.name: RevokePermission001 + * @tc.desc: RevokePermission with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, RevokePermission001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "ohos.permission.CAMERA"; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::RevokePermission(tokenId, permission, PERMISSION_USER_FIXED)); +} + +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: ClearUserGrantedPermissionState with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, ClearUserGrantedPermissionState001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::ClearUserGrantedPermissionState(tokenId)); +} + +class CbCustomizeTest : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + ~CbCustomizeTest() {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + } +}; + +/** + * @tc.name: RegisterPermStateChangeCallback001 + * @tc.desc: RegisterPermStateChangeCallback with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, RegisterPermStateChangeCallback001, TestSize.Level1) +{ + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr)); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr)); +} + +/** + * @tc.name: ReloadNativeTokenInfo001 + * @tc.desc: ReloadNativeTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, ReloadNativeTokenInfo001, TestSize.Level1) +{ + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::ReloadNativeTokenInfo()); +} + +/** + * @tc.name: GetNativeTokenId001 + * @tc.desc: Verify the GetNativeTokenId abnormal branch return nullptr proxy. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenMockTest, GetNativeTokenId001, TestSize.Level1) +{ + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_EQ(INVALID_TOKENID, tokenID); +} + +#ifdef TOKEN_SYNC_ENABLE +/** + * @tc.name: GetHapTokenInfoFromRemote001 + * @tc.desc: GetHapTokenInfoFromRemote with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetHapTokenInfoFromRemote001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); +} + +/** + * @tc.name: SetRemoteHapTokenInfo001 + * @tc.desc: SetRemoteHapTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, SetRemoteHapTokenInfo001, TestSize.Level1) +{ + std::string device = "device"; + HapTokenInfoForSync hapSync; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); +} + +/** + * @tc.name: DeleteRemoteToken001 + * @tc.desc: DeleteRemoteToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, DeleteRemoteToken001, TestSize.Level1) +{ + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DeleteRemoteToken(device, tokenId)); +} + +/** + * @tc.name: GetRemoteNativeTokenID001 + * @tc.desc: GetRemoteNativeTokenID with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetRemoteNativeTokenID001, TestSize.Level1) +{ + std::string device = "device"; + AccessTokenID tokenId = 123; + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId)); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens001 + * @tc.desc: DeleteRemoteDeviceTokens with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, DeleteRemoteDeviceTokens001, TestSize.Level1) +{ + std::string device = "device"; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DeleteRemoteDeviceTokens(device)); +} + +/** + * @tc.name: RegisterTokenSyncCallback001 + * @tc.desc: RegisterTokenSyncCallback with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, RegisterTokenSyncCallback001, TestSize.Level1) +{ + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::UnRegisterTokenSyncCallback()); +} +#endif + +/** + * @tc.name: DumpTokenInfo001 + * @tc.desc: DumpTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, DumpTokenInfo001, TestSize.Level1) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("", dumpInfo); +} + +/** + * @tc.name: SetPermDialogCap001 + * @tc.desc: SetPermDialogCap with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, SetPermDialogCap001, TestSize.Level1) +{ + HapBaseInfo hapBaseInfo; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); +} + +/** + * @tc.name: GetPermissionManagerInfo001 + * @tc.desc: GetPermissionManagerInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GetPermissionManagerInfo001, TestSize.Level1) +{ + PermissionGrantInfo info; + AccessTokenKit::GetPermissionManagerInfo(info); + ASSERT_EQ(true, info.grantBundleName.empty()); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); +} + +/** + * @tc.name: RequestAppPermOnSettingTest001 + * @tc.desc: RequestAppPermOnSetting with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenMockTest, RequestAppPermOnSettingTest001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RequestAppPermOnSetting(tokenId)); +} +} // namespace AccessToken +} // namespace Security +} diff --git a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_death_recipient.h b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.h similarity index 56% rename from services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_death_recipient.h rename to interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.h index f88ac5bb173dad9c15e823245148f5489d6e19f6..fa9d90aae4713096d5d5c066c5765f77c2574138 100644 --- a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_death_recipient.h +++ b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,23 +13,29 @@ * limitations under the License. */ +#ifndef TOKENSYNC_MOCK_TEST_H +#define TOKENSYNC_MOCK_TEST_H -#ifndef AUDIO_MGR_DEATH_RECIPIENT_H -#define AUDIO_MGR_DEATH_RECIPIENT_H +#include -#include "iremote_object.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "iservice_registry.h" namespace OHOS { namespace Security { namespace AccessToken { -class AudioMgrDeathRecipient : public IRemoteObject::DeathRecipient { +class AccessTokenMockTest : public testing::Test { public: - AudioMgrDeathRecipient() {} - virtual ~AudioMgrDeathRecipient() override = default; - void OnRemoteDied(const wptr& object) override; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // AUDIO_MGR_DEATH_RECIPIENT_H + static void SetUpTestCase(); + + static void TearDownTestCase(); + void SetUp(); + + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // TOKENSYNC_MOCK_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9d19b349de273aabbd256ec8da5bc855b6917f89 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.cpp @@ -0,0 +1,854 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "register_perm_state_change_callback_test.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "hap_token_info.h" +#include "nativetoken_kit.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "tokenid_kit.h" +#include "token_setproc.h" +#include "accesstoken_manager_client.h" +#include "test_common.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; + +HapInfoParams g_locationTestInfo = { + .userID = TEST_USER_ID, + .bundleName = "accesstoken_location_test", + .instIndex = 0, + .appIDDesc = "test2" +}; + +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapInfoParams g_infoManagerTestInfoParms = TestCommon::GetInfoManagerTestInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); + +HapInfoParams g_infoManagerTestInfoParmsBak = g_infoManagerTestInfoParms; +HapPolicyParams g_infoManagerTestPolicyPramsBak = g_infoManagerTestPolicyPrams; + +uint64_t g_selfShellTokenId; +} + +void RegisterPermStateChangeCallbackTest::SetUpTestCase() +{ + g_selfShellTokenId = GetSelfTokenID(); + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + + TestCommon::GetNativeTokenTest(); +} + +void RegisterPermStateChangeCallbackTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfShellTokenId); +} + +void RegisterPermStateChangeCallbackTest::SetUp() +{ + setuid(0); + selfTokenId_ = GetSelfTokenID(); + g_infoManagerTestInfoParms = g_infoManagerTestInfoParmsBak; + g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak; + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8, + .isSystemApp = true + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, + g_infoManagerTestInfoParms.bundleName, + g_infoManagerTestInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); +} + +void RegisterPermStateChangeCallbackTest::TearDown() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); +} + +void RegisterPermStateChangeCallbackTest::AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "accesstoken_location_test", 0); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = g_locationTestInfo; + info.apiVersion = apiVersion; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + for (auto& permissionDef:permissionDefs) { + policy.permList.emplace_back(permissionDef); + } + + for (auto& permissionStateFull:permissionStateFulls) { + policy.permStateList.emplace_back(permissionStateFull); + } + + AccessTokenKit::AllocHapToken(info, policy); +} + +class CbCustomizeTest : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + + ~CbCustomizeTest() + {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + ready_ = true; + int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED; + ASSERT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName)); + } + + bool ready_; +}; + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest001 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest002 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest002"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams2 = { + .apl = APL_SYSTEM_BASIC, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams2); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest003 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest003"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams3 = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams3); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + callbackPtr->ready_ = false; + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); + ASSERT_EQ(PERMISSION_DENIED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest004 + * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest004"); + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams5 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams5); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID, 0}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_DENIED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(RET_SUCCESS, res); + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest005 + * @tc.desc: RegisterPermStateChangeCallback caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest005, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest005"); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackFuncTest006 + * @tc.desc: RegisterPermStateChangeCallback caller is system app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackFuncTest006, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackFuncTest006"); + static HapPolicyParams policyPrams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain", + }; + PermissionStateFull g_getPermissionReq = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + policyPrams.permStateList.emplace_back(g_getPermissionReq); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, policyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + + +/** + * @tc.name: RegisterPermStateChangeCallbackAbnormalTest001 + * @tc.desc: RegisterPermStateChangeCallback with invalid tokenId + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackAbnormalTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {555555}; // 555555为模拟的tokenid + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1}, + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams4 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams4); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); + ASSERT_EQ(PERMISSION_DENIED, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); + ASSERT_EQ(PERMISSION_GRANTED, res); + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackAbnormalTest002 + * @tc.desc: RegisterPermStateChangeCallback with invaild permission + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackAbnormalTest002"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.INVALID"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr1 = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + static PermissionStateFull infoManagerTestState = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams6 = { + .apl = APL_SYSTEM_BASIC, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestState} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams6); + + scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; + scopeInfo.permList = {"ohos.permission.INVALID", "ohos.permission.CAMERA"}; + auto callbackPtr = std::make_shared(scopeInfo); + res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackAbnormalTest003 + * @tc.desc: RegisterPermStateChangeCallback with nullptr + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackAbnormalTest003"); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(nullptr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackSpecTest001 + * @tc.desc: RegisterPermStateChangeCallback with permList, whose size is 1024/1025 + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackSpecTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackSpecTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + for (int32_t i = 1; i <= 1025; i++) { // 1025 is a invalid size + scopeInfo.permList.emplace_back("ohos.permission.GET_BUNDLE_INFO"); + if (i == 1025) { // 1025 is a invalid size + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + break; + } + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + } +} + +/** + * @tc.name: RegisterPermStateChangeCallbackSpecTest002 + * @tc.desc: RegisterPermStateChangeCallback with tokenList, whose size is 1024/1025 + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackSpecTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackSpecTest002"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + static HapPolicyParams infoManagerTestPolicyPrams8 = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams8); + + for (int32_t i = 1; i <= 1025; i++) { // 1025 is a invalid size + scopeInfo.tokenIDs.emplace_back(tokenIdEx.tokenIdExStruct.tokenID); + if (i == 1025) { // 1025 is a invalid size + auto callbackPtr1 = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + break; + } + auto callbackPtr1 = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(RET_SUCCESS, res); + } + + int32_t res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackSpecTest003 + * @tc.desc: RegisterPermStateChangeCallback + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackSpecTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackSpecTest003"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + std::vector> callbackList; + + for (int32_t i = 0; i < 200; i++) { // 200 is the max size + if (i == 200) { // 200 is the max size + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION, res); + break; + } + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + callbackList.emplace_back(callbackPtr); + } + for (int32_t i = 0; i < 200; i++) { // release 200 callback + auto callbackPtr = callbackList[i]; + int32_t res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + } + callbackList.clear(); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackSpecTest004 + * @tc.desc: ClearUserGrantedPermissionState notify. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackSpecTest004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackSpecTest004"); + PermStateChangeScope scopeInfo; + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams13 = { + .apl = APL_SYSTEM_BASIC, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams13); + + scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::ClearUserGrantedPermissionState(tokenIdEx.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterPermStateChangeCallbackSpecTest005 + * @tc.desc: ClearUserGrantedPermissionState notify. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(RegisterPermStateChangeCallbackTest, RegisterPermStateChangeCallbackSpecTest005, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "RegisterPermStateChangeCallbackSpecTest005"); + PermStateChangeScope scopeInfo; + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.READ_MEDIA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams14 = { + .apl = APL_SYSTEM_BASIC, + .domain = "testA.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams14); + + scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; + scopeInfo.permList = {"ohos.permission.READ_MEDIA"}; + auto callbackPtr = std::make_shared(scopeInfo); + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, + "ohos.permission.READ_MEDIA", PERMISSION_SYSTEM_FIXED); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::ClearUserGrantedPermissionState(tokenIdEx.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.h b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.h new file mode 100644 index 0000000000000000000000000000000000000000..86efdcc1efb064c2a8f634a53023276cdce7c993 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/register_perm_state_change_callback_test.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H +#define REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class RegisterPermStateChangeCallbackTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); + + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..12d3f419d9a32c92498dec7d0fd89a670f2b627f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.cpp @@ -0,0 +1,230 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "un_register_perm_state_change_callback_test.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "hap_token_info.h" +#include "nativetoken_kit.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "tokenid_kit.h" +#include "token_setproc.h" +#include "accesstoken_manager_client.h" +#include "test_common.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; + +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +HapPolicyParams g_infoManagerTestPolicyPramsBak = g_infoManagerTestPolicyPrams; + +HapInfoParams g_locationTestInfo = { + .userID = TEST_USER_ID, + .bundleName = "accesstoken_location_test", + .instIndex = 0, + .appIDDesc = "test2" +}; + +uint64_t g_selfShellTokenId; +} + +void UnRegisterPermStateChangeCallbackTest::SetUpTestCase() +{ + g_selfShellTokenId = GetSelfTokenID(); + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + + TestCommon::GetNativeTokenTest(); +} + +void UnRegisterPermStateChangeCallbackTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfShellTokenId); +} + +void UnRegisterPermStateChangeCallbackTest::SetUp() +{ + setuid(0); + selfTokenId_ = GetSelfTokenID(); + g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak; + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8, + .isSystemApp = true + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenKit::AllocHapToken(info, policy); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); +} + +void UnRegisterPermStateChangeCallbackTest::TearDown() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); +} + +void UnRegisterPermStateChangeCallbackTest::AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "accesstoken_location_test", 0); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = g_locationTestInfo; + info.apiVersion = apiVersion; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + for (auto& permissionDef:permissionDefs) { + policy.permList.emplace_back(permissionDef); + } + + for (auto& permissionStateFull:permissionStateFulls) { + policy.permStateList.emplace_back(permissionStateFull); + } + + AccessTokenKit::AllocHapToken(info, policy); +} + +class CbCustomizeTest : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + + ~CbCustomizeTest() + {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + ready_ = true; + int32_t status = (result.permStateChangeType == 1) ? PERMISSION_GRANTED : PERMISSION_DENIED; + ASSERT_EQ(status, AccessTokenKit::VerifyAccessToken(result.tokenID, result.permissionName)); + } + + bool ready_; +}; + +/** + * @tc.name: UnRegisterPermStateChangeCallbackAbnormalTest001 + * @tc.desc: UnRegisterPermStateChangeCallback with invalid input. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(UnRegisterPermStateChangeCallbackTest, UnRegisterPermStateChangeCallbackAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UnRegisterPermStateChangeCallbackAbnormalTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); +} + +/** + * @tc.name: UnRegisterPermStateChangeCallbackSpecTest001 + * @tc.desc: UnRegisterPermStateChangeCallback repeatedly. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(UnRegisterPermStateChangeCallbackTest, UnRegisterPermStateChangeCallbackSpecTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UnRegisterPermStateChangeCallbackSpecTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_CALLBACK_ALREADY_EXIST, res); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); +} + +/** + * @tc.name: UnRegisterPermStateChangeCallbackFuncTest001 + * @tc.desc: UnRegisterPermStateChangeCallback caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(UnRegisterPermStateChangeCallbackTest, UnRegisterPermStateChangeCallbackFuncTest001, TestSize.Level0) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "UnRegisterPermStateChangeCallbackFuncTest001"); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, res); + + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); + res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.h b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.h new file mode 100644 index 0000000000000000000000000000000000000000..b10ed24d7b195c06a856eefe84ea5367679c3596 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/RegisterCallbackTest/un_register_perm_state_change_callback_test.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef UN_REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H +#define UN_REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class UnRegisterPermStateChangeCallbackTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); + + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // UN_REGISTER_PERM_STATE_CHANGE_CALLBACK_TEST_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..66323f1c32017aa0797ba0b0e7af68cfff1bb2e7 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.cpp @@ -0,0 +1,128 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dump_token_info_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static AccessTokenIDEx g_testTokenIDEx = {0}; +static int32_t g_selfUid; + +static HapPolicyParams g_PolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", +}; + +static HapInfoParams g_InfoParms = { + .userID = 1, + .bundleName = "ohos.test.bundle", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +}; + +void DumpTokenInfoTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + g_selfUid = getuid(); +} + +void DumpTokenInfoTest::TearDownTestCase() +{ + setuid(g_selfUid); + SetSelfTokenID(g_selfTokenId); +} + +void DumpTokenInfoTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); +} + +void DumpTokenInfoTest::TearDown() +{ +} + +/** + * @tc.name: DumpTokenInfoAbnormalTest001 + * @tc.desc: Verify the DumpTokenInfo abnormal branch return nullptr proxy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(DumpTokenInfoTest, DumpTokenInfoAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DumpTokenInfoAbnormalTest001"); + AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); + + g_testTokenIDEx = AccessTokenKit::GetHapTokenIDEx(g_InfoParms.userID, + g_InfoParms.bundleName, + g_InfoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, g_testTokenIDEx.tokenIDEx); + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_testTokenIDEx.tokenIDEx)); + setuid(1234); // 1234: UID + + + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("", dumpInfo); + + setuid(g_selfUid); + EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); + setuid(g_selfUid); +} + +/** + * @tc.name: DumpTokenInfoAbnormalTest002 + * @tc.desc: Get dump token information with invalid tokenID + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(DumpTokenInfoTest, DumpTokenInfoAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DumpTokenInfoAbnormalTest002"); + SetSelfTokenID(g_selfTokenId); + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("invalid tokenId", dumpInfo); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.h b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.h new file mode 100644 index 0000000000000000000000000000000000000000..95a8bfe55d5d6454296643d93e0d3a4787c0e218 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/dump_token_info_test.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DUMP_TOKEN_INFO_TEST_H +#define DUMP_TOKEN_INFO_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class DumpTokenInfoTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // DUMP_TOKEN_INFO_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..42e2a0bee980522aa691f905c5b918d14c45ae8e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.cpp @@ -0,0 +1,191 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_native_token_id_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +}; + +void GetNativeTokenIdTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +void GetNativeTokenIdTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetNativeTokenIdTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8 + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetNativeTokenIdTest::TearDown() +{ +} + +/** + * @tc.name: GetNativeTokenIdAbnormalTest001 + * @tc.desc: cannot get native tokenid with invalid processName. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenIdTest, GetNativeTokenIdAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenIdAbnormalTest001"); + std::string processName = ""; + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetNativeTokenId(processName)); + + processName = "invalid processName"; + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetNativeTokenId(processName)); +} + +/** + * @tc.name: GetNativeTokenIdAbnormalTest002 + * @tc.desc: get native tokenid with hap. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenIdTest, GetNativeTokenIdAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenIdAbnormalTest002"); + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + ASSERT_EQ(RET_SUCCESS, SetSelfTokenID(tokenID)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ReloadNativeTokenInfo()); + + int32_t selfUid = getuid(); + setuid(10001); // 10001: UID + + ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetNativeTokenId(processName)); + + // restore environment + setuid(selfUid); + ASSERT_EQ(RET_SUCCESS, SetSelfTokenID(g_selfTokenId)); +} + +/** + * @tc.name: GetNativeTokenIdAbnormalTest003 + * @tc.desc: Verify the GetNativeTokenId abnormal branch return nullptr proxy. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenIdTest, GetNativeTokenIdAbnormalTest003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenIdAbnormalTest003"); + int32_t gSelfUid = getuid(); + setuid(1234); // 1234: UID + + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_EQ(INVALID_TOKENID, tokenID); + + setuid(gSelfUid); + ASSERT_EQ(RET_SUCCESS, SetSelfTokenID(g_selfTokenId)); +} + +/** + * @tc.name: GetNativeTokenIdFuncTest001 + * @tc.desc: get native tokenid with processName. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenIdTest, GetNativeTokenIdFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenIdFuncTest001"); + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_NE(INVALID_TOKENID, tokenID); + + NativeTokenInfo tokenInfo; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetNativeTokenInfo(tokenID, tokenInfo)); + ASSERT_EQ(true, tokenInfo.processName == processName); +} + +/** + * @tc.name: GetNativeTokenIdFuncTest002 + * @tc.desc: get native tokenid with hap. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenIdTest, GetNativeTokenIdFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenIdFuncTest002"); + std::string processName = "hdcd"; + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::ReloadNativeTokenInfo()); + + tokenID = AccessTokenKit::GetNativeTokenId(processName); + ASSERT_NE(INVALID_TOKENID, tokenID); + + NativeTokenInfo tokenInfo; + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetNativeTokenInfo(tokenID, tokenInfo)); + ASSERT_EQ(true, tokenInfo.processName == processName); + + ASSERT_EQ(0, SetSelfTokenID(g_selfTokenId)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.h b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.h new file mode 100644 index 0000000000000000000000000000000000000000..08da6abdf77d5d7a99223b9a011efc3aa71f8c15 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_id_test.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_NATIVE_TOKEN_ID_TEST_H +#define GET_NATIVE_TOKEN_ID_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetNativeTokenIdTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_NATIVE_TOKEN_ID_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..413cbe9f444135f83edc634ffe1169ec320e509a --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.cpp @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_native_token_info_test.h" +#include "gtest/gtest.h" +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "test_common.h" +#include "tokenid_kit.h" +#include "token_setproc.h" + +using namespace testing::ext; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static AccessTokenID g_selfTokenId = 0; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static int32_t g_selfUid; +}; + +void GetNativeTokenInfoTest::SetUpTestCase() +{ + g_selfTokenId = GetSelfTokenID(); + + // clean up test cases + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); +} + +void GetNativeTokenInfoTest::TearDownTestCase() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + + SetSelfTokenID(g_selfTokenId); +} + +void GetNativeTokenInfoTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + + setuid(0); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8 + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + TestCommon::TestPreparePermDefList(policy); + TestCommon::TestPreparePermStateList(policy); + + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetNativeTokenInfoTest::TearDown() +{ +} + +/** + * @tc.name: GetNativeTokenInfoAbnormalTest001 + * @tc.desc: cannot get native token with invalid tokenID. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenInfoTest, GetNativeTokenInfoAbnormalTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenInfoAbnormalTest001"); + AccessTokenID tokenID = 0; + NativeTokenInfo findInfo; + int ret = AccessTokenKit::GetNativeTokenInfo(tokenID, findInfo); + ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: GetNativeTokenInfoAbnormalTest002 + * @tc.desc: GetNativeTokenInfo with no permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetNativeTokenInfoTest, GetNativeTokenInfoAbnormalTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenInfoAbnormalTest002"); + g_selfUid = getuid(); + setuid(1234); // 1234: UID + + AccessTokenID tokenId = 805920561; //805920561 is a native tokenId. + NativeTokenInfo tokenInfo; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenInfo(tokenId, tokenInfo)); + + setuid(g_selfUid); +} + +/** + * @tc.name: GetNativeTokenInfoFuncTest001 + * @tc.desc: Get native token info success. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetNativeTokenInfoTest, GetNativeTokenInfoFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetNativeTokenInfoFuncTest001"); + AccessTokenID tokenHap = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenHap); + + NativeTokenInfo nativeInfo; + HapTokenInfo hapInfo; + + int ret = AccessTokenKit::GetHapTokenInfo(tokenHap, hapInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID tokenNative = AccessTokenKit::GetNativeTokenId("token_sync_service"); + ASSERT_NE(INVALID_TOKENID, tokenNative); + + ret = AccessTokenKit::GetNativeTokenInfo(tokenNative, nativeInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::GetHapTokenInfo(tokenNative, hapInfo); + ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); + + AccessTokenKit::DeleteToken(tokenHap); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.h b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.h new file mode 100644 index 0000000000000000000000000000000000000000..0277e9029fb2f3eec237cb0319750d45914d027d --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_native_token_info_test.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_NATIVE_TOKEN_INFO_TEST_H +#define GET_NATIVE_TOKEN_INFO_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetNativeTokenInfoTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_NATIVE_TOKEN_INFO_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a0bc0ba355b09111e7f13fdc7958477b6c411422 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.cpp @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "get_version_test.h" +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" +#include "hap_token_info.h" +#include "nativetoken_kit.h" +#include "permission_grant_info.h" +#include "permission_state_change_info_parcel.h" +#include "string_ex.h" +#include "tokenid_kit.h" +#include "token_setproc.h" +#include "accesstoken_manager_client.h" +#include "test_common.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; + +HapInfoParams g_locationTestInfo = { + .userID = TEST_USER_ID, + .bundleName = "accesstoken_location_test", + .instIndex = 0, + .appIDDesc = "test2" +}; + +HapInfoParams g_infoManagerTestNormalInfoParms = TestCommon::GetInfoManagerTestNormalInfoParms(); +HapInfoParams g_infoManagerTestSystemInfoParms = TestCommon::GetInfoManagerTestSystemInfoParms(); +HapPolicyParams g_infoManagerTestPolicyPrams = TestCommon::GetInfoManagerTestPolicyPrams(); +HapPolicyParams g_infoManagerTestPolicyPramsBak = g_infoManagerTestPolicyPrams; + +uint64_t g_selfShellTokenId; +} + +void GetNativeTokenTest() +{ + uint64_t tokenId; + const char **perms = new const char *[4]; + perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; + perms[1] = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; + perms[2] = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; // 2 means the second permission + perms[3] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; // 3 means the third permission + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 4, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "TestCase"; + tokenId = GetAccessTokenId(&infoInstance); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +void GetVersionTest::SetUpTestCase() +{ + g_selfShellTokenId = GetSelfTokenID(); + // clean up test cases + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + + GetNativeTokenTest(); +} + +void GetVersionTest::TearDownTestCase() +{ + SetSelfTokenID(g_selfShellTokenId); +} + +void GetVersionTest::SetUp() +{ + setuid(0); + selfTokenId_ = GetSelfTokenID(); + g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak; + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8, + .isSystemApp = true + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenKit::AllocHapToken(info, policy); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); +} + +void GetVersionTest::TearDown() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenId); + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestNormalInfoParms.userID, + g_infoManagerTestNormalInfoParms.bundleName, + g_infoManagerTestNormalInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoManagerTestSystemInfoParms.userID, + g_infoManagerTestSystemInfoParms.bundleName, + g_infoManagerTestSystemInfoParms.instIndex); + AccessTokenKit::DeleteToken(tokenId); + EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); +} + +void GetVersionTest::AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, "accesstoken_location_test", 0); + AccessTokenKit::DeleteToken(tokenID); + + HapInfoParams info = g_locationTestInfo; + info.apiVersion = apiVersion; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + + for (auto& permissionDef:permissionDefs) { + policy.permList.emplace_back(permissionDef); + } + + for (auto& permissionStateFull:permissionStateFulls) { + policy.permStateList.emplace_back(permissionStateFull); + } + + AccessTokenKit::AllocHapToken(info, policy); +} + +/** + * @tc.name: GetVersionFuncTest001 + * @tc.desc: GetVersion caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(GetVersionTest, GetVersionFuncTest001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetVersionFuncTest001"); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + uint32_t version; + int32_t res = AccessTokenKit::GetVersion(version); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, res); +} + +/** + * @tc.name: GetVersionFuncTest002 + * @tc.desc: GetVersion caller is system app. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(GetVersionTest, GetVersionFuncTest002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "GetVersionFuncTest002"); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + uint32_t version; + int32_t res = AccessTokenKit::GetVersion(version); + ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(DEFAULT_TOKEN_VERSION, version); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.h b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.h new file mode 100644 index 0000000000000000000000000000000000000000..88bc061811f053cb5e3972f5bc0b9be149fae08e --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/SaTest/get_version_test.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_VERSION_TEST_H +#define GET_VERSION_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetVersionTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + void AllocHapToken(std::vector& permissionDefs, + std::vector& permissionStateFulls, int32_t apiVersion); + + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_VERSION_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp index df72c3428aaee2409b51fe153516aa43ffcce2a7..4cc6fa271beba1fe2d57b02415f43bddfe762fb4 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.cpp @@ -36,6 +36,25 @@ HapPolicyParams g_infoManagerTestPolicyPrams = { .apl = APL_NORMAL, .domain = "test.domain", }; +#ifdef TOKEN_SYNC_ENABLE +static const int32_t FAKE_SYNC_RET = 0xabcdef; +class TokenSyncCallbackImpl : public TokenSyncKitInterface { + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override + { + return FAKE_SYNC_RET; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override + { + return FAKE_SYNC_RET; + }; +}; +#endif } void AccessTokenKitTest::SetUpTestCase() { @@ -53,6 +72,19 @@ void AccessTokenKitTest::TearDown() { } +/** + * @tc.name: InitHapToken001 + * @tc.desc: InitHapToken with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, InitHapToken001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenKit::InitHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(ret, AccessTokenError::ERR_SERVICE_ABNORMAL); +} + /** * @tc.name: AllocHapToken001 * @tc.desc: AllocHapToken with proxy is null @@ -123,31 +155,33 @@ HWTEST_F(AccessTokenKitTest, GetTokenType001, TestSize.Level1) } /** - * @tc.name: CheckNativeDCap001 - * @tc.desc: CheckNativeDCap with proxy is null + * @tc.name: GetHapTokenID001 + * @tc.desc: GetHapTokenID with proxy is null * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, CheckNativeDCap001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetHapTokenID001, TestSize.Level1) { - AccessTokenID tokenId = 123; - const std::string dcap = "AT_CAP"; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::CheckNativeDCap(tokenId, dcap)); + int32_t userID = 0; + std::string bundleName = "test"; + int32_t instIndex = 0; + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenId); } /** * @tc.name: GetHapTokenID001 - * @tc.desc: GetHapTokenID with proxy is null + * @tc.desc: GetHapTokenIDEx with proxy is null * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetHapTokenID001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetHapTokenIDEx001, TestSize.Level1) { int32_t userID = 0; std::string bundleName = "test"; int32_t instIndex = 0; - AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); - ASSERT_EQ(INVALID_TOKENID, tokenId); + AccessTokenIDEx tokenIdEx = AccessTokenKit::GetHapTokenIDEx(userID, bundleName, instIndex); + ASSERT_EQ(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); } /** @@ -205,6 +239,25 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken002, TestSize.Level1) ASSERT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(callerTokenID, firstTokenID, permission, true)); } +/** + * @tc.name: VerifyAccessTokenWithList001 + * @tc.desc: VerifyAccessTokenWithList with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, VerifyAccessTokenWithList001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permissionList = {"ohos.permission.CAMERA"}; + std::vector permStateList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::VerifyAccessToken(tokenId, permissionList, permStateList, true)); + + permStateList.clear(); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::VerifyAccessToken(tokenId, permissionList, permStateList, false)); +} + /** * @tc.name: GetDefPermission001 * @tc.desc: GetDefPermission with proxy is null @@ -245,15 +298,16 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) } /** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: DumpPermDefInfo with proxy is null + * @tc.name: GetTokenIDByUserID001 + * @tc.desc: GetTokenIDByUserID with proxy is null * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, DumpPermDefInfo001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetTokenIDByUserID001, TestSize.Level1) { - std::string dumpInfo = ""; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DumpPermDefInfo(dumpInfo)); + int32_t userID = 1; + std::unordered_set tokenIdList; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList)); } /** @@ -313,6 +367,25 @@ HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permList, info)); } +/** + * @tc.name: GetPermissionsStatus001 + * @tc.desc: GetPermissionsStatus with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GetPermissionsStatus001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::vector permsList; + PermissionListState perm = { + .permissionName = "ohos.permission.testPermDef1", + .state = SETTING_OPER + }; + permsList.emplace_back(perm); + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GetPermissionsStatus(tokenId, permsList)); +} + /** * @tc.name: GrantPermission001 * @tc.desc: GrantPermission with proxy is null @@ -420,18 +493,6 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); } -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: GetAllNativeTokenInfo with proxy is null - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - std::vector nativeTokenInfosRes; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes)); -} - /** * @tc.name: SetRemoteHapTokenInfo001 * @tc.desc: SetRemoteHapTokenInfo with proxy is null @@ -445,19 +506,6 @@ HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: SetRemoteNativeTokenInfo with proxy is null - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string device = "device"; - std::vector nativeToken; - ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::SetRemoteNativeTokenInfo(device, nativeToken)); -} - /** * @tc.name: DeleteRemoteToken001 * @tc.desc: DeleteRemoteToken with proxy is null @@ -495,8 +543,36 @@ HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens001, TestSize.Level1) std::string device = "device"; ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::DeleteRemoteDeviceTokens(device)); } + +/** + * @tc.name: RegisterTokenSyncCallback001 + * @tc.desc: RegisterTokenSyncCallback with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, RegisterTokenSyncCallback001, TestSize.Level1) +{ + std::shared_ptr callback = std::make_shared(); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RegisterTokenSyncCallback(callback)); + EXPECT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::UnRegisterTokenSyncCallback()); +} #endif +/** + * @tc.name: DumpTokenInfo001 + * @tc.desc: DumpTokenInfo with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, DumpTokenInfo001, TestSize.Level1) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.tokenId = 123; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + ASSERT_EQ("", dumpInfo); +} + /** * @tc.name: SetPermDialogCap001 * @tc.desc: SetPermDialogCap with proxy is null @@ -521,6 +597,33 @@ HWTEST_F(AccessTokenKitTest, GetPermissionManagerInfo001, TestSize.Level1) AccessTokenKit::GetPermissionManagerInfo(info); ASSERT_EQ(true, info.grantBundleName.empty()); } + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); +} + +/** + * @tc.name: RequestAppPermOnSettingTest001 + * @tc.desc: RequestAppPermOnSetting with proxy is null + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitTest, RequestAppPermOnSettingTest001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; + ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::RequestAppPermOnSetting(tokenId)); +} } // namespace AccessToken } // namespace Security } diff --git a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.h index eb0f8b56301cf8ad9023be0a5956baca6dbcb4e4..d34dc9481b68d72a11c497efba18ca5a701635fa 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/accesstoken_mock_test/accesstoken_kit_test.h @@ -20,7 +20,6 @@ #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" #include "iservice_registry.h" namespace OHOS { diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp new file mode 100644 index 0000000000000000000000000000000000000000..fcf076812fe44734d54f528b92f0e40ab85a8b56 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp @@ -0,0 +1,261 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "test_common.h" +#include "gtest/gtest.h" +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +HapInfoParams TestCommon::GetInfoManagerTestInfoParms() +{ + HapInfoParams g_infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "test3", + .apiVersion = 8, + .appDistributionType = "enterprise_mdm" + }; + return g_infoManagerTestInfoParms; +} + +HapInfoParams TestCommon::GetInfoManagerTestNormalInfoParms() +{ + HapInfoParams g_infoManagerTestNormalInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "test3", + .apiVersion = 8, + .isSystemApp = false + }; + return g_infoManagerTestNormalInfoParms; +} + +HapInfoParams TestCommon::GetInfoManagerTestSystemInfoParms() +{ + HapInfoParams g_infoManagerTestSystemInfoParms = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "test3", + .apiVersion = 8, + .isSystemApp = true + }; + return g_infoManagerTestSystemInfoParms; +} + +HapPolicyParams TestCommon::GetInfoManagerTestPolicyPrams() +{ + PermissionDef g_infoManagerTestPermDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "open the door", + .descriptionId = 1, + .availableType = MDM + }; + + PermissionDef g_infoManagerTestPermDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label3", + .labelId = 1, + .description = "break the door", + .descriptionId = 1, + }; + + PermissionStateFull g_infoManagerTestState1 = { + .permissionName = "ohos.permission.GET_WIFI_INFO", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + + PermissionStateFull g_infoManagerTestState2 = { + .permissionName = "ohos.permission.SET_WIFI_INFO", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET, PermissionFlag::PERMISSION_USER_FIXED} + }; + + HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, + .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} + }; + return g_infoManagerTestPolicyPrams; +} + +HapPolicyParams TestCommon::GetTestPolicyParams() +{ + PermissionStateFull g_testPermReq = { + .permissionName = "ohos.permission.MANAGE_HAP_TOKENID", + .isGeneral = true, + .resDeviceID = {"test_device"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + HapPolicyParams g_testPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test_domain", + .permList = {}, + .permStateList = { g_testPermReq }, + .aclRequestedList = {}, + .preAuthorizationInfo = {} + }; + return g_testPolicyParams; +} + +void TestCommon::GetHapParams(HapInfoParams& infoParams, HapPolicyParams& policyParams) +{ + infoParams.userID = 0; + infoParams.bundleName = "com.ohos.AccessTokenTestBundle"; + infoParams.instIndex = 0; + infoParams.appIDDesc = "AccessTokenTestAppID"; + infoParams.apiVersion = DEFAULT_API_VERSION; + infoParams.isSystemApp = true; + infoParams.appDistributionType = ""; + + policyParams.apl = APL_NORMAL; + policyParams.domain = "accesstoken_test_domain"; + policyParams.permList = {}; + policyParams.permStateList = {}; + policyParams.aclRequestedList = {}; + policyParams.preAuthorizationInfo = {}; +} + +void TestCommon::TestPreparePermStateList(HapPolicyParams &policy) +{ + PermissionStateFull permStatMicro = { + .permissionName = "ohos.permission.MICROPHONE", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatCamera = { + .permissionName = "ohos.permission.SET_WIFI_INFO", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} + }; + PermissionStateFull permStatAlpha = { + .permissionName = "ohos.permission.ALPHA", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatBeta = { + .permissionName = "ohos.permission.BETA", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} + }; + policy.permStateList.emplace_back(permStatMicro); + policy.permStateList.emplace_back(permStatCamera); + policy.permStateList.emplace_back(permStatAlpha); + policy.permStateList.emplace_back(permStatBeta); +} + +void TestCommon::TestPreparePermDefList(HapPolicyParams &policy) +{ + PermissionDef permissionDefBeta; + permissionDefBeta.permissionName = "ohos.permission.BETA"; + permissionDefBeta.bundleName = "ohos"; + permissionDefBeta.grantMode = GrantMode::SYSTEM_GRANT; + permissionDefBeta.availableLevel = APL_NORMAL; + permissionDefBeta.provisionEnable = false; + permissionDefBeta.distributedSceneEnable = false; + + PermissionDef permissionDefAlpha; + permissionDefAlpha.permissionName = "ohos.permission.ALPHA"; + permissionDefAlpha.bundleName = "ohos"; + permissionDefAlpha.grantMode = GrantMode::USER_GRANT; + permissionDefAlpha.availableLevel = APL_NORMAL; + permissionDefAlpha.provisionEnable = false; + permissionDefAlpha.distributedSceneEnable = false; + + policy.permList.emplace_back(permissionDefBeta); + policy.permList.emplace_back(permissionDefAlpha); +} + +AccessTokenID TestCommon::AllocTestToken( + const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(hapInfo, hapPolicy); + return tokenIdEx.tokenIdExStruct.tokenID; +} + +uint64_t TestCommon::GetNativeToken(const char *processName, const char **perms, int32_t permNum) +{ + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permNum, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = processName, + }; + + tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + return tokenId; +} + +void TestCommon::GetNativeTokenTest() +{ + uint64_t tokenId; + const char **perms = new const char *[4]; + perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; + perms[1] = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; + perms[2] = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; // 2 means the second permission + perms[3] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; // 3 means the third permission + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 4, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "TestCase"; + tokenId = GetAccessTokenId(&infoInstance); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} +} // namespace SecurityComponent +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h new file mode 100644 index 0000000000000000000000000000000000000000..74ab90f73eece08898d1cc541d0b00ee4cc44e97 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_COMMON_H +#define TEST_COMMON_H + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" +#include "token_setproc.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class TestCommon { +public: + static constexpr int32_t DEFAULT_API_VERSION = 12; + + static void GetHapParams(HapInfoParams& infoParams, HapPolicyParams& policyParams); + static void TestPreparePermStateList(HapPolicyParams &policy); + static void TestPreparePermDefList(HapPolicyParams &policy); + static HapPolicyParams GetTestPolicyParams(); + static HapInfoParams GetInfoManagerTestInfoParms(); + static HapInfoParams GetInfoManagerTestNormalInfoParms(); + static HapInfoParams GetInfoManagerTestSystemInfoParms(); + static HapPolicyParams GetInfoManagerTestPolicyPrams(); + static AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy); + static void GetNativeTokenTest(); + static uint64_t GetNativeToken(const char *processName, const char **perms, int32_t permNum); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // TEST_COMMON_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp index 9536719ab04d61fab99be508e561d86a794d6fb0..732e4ecb6034c9e79c5dcb03492cc152b97a77db 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_deny_test.cpp @@ -98,6 +98,37 @@ void AccessTokenDenyTest::TearDown() setuid(g_selfUid); } +/** + * @tc.name: InitUserPolicy001 + * @tc.desc: InitUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, InitUserPolicy001, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + +/** + * @tc.name: UpdateUserPolicy001 + * @tc.desc: UpdateUserPolicy without authorized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenDenyTest, UpdateUserPolicy001, TestSize.Level1) +{ + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + int32_t ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, AccessTokenError::ERR_PERMISSION_DENIED); +} + + /** * @tc.name: AllocHapToken001 * @tc.desc: AllocHapToken with no permission @@ -168,19 +199,6 @@ HWTEST_F(AccessTokenDenyTest, DeleteToken001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteToken(tokenId)); } -/** - * @tc.name: CheckNativeDCap001 - * @tc.desc: CheckNativeDCap with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, CheckNativeDCap001, TestSize.Level1) -{ - AccessTokenID tokenId = 123; - const std::string dcap = "AT_CAP"; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::CheckNativeDCap(tokenId, dcap)); -} - /** * @tc.name: GetHapTokenID001 * @tc.desc: GetHapTokenID with no permission @@ -419,44 +437,7 @@ HWTEST_F(AccessTokenDenyTest, DumpTokenInfo001, TestSize.Level1) ASSERT_EQ("", dumpInfo); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: Verify the DumpPermDefInfo abnormal branch return nullptr proxy. - * @tc.type: FUNC - * @tc.require:Issue Number - */ -HWTEST_F(AccessTokenDenyTest, DumpPermDefInfo001, TestSize.Level1) -{ - std::string dumpInfo; - int32_t res = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, res); -} - #ifdef TOKEN_SYNC_ENABLE -/** - * @tc.name: GetHapTokenInfoFromRemote001 - * @tc.desc: GetHapTokenInfoFromRemote with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, GetHapTokenInfoFromRemote001, TestSize.Level1) -{ - AccessTokenID tokenId = 123; - HapTokenInfoForSync hapSync; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetHapTokenInfoFromRemote(tokenId, hapSync)); -} - -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: GetAllNativeTokenInfo with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - std::vector nativeTokenInfosRes; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes)); -} /** * @tc.name: SetRemoteHapTokenInfo001 @@ -471,75 +452,33 @@ HWTEST_F(AccessTokenDenyTest, SetRemoteHapTokenInfo001, TestSize.Level1) ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteHapTokenInfo(device, hapSync)); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: SetRemoteNativeTokenInfo with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string device = "device"; - std::vector nativeToken; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetRemoteNativeTokenInfo(device, nativeToken)); -} +#endif /** - * @tc.name: DeleteRemoteToken001 - * @tc.desc: DeleteRemoteToken with no permission + * @tc.name: SetPermDialogCap001 + * @tc.desc: SetPermDialogCap with no permission * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenDenyTest, DeleteRemoteToken001, TestSize.Level1) +HWTEST_F(AccessTokenDenyTest, SetPermDialogCap001, TestSize.Level1) { - std::string device = "device"; - AccessTokenID tokenId = 123; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteToken(device, tokenId)); + HapBaseInfo hapBaseInfo; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); } /** - * @tc.name: GetRemoteNativeTokenID001 - * @tc.desc: GetRemoteNativeTokenID with no permission + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime with no permission * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenDenyTest, GetRemoteNativeTokenID001, TestSize.Level1) +HWTEST_F(AccessTokenDenyTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) { - std::string device = "device"; AccessTokenID tokenId = 123; - ASSERT_EQ(INVALID_TOKENID, AccessTokenKit::GetRemoteNativeTokenID(device, tokenId)); -} - -/** - * @tc.name: DeleteRemoteDeviceTokens001 - * @tc.desc: DeleteRemoteDeviceTokens with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, DeleteRemoteDeviceTokens001, TestSize.Level1) -{ - std::string device = "device"; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::DeleteRemoteDeviceTokens(device)); -} - -HWTEST_F(AccessTokenDenyTest, RegisterTokenSyncCallback001, TestSize.Level1) -{ - std::shared_ptr callback = std::make_shared(); - EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::RegisterTokenSyncCallback(callback)); - EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::UnRegisterTokenSyncCallback()); -} -#endif - -/** - * @tc.name: SetPermDialogCap001 - * @tc.desc: SetPermDialogCap with no permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDenyTest, SetPermDialogCap001, TestSize.Level1) -{ - HapBaseInfo hapBaseInfo; - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); + std::string permission = "permission"; + uint32_t onceTime = 1; + ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, permission, onceTime)); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp index 93f3a18645462b8413b63b245c731bb4f871de08..cadd682a047541a08234363ab76e0a9945e7e635 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_extension_test.cpp @@ -18,10 +18,9 @@ #include "access_token.h" #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "accesstoken_service_ipc_interface_code.h" #include "hap_token_info.h" -#include "native_token_info_for_sync_parcel.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -38,15 +37,11 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static const int MAX_PERMISSION_SIZE = 1000; static constexpr int32_t DEFAULT_API_VERSION = 8; -static constexpr int32_t TOKENID_NOT_EXIST = 123; static const std::string TEST_BUNDLE_NAME = "ohos"; static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA"; static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA"; static const int TEST_USER_ID = 0; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitExtensionTest"}; PermissionStateFull g_getPermissionReq = { .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", @@ -95,7 +90,7 @@ PermissionDef g_infoManagerTestPermDef2 = { }; PermissionDef g_infoManagerTestPermDef3 = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .permissionName = "ohos.permission.GET_BUNDLE_INFO_TEST", .bundleName = "accesstoken_test3", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -375,7 +370,7 @@ void PreparePermStateListExt(HapPolicyParams &policy) void PreparePermStateList(HapPolicyParams &policy) { PermissionStateFull permTestState1 = { - .permissionName = "ohos.permission.testPermDef1", + .permissionName = "ohos.permission.LOCATION", .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -383,7 +378,7 @@ void PreparePermStateList(HapPolicyParams &policy) }; PermissionStateFull permTestState2 = { - .permissionName = "ohos.permission.testPermDef2", + .permissionName = "ohos.permission.MICROPHONE", .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -391,7 +386,7 @@ void PreparePermStateList(HapPolicyParams &policy) }; PermissionStateFull permTestState3 = { - .permissionName = "ohos.permission.testPermDef3", + .permissionName = "ohos.permission.WRITE_CALENDAR", .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -399,7 +394,7 @@ void PreparePermStateList(HapPolicyParams &policy) }; PermissionStateFull permTestState4 = { - .permissionName = "ohos.permission.testPermDef4", + .permissionName = "ohos.permission.READ_IMAGEVIDEO", .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_GRANTED}, @@ -430,44 +425,8 @@ void PreparePermDefList(HapPolicyParams &policy) permissionDefBeta.provisionEnable = false; permissionDefBeta.distributedSceneEnable = false; - PermissionDef testPermDef1; - testPermDef1.permissionName = "ohos.permission.testPermDef1"; - testPermDef1.bundleName = TEST_BUNDLE_NAME; - testPermDef1.grantMode = GrantMode::USER_GRANT; - testPermDef1.availableLevel = APL_NORMAL; - testPermDef1.provisionEnable = false; - testPermDef1.distributedSceneEnable = false; - - PermissionDef testPermDef2; - testPermDef2.permissionName = "ohos.permission.testPermDef2"; - testPermDef2.bundleName = TEST_BUNDLE_NAME; - testPermDef2.grantMode = GrantMode::USER_GRANT; - testPermDef2.availableLevel = APL_NORMAL; - testPermDef2.provisionEnable = false; - testPermDef2.distributedSceneEnable = false; - - PermissionDef testPermDef3; - testPermDef3.permissionName = "ohos.permission.testPermDef3"; - testPermDef3.bundleName = TEST_BUNDLE_NAME; - testPermDef3.grantMode = GrantMode::USER_GRANT; - testPermDef3.availableLevel = APL_NORMAL; - testPermDef3.provisionEnable = false; - testPermDef3.distributedSceneEnable = false; - - PermissionDef testPermDef4; - testPermDef4.permissionName = "ohos.permission.testPermDef4"; - testPermDef4.bundleName = TEST_BUNDLE_NAME; - testPermDef4.grantMode = GrantMode::USER_GRANT; - testPermDef4.availableLevel = APL_NORMAL; - testPermDef4.provisionEnable = false; - testPermDef4.distributedSceneEnable = false; - policy.permList.emplace_back(permissionDefAlpha); policy.permList.emplace_back(permissionDefBeta); - policy.permList.emplace_back(testPermDef1); - policy.permList.emplace_back(testPermDef2); - policy.permList.emplace_back(testPermDef3); - policy.permList.emplace_back(testPermDef4); } void AccessTokenKitExtensionTest::SetUp() @@ -497,7 +456,7 @@ void AccessTokenKitExtensionTest::SetUp() g_infoManagerTestInfoParms.bundleName, g_infoManagerTestInfoParms.instIndex); AccessTokenKit::DeleteToken(tokenID); - ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); } void AccessTokenKitExtensionTest::TearDown() @@ -546,477 +505,41 @@ unsigned int AccessTokenKitExtensionTest::GetAccessTokenID(int userID, std::stri return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); } -void GetPermsList1(std::vector &permsList1) -{ - PermissionListState perm1 = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER, - }; - PermissionListState perm2 = { - .permissionName = "ohos.permission.testPermDef2", - .state = SETTING_OPER, - }; - PermissionListState perm3 = { - .permissionName = "ohos.permission.testPermDef3", - .state = SETTING_OPER, - }; - PermissionListState perm4 = { - .permissionName = "ohos.permission.testPermDef4", - .state = SETTING_OPER, - }; - permsList1.emplace_back(perm1); - permsList1.emplace_back(perm2); - permsList1.emplace_back(perm3); - permsList1.emplace_back(perm4); -} - -void GetPermsList2(std::vector &permsList2) -{ - PermissionListState perm3 = { - .permissionName = "ohos.permission.testPermDef3", - .state = SETTING_OPER, - }; - PermissionListState perm4 = { - .permissionName = "ohos.permission.testPermDef4", - .state = SETTING_OPER, - }; - permsList2.emplace_back(perm3); - permsList2.emplace_back(perm4); -} /** - * @tc.name: GetSelfPermissionsState001 - * @tc.desc: get permission list state + * @tc.name: GetPermissionFlag006 + * @tc.desc: Get permission flag after grant permission. * @tc.type: FUNC * @tc.require: Issue Number */ -HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState001, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - ASSERT_EQ(0, SetSelfTokenID(tokenID)); - - std::vector permsList1; - GetPermsList1(permsList1); - PermissionGrantInfo info; - PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList1, info); - ASSERT_EQ(DYNAMIC_OPER, ret); - ASSERT_EQ(static_cast(4), permsList1.size()); - ASSERT_EQ(DYNAMIC_OPER, permsList1[0].state); - ASSERT_EQ(DYNAMIC_OPER, permsList1[1].state); - ASSERT_EQ(SETTING_OPER, permsList1[2].state); - ASSERT_EQ(PASS_OPER, permsList1[3].state); - ASSERT_EQ("ohos.permission.testPermDef1", permsList1[0].permissionName); - ASSERT_EQ("ohos.permission.testPermDef2", permsList1[1].permissionName); - ASSERT_EQ("ohos.permission.testPermDef3", permsList1[2].permissionName); - ASSERT_EQ("ohos.permission.testPermDef4", permsList1[3].permissionName); - - PermissionListState perm5 = { - .permissionName = "ohos.permission.testPermDef5", - .state = SETTING_OPER, - }; - permsList1.emplace_back(perm5); - ret = AccessTokenKit::GetSelfPermissionsState(permsList1, info); - ASSERT_EQ(INVALID_OPER, permsList1[4].state); - ASSERT_EQ(DYNAMIC_OPER, ret); - - std::vector permsList2; - GetPermsList2(permsList2); - ret = AccessTokenKit::GetSelfPermissionsState(permsList2, info); - ASSERT_EQ(SETTING_OPER, permsList2[0].state); - ASSERT_EQ(PASS_OPER, permsList2[1].state); - ASSERT_EQ(PASS_OPER, ret); - - permsList2.emplace_back(perm5); - ret = AccessTokenKit::GetSelfPermissionsState(permsList2, info); - ASSERT_EQ(SETTING_OPER, permsList2[0].state); - ASSERT_EQ(PASS_OPER, permsList2[1].state); - ASSERT_EQ(INVALID_OPER, permsList2[2].state); - ASSERT_EQ(PASS_OPER, ret); - - std::vector permsList3; - permsList3.emplace_back(perm5); - ret = AccessTokenKit::GetSelfPermissionsState(permsList3, info); - ASSERT_EQ(INVALID_OPER, permsList3[0].state); - ASSERT_EQ(PASS_OPER, ret); -} - -/** - * @tc.name: GetSelfPermissionsState002 - * @tc.desc: permission list is empty or oversize - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState002, TestSize.Level1) -{ - std::vector permsList; - PermissionGrantInfo info; - ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); - - for (uint32_t i = 0; i < MAX_PERMISSION_SIZE + 1; i++) { - PermissionListState tmp = { - .permissionName = "ohos.permission.CAMERA", - .state = PASS_OPER - }; - permsList.emplace_back(tmp); - } - ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); -} - -/** - * @tc.name: GetSelfPermissionsState003 - * @tc.desc: test token id is native - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState003, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("hdcd"); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); - std::vector permsList3; - PermissionListState tmp = { - .permissionName = "ohos.permission.CAMERA", - .state = PASS_OPER - }; - permsList3.emplace_back(tmp); - PermissionGrantInfo info; - ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList3, info)); -} - -/** - * @tc.name: GetSelfPermissionsState004 - * @tc.desc: test noexist token id - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetSelfPermissionsState004, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenId)); - std::vector permsList4; - PermissionListState tmp = { - .permissionName = "ohos.permission.CAMERA", - .state = PASS_OPER - }; - permsList4.emplace_back(tmp); - PermissionGrantInfo info; - ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList4, info)); -} - -/** - * @tc.name: GetPermissionsStatus001 - * @tc.desc: get different permissions status - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus001, TestSize.Level1) -{ - AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); - - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER - }; - PermissionListState tmpB = { - .permissionName = "ohos.permission.testPermDef3", - .state = SETTING_OPER - }; - PermissionListState tmpC = { - .permissionName = TEST_PERMISSION_NAME_BETA, - .state = SETTING_OPER - }; - PermissionListState tmpD = { - .permissionName = "ohos.permission.xxx", - .state = SETTING_OPER - }; - PermissionListState tmpE = { - .permissionName = "ohos.permission.CAMERA", - .state = SETTING_OPER - }; - - permsList.emplace_back(tmpA); - permsList.emplace_back(tmpB); - permsList.emplace_back(tmpC); - permsList.emplace_back(tmpD); - permsList.emplace_back(tmpE); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); - ASSERT_EQ(SETTING_OPER, permsList[1].state); - ASSERT_EQ(PASS_OPER, permsList[2].state); - ASSERT_EQ(INVALID_OPER, permsList[3].state); - ASSERT_EQ(INVALID_OPER, permsList[4].state); -} - -/** - * @tc.name: GetPermissionsStatus002 - * @tc.desc: get different permissions status after set perm dialog cap - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus002, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, GetPermissionFlag006, TestSize.Level1) { - AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); - - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER - }; - PermissionListState tmpB = { - .permissionName = "ohos.permission.testPermDef3", - .state = SETTING_OPER - }; - PermissionListState tmpC = { - .permissionName = TEST_PERMISSION_NAME_BETA, - .state = SETTING_OPER - }; - PermissionListState tmpD = { - .permissionName = "ohos.permission.xxx", - .state = SETTING_OPER - }; - PermissionListState tmpE = { + static PermissionStateFull infoManagerTestStateA = { .permissionName = "ohos.permission.CAMERA", - .state = SETTING_OPER - }; - - permsList.emplace_back(tmpA); - permsList.emplace_back(tmpB); - permsList.emplace_back(tmpC); - permsList.emplace_back(tmpD); - permsList.emplace_back(tmpE); - - HapBaseInfo hapBaseInfo = { - .userID = TEST_USER_ID, - .bundleName = TEST_BUNDLE_NAME, - .instIndex = 0 - }; - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - ASSERT_EQ(FORBIDDEN_OPER, permsList[0].state); - ASSERT_EQ(FORBIDDEN_OPER, permsList[1].state); - ASSERT_EQ(FORBIDDEN_OPER, permsList[2].state); - ASSERT_EQ(INVALID_OPER, permsList[3].state); - ASSERT_EQ(INVALID_OPER, permsList[4].state); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); -} - -/** - * @tc.name: GetPermissionsStatus003 - * @tc.desc: invalid input param: tokenID is 0 or permissionList is empty - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus003, TestSize.Level1) -{ - AccessTokenIDEx tokenIDEx = AccessTokenKit::GetHapTokenIDEx(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); - - std::vector permsList; - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER - }; - permsList.emplace_back(tmpA); - - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenKit::GetPermissionsStatus(0, permsList)); - ASSERT_EQ(SETTING_OPER, permsList[0].state); -} - -/** - * @tc.name: GetPermissionsStatus04 - * @tc.desc: tokenID not exit - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus004, TestSize.Level1) -{ - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER - }; - permsList.emplace_back(tmpA); - - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenKit::GetPermissionsStatus(TOKENID_NOT_EXIST, permsList)); - ASSERT_EQ(SETTING_OPER, permsList[0].state); -} - -/** - * @tc.name: GetPermissionsStatus005 - * @tc.desc: callling without permission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus005, TestSize.Level1) -{ - AccessTokenIDEx tokenIDEx = {0}; - tokenIDEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); - AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); - - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} }; - - permsList.emplace_back(tmpA); - int32_t selfUid = getuid(); - setuid(10001); // 10001: UID - - ASSERT_EQ(ERR_PERMISSION_DENIED, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - ASSERT_EQ(SETTING_OPER, permsList[0].state); - setuid(selfUid); -} - -/** - * @tc.name: GetPermissionsStatus006 - * @tc.desc: callling is normal hap - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus006, TestSize.Level1) -{ - AccessTokenIDEx tokenIDEx = {0}; - tokenIDEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); - AccessTokenID tokenID = tokenIDEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenID); - EXPECT_EQ(0, SetSelfTokenID(tokenIDEx.tokenIDEx)); - - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} }; - permsList.emplace_back(tmpA); - - ASSERT_EQ(ERR_NOT_SYSTEM_APP, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - ASSERT_EQ(SETTING_OPER, permsList[0].state); -} - -/** - * @tc.name: GetPermissionsStatus007 - * @tc.desc: callling is native SA - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionsStatus007, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; ASSERT_NE(INVALID_TOKENID, tokenID); - std::vector permsList; - PermissionListState tmpA = { - .permissionName = "ohos.permission.testPermDef1", - .state = SETTING_OPER - }; - - permsList.emplace_back(tmpA); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionsStatus(tokenID, permsList)); - ASSERT_EQ(DYNAMIC_OPER, permsList[0].state); -} - -/** - * @tc.name: GetTokenTypeFlag003 - * @tc.desc: Get token type with hap tokenID. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, GetTokenTypeFlag003, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); - - ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(ret, TOKEN_HAP); - - int res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(RET_SUCCESS, res); -} - -/** - * @tc.name: GetPermissionFlag006 - * @tc.desc: Get permission flag after grant permission. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, GetPermissionFlag006, TestSize.Level1) -{ - AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); - ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_POLICY_FIXED); + int ret = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", PERMISSION_POLICY_FIXED); ASSERT_EQ(RET_SUCCESS, ret); uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, "ohos.permission.CAMERA", flag); ASSERT_EQ(PERMISSION_POLICY_FIXED, flag); ASSERT_EQ(RET_SUCCESS, ret); } -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: Dump all the permission definition infos, that caller is shell app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo001, TestSize.Level1) -{ - SetSelfTokenID(g_selfShellTokenId); - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(RET_SUCCESS, ret); -} - -/** - * @tc.name: DumpPermDefInfo002 - * @tc.desc: DumpPermDefInfo caller is a normal app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo002, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(ERR_PERMISSION_DENIED, ret); -} - -/** - * @tc.name: DumpPermDefInfo003 - * @tc.desc: DumpPermDefInfo caller is a system app. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitExtensionTest, DumpPermDefInfo003, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - - std::string dumpInfo = ""; - int32_t ret = AccessTokenKit::DumpPermDefInfo(dumpInfo); - ASSERT_EQ(ERR_PERMISSION_DENIED, ret); -} - /** * @tc.name: DumpTokenInfo001 * @tc.desc: Get dump token information with invalid tokenID @@ -1054,22 +577,13 @@ public: }; /** - * @tc.name: RegisterPermStateChangeCallback001 - * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.name: RegisterSelfPermStateChangeCallback001 + * @tc.desc: RegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback001, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback001, TestSize.Level1) { - PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.CAMERA"}; - scopeInfo.tokenIDs = {}; - auto callbackPtr = std::make_shared(scopeInfo); - callbackPtr->ready_ = false; - - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, res); - static PermissionStateFull infoManagerTestStateA = { .permissionName = "ohos.permission.CAMERA", .isGeneral = true, @@ -1083,11 +597,21 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback001, TestSi .permList = {}, .permStateList = {infoManagerTestStateA} }; - AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); @@ -1103,221 +627,215 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback001, TestSi usleep(500000); // 500000us = 0.5s EXPECT_EQ(true, callbackPtr->ready_); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, res); - - callbackPtr->ready_ = false; - - res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); - ASSERT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(false, callbackPtr->ready_); - - callbackPtr->ready_ = false; - - res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + SetSelfTokenID(tokenID); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(false, callbackPtr->ready_); + SetSelfTokenID(selfTokenId_); res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback002 - * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.name: RegisterSelfPermStateChangeCallback002 + * @tc.desc: RegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback002, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback002, TestSize.Level1) { - PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO"}; - scopeInfo.tokenIDs = {}; - auto callbackPtr = std::make_shared(scopeInfo); - callbackPtr->ready_ = false; - - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - static PermissionStateFull infoManagerTestStateA = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .permissionName = "ohos.permission.CAMERA", .isGeneral = true, .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_GRANTED}, + .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; static PermissionStateFull infoManagerTestStateB = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = "ohos.permission.GET_BUNDLE_INFO", .isGeneral = true, .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_GRANTED}, + .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams2 = { - .apl = APL_SYSTEM_BASIC, + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, .permStateList = {infoManagerTestStateA, infoManagerTestStateB} }; - - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams2); - + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); - ASSERT_EQ(PERMISSION_GRANTED, res); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; - res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); - ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(tokenID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr)); + SetSelfTokenID(selfTokenId_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2)); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2)); + usleep(500000); // 500000us = 0.5s + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); usleep(500000); // 500000us = 0.5s EXPECT_EQ(false, callbackPtr->ready_); - res = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(tokenID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr)); + SetSelfTokenID(selfTokenId_); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, res); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } /** - * @tc.name: RegisterPermStateChangeCallback003 - * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.name: RegisterSelfPermStateChangeCallback003 + * @tc.desc: RegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback003, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback003, TestSize.Level1) { - PermStateChangeScope scopeInfo; - scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; - auto callbackPtr = std::make_shared(scopeInfo); - callbackPtr->ready_ = false; - - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - static PermissionStateFull infoManagerTestStateA = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", - .isGeneral = true, - .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_DENIED}, - .grantFlags = {1} - }; - static PermissionStateFull infoManagerTestStateB = { .permissionName = "ohos.permission.CAMERA", .isGeneral = true, .resDeviceID = {"local2"}, .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams3 = { - .apl = APL_SYSTEM_CORE, + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, - .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + .permStateList = {infoManagerTestStateA} }; - - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams3); - + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); ASSERT_EQ(PERMISSION_GRANTED, res); usleep(500000); // 500000us = 0.5s EXPECT_EQ(true, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); - ASSERT_EQ(PERMISSION_DENIED, res); - res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s EXPECT_EQ(true, callbackPtr->ready_); - res = AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(tokenID); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback004 - * @tc.desc: RegisterPermStateChangeCallback with invalid tokenId + * @tc.name: RegisterSelfPermStateChangeCallback004 + * @tc.desc: RegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback004, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback004, TestSize.Level1) { - PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; - scopeInfo.tokenIDs = {555555}; // 555555为模拟的tokenid - auto callbackPtr = std::make_shared(scopeInfo); - callbackPtr->ready_ = false; - - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); - static PermissionStateFull infoManagerTestStateA = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .permissionName = "ohos.permission.CAMERA", .isGeneral = true, .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} }; static PermissionStateFull infoManagerTestStateB = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = "ohos.permission.GET_BUNDLE_INFO", .isGeneral = true, .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_GRANTED}, + .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams4 = { + static HapPolicyParams infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, .permStateList = {infoManagerTestStateA, infoManagerTestStateB} }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams4); + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA", "ohos.permission.GET_BUNDLE_INFO"}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + SetSelfTokenID(tokenID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr)); + SetSelfTokenID(selfTokenId_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2)); + EXPECT_EQ(true, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); - ASSERT_EQ(PERMISSION_GRANTED, res); - res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); - ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); - ASSERT_EQ(PERMISSION_DENIED, res); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2)); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(false, callbackPtr->ready_); + EXPECT_EQ(true, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); - ASSERT_EQ(PERMISSION_GRANTED, res); - res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); - ASSERT_EQ(RET_SUCCESS, res); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); + EXPECT_EQ(true, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(false, callbackPtr->ready_); + EXPECT_EQ(true, callbackPtr->ready_); - res = AccessTokenKit::DeleteToken(tokenID); - ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(tokenID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } /** - * @tc.name: RegisterPermStateChangeCallback005 - * @tc.desc: RegisterPermStateChangeCallback permList + * @tc.name: RegisterSelfPermStateChangeCallback005 + * @tc.desc: RegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback005, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback005, TestSize.Level1) { static PermissionStateFull infoManagerTestStateA = { .permissionName = "ohos.permission.CAMERA", @@ -1326,283 +844,441 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback005, TestSi .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static PermissionStateFull infoManagerTestStateB = { - .permissionName = "ohos.permission.GET_BUNDLE_INFO", - .isGeneral = true, - .resDeviceID = {"local2"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1} - }; - static HapPolicyParams infoManagerTestPolicyPrams5 = { + static HapPolicyParams infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, - .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + .permStateList = {infoManagerTestStateA} }; - - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams5); - + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.GET_BUNDLE_INFO", "ohos.permission.CAMERA"}; - scopeInfo.tokenIDs = {tokenID, 0}; + scopeInfo.permList = {"ohos.permission.INVALID"}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr1 = std::make_shared(scopeInfo); + callbackPtr1->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + scopeInfo.permList = {"ohos.permission.INVALID", "ohos.permission.CAMERA"}; auto callbackPtr = std::make_shared(scopeInfo); - callbackPtr->ready_ = false; + res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); - callbackPtr->ready_ = false; res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.CAMERA", false); - ASSERT_EQ(PERMISSION_DENIED, res); - res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(PERMISSION_GRANTED, res); usleep(500000); // 500000us = 0.5s - ASSERT_EQ(RET_SUCCESS, res); EXPECT_EQ(true, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::VerifyAccessToken(tokenID, "ohos.permission.GET_BUNDLE_INFO", false); - ASSERT_EQ(PERMISSION_GRANTED, res); - res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2); + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(false, callbackPtr->ready_); + EXPECT_EQ(true, callbackPtr->ready_); - res = AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(tokenID); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback006 - * @tc.desc: RegisterPermStateChangeCallback with invaild permission + * @tc.name: RegisterSelfPermStateChangeCallback006 + * @tc.desc: RegisterSelfPermStateChangeCallback with permList, whose size is 1024/1025 * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback006, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback006, TestSize.Level1) { - PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.INVALID"}; - scopeInfo.tokenIDs = {}; - auto callbackPtr1 = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); - - static PermissionStateFull infoManagerTestState = { - .permissionName = "ohos.permission.CAMERA", + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", .isGeneral = true, .resDeviceID = {"local2"}, .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams6 = { - .apl = APL_SYSTEM_BASIC, + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, - .permStateList = {infoManagerTestState} + .permStateList = {infoManagerTestStateA} }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + SetSelfTokenID(tokenID); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams6); - - scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; - scopeInfo.permList = {"ohos.permission.INVALID", "ohos.permission.CAMERA"}; - auto callbackPtr = std::make_shared(scopeInfo); - res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, res); - - res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); - ASSERT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); - - res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(RET_SUCCESS, res); - - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(RET_SUCCESS, res); -} - -/** - * @tc.name: RegisterPermStateChangeCallback007 - * @tc.desc: RegisterPermStateChangeCallback with permList, whose size is 1024/1025 - * @tc.type: FUNC - * @tc.require: issueI5NT1X - */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback007, TestSize.Level1) -{ PermStateChangeScope scopeInfo; scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; + scopeInfo.tokenIDs = {tokenID}; for (int32_t i = 1; i <= 1025; i++) { // 1025 is a invalid size scopeInfo.permList.emplace_back("ohos.permission.GET_BUNDLE_INFO"); if (i == 1025) { // 1025 is a invalid size auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); break; } auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); } + SetSelfTokenID(selfTokenId_); + + int32_t res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback008 - * @tc.desc: RegisterPermStateChangeCallback with tokenList, whose size is 1024/1025 + * @tc.name: RegisterSelfPermStateChangeCallback007 + * @tc.desc: RegisterSelfPermStateChangeCallback without set TokenID. * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback008, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback007, TestSize.Level1) { + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; - scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - static HapPolicyParams infoManagerTestPolicyPrams8 = { + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: RegisterSelfPermStateChangeCallback008 + * @tc.desc: RegisterSelfPermStateChangeCallback with none or two tokenIDs. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback008, TestSize.Level1) +{ + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, - .domain = "test.domain", + .domain = "test.domain2", .permList = {}, - .permStateList = {} + .permStateList = {infoManagerTestStateA} }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams8); + HapInfoParams g_infoManagerTestInfoParms2 = { + .userID = 1, + .bundleName = "accesstoken_test_2", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = DEFAULT_API_VERSION + }; - for (int32_t i = 1; i <= 1025; i++) { // 1025 is a invalid size - scopeInfo.tokenIDs.emplace_back(tokenIdEx.tokenIdExStruct.tokenID); - if (i == 1025) { // 1025 is a invalid size - auto callbackPtr1 = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); - break; - } - auto callbackPtr1 = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr1); - ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr1); - ASSERT_EQ(RET_SUCCESS, res); - } + AccessTokenIDEx tokenIdEx2 = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms2, + infoManagerTestPolicyPrams1); + AccessTokenID tokenID2 = tokenIdEx2.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID2); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {}; + auto callbackPtr1 = std::make_shared(scopeInfo); + callbackPtr1->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + scopeInfo.tokenIDs = {tokenID, tokenID2}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); + res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + + SetSelfTokenID(selfTokenId_); + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::DeleteToken(tokenID2); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback009 - * @tc.desc: RegisterPermStateChangeCallback + * @tc.name: RegisterSelfPermStateChangeCallback009 + * @tc.desc: RegisterSelfPermStateChangeCallback * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback009, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback009, TestSize.Level1) { + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; + scopeInfo.tokenIDs = {tokenID}; std::vector> callbackList; + SetSelfTokenID(tokenID); for (int32_t i = 0; i < 200; i++) { // 200 is the max size if (i == 200) { // 200 is the max size auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION, res); break; } auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); callbackList.emplace_back(callbackPtr); } for (int32_t i = 0; i < 200; i++) { // release 200 callback auto callbackPtr = callbackList[i]; - int32_t res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + int32_t res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); } callbackList.clear(); + SetSelfTokenID(selfTokenId_); + + int32_t res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); } -/** - * @tc.name: RegisterPermStateChangeCallback010 - * @tc.desc: RegisterPermStateChangeCallback with nullptr - * @tc.type: FUNC - * @tc.require: issueI5NT1X - */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback010, TestSize.Level1) -{ - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(nullptr); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); +/** + * @tc.name: RegisterSelfPermStateChangeCallback010 + * @tc.desc: RegisterSelfPermStateChangeCallback with nullptr + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(AccessTokenKitExtensionTest, RegisterSelfPermStateChangeCallback010, TestSize.Level1) +{ + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(nullptr); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); + SetSelfTokenID(selfTokenId_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); +} + +/** + * @tc.name: UnRegisterSelfPermStateChangeCallback001 + * @tc.desc: UnRegisterSelfPermStateChangeCallback with invalid input. + * @tc.type: FUNC + * @tc.require: issueI5NT1X + */ +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback001, TestSize.Level1) +{ + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {tokenID}; + auto callbackPtr = std::make_shared(scopeInfo); + callbackPtr->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); + SetSelfTokenID(selfTokenId_); } /** - * @tc.name: RegisterPermStateChangeCallback011 - * @tc.desc: RegisterPermStateChangeCallback caller is normal app. + * @tc.name: UnRegisterSelfPermStateChangeCallback002 + * @tc.desc: UnRegisterSelfPermStateChangeCallback repeatedly. * @tc.type: FUNC - * @tc.require: issueI66BH3 + * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback011, TestSize.Level0) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback002, TestSize.Level1) { - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); PermStateChangeScope scopeInfo; - scopeInfo.permList = {"ohos.permission.CAMERA"}; - scopeInfo.tokenIDs = {}; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(ERR_NOT_SYSTEM_APP, res); + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_CALLBACK_ALREADY_EXIST, res); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); + SetSelfTokenID(selfTokenId_); + + res = AccessTokenKit::DeleteToken(tokenID); + ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback012 - * @tc.desc: RegisterPermStateChangeCallback caller is system app. + * @tc.name: UnRegisterSelfPermStateChangeCallback003 + * @tc.desc: UnRegisterSelfPermStateChangeCallback permList * @tc.type: FUNC - * @tc.require: issueI66BH3 + * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback012, TestSize.Level0) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback003, TestSize.Level1) { - static HapPolicyParams policyPrams = { - .apl = APL_SYSTEM_CORE, - .domain = "test.domain", + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} }; - policyPrams.permStateList.emplace_back(g_getPermissionReq); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, policyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); PermStateChangeScope scopeInfo; scopeInfo.permList = {"ohos.permission.CAMERA"}; - scopeInfo.tokenIDs = {}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + callbackPtr->ready_ = false; + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback013 - * @tc.desc: ClearUserGrantedPermissionState notify. + * @tc.name: UnRegisterSelfPermStateChangeCallback004 + * @tc.desc: UnRegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback013, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback004, TestSize.Level1) { - PermStateChangeScope scopeInfo; static PermissionStateFull infoManagerTestStateA = { .permissionName = "ohos.permission.CAMERA", .isGeneral = true, @@ -1610,172 +1286,233 @@ HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback013, TestSi .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams13 = { - .apl = APL_SYSTEM_BASIC, + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, .domain = "test.domain2", .permList = {}, - .permStateList = {infoManagerTestStateA} + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams13); - - scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; + PermStateChangeScope scopeInfo; scopeInfo.permList = {"ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + callbackPtr->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); - EXPECT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); callbackPtr->ready_ = false; - res = AccessTokenKit::ClearUserGrantedPermissionState(tokenIdEx.tokenIdExStruct.tokenID); - EXPECT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); - callbackPtr->ready_ = false; - res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, "ohos.permission.CAMERA", 2); - EXPECT_EQ(RET_SUCCESS, res); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); + ASSERT_EQ(false, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); - EXPECT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); + ASSERT_EQ(false, callbackPtr->ready_); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: RegisterPermStateChangeCallback014 - * @tc.desc: ClearUserGrantedPermissionState notify. + * @tc.name: UnRegisterSelfPermStateChangeCallback005 + * @tc.desc: UnRegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, RegisterPermStateChangeCallback014, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback005, TestSize.Level1) { - PermStateChangeScope scopeInfo; static PermissionStateFull infoManagerTestStateA = { - .permissionName = "ohos.permission.READ_MEDIA", + .permissionName = "ohos.permission.CAMERA", .isGeneral = true, .resDeviceID = {"local2"}, .grantStatus = {PERMISSION_DENIED}, .grantFlags = {1} }; - static HapPolicyParams infoManagerTestPolicyPrams14 = { - .apl = APL_SYSTEM_BASIC, - .domain = "testA.domain2", + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", .permList = {}, .permStateList = {infoManagerTestStateA} }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams14); - - scopeInfo.tokenIDs = {tokenIdEx.tokenIdExStruct.tokenID}; - scopeInfo.permList = {"ohos.permission.READ_MEDIA"}; + PermStateChangeScope scopeInfo; + scopeInfo.permList = {}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + callbackPtr->ready_ = false; + + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); - res = AccessTokenKit::GrantPermission(tokenIdEx.tokenIdExStruct.tokenID, - "ohos.permission.READ_MEDIA", PERMISSION_SYSTEM_FIXED); - EXPECT_EQ(RET_SUCCESS, res); - usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); + SetSelfTokenID(tokenID); + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); + ASSERT_EQ(RET_SUCCESS, res); + SetSelfTokenID(selfTokenId_); callbackPtr->ready_ = false; - res = AccessTokenKit::ClearUserGrantedPermissionState(tokenIdEx.tokenIdExStruct.tokenID); - EXPECT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(false, callbackPtr->ready_); + ASSERT_EQ(false, callbackPtr->ready_); callbackPtr->ready_ = false; - res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); - EXPECT_EQ(RET_SUCCESS, res); + + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); usleep(500000); // 500000us = 0.5s - EXPECT_EQ(true, callbackPtr->ready_); + ASSERT_EQ(false, callbackPtr->ready_); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } /** - * @tc.name: UnRegisterPermStateChangeCallback001 - * @tc.desc: UnRegisterPermStateChangeCallback with invalid input. + * @tc.name: UnRegisterSelfPermStateChangeCallback006 + * @tc.desc: UnRegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, UnRegisterPermStateChangeCallback001, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback006, TestSize.Level1) { + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static PermissionStateFull infoManagerTestStateB = { + .permissionName = "ohos.permission.GET_BUNDLE_INFO", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA, infoManagerTestStateB} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; - scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; + scopeInfo.permList = {"ohos.permission.CAMERA", "ohos.permission.GET_BUNDLE_INFO"}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); + SetSelfTokenID(tokenID); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr)); + SetSelfTokenID(selfTokenId_); + + callbackPtr->ready_ = false; + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2)); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2)); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.GET_BUNDLE_INFO", 2)); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } /** - * @tc.name: UnRegisterPermStateChangeCallback002 - * @tc.desc: UnRegisterPermStateChangeCallback repeatedly. + * @tc.name: UnRegisterSelfPermStateChangeCallback007 + * @tc.desc: UnRegisterSelfPermStateChangeCallback permList * @tc.type: FUNC * @tc.require: issueI5NT1X */ -HWTEST_F(AccessTokenKitExtensionTest, UnRegisterPermStateChangeCallback002, TestSize.Level1) +HWTEST_F(AccessTokenKitExtensionTest, UnRegisterSelfPermStateChangeCallback007, TestSize.Level1) { + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PERMISSION_DENIED}, + .grantFlags = {1} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + PermStateChangeScope scopeInfo; - scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; + scopeInfo.permList = {"ohos.permission.INVALID", "ohos.permission.CAMERA"}; + scopeInfo.tokenIDs = {tokenID}; auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + SetSelfTokenID(tokenID); + int32_t res = AccessTokenKit::RegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(AccessTokenError::ERR_CALLBACK_ALREADY_EXIST, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + + res = AccessTokenKit::UnRegisterSelfPermStateChangeCallback(callbackPtr); ASSERT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(AccessTokenError::ERR_INTERFACE_NOT_USED_TOGETHER, res); -} + SetSelfTokenID(selfTokenId_); -/** - * @tc.name: UnRegisterPermStateChangeCallback003 - * @tc.desc: UnRegisterPermStateChangeCallback caller is normal app. - * @tc.type: FUNC - * @tc.require: issueI66BH3 - */ -HWTEST_F(AccessTokenKitExtensionTest, UnRegisterPermStateChangeCallback003, TestSize.Level0) -{ - PermStateChangeScope scopeInfo; - scopeInfo.permList = {}; - scopeInfo.tokenIDs = {}; - auto callbackPtr = std::make_shared(scopeInfo); callbackPtr->ready_ = false; - int32_t res = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::GrantPermission(tokenID, "ohos.permission.CAMERA", 2); ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + callbackPtr->ready_ = false; - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); - ASSERT_EQ(ERR_NOT_SYSTEM_APP, res); + res = AccessTokenKit::RevokePermission(tokenID, "ohos.permission.CAMERA", 2); + ASSERT_EQ(RET_SUCCESS, res); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(false, callbackPtr->ready_); - EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); - res = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr); + res = AccessTokenKit::DeleteToken(tokenID); ASSERT_EQ(RET_SUCCESS, res); } @@ -1837,6 +1574,7 @@ HWTEST_F(AccessTokenKitExtensionTest, PermStateChangeCallback001, TestSize.Level callback->PermStateChangeCallback(result); ASSERT_EQ(callback->customizedCallback_, nullptr); + callback->Stop(); } class TestCallBack : public PermissionStateChangeCallbackStub { @@ -2076,6 +1814,38 @@ HWTEST_F(AccessTokenKitExtensionTest, GetRenderTokenIDTest002, TestSize.Level1) ASSERT_EQ(invalidTokenID, retTokenId); } +/** + * @tc.name: IsSystemAppByFullTokenIDTest003 + * @tc.desc: check systemapp level by TokenIDEx after AllocHapToken function set isSystemApp false. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitExtensionTest, IsSystemAppByFullTokenIDTest003, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenIDEx tokenIdEx1 = AccessTokenKit::GetHapTokenIDEx(1, "accesstoken_test", 0); + ASSERT_EQ(tokenIdEx.tokenIDEx, tokenIdEx1.tokenIDEx); + bool res = AccessTokenKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx); + ASSERT_TRUE(res); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); +} + +/** + * @tc.name: GetRenderTokenIDTest003 + * @tc.desc: AccessTokenKit::GetRenderTokenID function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenKitExtensionTest, GetRenderTokenIDTest003, TestSize.Level1) +{ + uint64_t invalidTokenID = 0; + uint64_t retTokenId = 1; /* 1, for testing purposes */ + + retTokenId = AccessTokenKit::GetRenderTokenID(invalidTokenID); + ASSERT_EQ(invalidTokenID, retTokenId); +} + #ifdef TOKEN_SYNC_ENABLE namespace { class TokenSyncCallbackStubTest : public TokenSyncCallbackStub { @@ -2106,19 +1876,19 @@ public: int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "UpdateRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; }; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index 7f4cd3b4a69bfa37639f410671da0152d4863b0d..9f86b5180e9e48026bce7f46bdb9f79786879fd3 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -17,9 +17,8 @@ #include #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "i_accesstoken_manager.h" -#include "native_token_info_for_sync_parcel.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -42,7 +41,8 @@ static const int32_t INDEX_ONE = 1; static const int32_t INDEX_TWO = 2; static const int32_t INDEX_THREE = 3; static const int32_t INDEX_FOUR = 4; -static const int32_t RANDOM_UID = 123; +static const std::string TEST_PERMISSION_NAME_A_MICRO = "ohos.permission.MICROPHONE"; +static const std::string TEST_PERMISSION_NAME_A_CAMERA = "ohos.permission.SET_WIFI_INFO"; PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "ohos.permission.test1", @@ -156,6 +156,7 @@ void NativeTokenGet() void AccessTokenKitTest::SetUpTestCase() { + setuid(0); // make test case clean AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, @@ -184,6 +185,20 @@ void AccessTokenKitTest::TearDownTestCase() void TestPreparePermStateList(HapPolicyParams &policy) { + PermissionStateFull permStatMicro = { + .permissionName = TEST_PERMISSION_NAME_A_MICRO, + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + PermissionStateFull permStatCamera = { + .permissionName = TEST_PERMISSION_NAME_A_CAMERA, + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} + }; PermissionStateFull permStatAlpha = { .permissionName = TEST_PERMISSION_NAME_ALPHA, .isGeneral = true, @@ -198,7 +213,8 @@ void TestPreparePermStateList(HapPolicyParams &policy) .grantStatus = {PermissionState::PERMISSION_GRANTED}, .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} }; - + policy.permStateList.emplace_back(permStatMicro); + policy.permStateList.emplace_back(permStatCamera); policy.permStateList.emplace_back(permStatAlpha); policy.permStateList.emplace_back(permStatBeta); } @@ -295,39 +311,39 @@ AccessTokenID AccessTokenKitTest::AllocTestToken( } /** - * @tc.name: GetUserGrantedPermissionUsedType001 + * @tc.name: GetPermissionUsedType001 * @tc.desc: Get hap permission visit type return invalid. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetPermissionUsedType001, TestSize.Level1) { std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(selfTokenId_, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(selfTokenId_, accessBluetooth)); AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(0, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(0, accessBluetooth)); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER")); + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.ACCELEROMETER")); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, "ohos.permission.xxxxx")); + AccessTokenKit::GetPermissionUsedType(tokenID, "ohos.permission.xxxxx")); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); } /** - * @tc.name: GetUserGrantedPermissionUsedType002 + * @tc.name: GetPermissionUsedType002 * @tc.desc: Different grant permission modes get different visit type. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType002, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, GetPermissionUsedType002, TestSize.Level1) { std::string accessBluetooth = "ohos.permission.ACCESS_BLUETOOTH"; std::string sendMessages = "ohos.permission.SEND_MESSAGES"; @@ -361,50 +377,19 @@ HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType002, TestSize.Level AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, testPolicyPrams); EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, accessBluetooth)); + AccessTokenKit::GetPermissionUsedType(tokenID, accessBluetooth)); - EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, sendMessages)); + EXPECT_EQ(PermUsedTypeEnum::NORMAL_TYPE, AccessTokenKit::GetPermissionUsedType(tokenID, sendMessages)); - EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, writeCalendar)); int32_t selfUid = getuid(); EXPECT_EQ(0, SetSelfTokenID(tokenID)); setuid(1); EXPECT_EQ(PermUsedTypeEnum::INVALID_USED_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, writeCalendar)); + AccessTokenKit::GetPermissionUsedType(tokenID, writeCalendar)); setuid(selfUid); ASSERT_EQ(0, SetSelfTokenID(selfTokenId_)); } -/** - * @tc.name: GetUserGrantedPermissionUsedType003 - * @tc.desc: Get security component visit type. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenKitTest, GetUserGrantedPermissionUsedType003, TestSize.Level1) -{ - std::string distributedDatasync = "ohos.permission.DISTRIBUTED_DATASYNC"; - PermissionStateFull testState1 = { - .permissionName = distributedDatasync, - .isGeneral = true, - .resDeviceID = {"local5"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {0}, - }; - HapPolicyParams testPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain5", - .permList = {}, - .permStateList = {testState1} - }; - AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, testPolicyPrams); - - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, distributedDatasync, PERMISSION_COMPONENT_SET)); - EXPECT_EQ(PermUsedTypeEnum::SEC_COMPONENT_TYPE, - AccessTokenKit::GetUserGrantedPermissionUsedType(tokenID, distributedDatasync)); -} - /** * @tc.name: GetDefPermission001 * @tc.desc: Get permission definition info after AllocHapToken function has been invoked. @@ -516,11 +501,6 @@ HWTEST_F(AccessTokenKitTest, GetDefPermissions003, TestSize.Level1) std::vector permDefList; int ret = AccessTokenKit::GetDefPermissions(TEST_TOKENID_INVALID, permDefList); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - - std::vector permDefListRes; - ret = AccessTokenKit::GetDefPermissions(tokenId, permDefListRes); - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret); - ASSERT_EQ(static_cast(0), permDefListRes.size()); } /** @@ -555,9 +535,9 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions001, TestSize.Level1) int res = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); + ASSERT_EQ(TEST_PERMISSION_NAME_A_MICRO, permStatList[0].permissionName); - res = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + res = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(res, permStatList[0].grantStatus[0]); } @@ -575,9 +555,9 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions002, TestSize.Level1) int ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, true); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(TEST_PERMISSION_NAME_BETA, permStatList[0].permissionName); + ASSERT_EQ(TEST_PERMISSION_NAME_A_CAMERA, permStatList[0].permissionName); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(ret, permStatList[0].grantStatus[0]); } @@ -598,12 +578,12 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions003, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); HapPolicyParams policy = { - .apl = hapInfo.apl, + .apl = APL_NORMAL, .domain = "domain" }; policy.permStateList.clear(); UpdateHapInfoParams info; - info.appIDDesc = hapInfo.appID; + info.appIDDesc = "appIDDesc"; info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); @@ -657,7 +637,7 @@ HWTEST_F(AccessTokenKitTest, GetReqPermissions005, TestSize.Level0) int32_t ret = AccessTokenKit::GetReqPermissions(tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(TEST_PERMISSION_NAME_ALPHA, permStatList[0].permissionName); + ASSERT_EQ(TEST_PERMISSION_NAME_A_MICRO, permStatList[0].permissionName); } } @@ -671,11 +651,11 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag001, TestSize.Level1) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(PERMISSION_USER_FIXED, flag); ASSERT_EQ(RET_SUCCESS, ret); } @@ -702,7 +682,7 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag002, TestSize.Level1) ret = AccessTokenKit::GetPermissionFlag(tokenID, invalidPerm, flag); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); AccessTokenKit::DeleteToken(tokenID); @@ -723,10 +703,10 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag003, TestSize.Level0) ASSERT_NE(INVALID_TOKENID, tokenID); uint32_t flag; for (int i = 0; i < CYCLE_TIMES; i++) { - int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(PERMISSION_USER_FIXED, flag); } @@ -748,7 +728,7 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag004, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); uint32_t flag; - int ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + int ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -769,17 +749,36 @@ HWTEST_F(AccessTokenKitTest, GetPermissionFlag005, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); uint32_t flag; - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(PERMISSION_USER_FIXED, flag); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: GetTokenIDByUserID001 + * @tc.desc: Get token id by user id. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenKitTest, GetTokenIDByUserID001, TestSize.Level1) +{ + int32_t userID = -1; + std::unordered_set tokenIdList; + int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList); + EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + userID = 100; + ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIdList); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_NE(static_cast(0), tokenIdList.size()); +} + /** * @tc.name: SetPermissionRequestToggleStatus001 * @tc.desc: Set permission request toggle status that userId, permission or status is invalid. @@ -797,13 +796,13 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus001, TestSize.Level // Status is invalid. status = 2; - ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, userID); + ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, userID); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); // UserID is invalid. userID = -1; status = PermissionRequestToggleStatus::CLOSED; - ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, userID); + ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, userID); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } @@ -821,7 +820,7 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus002, TestSize.Level EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); uint32_t status = PermissionRequestToggleStatus::CLOSED; - int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestNormalInfoParms.userID); ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); } @@ -843,12 +842,12 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus003, TestSize.Level setuid(10001); // 10001: UID uint32_t status = PermissionRequestToggleStatus::CLOSED; - int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); status = PermissionRequestToggleStatus::OPEN; - ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); @@ -867,7 +866,7 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus004, TestSize.Level AccessTokenIDEx tokenIdEx = {0}; PermissionDef infoManagerTestPermDef = { - .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -901,12 +900,12 @@ HWTEST_F(AccessTokenKitTest, SetPermissionRequestToggleStatus004, TestSize.Level setuid(10001); // 10001: UID uint32_t status = PermissionRequestToggleStatus::CLOSED; - int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); status = PermissionRequestToggleStatus::OPEN; - ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); @@ -931,7 +930,7 @@ HWTEST_F(AccessTokenKitTest, GetPermissionRequestToggleStatus001, TestSize.Level // UserId is invalid. userID = -1; - ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, userID); + ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, userID); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } @@ -949,7 +948,7 @@ HWTEST_F(AccessTokenKitTest, GetPermissionRequestToggleStatus002, TestSize.Level EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); uint32_t status; - int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestNormalInfoParms.userID); ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); } @@ -971,7 +970,7 @@ HWTEST_F(AccessTokenKitTest, GetPermissionRequestToggleStatus003, TestSize.Level setuid(10001); // 10001: UID uint32_t getStatus; - int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, getStatus, + int32_t ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, getStatus, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); @@ -984,7 +983,7 @@ static void AllocAndSetHapToken(void) AccessTokenIDEx tokenIdEx = {0}; PermissionDef infoManagerTestPermDef1 = { - .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG", + .permissionName = "ohos.permission.DISABLE_PERMISSION_DIALOG_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -1004,7 +1003,7 @@ static void AllocAndSetHapToken(void) }; PermissionDef infoManagerTestPermDef2 = { - .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS_TEST", .bundleName = "accesstoken_test", .grantMode = 1, .availableLevel = APL_NORMAL, @@ -1050,25 +1049,25 @@ HWTEST_F(AccessTokenKitTest, GetPermissionRequestToggleStatus004, TestSize.Level // Set a closed status value. uint32_t status = PermissionRequestToggleStatus::CLOSED; - int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + int32_t ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); // Get a closed status value. uint32_t getStatus; - ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, getStatus, + ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, getStatus, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(PermissionRequestToggleStatus::CLOSED, getStatus); // Set a open status value. status = PermissionRequestToggleStatus::OPEN; - ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, status, + ret = AccessTokenKit::SetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, status, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); // Get a open status value. - ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_ALPHA, getStatus, + ret = AccessTokenKit::GetPermissionRequestToggleStatus(TEST_PERMISSION_NAME_A_MICRO, getStatus, g_infoManagerTestSystemInfoParms.userID); ASSERT_EQ(RET_SUCCESS, ret); ASSERT_EQ(PermissionRequestToggleStatus::OPEN, getStatus); @@ -1087,20 +1086,20 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken001, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); } @@ -1114,20 +1113,20 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken002, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(PERMISSION_DENIED, ret); } @@ -1153,16 +1152,16 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken003, TestSize.Level0) ret = AccessTokenKit::VerifyAccessToken(tokenID, invalidPerm, false); ASSERT_EQ(PERMISSION_DENIED, ret); - AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA); + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_A_CAMERA); ASSERT_EQ(PERMISSION_DENIED, ret); - AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_BETA, false); + AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(PERMISSION_DENIED, ret); AccessTokenKit::DeleteToken(tokenID); - AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA); ASSERT_EQ(PERMISSION_DENIED, ret); - AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA, false); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(PERMISSION_DENIED, ret); } @@ -1178,7 +1177,7 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken004, TestSize.Level0) AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); HapTokenInfo hapInfo; @@ -1194,22 +1193,116 @@ HWTEST_F(AccessTokenKitTest, VerifyAccessToken004, TestSize.Level0) ASSERT_EQ(RET_SUCCESS, ret); HapPolicyParams policy = { - .apl = hapInfo.apl, + .apl = APL_NORMAL, .domain = "domain", .permList = permDefList, .permStateList = permStatList }; UpdateHapInfoParams info; - info.appIDDesc = hapInfo.appID; + info.appIDDesc = "appIDDesc"; info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); } +/** + * @tc.name: VerifyAccessTokenWithList001 + * @tc.desc: Verify permission with list. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenKitTest, VerifyAccessTokenWithList001, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + std::vector permissionList; + permissionList.emplace_back(TEST_PERMISSION_NAME_A_MICRO); + permissionList.emplace_back(TEST_PERMISSION_NAME_A_CAMERA); + + std::vector permStateList; + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + for (size_t i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]); + } + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true); + for (size_t i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_GRANTED, permStateList[i]); + } + + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + for (size_t i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_DENIED, permStateList[i]); + } + + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, true); + for (size_t i = 0; i < permissionList.size(); i++) { + ASSERT_EQ(PERMISSION_DENIED, permStateList[i]); + } +} + +/** + * @tc.name: VerifyAccessTokenWithList002 + * @tc.desc: Verify permission that tokenID or permission is invalid. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenKitTest, VerifyAccessTokenWithList002, TestSize.Level0) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + + std::vector permissionList; + permissionList.emplace_back(TEST_PERMISSION_NAME_GAMMA); + std::vector permStateList; + int ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList, false); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + permissionList.clear(); + permissionList.emplace_back(""); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + std::string invalidPerm(INVALID_PERMNAME_LEN, 'a'); + permissionList.clear(); + permissionList.emplace_back(invalidPerm); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(tokenID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + + permissionList.clear(); + permissionList.emplace_back(TEST_PERMISSION_NAME_A_MICRO); + permissionList.emplace_back(TEST_PERMISSION_NAME_A_CAMERA); + permissionList.emplace_back(invalidPerm); + permStateList.clear(); + ret = AccessTokenKit::VerifyAccessToken(TEST_TOKENID_INVALID, permissionList, permStateList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(PERMISSION_DENIED, permStateList[0]); + ASSERT_EQ(PERMISSION_DENIED, permStateList[1]); + ASSERT_EQ(PERMISSION_DENIED, permStateList[2]); +} + /** * @tc.name: GrantPermission001 * @tc.desc: Grant permission that has ohos.permission.GRANT_SENSITIVE_PERMISSIONS @@ -1220,16 +1313,16 @@ HWTEST_F(AccessTokenKitTest, GrantPermission001, TestSize.Level0) { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); } @@ -1275,13 +1368,13 @@ HWTEST_F(AccessTokenKitTest, GrantPermission003, TestSize.Level0) ASSERT_NE(INVALID_TOKENID, tokenID); uint32_t flag; for (int i = 0; i < CYCLE_TIMES; i++) { - int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(PERMISSION_USER_FIXED, flag); ASSERT_EQ(RET_SUCCESS, ret); } @@ -1298,7 +1391,7 @@ HWTEST_F(AccessTokenKitTest, GrantPermission004, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); int32_t invalidFlag = -1; - int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, invalidFlag); + int32_t ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, invalidFlag); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } @@ -1317,7 +1410,7 @@ HWTEST_F(AccessTokenKitTest, GrantPermission005, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); } @@ -1336,10 +1429,10 @@ HWTEST_F(AccessTokenKitTest, GrantPermission006, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_GRANTED, ret); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -1355,16 +1448,16 @@ HWTEST_F(AccessTokenKitTest, RevokePermission001, TestSize.Level0) { AccessTokenID tokenId = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenId); - int ret = AccessTokenKit::RevokePermission(tokenId, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::RevokePermission(tokenId, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenId, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenId, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::RevokePermission(tokenId, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ret = AccessTokenKit::RevokePermission(tokenId, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenId, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenId, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); } @@ -1410,13 +1503,13 @@ HWTEST_F(AccessTokenKitTest, RevokePermission003, TestSize.Level0) ASSERT_NE(INVALID_TOKENID, tokenID); uint32_t flag; for (int i = 0; i < CYCLE_TIMES; i++) { - int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); + ret = AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); ASSERT_EQ(PERMISSION_USER_FIXED, flag); ASSERT_EQ(RET_SUCCESS, ret); } @@ -1433,7 +1526,7 @@ HWTEST_F(AccessTokenKitTest, RevokePermission004, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); int invalidFlag = -1; - int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, invalidFlag); + int32_t ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, invalidFlag); ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); } @@ -1452,7 +1545,7 @@ HWTEST_F(AccessTokenKitTest, RevokePermission005, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -1473,16 +1566,16 @@ HWTEST_F(AccessTokenKitTest, RevokePermission006, TestSize.Level0) AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); ASSERT_NE(INVALID_TOKENID, tokenID); - int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); + int ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_BETA, PERMISSION_USER_FIXED); + ret = AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_CAMERA, PERMISSION_USER_FIXED); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -1501,10 +1594,10 @@ HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState001, TestSize.Level0 int ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_BETA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_CAMERA, false); ASSERT_EQ(PERMISSION_DENIED, ret); } @@ -1542,7 +1635,7 @@ HWTEST_F(AccessTokenKitTest, ClearUserGrantedPermissionState003, TestSize.Level0 int32_t ret = AccessTokenKit::ClearUserGrantedPermissionState(tokenID); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + ret = AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); ASSERT_EQ(PERMISSION_DENIED, ret); } } @@ -1656,14 +1749,11 @@ HWTEST_F(AccessTokenKitTest, GetHapTokenInfo001, TestSize.Level0) int ret = AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_EQ(hapTokenInfoRes.apl, APL_NORMAL); ASSERT_EQ(hapTokenInfoRes.userID, TEST_USER_ID); ASSERT_EQ(hapTokenInfoRes.tokenID, tokenID); ASSERT_EQ(hapTokenInfoRes.tokenAttr, static_cast(0)); ASSERT_EQ(hapTokenInfoRes.instIndex, 0); - ASSERT_EQ(hapTokenInfoRes.appID, "appIDDesc"); - ASSERT_EQ(hapTokenInfoRes.bundleName, TEST_BUNDLE_NAME); } @@ -1903,6 +1993,13 @@ HWTEST_F(AccessTokenKitTest, ReloadNativeTokenInfo002, TestSize.Level1) ASSERT_EQ(token1, token2); ASSERT_EQ( PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(token2, "ohos.permission.MANAGE_HAP_TOKENID", false)); + + uint64_t token3 = GetNativeTokenTest("TestCase_core", perms, 1); + ASSERT_NE(INVALID_TOKENID, token3); + + ASSERT_EQ(token1, token3); + ASSERT_EQ( + PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(token3, "ohos.permission.MANAGE_HAP_TOKENID", false)); } /** @@ -2574,9 +2671,6 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken001, TestSize.Level1) HapTokenInfo hapTokenInfoRes; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); - ASSERT_EQ(hapTokenInfoRes.appID, info.appIDDesc); - ASSERT_EQ(hapTokenInfoRes.apl, APL_SYSTEM_BASIC); - g_infoManagerTestPolicyPrams.apl = apl; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -2627,8 +2721,6 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken003, TestSize.Level1) HapTokenInfo hapTokenInfoRes; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); - ASSERT_EQ(hapTokenInfoRes.appID, g_infoManagerTestInfoParms.appIDDesc); - ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } @@ -2657,8 +2749,6 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken004, TestSize.Level1) HapTokenInfo hapTokenInfoRes; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GetHapTokenInfo(tokenID, hapTokenInfoRes)); - - ASSERT_EQ(hapTokenInfoRes.apl, apl); g_infoManagerTestPolicyPrams.apl = apl; ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); @@ -2892,20 +2982,34 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken008, TestSize.Level1) */ HWTEST_F(AccessTokenKitTest, UpdateHapToken009, TestSize.Level1) { + static PermissionStateFull infoManagerTestStateA = { + .permissionName = "ohos.permission.CAMERA", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + static HapPolicyParams infoManagerTestPolicyPrams1 = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {infoManagerTestStateA} + }; + int ret; std::vector permDefList; const std::string appIDDesc = g_infoManagerTestInfoParms.appIDDesc; PermissionDef infoManagerTestPermDef = g_infoManagerTestPermDef1; - PermissionStateFull infoManagerTestState = g_infoManagerTestState1; - std::string permisson = infoManagerTestState.permissionName; + PermissionStateFull infoManagerTestState = infoManagerTestStateA; + std::string permission = infoManagerTestStateA.permissionName; DeleteTestToken(); AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, infoManagerTestPolicyPrams1); AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; GTEST_LOG_(INFO) << "tokenID :" << tokenID; - ASSERT_EQ(AccessTokenKit::VerifyAccessToken(tokenID, permisson, false), infoManagerTestState.grantStatus[0]); + ASSERT_EQ(AccessTokenKit::VerifyAccessToken(tokenID, permission, false), infoManagerTestState.grantStatus[0]); infoManagerTestState.grantStatus[0] = PermissionState::PERMISSION_DENIED; HapPolicyParams infoManagerTestPolicyPrams = { @@ -2922,7 +3026,7 @@ HWTEST_F(AccessTokenKitTest, UpdateHapToken009, TestSize.Level1) ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, infoManagerTestPolicyPrams); ASSERT_EQ(RET_SUCCESS, ret); - ASSERT_NE(AccessTokenKit::VerifyAccessToken(tokenID, permisson, false), PermissionState::PERMISSION_DENIED); + ASSERT_NE(AccessTokenKit::VerifyAccessToken(tokenID, permission, false), PermissionState::PERMISSION_DENIED); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } @@ -3045,13 +3149,13 @@ void ConcurrencyTask(unsigned int tokenID) { uint32_t flag; for (int i = 0; i < CYCLE_TIMES; i++) { - AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_FIXED); - AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); - AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + AccessTokenKit::GrantPermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_FIXED); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); - AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_ALPHA, PERMISSION_USER_SET); - AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_ALPHA, flag); - AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_ALPHA, false); + AccessTokenKit::RevokePermission(tokenID, TEST_PERMISSION_NAME_A_MICRO, PERMISSION_USER_SET); + AccessTokenKit::GetPermissionFlag(tokenID, TEST_PERMISSION_NAME_A_MICRO, flag); + AccessTokenKit::VerifyAccessToken(tokenID, TEST_PERMISSION_NAME_A_MICRO, false); } } @@ -3074,38 +3178,6 @@ HWTEST_F(AccessTokenKitTest, ConcurrencyTest001, TestSize.Level1) } } -/** - * @tc.name: CheckNativeDCap001 - * @tc.desc: cannot Check native dcap with invalid tokenID. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, CheckNativeDCap001, TestSize.Level1) -{ - AccessTokenID tokenID = 0; - const std::string dcap = "AT_CAP"; - int ret = AccessTokenKit::CheckNativeDCap(tokenID, dcap); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); - - tokenID = 1; - ret = AccessTokenKit::CheckNativeDCap(tokenID, dcap); - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, ret); -} - -/** - * @tc.name: CheckNativeDCap002 - * @tc.desc: cannot Check native dcap with invalid dcap. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(AccessTokenKitTest, CheckNativeDCap002, TestSize.Level1) -{ - AccessTokenID tokenID = 0Xff; - const std::string invalidDcap (INVALID_DCAP_LEN, 'x'); - int ret = AccessTokenKit::CheckNativeDCap(tokenID, invalidDcap); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); -} - /** * @tc.name: GetNativeTokenInfo001 * @tc.desc: cannot get native token with invalid tokenID. @@ -3246,81 +3318,124 @@ HWTEST_F(AccessTokenKitTest, SetPermDialogCap002, TestSize.Level1) } /** - * @tc.name: GetSelfPermissionsState001 - * @tc.desc: get self permissions state with wrong token type. + * @tc.name: UserPolicyTest + * @tc.desc: UserPolicyTest. * @tc.type: FUNC * @tc.require: */ -HWTEST_F(AccessTokenKitTest, GetSelfPermissionsState001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, UserPolicyTest, TestSize.Level1) { - AccessTokenID tokenID = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - HapBaseInfo hapBaseInfo = { - .userID = g_infoManagerTestInfoParms.userID, - .bundleName = g_infoManagerTestInfoParms.bundleName, - .instIndex = g_infoManagerTestInfoParms.instIndex, - }; + setuid(0); + const char **perms = new const char *[1]; + perms[INDEX_ZERO] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + uint64_t tokenID = GetNativeTokenTest("TestCase", perms, 1); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; + UserState user = {.userId = 100, .isActive = true}; // 100 is userId + const std::vector userList = { user }; + const std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, 0); + ret = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(ret, 0); +} - std::vector permsList; - PermissionListState tmp = { - .permissionName = g_infoManagerTestPolicyPrams.permStateList[0].permissionName, - .state = BUTT_OPER - }; - permsList.emplace_back(tmp); +/** + * @tc.name: GetHapTokenInfoExt001 + * @tc.desc: GetHapTokenInfoExt001. + * @tc.type: FUNC + * @tc.require: IAZTZD + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfoExt001, TestSize.Level1) +{ + setuid(0); + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + HapTokenInfoExt hapTokenInfoExt; + int ret = AccessTokenKit::GetHapTokenInfoExtension(tokenID, hapTokenInfoExt); + ASSERT_EQ(ret, 0); + ASSERT_EQ(TEST_BUNDLE_NAME, hapTokenInfoExt.baseInfo.bundleName); + ASSERT_EQ("appIDDesc", hapTokenInfoExt.appID); - // test dialog isn't forbiddedn - ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); - SetSelfTokenID(tokenID); - PermissionGrantInfo info; - ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + ret = AccessTokenKit::GetHapTokenInfoExtension(INVALID_TOKENID, hapTokenInfoExt); + ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); } /** - * @tc.name: GetNativeTokenName001 - * @tc.desc: AccessTokenKit::GetNativeTokenName. + * @tc.name: RequestAppPermOnSettingTest001 + * @tc.desc: RequestAppPermOnSetting invalid token. * @tc.type: FUNC - * @tc.require: + * @tc.require: Issue */ -HWTEST_F(AccessTokenKitTest, GetNativeTokenName001, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, RequestAppPermOnSettingTest001, TestSize.Level1) { - std::string name; - // invalid tokenId - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(INVALID_TOKENID, name)); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); - // invalid token type - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::GetNativeTokenName(tokenId, name)); + // invalid tokenID in client + AccessTokenID tokenID = 0; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenKit::RequestAppPermOnSetting(tokenID)); + // invalid tokenID in service + tokenID = 123; + ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, AccessTokenKit::RequestAppPermOnSetting(tokenID)); +} - std::string processName = "hdcd"; - tokenId = AccessTokenKit::GetNativeTokenId(processName); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(0, AccessTokenKit::GetNativeTokenName(tokenId, name)); - ASSERT_EQ(processName, name); +/** + * @tc.name: RequestAppPermOnSettingTest002 + * @tc.desc: RequestAppPermOnSetting not system app. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenKitTest, RequestAppPermOnSettingTest002, TestSize.Level0) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = 123; + int32_t ret = AccessTokenKit::RequestAppPermOnSetting(tokenID); + ASSERT_EQ(ERR_NOT_SYSTEM_APP, ret); } /** - * @tc.name: GetNativeTokenName002 - * @tc.desc: AccessTokenKit::GetNativeTokenName. + * @tc.name: RequestAppPermOnSettingTest003 + * @tc.desc: RequestAppPermOnSetting add hap and call function. * @tc.type: FUNC - * @tc.require: + * @tc.require: Issue Number */ -HWTEST_F(AccessTokenKitTest, GetNativeTokenName002, TestSize.Level1) +HWTEST_F(AccessTokenKitTest, RequestAppPermOnSettingTest003, TestSize.Level0) { - AccessTokenID tokenId = AllocTestToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenKit::GetTokenTypeFlag(tokenId)); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); // set self to hap + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - std::string name; - std::string processName = "hdcd"; - tokenId = AccessTokenKit::GetNativeTokenId(processName); + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestNormalInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + AccessTokenKit::RequestAppPermOnSetting(tokenID); +} - int32_t selfUid = getuid(); - setuid(RANDOM_UID); - // calling is not native token, permission denied - ASSERT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, AccessTokenKit::GetNativeTokenName(tokenId, name)); - setuid(selfUid); +/** + * @tc.name: RequestAppPermOnSettingTest004 + * @tc.desc: RequestAppPermOnSetting call function with self token. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AccessTokenKitTest, RequestAppPermOnSettingTest004, TestSize.Level0) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestSystemInfoParms, g_infoManagerTestPolicyPrams); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + AccessTokenKit::RequestAppPermOnSetting(tokenID); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp index 29ff4abfd7b09ffdeb2cd3e2fa57a13b342e1ef2..2cae73f64953a67f78c8b51e664e0b4e2569cf7d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_location_request_test.cpp @@ -45,7 +45,7 @@ PermissionStateFull g_locationTestStateSystemGrant = { .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} }; PermissionStateFull g_locationTestStateUserGrant = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = "ohos.permission.APP_TRACKING_CONSENT", .isGeneral = true, .resDeviceID = {"device"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -121,6 +121,7 @@ PermissionStateFull g_locationTestStateBack12 = { void AccessTokenLocationRequestTest::SetUpTestCase() { + setuid(0); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, TEST_INST_INDEX); AccessTokenKit::DeleteToken(tokenId); } @@ -1393,7 +1394,7 @@ HWTEST_F(AccessTokenLocationRequestTest, GetSelfPermissionsState027, TestSize.Le .state = SETTING_OPER, }; PermissionListState permUser27 = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = "ohos.permission.APP_TRACKING_CONSENT", .state = SETTING_OPER, }; @@ -1619,7 +1620,6 @@ HWTEST_F(AccessTokenLocationRequestTest, GetSelfPermissionsState033, TestSize.Le ASSERT_EQ(DYNAMIC_OPER, ret); ASSERT_EQ(static_cast(2), permsList33.size()); ASSERT_EQ(DYNAMIC_OPER, permsList33[0].state); - ASSERT_EQ(DYNAMIC_OPER, permsList33[0].state); } /** @@ -2348,7 +2348,7 @@ HWTEST_F(AccessTokenLocationRequestTest, GetSelfPermissionsState050, TestSize.Le .state = SETTING_OPER, }; PermissionListState permUser50 = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = "ohos.permission.APP_TRACKING_CONSENT", .state = SETTING_OPER, }; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..956b4adc369037677fd1a02b8c9edb900489f0e6 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.cpp @@ -0,0 +1,252 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_short_time_permission_test.h" +#include "accesstoken_kit.h" +#include "access_token_error.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const int32_t INDEX_ZERO = 0; +static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; +static PermissionStateFull g_permiState = { + .permissionName = SHORT_TEMP_PERMISSION, + .isGeneral = true, + .resDeviceID = {"localC"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +static HapPolicyParams g_policyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permStateList = {g_permiState} +}; + +static HapInfoParams g_infoParms = { + .userID = 1, + .bundleName = "AccessTokenShortTimePermTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +} + +static uint64_t GetNativeTokenTest(const char *processName, const char **perms, int32_t permNum) +{ + uint64_t tokenId; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = permNum, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = processName, + }; + + tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + return tokenId; +} + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // 1: array size + perms[INDEX_ZERO] = "ohos.permission.DISTRIBUTED_DATASYNC"; + + tokenID = GetNativeTokenTest("AccessTokenShortTimePermTest", perms, 1); // 1: array size + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + delete[] perms; +} + +using namespace testing::ext; + +void AccessTokenShortTimePermTest::SetUpTestCase() +{ + NativeTokenGet(); + GTEST_LOG_(INFO) << "tokenID is " << GetSelfTokenID(); + GTEST_LOG_(INFO) << "uid is " << getuid(); +} + +void AccessTokenShortTimePermTest::TearDownTestCase() +{ +} + +void AccessTokenShortTimePermTest::SetUp() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); + + AccessTokenKit::AllocHapToken(g_infoParms, g_policyPrams); +} + +void AccessTokenShortTimePermTest::TearDown() +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + AccessTokenKit::DeleteToken(tokenID); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime001 + * @tc.desc: GrantPermissionForSpecifiedTime without invalid parameter. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime001, TestSize.Level1) +{ + AccessTokenID tokenId = INVALID_TOKENID; + uint32_t onceTime = 0; + + /* 0 is invalid token id */ + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, "permission", onceTime)); + + tokenId = 123; + /* 0 is invalid permissionName length */ + const std::string invalidPerm1 = ""; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm1, onceTime)); + + /* 256 is invalid permissionName length */ + const std::string invalidPerm2 (257, 'x'); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, invalidPerm2, onceTime)); + + /* 0 is invalid time */ + uint32_t invalidOnceTime1 = 0; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime1)); + + /* 301 is invalid time */ + uint32_t invalidOnceTime2 = 301; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenId, SHORT_TEMP_PERMISSION, invalidOnceTime2)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime003 + * @tc.desc: permission is not request. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime003, TestSize.Level1) +{ + HapPolicyParams policyPrams = g_policyPrams; + HapInfoParams infoParms = g_infoParms; + policyPrams.permStateList.clear(); + + AccessTokenKit::AllocHapToken(infoParms, policyPrams); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(infoParms.userID, + infoParms.bundleName, + infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime002 + * @tc.desc: test unsupport permission. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime002, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; // 10: 10s + std::string permission = "ohos.permission.CAMERA"; + + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, permission, onceTime)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime004 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after onceTime is reached. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime004, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 2; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(onceTime); + + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION, true)); +} + +/** + * @tc.name: GrantPermissionForSpecifiedTime005 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. onceTime is update when GrantPermissionForSpecifiedTime is called twice. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(AccessTokenShortTimePermTest, GrantPermissionForSpecifiedTime005, TestSize.Level1) +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoParms.userID, + g_infoParms.bundleName, + g_infoParms.instIndex); + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 3; + + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + sleep(onceTime - 1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // update onceTime + onceTime = 5; + ASSERT_EQ(RET_SUCCESS, + AccessTokenKit::GrantPermissionForSpecifiedTime(tokenID, SHORT_TEMP_PERMISSION, onceTime)); + + // first onceTime is reached, permission is not revoked + sleep(1); + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // second onceTime is reached, permission is revoked + sleep(onceTime); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h new file mode 100644 index 0000000000000000000000000000000000000000..5823417965c928145b7e8c2606dad5b0582c3e58 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_short_time_permission_test.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H +#define ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenShortTimePermTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_KIT_SHORT_TIME_PERM_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp index 430b85dedbe5f739ca410cab292184018cfa9cb8..f41836405247b8ee50656e08ff4cf93d611d59f5 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/app_installation_optimized_test.cpp @@ -17,9 +17,8 @@ #include #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "accesstoken_service_ipc_interface_code.h" -#include "native_token_info_for_sync_parcel.h" #include "nativetoken_kit.h" #include "permission_grant_info.h" #include "permission_state_change_info_parcel.h" @@ -34,13 +33,11 @@ namespace AccessToken { namespace { const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; const std::string CERT_PERMISSION = "ohos.permission.ACCESS_CERT_MANAGER"; -const std::string MICROPHONE_PERMISSION = "ohos.permission.MICROPHONE"; -const std::string CAMERA_PERMISSION = "ohos.permission.CAMERA"; +const std::string CALENDAR_PERMISSION = "ohos.permission.WRITE_CALENDAR"; +const std::string APP_TRACKING_PERMISSION = "ohos.permission.APP_TRACKING_CONSENT"; const std::string ACCESS_BLUETOOTH_PERMISSION = "ohos.permission.ACCESS_BLUETOOTH"; static constexpr int32_t DEFAULT_API_VERSION = 8; static constexpr int32_t MAX_PERM_LIST_SIZE = 1024; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AppInstallationOptimizedTest"}; PermissionStateFull g_tddPermReq = { .permissionName = MANAGE_HAP_TOKENID_PERMISSION, @@ -66,7 +63,7 @@ PermissionStateFull g_tddPermRevoke = { .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} }; PermissionStateFull g_infoManagerCameraState = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .isGeneral = true, .resDeviceID = {"local2"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -82,7 +79,7 @@ PermissionStateFull g_infoBlueToothManagerState = { }; PermissionStateFull g_infoManagerMicrophoneState = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .isGeneral = true, .resDeviceID = {"local2"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -175,7 +172,7 @@ void AppInstallationOptimizedTest::TearDownTestCase() void AppInstallationOptimizedTest::SetUp() { - ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); } void AppInstallationOptimizedTest::TearDown() @@ -244,11 +241,11 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken003, TestSize.Level1) int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId); EXPECT_EQ(RET_SUCCESS, res); int32_t ret = AccessTokenKit::VerifyAccessToken( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION); EXPECT_EQ(ret, PERMISSION_DENIED); uint32_t flag; AccessTokenKit::GetPermissionFlag( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, flag); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION, flag); EXPECT_EQ(flag, PERMISSION_DEFAULT_FLAG); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); } @@ -262,7 +259,7 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken003, TestSize.Level1) HWTEST_F(AppInstallationOptimizedTest, InitHapToken004, TestSize.Level1) { PreAuthorizationInfo info1 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams = { @@ -275,13 +272,13 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken004, TestSize.Level1) int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId); EXPECT_EQ(RET_SUCCESS, res); int32_t ret = AccessTokenKit::VerifyAccessToken( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION); EXPECT_EQ(ret, PERMISSION_GRANTED); std::vector permStatList; res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(MICROPHONE_PERMISSION, permStatList[0].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, permStatList[0].permissionName); EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); } @@ -296,7 +293,7 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken004, TestSize.Level1) HWTEST_F(AppInstallationOptimizedTest, InitHapToken005, TestSize.Level1) { PreAuthorizationInfo info1 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = true }; HapPolicyParams testPolicyParams = { @@ -309,14 +306,14 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken005, TestSize.Level1) int32_t res = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams, fullTokenId); EXPECT_EQ(RET_SUCCESS, res); int32_t ret = AccessTokenKit::VerifyAccessToken( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION); EXPECT_EQ(ret, PERMISSION_GRANTED); std::vector permStatList; res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(MICROPHONE_PERMISSION, permStatList[0].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, permStatList[0].permissionName); EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_GRANTED_BY_POLICY); ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullTokenId.tokenIdExStruct.tokenID)); } @@ -442,20 +439,21 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken011, TestSize.Level1) res = AccessTokenKit::InitHapToken(testHapInfoParams1, testPolicyParams, dlpFullTokenId1); EXPECT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(res, PERMISSION_DENIED); - (void)AccessTokenKit::GrantPermission(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_SET); + (void)AccessTokenKit::GrantPermission( + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION, PERMISSION_USER_SET); (void)AccessTokenKit::RevokePermission( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_SET); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION, PERMISSION_USER_SET); testHapInfoParams1.instIndex++; AccessTokenIDEx dlpFullTokenId2; res = AccessTokenKit::InitHapToken(testHapInfoParams1, testPolicyParams, dlpFullTokenId2); EXPECT_EQ(RET_SUCCESS, res); - res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId2.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId2.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(res, PERMISSION_GRANTED); - res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + res = AccessTokenKit::VerifyAccessToken(dlpFullTokenId1.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(res, PERMISSION_GRANTED); std::vector permStatList1; @@ -464,10 +462,10 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapToken011, TestSize.Level1) std::vector permStatList2; res = AccessTokenKit::GetReqPermissions(dlpFullTokenId2.tokenIdExStruct.tokenID, permStatList2, false); ASSERT_EQ(permStatList2.size(), permStatList1.size()); - EXPECT_EQ(CAMERA_PERMISSION, permStatList2[0].permissionName); + EXPECT_EQ(APP_TRACKING_PERMISSION, permStatList2[0].permissionName); EXPECT_EQ(permStatList2[0].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(permStatList2[0].grantFlags[0], PERMISSION_USER_SET); - EXPECT_EQ(MICROPHONE_PERMISSION, permStatList2[1].permissionName); + EXPECT_EQ(CALENDAR_PERMISSION, permStatList2[1].permissionName); EXPECT_EQ(permStatList2[1].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(permStatList2[1].grantFlags[0], PERMISSION_USER_SET); ASSERT_EQ(RET_SUCCESS, res); @@ -491,15 +489,15 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken001, TestSize.Level1) GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID; EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::VerifyAccessToken( - fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(PERMISSION_DENIED, ret); ret = AccessTokenKit::VerifyAccessToken( fullTokenId.tokenIdExStruct.tokenID, CERT_PERMISSION); EXPECT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::GrantPermission(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, 0); + ret = AccessTokenKit::GrantPermission(fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION, 0); EXPECT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(PERMISSION_GRANTED, ret); ret = AccessTokenKit::GrantPermission( fullTokenId.tokenIdExStruct.tokenID, ACCESS_BLUETOOTH_PERMISSION, PERMISSION_SYSTEM_FIXED); @@ -519,9 +517,9 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken001, TestSize.Level1) }; ret = AccessTokenKit::UpdateHapToken(fullTokenId, info, testPolicyParams2); ASSERT_EQ(RET_SUCCESS, ret); - ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION); + ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION); EXPECT_EQ(PERMISSION_DENIED, ret); ret = AccessTokenKit::VerifyAccessToken(fullTokenId.tokenIdExStruct.tokenID, ACCESS_BLUETOOTH_PERMISSION); EXPECT_EQ(PERMISSION_DENIED, ret); @@ -548,14 +546,14 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken002, TestSize.Level1) int32_t ret = AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullTokenId); EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::RevokePermission( - fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION, PERMISSION_USER_FIXED); EXPECT_EQ(RET_SUCCESS, ret); std::vector permStatList; int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), permStatList.size()); - ASSERT_EQ(CAMERA_PERMISSION, permStatList[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, permStatList[0].permissionName); EXPECT_EQ(permStatList[0].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(permStatList[0].grantFlags[0], PERMISSION_USER_FIXED); @@ -574,10 +572,10 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken002, TestSize.Level1) res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(2), permStatList1.size()); - ASSERT_EQ(CAMERA_PERMISSION, permStatList1[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, permStatList1[0].permissionName); EXPECT_EQ(permStatList1[0].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(permStatList1[0].grantFlags[0], PERMISSION_USER_FIXED); - ASSERT_EQ(MICROPHONE_PERMISSION, permStatList1[1].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, permStatList1[1].permissionName); EXPECT_EQ(permStatList1[1].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(permStatList1[1].grantFlags[0], PERMISSION_DEFAULT_FLAG); @@ -602,7 +600,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken003, TestSize.Level1) GTEST_LOG_(INFO) << "tokenID :" << fullTokenId.tokenIdExStruct.tokenID; EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::VerifyAccessToken( - fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION); + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION); EXPECT_EQ(PERMISSION_DENIED, ret); UpdateHapInfoParams info; @@ -610,7 +608,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken003, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = false; PreAuthorizationInfo info1 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = true }; HapPolicyParams testPolicyParams2 = { @@ -625,10 +623,10 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken003, TestSize.Level1) int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, permStatList1, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(2), permStatList1.size()); - ASSERT_EQ(CAMERA_PERMISSION, permStatList1[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, permStatList1[0].permissionName); EXPECT_EQ(permStatList1[0].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(permStatList1[0].grantFlags[0], PERMISSION_DEFAULT_FLAG); - ASSERT_EQ(MICROPHONE_PERMISSION, permStatList1[1].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, permStatList1[1].permissionName); EXPECT_EQ(permStatList1[1].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(permStatList1[1].grantFlags[0], PERMISSION_GRANTED_BY_POLICY); @@ -658,7 +656,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken004, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = true; PreAuthorizationInfo info1 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams2 = { @@ -673,7 +671,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken004, TestSize.Level1) int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(2), state.size()); - ASSERT_EQ(MICROPHONE_PERMISSION, state[1].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, state[1].permissionName); EXPECT_EQ(state[1].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(state[1].grantFlags[0], PERMISSION_SYSTEM_FIXED); @@ -866,7 +864,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken010, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = true; PreAuthorizationInfo info1 = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams2 = { @@ -881,7 +879,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken010, TestSize.Level1) int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), state.size()); - ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, state[0].permissionName); EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); @@ -911,7 +909,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken011, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = true; PreAuthorizationInfo info1 = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams2 = { @@ -926,7 +924,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken011, TestSize.Level1) int32_t res = AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); ASSERT_EQ(RET_SUCCESS, res); ASSERT_EQ(static_cast(1), state.size()); - ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, state[0].permissionName); EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(state[0].grantFlags[0], PERMISSION_SYSTEM_FIXED); @@ -951,10 +949,10 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken012, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::GrantPermission( - fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION, PERMISSION_USER_FIXED); EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::RevokePermission( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION, PERMISSION_USER_FIXED); EXPECT_EQ(RET_SUCCESS, ret); UpdateHapInfoParams info; @@ -962,11 +960,11 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken012, TestSize.Level1) info.apiVersion = DEFAULT_API_VERSION; info.isSystemApp = true; PreAuthorizationInfo info1 = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .userCancelable = false }; PreAuthorizationInfo info2 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams2 = { @@ -980,10 +978,10 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken012, TestSize.Level1) std::vector state; AccessTokenKit::GetReqPermissions(fullTokenId.tokenIdExStruct.tokenID, state, false); ASSERT_EQ(static_cast(2), state.size()); - ASSERT_EQ(CAMERA_PERMISSION, state[0].permissionName); + ASSERT_EQ(APP_TRACKING_PERMISSION, state[0].permissionName); EXPECT_EQ(state[0].grantStatus[0], PERMISSION_GRANTED); EXPECT_EQ(state[0].grantFlags[0], PERMISSION_USER_FIXED); - ASSERT_EQ(MICROPHONE_PERMISSION, state[1].permissionName); + ASSERT_EQ(CALENDAR_PERMISSION, state[1].permissionName); EXPECT_EQ(state[1].grantStatus[0], PERMISSION_DENIED); EXPECT_EQ(state[1].grantFlags[0], PERMISSION_USER_FIXED); @@ -1001,11 +999,11 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken012, TestSize.Level1) HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken013, TestSize.Level1) { PreAuthorizationInfo info1 = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .userCancelable = false }; PreAuthorizationInfo info2 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = false }; HapPolicyParams testPolicyParams1 = { @@ -1019,10 +1017,10 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken013, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::GrantPermission( - fullTokenId.tokenIdExStruct.tokenID, CAMERA_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, APP_TRACKING_PERMISSION, PERMISSION_USER_FIXED); EXPECT_NE(RET_SUCCESS, ret); ret = AccessTokenKit::RevokePermission( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION, PERMISSION_USER_FIXED); EXPECT_NE(RET_SUCCESS, ret); UpdateHapInfoParams info; @@ -1055,11 +1053,11 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken013, TestSize.Level1) HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken014, TestSize.Level1) { PreAuthorizationInfo info1 = { - .permissionName = CAMERA_PERMISSION, + .permissionName = APP_TRACKING_PERMISSION, .userCancelable = true }; PreAuthorizationInfo info2 = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = true }; HapPolicyParams testPolicyParams1 = { @@ -1073,7 +1071,7 @@ HWTEST_F(AppInstallationOptimizedTest, UpdateHapToken014, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, ret); ret = AccessTokenKit::RevokePermission( - fullTokenId.tokenIdExStruct.tokenID, MICROPHONE_PERMISSION, PERMISSION_USER_FIXED); + fullTokenId.tokenIdExStruct.tokenID, CALENDAR_PERMISSION, PERMISSION_USER_FIXED); EXPECT_EQ(RET_SUCCESS, ret); UpdateHapInfoParams info; @@ -1138,7 +1136,7 @@ HWTEST_F(AppInstallationOptimizedTest, InitHapTokenAbnormal002, TestSize.Level1) .aclRequestedList = {}, }; PreAuthorizationInfo info = { - .permissionName = MICROPHONE_PERMISSION, + .permissionName = CALENDAR_PERMISSION, .userCancelable = false }; for (uint32_t i = 0; i < MAX_PERM_LIST_SIZE; i++) { diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/clone_app_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/clone_app_permission_test.cpp index 5d4975777921bf1767c1a98b5be682b78cf34102..ae8b8fcc46477feeb5e0c65991594dc4dd1503d7 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/clone_app_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/clone_app_permission_test.cpp @@ -17,7 +17,7 @@ #include #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -27,13 +27,11 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; namespace { -static const std::string PERMISSION_ALL = "ohos.permission.CAMERA"; +static const std::string PERMISSION_ALL = "ohos.permission.APP_TRACKING_CONSENT"; static const std::string PERMISSION_FULL_CONTROL = "ohos.permission.WRITE_MEDIA"; static const std::string PERMISSION_NOT_DISPLAYED = "ohos.permission.ANSWER_CALL"; static const std::string TEST_PERMISSION_GRANT = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; static const std::string TEST_PERMISSION_REVOKE = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitExtensionTest"}; HapInfoParams g_infoParmsCommon = { .userID = 1, @@ -84,7 +82,7 @@ PermissionStateFull g_stateFullControl = { }; PermissionStateFull g_stateAll = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = PERMISSION_ALL, .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -109,7 +107,7 @@ void CloneAppPermissionTest::TearDownTestCase() void CloneAppPermissionTest::SetUp() { - ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); } void CloneAppPermissionTest::TearDown() @@ -151,7 +149,7 @@ void CloneAppPermissionTest::SetUpTestCase() EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); EXPECT_EQ(true, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx)); EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - ACCESSTOKEN_LOG_INFO(LABEL, "SetUpTestCase ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUpTestCase ok."); } static AccessTokenID AllocHapTokenId(HapInfoParams info, HapPolicyParams policy) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a644858e7a9c86e0ca67a64f6a48486cdde48399 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.cpp @@ -0,0 +1,592 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "edm_policy_set_test.h" +#include + +#include "accesstoken_kit.h" +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "permission_map.h" +#include "perm_setproc.h" +#include "token_setproc.h" +#include "tokenid_kit.h" + +using namespace testing::ext; +using namespace OHOS::Security::AccessToken; + +namespace { +static const uint32_t DEFAULT_ACCOUNT_ID = 100; +static const uint32_t MOCK_USER_ID_10001 = 10001; +static const uint32_t MOCK_USER_ID_10002 = 10002; +static const uint32_t MOCK_USER_ID_10003 = 10003; +const std::string MANAGE_HAP_TOKEN_ID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; +const std::string INTERNET = "ohos.permission.INTERNET"; +static const std::string GET_NETWORK_STATS = "ohos.permission.GET_NETWORK_STATS"; +static const std::string LOCATION = "ohos.permission.LOCATION"; +static const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; +static const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; + +PermissionStateFull g_infoManagerInternetState = { + .permissionName = INTERNET, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerNetWorkState = { + .permissionName = GET_NETWORK_STATS, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {0} +}; + +PermissionStateFull g_infoManagerManageNetState = { + .permissionName = LOCATION, + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {0} +}; + +// Permission set +HapInfoParams g_testHapInfoParams = { + .userID = 0, + .bundleName = "testName", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = 11 // api version is 11 +}; + +HapPolicyParams g_testPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerInternetState, + g_infoManagerNetWorkState, + g_infoManagerManageNetState, + } +}; + +uint64_t g_selfShellTokenId; + +PermissionStateFull g_tddPermReq = { + .permissionName = MANAGE_HAP_TOKEN_ID_PERMISSION, + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_tddPermGet = { + .permissionName = "ohos.permission.GET_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +PermissionStateFull g_tddPermRevoke = { + .permissionName = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS", + .isGeneral = true, + .resDeviceID = {"device3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} +}; + +HapInfoParams g_tddHapInfoParams = { + .userID = 1, + .bundleName = "EdmPolicySetTest", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = 11, // api version is 11 + .isSystemApp = true +}; + +HapPolicyParams g_tddPolicyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = {g_tddPermReq, g_tddPermGet, g_tddPermRevoke} +}; +} + +void EdmPolicySetTest::TearDownTestCase() +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_tddHapInfoParams.userID, + g_tddHapInfoParams.bundleName, + g_tddHapInfoParams.instIndex); + AccessTokenKit::DeleteToken(tokenId); +} + +void EdmPolicySetTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); +} + +void EdmPolicySetTest::TearDown() +{ +} + +void EdmPolicySetTest::SetUpTestCase() +{ + g_selfShellTokenId = GetSelfTokenID(); + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_tddHapInfoParams, g_tddPolicyParams); + SetSelfTokenID(tokenIdEx.tokenIDEx); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUpTestCase ok."); +} + +/** + * @tc.name: InitUserPolicy002 + * @tc.desc: InitUserPolicy failed invalid userList size. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy002, TestSize.Level1) +{ + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList(invalidSize); + std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy003 + * @tc.desc: InitUserPolicy failed empty userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy003, TestSize.Level1) +{ + std::vector userListEmtpy; + std::vector permList = { "ohos.permission.INTERNET" }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListEmtpy, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy004 + * @tc.desc: InitUserPolicy failed empty userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy004, TestSize.Level1) +{ + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList = { user }; + std::vector permList(invalidSize, "abc"); + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: InitUserPolicy005 + * @tc.desc: InitUserPolicy failed empty permList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy005, TestSize.Level1) +{ + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + std::vector userList = { user }; + std::vector permListEmpty; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permListEmpty); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: UpdateUserPolicy001 + * @tc.desc: UpdateUserPolicy failed with + * policy uninitialized and ClearUserPolicy successfully with policy uninitialized. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy001, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + UserState user = {.userId = DEFAULT_ACCOUNT_ID, .isActive = true}; + const std::vector userList = { user }; + int32_t res = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(res, AccessTokenError::ERR_USER_POLICY_NOT_INITIALIZED); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, RET_SUCCESS); +} + +/** + * @tc.name: InitUserPolicy008 + * @tc.desc: Check permission status in the heap. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy008, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + UserState user0 = {.userId = -1, .isActive = true}; + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + + std::vector userList = { user0, user1, user2}; + std::vector permList = { INTERNET, GET_NETWORK_STATS, LOCATION }; + int32_t res = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(res, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + std::vector permStatList; + res = AccessTokenKit::GetReqPermissions(fullIdUser2.tokenIdExStruct.tokenID, permStatList, true); + EXPECT_EQ(RET_SUCCESS, res); + ASSERT_EQ(static_cast(2), permStatList.size()); + EXPECT_EQ(INTERNET, permStatList[0].permissionName); + EXPECT_EQ(PERMISSION_GRANTED, permStatList[0].grantStatus[0]); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +/** + * @tc.name: InitUserPolicy007 + * @tc.desc: InitUserPolicy and the stock permission status is refreshed according to the policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, InitUserPolicy007, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("foundation"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10003; + AccessTokenIDEx fullIdUser3; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser3)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + UserState user0 = {.userId = -1, .isActive = true}; + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + UserState user3 = {.userId = MOCK_USER_ID_10003, .isActive = false}; + + std::vector userList = { user0, user1, user2, user3 }; + std::vector permList = { INTERNET, GET_NETWORK_STATS, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userList, permList); + EXPECT_EQ(ret, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser3.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +/** + * @tc.name: UpdateUserPolicy003 + * @tc.desc: UpdateUserPolicy with invalid userList. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy003, TestSize.Level1) +{ + const int32_t invalidSize = 1025; // 1025 is invalid size. + std::vector userList(invalidSize); + int32_t ret = AccessTokenKit::UpdateUserPolicy(userList); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); + + std::vector userListEmpty; + ret = AccessTokenKit::UpdateUserPolicy(userListEmpty); + EXPECT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: UpdateUserPolicy004 + * @tc.desc: UpdateUserPolicy and the stock permission status is refreshed according to the policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UpdateUserPolicy004, TestSize.Level1) +{ + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10003; + AccessTokenIDEx fullIdUser3; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser3)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = true}; + UserState user3 = {.userId = MOCK_USER_ID_10003, .isActive = true}; + std::vector userListBefore = { user1, user2, user3 }; + std::vector permList = { INTERNET, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); + EXPECT_EQ(ret, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + // update the policy + user1.isActive = true; + user2.isActive = false; + std::vector userListAfter = { user1, user2 }; + ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + EXPECT_EQ(ret, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser3.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser3.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + + +/** + * @tc.name: UserPolicyTestForNewHap + * @tc.desc: Set the authorization status based on the user policy during new hap installation + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyTestForNewHap, TestSize.Level1) +{ + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = true}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET, LOCATION }; + EXPECT_EQ(AccessTokenKit::InitUserPolicy(userListBefore, permList), 0); + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + // update the policy + user1.isActive = false; + user2.isActive = false; + std::vector userListAfter = { user1, user2 }; + int32_t ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + EXPECT_EQ(ret, 0); + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, LOCATION), + PERMISSION_DENIED); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + EXPECT_EQ(AccessTokenKit::ClearUserPolicy(), 0); +} + +/** + * @tc.name: UserPolicyTestForNewHap + * @tc.desc: Set the authorization status based on the user policy during new hap installation + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyTestForClearUserGranted, TestSize.Level1) +{ + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = true}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + std::vector userListBefore = { user1, user2 }; + std::vector permList = { INTERNET, LOCATION }; + int32_t ret = AccessTokenKit::InitUserPolicy(userListBefore, permList); + EXPECT_EQ(ret, 0); + + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser1.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, ret); + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser2.tokenIdExStruct.tokenID); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + // update the policy + user1.isActive = false; + user2.isActive = true; + std::vector userListAfter = { user1, user2 }; + ret = AccessTokenKit::UpdateUserPolicy(userListAfter); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser1.tokenIdExStruct.tokenID); + ret = AccessTokenKit::ClearUserGrantedPermissionState(fullIdUser2.tokenIdExStruct.tokenID); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); +} + +/** + * @tc.name: ClearUserPolicy001 + * @tc.desc: Check permission status after clear user policy. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, ClearUserPolicy001, TestSize.Level1) +{ + g_testHapInfoParams.userID = MOCK_USER_ID_10002; + AccessTokenIDEx fullIdUser2; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser2)); + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, g_testPolicyParams, fullIdUser1)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + UserState user2 = {.userId = MOCK_USER_ID_10002, .isActive = false}; + std::vector userList = { user1, user2}; + std::vector permList = { INTERNET }; + EXPECT_EQ(0, AccessTokenKit::InitUserPolicy(userList, permList)); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_DENIED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET, true), + PERMISSION_DENIED); + + int32_t res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); + + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser2.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser2.tokenIdExStruct.tokenID)); +} + + +/** + * @tc.name: UserPolicyForUpdateHapTokenTest + * @tc.desc: UpdateHapToken and check permission status with user policy After . + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(EdmPolicySetTest, UserPolicyForUpdateHapTokenTest, TestSize.Level1) +{ + HapPolicyParams testPolicyParams1 = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerNetWorkState, + } + }; + g_testHapInfoParams.userID = MOCK_USER_ID_10001; + AccessTokenIDEx fullIdUser1; + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::InitHapToken(g_testHapInfoParams, testPolicyParams1, fullIdUser1)); + + UserState user1 = {.userId = MOCK_USER_ID_10001, .isActive = false}; + std::vector userList = { user1}; + std::vector permList = { INTERNET }; + EXPECT_EQ(0, AccessTokenKit::InitUserPolicy(userList, permList)); + HapPolicyParams testPolicyParams2 = { + .apl = APL_SYSTEM_CORE, + .domain = "test.domain2", + .permStateList = { + g_infoManagerInternetState, + g_infoManagerNetWorkState, + } + }; + UpdateHapInfoParams info; + info.appIDDesc = "TEST"; + info.apiVersion = 12; + info.isSystemApp = false; + int32_t res = AccessTokenKit::UpdateHapToken(fullIdUser1, info, testPolicyParams2); + EXPECT_EQ(res, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_DENIED); + + res = AccessTokenKit::ClearUserPolicy(); + EXPECT_EQ(res, 0); + EXPECT_EQ(AccessTokenKit::VerifyAccessToken(fullIdUser1.tokenIdExStruct.tokenID, INTERNET), PERMISSION_GRANTED); + + EXPECT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(fullIdUser1.tokenIdExStruct.tokenID)); +} \ No newline at end of file diff --git a/frameworks/common/include/service_ipc_interface_code.h b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h similarity index 67% rename from frameworks/common/include/service_ipc_interface_code.h rename to interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h index c413a825de235195550e274924dc594d2137fb97..4673409ed6cdd2eb98ac8d432eeddcb6a0fe36e1 100644 --- a/frameworks/common/include/service_ipc_interface_code.h +++ b/interfaces/innerkits/accesstoken/test/unittest/src/edm_policy_set_test.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,21 +13,22 @@ * limitations under the License. */ -#ifndef SERVICE_IPC_INTERFACE_CODE_H -#define SERVICE_IPC_INTERFACE_CODE_H +#ifndef EDM_POLICY_SET_TEST_H +#define EDM_POLICY_SET_TEST_H + +#include namespace OHOS { namespace Security { namespace AccessToken { -enum class AccessAppServiceInterfaceCode { - TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED = 0, -}; - -enum class AccessAbilityServiceInterfaceCode { - START_ABILITY_ADD_CALLER = 1005, +class EdmPolicySetTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void TearDown(); + void SetUp(); }; } // namespace AccessToken } // namespace Security } // namespace OHOS - -#endif // SERVICE_IPC_INTERFACE_CODE_H +#endif // EDM_POLICY_SET_TEST_H \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ae7b90c5a3c0cf3158645cb3dc163838230c972f --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.cpp @@ -0,0 +1,668 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "get_self_permission_state_test.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +using namespace testing::ext; +namespace { +static const int MAX_PERMISSION_SIZE = 1000; +static const std::string TEST_BUNDLE_NAME = "ohos"; +static const int TEST_USER_ID = 0; +static const std::string TEST_PERMISSION_NAME_A_MICRO = "ohos.permission.MICROPHONE"; +static const std::string TEST_PERMISSION_NAME_A_CAMERA = "ohos.permission.SET_WIFI_INFO"; +PermissionDef g_permDef1 = { + .permissionName = "ohos.permission.test1", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label2", + .labelId = 1, + .description = "open the door", + .descriptionId = 1 +}; + +PermissionDef g_permDef2 = { + .permissionName = "ohos.permission.test2", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label2", + .labelId = 1, + .description = "break the door", + .descriptionId = 1 +}; + +HapInfoParams g_infoManager = { + .userID = 1, + .bundleName = "accesstoken_test", + .instIndex = 0, + .appIDDesc = "test2", + .apiVersion = 8 // 8: api version +}; + +PermissionStateFull g_permState1 = { + .permissionName = "ohos.permission.test1", + .isGeneral = true, + .resDeviceID = {"local2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + +PermissionStateFull g_permState2 = { + .permissionName = "ohos.permission.test2", + .isGeneral = false, + .resDeviceID = {"device 1", "device 2"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1, 2} +}; + +HapPolicyParams g_infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {g_permDef1, g_permDef2}, + .permStateList = {g_permState1, g_permState2} +}; +} + +void GetSelfPermissionStateTest::SetUpTestCase() +{ + setuid(0); + const char **perms = new const char *[1]; // 1: array size + perms[0] = "ohos.permission.DISABLE_PERMISSION_DIALOG"; + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, // 1: array size + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + .processName = "TestCase", + }; + + uint64_t tokenId = GetAccessTokenId(&infoInstance); + AccessTokenKit::ReloadNativeTokenInfo(); + + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + delete[] perms; +} + +void GetSelfPermissionStateTest::TearDownTestCase() +{ +} + +void InitPermStateList(HapPolicyParams &policy) +{ + PermissionStateFull permTestState1 = { + .permissionName = "ohos.permission.LOCATION", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG}, + }; + + PermissionStateFull permTestState2 = { + .permissionName = "ohos.permission.MICROPHONE", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + + PermissionStateFull permTestState3 = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED} + }; + + PermissionStateFull permTestState4 = { + .permissionName = "ohos.permission.READ_IMAGEVIDEO", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + policy.permStateList.emplace_back(permTestState1); + policy.permStateList.emplace_back(permTestState2); + policy.permStateList.emplace_back(permTestState3); + policy.permStateList.emplace_back(permTestState4); +} + +void InitPermDefList(HapPolicyParams &policy) +{ + PermissionDef testPermDef1; + testPermDef1.permissionName = "ohos.permission.testPermDef1"; + testPermDef1.bundleName = TEST_BUNDLE_NAME; + testPermDef1.grantMode = GrantMode::USER_GRANT; + testPermDef1.availableLevel = APL_NORMAL; + testPermDef1.provisionEnable = false; + testPermDef1.distributedSceneEnable = false; + + PermissionDef testPermDef2; + testPermDef2.permissionName = "ohos.permission.testPermDef2"; + testPermDef2.bundleName = TEST_BUNDLE_NAME; + testPermDef2.grantMode = GrantMode::USER_GRANT; + testPermDef2.availableLevel = APL_NORMAL; + testPermDef2.provisionEnable = false; + testPermDef2.distributedSceneEnable = false; + + PermissionDef testPermDef3; + testPermDef3.permissionName = "ohos.permission.testPermDef3"; + testPermDef3.bundleName = TEST_BUNDLE_NAME; + testPermDef3.grantMode = GrantMode::USER_GRANT; + testPermDef3.availableLevel = APL_NORMAL; + testPermDef3.provisionEnable = false; + testPermDef3.distributedSceneEnable = false; + + PermissionDef testPermDef4; + testPermDef4.permissionName = "ohos.permission.testPermDef4"; + testPermDef4.bundleName = TEST_BUNDLE_NAME; + testPermDef4.grantMode = GrantMode::USER_GRANT; + testPermDef4.availableLevel = APL_NORMAL; + testPermDef4.provisionEnable = false; + testPermDef4.distributedSceneEnable = false; + + policy.permList.emplace_back(testPermDef1); + policy.permList.emplace_back(testPermDef2); + policy.permList.emplace_back(testPermDef3); + policy.permList.emplace_back(testPermDef4); +} + +void GetSelfPermissionStateTest::SetUp() +{ + selfTokenId_ = GetSelfTokenID(); + HapInfoParams info = { + .userID = TEST_USER_ID, + .bundleName = TEST_BUNDLE_NAME, + .instIndex = 0, + .appIDDesc = "appIDDesc", + .apiVersion = 8 // 8: api version + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "domain", + }; + InitPermStateList(policy); + InitPermDefList(policy); + AccessTokenKit::AllocHapToken(info, policy); +} + +void GetSelfPermissionStateTest::TearDown() +{ + SetSelfTokenID(selfTokenId_); + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + AccessTokenKit::DeleteToken(tokenID); + DeleteTestToken(); +} + +unsigned int GetSelfPermissionStateTest::GetAccessTokenID(int userID, std::string bundleName, int instIndex) +{ + return AccessTokenKit::GetHapTokenID(userID, bundleName, instIndex); +} + +AccessTokenID GetSelfPermissionStateTest::AllocTestToken( + const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) const +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(hapInfo, hapPolicy); + return tokenIdEx.tokenIdExStruct.tokenID; +} + +void GetSelfPermissionStateTest::DeleteTestToken() const +{ + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManager.userID, + g_infoManager.bundleName, + g_infoManager.instIndex); + int ret = AccessTokenKit::DeleteToken(tokenID); + if (tokenID != 0) { + ASSERT_EQ(RET_SUCCESS, ret); + } +} + +void GetPermsList1(std::vector &permsList1) +{ + PermissionListState perm1 = { + .permissionName = "ohos.permission.LOCATION", + .state = SETTING_OPER, + }; + PermissionListState perm2 = { + .permissionName = "ohos.permission.MICROPHONE", + .state = SETTING_OPER, + }; + PermissionListState perm3 = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .state = SETTING_OPER, + }; + PermissionListState perm4 = { + .permissionName = "ohos.permission.READ_IMAGEVIDEO", + .state = SETTING_OPER, + }; + permsList1.emplace_back(perm1); + permsList1.emplace_back(perm2); + permsList1.emplace_back(perm3); + permsList1.emplace_back(perm4); +} + +void GetPermsList2(std::vector &permsList2) +{ + PermissionListState perm3 = { + .permissionName = "ohos.permission.WRITE_CALENDAR", + .state = SETTING_OPER, + }; + PermissionListState perm4 = { + .permissionName = "ohos.permission.READ_IMAGEVIDEO", + .state = SETTING_OPER, + }; + permsList2.emplace_back(perm3); + permsList2.emplace_back(perm4); +} + +/** + * @tc.name: GetSelfPermissionsState001 + * @tc.desc: get permission list state + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState001, TestSize.Level1) +{ + AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ASSERT_NE(INVALID_TOKENID, tokenID); + ASSERT_EQ(0, SetSelfTokenID(tokenID)); + + std::vector permsList1; + GetPermsList1(permsList1); + PermissionGrantInfo info; + PermissionOper ret = AccessTokenKit::GetSelfPermissionsState(permsList1, info); + ASSERT_EQ(DYNAMIC_OPER, ret); + ASSERT_EQ(static_cast(4), permsList1.size()); + ASSERT_EQ(DYNAMIC_OPER, permsList1[0].state); + ASSERT_EQ(DYNAMIC_OPER, permsList1[1].state); + ASSERT_EQ(SETTING_OPER, permsList1[2].state); + ASSERT_EQ(PASS_OPER, permsList1[3].state); + ASSERT_EQ("ohos.permission.LOCATION", permsList1[0].permissionName); + ASSERT_EQ("ohos.permission.MICROPHONE", permsList1[1].permissionName); + ASSERT_EQ("ohos.permission.WRITE_CALENDAR", permsList1[2].permissionName); + ASSERT_EQ("ohos.permission.READ_IMAGEVIDEO", permsList1[3].permissionName); + + PermissionListState perm5 = { + .permissionName = "ohos.permission.testPermDef5", + .state = SETTING_OPER, + }; + permsList1.emplace_back(perm5); + ret = AccessTokenKit::GetSelfPermissionsState(permsList1, info); + ASSERT_EQ(INVALID_OPER, permsList1[4].state); + ASSERT_EQ(DYNAMIC_OPER, ret); + + std::vector permsList2; + GetPermsList2(permsList2); + ret = AccessTokenKit::GetSelfPermissionsState(permsList2, info); + ASSERT_EQ(SETTING_OPER, permsList2[0].state); + ASSERT_EQ(PASS_OPER, permsList2[1].state); + ASSERT_EQ(PASS_OPER, ret); + + permsList2.emplace_back(perm5); + ret = AccessTokenKit::GetSelfPermissionsState(permsList2, info); + ASSERT_EQ(SETTING_OPER, permsList2[0].state); + ASSERT_EQ(PASS_OPER, permsList2[1].state); + ASSERT_EQ(INVALID_OPER, permsList2[2].state); + ASSERT_EQ(PASS_OPER, ret); + + std::vector permsList3; + permsList3.emplace_back(perm5); + ret = AccessTokenKit::GetSelfPermissionsState(permsList3, info); + ASSERT_EQ(INVALID_OPER, permsList3[0].state); + ASSERT_EQ(PASS_OPER, ret); +} + +/** + * @tc.name: GetSelfPermissionsState002 + * @tc.desc: permission list is empty or oversize + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState002, TestSize.Level1) +{ + std::vector permsList; + PermissionGrantInfo info; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + + for (uint32_t i = 0; i < MAX_PERMISSION_SIZE + 1; i++) { + PermissionListState tmp = { + .permissionName = "ohos.permission.CAMERA", + .state = PASS_OPER + }; + permsList.emplace_back(tmp); + } + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); +} + +/** + * @tc.name: GetSelfPermissionsState003 + * @tc.desc: test token id is native + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState003, TestSize.Level1) +{ + AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("hdcd"); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + std::vector permsList3; + PermissionListState tmp = { + .permissionName = "ohos.permission.CAMERA", + .state = PASS_OPER + }; + permsList3.emplace_back(tmp); + PermissionGrantInfo info; + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList3, info)); +} + +/** + * @tc.name: GetSelfPermissionsState004 + * @tc.desc: test noexist token id + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState004, TestSize.Level1) +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenId)); + std::vector permsList4; + PermissionListState tmp = { + .permissionName = "ohos.permission.CAMERA", + .state = PASS_OPER + }; + permsList4.emplace_back(tmp); + PermissionGrantInfo info; + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList4, info)); +} + +/** + * @tc.name: GetSelfPermissionsState005 + * @tc.desc: test noexist token id + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState005, TestSize.Level1) +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); + std::vector permsList4; + PermissionListState tmp = { + .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", + .state = PASS_OPER + }; + permsList4.emplace_back(tmp); + PermissionGrantInfo info; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList4, info)); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenId)); +} + + +/** + * @tc.name: GetSelfPermissionsState006 + * @tc.desc: get self permissions state with wrong token type. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState006, TestSize.Level1) +{ + AccessTokenID tokenID = AllocTestToken(g_infoManager, g_infoManagerTestPolicyPrams); + HapBaseInfo hapBaseInfo = { + .userID = g_infoManager.userID, + .bundleName = g_infoManager.bundleName, + .instIndex = g_infoManager.instIndex, + }; + + std::vector permsList; + PermissionListState tmp = { + .permissionName = g_infoManagerTestPolicyPrams.permStateList[0].permissionName, + .state = BUTT_OPER + }; + permsList.emplace_back(tmp); + + // test dialog isn't forbiddedn + ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, false)); + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + ASSERT_EQ(INVALID_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); +} + +HapPolicyParams GetPolicyParam() +{ + //test REQ_SUCCESS + PermissionStateFull permState1 = { + .permissionName = "ohos.permission.READ_HEALTH_DATA", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + }; + PermissionStateFull permState2 = { + .permissionName = "ohos.permission.DISTRIBUTED_DATASYNC", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_USER_SET} + }; + //test UNABLE_POP_UP + PermissionStateFull permState3 = { + .permissionName = "ohos.permission.READ_MESSAGES", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + }; + //test CONDITIONS_NOT_MET + PermissionStateFull permState4 = { + .permissionName = "ohos.permission.APPROXIMATELY_LOCATION", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + }; + //test REQ_SUCCESS + PermissionStateFull permState5 = { + .permissionName = "ohos.permission.WRITE_MEDIA", + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + }; + + HapPolicyParams policyParam = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permStateList = {permState1, permState2, permState3, permState4, permState5} + }; + return policyParam; +} + +/** + * @tc.name: GetSelfPermissionsState007 + * @tc.desc: The test function GetSelfPermissionsState returns the object property field errorReason. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState007, TestSize.Level1) +{ + HapPolicyParams policyParam = GetPolicyParam(); + AccessTokenID tokenID = AllocTestToken(g_infoManager, policyParam); + + PermissionListState permInvalid = { + .permissionName = "ohos.permission.WU_ERROR_REASON", + .state = FORBIDDEN_OPER + }; + PermissionListState permNotConfig = { + .permissionName = "ohos.permission.READ_MEDIA", + .state = FORBIDDEN_OPER + }; + std::vector permsList; + permsList.emplace_back(permInvalid); + permsList.emplace_back(permNotConfig); + for (auto& perm : policyParam.permStateList) { + PermissionListState tmp = { + .permissionName = perm.permissionName, + .state = FORBIDDEN_OPER + }; + permsList.emplace_back(tmp); + } + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + ASSERT_EQ(DYNAMIC_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + EXPECT_EQ(permsList[0].errorReason, PERM_INVALID); + EXPECT_EQ(permsList[1].errorReason, PERM_NOT_DECLEARED); + EXPECT_EQ(permsList[2].errorReason, REQ_SUCCESS); + EXPECT_EQ(permsList[3].errorReason, REQ_SUCCESS); + EXPECT_EQ(permsList[4].errorReason, UNABLE_POP_UP); + EXPECT_EQ(permsList[5].errorReason, CONDITIONS_NOT_MET); + EXPECT_EQ(permsList[6].errorReason, REQ_SUCCESS); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +/** + * @tc.name: GetSelfPermissionsState008 + * @tc.desc: If the user does not agree to the privacy statement, the test function GetSelfPermissionsState returns + * the object attribute field errorReason. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState008, TestSize.Level1) +{ + HapPolicyParams policyParam = GetPolicyParam(); + AccessTokenID tokenID = AllocTestToken(g_infoManager, policyParam); + HapBaseInfo hapBaseInfo = { + .userID = g_infoManager.userID, + .bundleName = g_infoManager.bundleName, + .instIndex = g_infoManager.instIndex, + }; + std::vector permsList; + for (auto& perm : policyParam.permStateList) { + PermissionListState tmp = { + .permissionName = perm.permissionName, + .state = FORBIDDEN_OPER + }; + permsList.emplace_back(tmp); + } + ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true)); + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + ASSERT_EQ(FORBIDDEN_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + EXPECT_EQ(permsList[0].errorReason, PRIVACY_STATEMENT_NOT_AGREED); + EXPECT_EQ(permsList[1].errorReason, PRIVACY_STATEMENT_NOT_AGREED); + EXPECT_EQ(permsList[2].errorReason, UNABLE_POP_UP); + EXPECT_EQ(permsList[3].errorReason, CONDITIONS_NOT_MET); + EXPECT_EQ(permsList[4].errorReason, PRIVACY_STATEMENT_NOT_AGREED); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} + +HapPolicyParams getHapPolicyLocationParams(const std::vector& permissions) +{ + HapPolicyParams policyParam = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permStateList = {} + }; + for (auto& perm : permissions) { + PermissionStateFull location = { + .permissionName = perm, + .isGeneral = true, + .resDeviceID = {"local3"}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, + .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + }; + policyParam.permStateList.emplace_back(location); + } + return policyParam; +} + +/** + * @tc.name: GetSelfPermissionsState009 + * @tc.desc: The test position-related permission function GetSelfPermissionsState returns the object property + * field errorReason. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetSelfPermissionStateTest, GetSelfPermissionsState009, TestSize.Level1) +{ + std::string location = "ohos.permission.LOCATION"; + std::string vague = "ohos.permission.APPROXIMATELY_LOCATION"; + std::string background = "ohos.permission.LOCATION_IN_BACKGROUND"; + std::vector permissions = {location, vague}; + HapPolicyParams policyParam = getHapPolicyLocationParams(permissions); + HapInfoParams hapInfo = g_infoManager; + hapInfo.apiVersion = 14; + AccessTokenID tokenID = AllocTestToken(hapInfo, policyParam); + std::vector permsList; + PermissionListState locationState = { + .permissionName = vague, + .state = FORBIDDEN_OPER + }; + permsList.emplace_back(locationState); + SetSelfTokenID(tokenID); + PermissionGrantInfo info; + + ASSERT_EQ(DYNAMIC_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + EXPECT_EQ(permsList[0].errorReason, REQ_SUCCESS); + + locationState.permissionName = location; + permsList.emplace_back(locationState); + ASSERT_EQ(DYNAMIC_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + EXPECT_EQ(permsList[0].errorReason, REQ_SUCCESS); + EXPECT_EQ(permsList[1].errorReason, REQ_SUCCESS); + + permsList[1].permissionName = background; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info)); + EXPECT_EQ(permsList[0].errorReason, CONDITIONS_NOT_MET); + EXPECT_EQ(permsList[1].errorReason, CONDITIONS_NOT_MET); + + std::vector locationPermsList = {locationState}; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(locationPermsList, info)); + EXPECT_EQ(locationPermsList[0].errorReason, CONDITIONS_NOT_MET); + + SetSelfTokenID(selfTokenId_); + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::GrantPermission(tokenID, vague, PERMISSION_USER_FIXED)); + SetSelfTokenID(tokenID); + ASSERT_EQ(DYNAMIC_OPER, AccessTokenKit::GetSelfPermissionsState(locationPermsList, info)); + EXPECT_EQ(locationPermsList[0].errorReason, REQ_SUCCESS); + + locationState.permissionName = background; + std::vector backgroundPermsList = {locationState}; + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(backgroundPermsList, info)); + EXPECT_EQ(backgroundPermsList[0].errorReason, CONDITIONS_NOT_MET); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); + + std::vector vaguePermissions = {vague}; + policyParam = getHapPolicyLocationParams(vaguePermissions); + tokenID = AllocTestToken(hapInfo, policyParam); + SetSelfTokenID(tokenID); + + ASSERT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(locationPermsList, info)); + EXPECT_EQ(locationPermsList[0].errorReason, PERM_NOT_DECLEARED); + + ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.h new file mode 100644 index 0000000000000000000000000000000000000000..ebbbc81effbad20d555338c58ab783c27ff3d567 --- /dev/null +++ b/interfaces/innerkits/accesstoken/test/unittest/src/get_self_permission_state_test.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GET_SELF_PERMISSION_STATE_TEST_H +#define GET_SELF_PERMISSION_STATE_TEST_H + +#include + +#include "access_token.h" +#include "accesstoken_kit.h" +#include "permission_def.h" +#include "permission_state_full.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class GetSelfPermissionStateTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); + unsigned int GetAccessTokenID(int userID, std::string bundleName, int instIndex); + AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) const; + void DeleteTestToken() const; + + uint64_t selfTokenId_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // GET_SELF_PERMISSION_STATE_TEST_H diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp index d63b3c67ccab0c8893c486cdf4ebc2ff4ab6c398..6a31c51861399cb7ad6d4b8f6e2e541817ce06b8 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/remote_token_kit_test.cpp @@ -17,7 +17,7 @@ #include #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -26,8 +26,6 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "RemoteTokenKitTest"}; - static const std::string TEST_BUNDLE_NAME = "ohos"; static const std::string TEST_PKG_NAME = "com.softbus.test"; static const int TEST_USER_ID = 0; @@ -55,7 +53,7 @@ PermissionDef g_infoManagerTestPermDef2 = { }; PermissionStateFull g_infoManagerTestState1 = { - .permissionName = "ohos.permission.test1", + .permissionName = "ohos.permission.GET_WIFI_INFO", .isGeneral = true, .resDeviceID = {"local4"}, .grantStatus = {PermissionState::PERMISSION_GRANTED}, @@ -63,7 +61,7 @@ PermissionStateFull g_infoManagerTestState1 = { }; PermissionStateFull g_infoManagerTestState2 = { - .permissionName = "ohos.permission.test2", + .permissionName = "ohos.permission.SET_WIFI_INFO", .isGeneral = false, .resDeviceID = {"device 1", "device 2"}, .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, @@ -99,12 +97,10 @@ HapPolicyParams g_infoManagerTestPolicyPramsBak = { }; HapTokenInfo g_baseInfo = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, .bundleName = "com.ohos.access_token", .instIndex = 1, - .appID = "test4", .tokenID = 0x20100000, .tokenAttr = 0 }; @@ -125,19 +121,19 @@ public: int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override { - ACCESSTOKEN_LOG_INFO(LABEL, "UpdateRemoteHapTokenInfo called."); + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenInfo called."); return FAKE_SYNC_RET; }; }; @@ -195,7 +191,7 @@ void RemoteTokenKitTest::SetUp() ASSERT_NE(udid_, ""); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); } void RemoteTokenKitTest::TearDown() @@ -229,949 +225,3 @@ void RemoteTokenKitTest::AllocTestToken() const tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIdExStruct.tokenID); } - -#ifdef TOKEN_SYNC_ENABLE -/** - * @tc.name: SetRemoteHapTokenInfo001 - * @tc.desc: set remote hap token info success - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo001 start."); - std::string deviceID1 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - PermissionStateFull infoManagerTestState2 = { - .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList1; - permStateList1.emplace_back(infoManagerTestState2); - - g_baseInfo.deviceID = deviceID1; - HapTokenInfoForSync remoteTokenInfo1 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList1 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - // check local map token - HapTokenInfo resultInfo; - ret = AccessTokenKit::GetHapTokenInfo(mapID, resultInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(resultInfo.apl, remoteTokenInfo1.baseInfo.apl); - ASSERT_EQ(resultInfo.ver, remoteTokenInfo1.baseInfo.ver); - ASSERT_EQ(resultInfo.userID, remoteTokenInfo1.baseInfo.userID); - ASSERT_EQ(resultInfo.bundleName, remoteTokenInfo1.baseInfo.bundleName); - ASSERT_EQ(resultInfo.instIndex, remoteTokenInfo1.baseInfo.instIndex); - ASSERT_EQ(resultInfo.appID, remoteTokenInfo1.baseInfo.appID); - ASSERT_EQ(resultInfo.deviceID, remoteTokenInfo1.baseInfo.deviceID); - ASSERT_NE(resultInfo.tokenID, remoteTokenInfo1.baseInfo.tokenID); // tokenID already is map tokenID - ASSERT_EQ(resultInfo.tokenAttr, remoteTokenInfo1.baseInfo.tokenAttr); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -void SetRemoteHapTokenInfoWithWrongInfo(HapTokenInfo &wrongBaseInfo, const HapTokenInfo &rightBaseInfo, - HapTokenInfoForSync &remoteTokenInfo, const std::string &deviceID) -{ - std::string wrongStr(10241, 'x'); // 10241 means the invalid string length - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.appID = wrongStr; // wrong appID - remoteTokenInfo.baseInfo = wrongBaseInfo; - int32_t ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); - EXPECT_NE(ret, RET_SUCCESS); - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.bundleName = wrongStr; // wrong bundleName - remoteTokenInfo.baseInfo = wrongBaseInfo; - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); - EXPECT_NE(ret, RET_SUCCESS); - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.deviceID = wrongStr; // wrong deviceID - remoteTokenInfo.baseInfo = wrongBaseInfo; - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); - EXPECT_NE(ret, RET_SUCCESS); - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.tokenID = 0; // wrong tokenID - remoteTokenInfo.baseInfo = wrongBaseInfo; - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); - EXPECT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo002 - * @tc.desc: set remote hap token info, token info is wrong - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo002 start."); - std::string deviceID2 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - HapTokenInfo rightBaseInfo = { - .apl = APL_NORMAL, - .ver = 1, - .userID = 1, - .bundleName = "com.ohos.access_token", - .instIndex = 1, - .appID = "test4", - .deviceID = udid_, - .tokenID = 0x20100000, - .tokenAttr = 0 - }; - - HapTokenInfo wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.apl = (ATokenAplEnum)11; // wrong apl - - PermissionStateFull infoManagerTestState_2 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList2; - permStateList2.emplace_back(infoManagerTestState_2); - - HapTokenInfoForSync remoteTokenInfo2 = { - .baseInfo = wrongBaseInfo, - .permStateList = permStateList2 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); - ASSERT_NE(ret, RET_SUCCESS); - - SetRemoteHapTokenInfoWithWrongInfo(wrongBaseInfo, rightBaseInfo, remoteTokenInfo2, deviceID2); -} - -/** - * @tc.name: SetRemoteHapTokenInfo003 - * @tc.desc: set remote hap token wrong permission grant - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo003 start."); - std::string deviceID3 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); - - PermissionStateFull infoManagerTestState_3 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {11}, // wrong flags - }; - std::vector permStateList3; - permStateList3.emplace_back(infoManagerTestState_3); - - g_baseInfo.deviceID = deviceID3; - HapTokenInfoForSync remoteTokenInfo3 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList3 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID3, remoteTokenInfo3); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo004 - * @tc.desc: update remote hap token when remote exist - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo004, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo004 start."); - std::string deviceID4 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID4, 0x20100000); - PermissionStateFull infoManagerTestState_4 = { - .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList4; - permStateList4.emplace_back(infoManagerTestState_4); - - g_baseInfo.deviceID = deviceID4; - HapTokenInfoForSync remoteTokenInfo4 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList4 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID4, remoteTokenInfo4); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); - - remoteTokenInfo4.permStateList[0].grantStatus[0] = PermissionState::PERMISSION_GRANTED; // second granted - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID4, remoteTokenInfo4); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID4, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo005 - * @tc.desc: add remote hap token, it can not grant by GrantPermission - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo005, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo005 start."); - std::string deviceID5 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID5, 0x20100000); - PermissionStateFull infoManagerTestState5 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList5; - permStateList5.emplace_back(infoManagerTestState5); - - g_baseInfo.deviceID = deviceID5; - HapTokenInfoForSync remoteTokenInfo5 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList5 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID5, remoteTokenInfo5); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); - - ret = AccessTokenKit::GrantPermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); - ASSERT_EQ(ret, ERR_PERMISSION_NOT_EXIST); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID5, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo006 - * @tc.desc: add remote hap token, it can not revoke by RevokePermission - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo006, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo006 start."); - std::string deviceID6 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID6, 0x20100000); - PermissionStateFull infoManagerTestState6 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, // first grant - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList6; - permStateList6.emplace_back(infoManagerTestState6); - - g_baseInfo.deviceID = deviceID6; - HapTokenInfoForSync remoteTokenInfo6 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList6 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID6, remoteTokenInfo6); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); - EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::RevokePermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); - EXPECT_EQ(ret, ERR_PERMISSION_NOT_EXIST); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1", false); - EXPECT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID6, 0x20100000); - EXPECT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo007 - * @tc.desc: add remote hap token, it can not delete by DeleteToken - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo007, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo007 start."); - std::string deviceID7 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID7, 0x20100000); - PermissionStateFull infoManagerTestState7 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList7; - permStateList7.emplace_back(infoManagerTestState7); - - g_baseInfo.deviceID = deviceID7; - HapTokenInfoForSync remoteTokenInfo7 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList7 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID7, remoteTokenInfo7); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::DeleteToken(mapID); - ASSERT_NE(ret, RET_SUCCESS); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID7, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo008 - * @tc.desc: add remote hap token, it can not update by UpdateHapToken - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo008, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo008 start."); - std::string deviceID8 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID8, 0x20100000); - int32_t DEFAULT_API_VERSION = 8; - PermissionStateFull infoManagerTestState8 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList8; - permStateList8.emplace_back(infoManagerTestState8); - - g_baseInfo.deviceID = deviceID8; - HapTokenInfoForSync remoteTokenInfo8 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList8 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID8, remoteTokenInfo8); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - AccessTokenIDEx tokenIdEx { - .tokenIdExStruct.tokenID = mapID, - .tokenIdExStruct.tokenAttr = 0, - }; - HapPolicyParams policy; - UpdateHapInfoParams info; - info.appIDDesc = std::string("updateFailed"); - info.apiVersion = DEFAULT_API_VERSION; - info.isSystemApp = false; - ret = AccessTokenKit::UpdateHapToken(tokenIdEx, info, policy); - ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID8, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo009 - * @tc.desc: add remote hap token, it can not clear by ClearUserGrantedPermissionState - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo009, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); - std::string deviceID9 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID9, 0x20100000); - PermissionStateFull infoManagerTestState9 = { - .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList9; - permStateList9.emplace_back(infoManagerTestState9); - - g_baseInfo.deviceID = deviceID9; - HapTokenInfoForSync remoteTokenInfo9 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList9 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID9, remoteTokenInfo9); - ASSERT_EQ(ret, RET_SUCCESS); - - // Get local map token ID - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::ClearUserGrantedPermissionState(mapID); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.CAMERA", false); - ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID9, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: SetRemoteHapTokenInfo010 - * @tc.desc: tokenID is not hap token - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteHapTokenInfo010, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); - std::string deviceID = udid_; - HapTokenInfo baseInfo = { - .apl = APL_NORMAL, - .ver = 1, - .userID = 1, - .bundleName = "com.ohos.access_token", - .instIndex = 1, - .appID = "testtesttesttest", - .deviceID = udid_, - .tokenID = 0x28100000, - .tokenAttr = 0 - }; - - PermissionStateFull infoManagerTestState = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList; - permStateList.emplace_back(infoManagerTestState); - - HapTokenInfoForSync remoteTokenInfo = { - .baseInfo = baseInfo, - .permStateList = permStateList - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: DeleteRemoteDeviceToken001 - * @tc.desc: delete exist device mapping tokenId - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteDeviceToken001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); - std::string deviceID1 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - PermissionStateFull infoManagerTestState_3 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList1; - permStateList1.emplace_back(infoManagerTestState_3); - - g_baseInfo.deviceID = deviceID1; - HapTokenInfoForSync remoteTokenInfo11 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList1 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo11); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - HapTokenInfo info; - ret = AccessTokenKit::GetHapTokenInfo(mapID, info); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenKit::GetHapTokenInfo(mapID, info); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: DeleteRemoteDeviceToken002 - * @tc.desc: delete exist device mapping tokenId - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteDeviceToken002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); - std::string deviceID2 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - PermissionStateFull infoManagerTestState_2 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList2; - permStateList2.emplace_back(infoManagerTestState_2); - - g_baseInfo.deviceID = deviceID2; - HapTokenInfoForSync remoteTokenInfo2 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList2 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - HapTokenInfo info; - ret = AccessTokenKit::GetHapTokenInfo(mapID, info); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = AccessTokenKit::DeleteRemoteToken(deviceID2, 0); - ASSERT_NE(ret, RET_SUCCESS); - - // deviceID is wrong - std::string wrongStr(10241, 'x'); - deviceID2 = wrongStr; - ret = AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: DeleteRemoteDeviceToken003 - * @tc.desc: delete exist device mapping tokenId - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteDeviceToken003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceToken003 start."); - std::string deviceID3 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); - - int ret = AccessTokenKit::DeleteRemoteToken(deviceID3, 0x20100000); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: DeleteRemoteDeviceTokens001 - * @tc.desc: delete all mapping tokens of exist device - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteDeviceTokens001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); - std::string deviceID1 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100001); - PermissionStateFull infoManagerTestState4 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList1; - permStateList1.emplace_back(infoManagerTestState4); - - g_baseInfo.deviceID = deviceID1; - HapTokenInfoForSync remoteTokenInfo1 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList1 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); - ASSERT_EQ(ret, RET_SUCCESS); - - HapTokenInfoForSync remoteTokenInfo2 = remoteTokenInfo1; - remoteTokenInfo2.baseInfo.tokenID = 0x20100001; - remoteTokenInfo2.baseInfo.bundleName = "com.ohos.access_token1"; - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo2); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); - ASSERT_NE(mapID1, 0); - - ret = AccessTokenKit::DeleteRemoteDeviceTokens(deviceID1); - ASSERT_EQ(ret, RET_SUCCESS); - - HapTokenInfo info; - ret = AccessTokenKit::GetHapTokenInfo(mapID, info); - ASSERT_NE(ret, RET_SUCCESS); - ret = AccessTokenKit::GetHapTokenInfo(mapID1, info); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: DeleteRemoteDeviceTokens002 - * @tc.desc: delete all mapping tokens of NOT exist device - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteDeviceTokens002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens002 start."); - std::string deviceID2 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100001); - PermissionStateFull infoManagerTestState2 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList2; - permStateList2.emplace_back(infoManagerTestState2); - - g_baseInfo.deviceID = deviceID2; - HapTokenInfoForSync remoteTokenInfo2 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList2 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); - ASSERT_EQ(ret, RET_SUCCESS); - - HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo2; - remoteTokenInfo1.baseInfo.tokenID = 0x20100001; - remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; - ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo1); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100001); - ASSERT_NE(mapID1, 0); - - ret = AccessTokenKit::DeleteRemoteDeviceTokens("1111111"); - ASSERT_NE(ret, RET_SUCCESS); - - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100001); -} - -/** - * @tc.name: GetHapTokenInfoFromRemote001 - * @tc.desc: get normal local tokenInfo - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, GetHapTokenInfoFromRemote001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote001 start."); - AccessTokenIDEx tokenIdEx = {0}; - tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); - AccessTokenID localTokenID = tokenIdEx.tokenIdExStruct.tokenID; - - HapTokenInfoForSync infoSync; - int ret = AccessTokenKit::GetHapTokenInfoFromRemote(localTokenID, infoSync); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(infoSync.baseInfo.apl, g_infoManagerTestPolicyPrams.apl); - ASSERT_EQ(infoSync.permStateList.size(), static_cast(2)); - ASSERT_EQ(infoSync.permStateList[1].grantFlags.size(), static_cast(2)); - - ASSERT_EQ(infoSync.permStateList[0].permissionName, g_infoManagerTestPolicyPrams.permStateList[0].permissionName); - ASSERT_EQ(infoSync.permStateList[0].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[0].grantFlags[0]); - ASSERT_EQ(infoSync.permStateList[0].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[0].grantStatus[0]); - ASSERT_EQ(infoSync.permStateList[0].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[0].resDeviceID[0]); - ASSERT_EQ(infoSync.permStateList[0].isGeneral, g_infoManagerTestPolicyPrams.permStateList[0].isGeneral); - - ASSERT_EQ(infoSync.permStateList[1].permissionName, g_infoManagerTestPolicyPrams.permStateList[1].permissionName); - ASSERT_EQ(infoSync.permStateList[1].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[0]); - ASSERT_EQ(infoSync.permStateList[1].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[0]); - ASSERT_EQ(infoSync.permStateList[1].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[0]); - ASSERT_EQ(infoSync.permStateList[1].isGeneral, g_infoManagerTestPolicyPrams.permStateList[1].isGeneral); - - ASSERT_EQ(infoSync.permStateList[1].grantFlags[1], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[1]); - ASSERT_EQ(infoSync.permStateList[1].grantStatus[1], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[1]); - ASSERT_EQ(infoSync.permStateList[1].resDeviceID[1], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[1]); - - ASSERT_EQ(infoSync.baseInfo.bundleName, g_infoManagerTestInfoParms.bundleName); - ASSERT_EQ(infoSync.baseInfo.userID, g_infoManagerTestInfoParms.userID); - ASSERT_EQ(infoSync.baseInfo.instIndex, g_infoManagerTestInfoParms.instIndex); - ASSERT_EQ(infoSync.baseInfo.appID, g_infoManagerTestInfoParms.appIDDesc); - ASSERT_EQ(infoSync.baseInfo.ver, 1); - ASSERT_EQ(infoSync.baseInfo.tokenID, localTokenID); - ASSERT_EQ(infoSync.baseInfo.tokenAttr, 0); - - AccessTokenKit::DeleteToken(localTokenID); -} - -/** - * @tc.name: GetHapTokenInfoFromRemote002 - * @tc.desc: get remote mapping tokenInfo - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, GetHapTokenInfoFromRemote002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote002 start."); - std::string deviceID2 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); - PermissionStateFull infoManagerTestState2 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList2; - permStateList2.emplace_back(infoManagerTestState2); - - g_baseInfo.deviceID = deviceID2; - HapTokenInfoForSync remoteTokenInfo2 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList2 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID2, remoteTokenInfo2); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); - - HapTokenInfoForSync infoSync; - ret = AccessTokenKit::GetHapTokenInfoFromRemote(mapID, infoSync); - ASSERT_NE(ret, RET_SUCCESS); - - AccessTokenKit::DeleteRemoteToken(deviceID2, 0x20100000); -} - -/** - * @tc.name: GetHapTokenInfoFromRemote003 - * @tc.desc: get wrong tokenInfo - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, GetHapTokenInfoFromRemote003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote003 start."); - HapTokenInfoForSync infoSync; - int ret = AccessTokenKit::GetHapTokenInfoFromRemote(0, infoSync); - ASSERT_NE(ret, RET_SUCCESS); -} - -/** - * @tc.name: AllocLocalTokenID001 - * @tc.desc: get already mapping tokenInfo, makesure ipc right - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, AllocLocalTokenID001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "AllocLocalTokenID001 start."); - std::string deviceID1 = udid_; - AccessTokenKit::DeleteRemoteToken(deviceID1, 0x20100000); - PermissionStateFull infoManagerTestState_1 = { - .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local4"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}}; - std::vector permStateList1; - permStateList1.emplace_back(infoManagerTestState_1); - - g_baseInfo.deviceID = deviceID1; - HapTokenInfoForSync remoteTokenInfo1 = { - .baseInfo = g_baseInfo, - .permStateList = permStateList1 - }; - - int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID1, remoteTokenInfo1); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(networkId_, 0x20100000); - ASSERT_NE(mapID, 0); -} - -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: get all native token with dcaps - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start."); - - std::vector nativeTokenInfosRes; - int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: GetAllNativeTokenInfo002 - * @tc.desc: GetAllNativeTokenInfo function test. - * @tc.type: FUNC - * @tc.require: issueI61NS6 - */ -HWTEST_F(RemoteTokenKitTest, GetAllNativeTokenInfo002, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); - std::vector nativeTokenInfoRes; - int res = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfoRes); - ASSERT_EQ(0, res); -} - -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: set already mapping tokenInfo - * @tc.type: FUNC - * @tc.require:issue I5R4UF - */ -HWTEST_F(RemoteTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start."); - std::string deviceID = udid_; - - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = "native_test1", - .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"}, - .baseInfo.tokenID = 0x28000000, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {"ohos.permission.DISTRIBUTED_DATASYNC"}, - }; - - std::vector nativeTokenInfoList; - nativeTokenInfoList.emplace_back(native1); - - int ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList); - ASSERT_EQ(ret, RET_SUCCESS); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(deviceID, 0x28000000); - ASSERT_NE(mapID, 0); - - NativeTokenInfo resultInfo; - ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo); - ASSERT_EQ(ret, RET_SUCCESS); - - ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl); - ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver); - ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName); - ASSERT_EQ(resultInfo.dcap.size(), 2); - ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP"); - ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP"); - ASSERT_EQ(resultInfo.nativeAcls.size(), 1); - ASSERT_EQ(resultInfo.nativeAcls[0], "ohos.permission.DISTRIBUTED_DATASYNC"); - ASSERT_EQ(resultInfo.tokenID, mapID); - ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr); -} - -/** - * @tc.name: DeleteRemoteToken001 - * @tc.desc: DeleteRemoteToken with invalid parameters. - * @tc.type: FUNC - * @tc.require:Issue Number - */ -HWTEST_F(RemoteTokenKitTest, DeleteRemoteToken001, TestSize.Level1) -{ - std::string deviceId = "device"; - AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, - g_infoManagerTestInfoParms.bundleName, - g_infoManagerTestInfoParms.instIndex); - int res = AccessTokenKit::DeleteRemoteToken("", tokenID); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, res); - - res = AccessTokenKit::DeleteRemoteToken(deviceId, tokenID); - ASSERT_NE(RET_SUCCESS, res); -} - -/** - * @tc.name: RegisterTokenSyncCallback001 - * @tc.desc: set token sync callback with invalid pointer - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(RemoteTokenKitTest, RegisterTokenSyncCallback001, TestSize.Level1) -{ - int32_t ret = AccessTokenKit::RegisterTokenSyncCallback(nullptr); - EXPECT_EQ(ERR_PARAM_INVALID, ret); -} - -/** - * @tc.name: RegisterTokenSyncCallback002 - * @tc.desc: set token sync callback with right pointer - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(RemoteTokenKitTest, RegisterTokenSyncCallback002, TestSize.Level1) -{ - std::shared_ptr callback = std::make_shared(); - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::RegisterTokenSyncCallback(callback)); - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::AllocLocalTokenID(networkId_, 0)); // invalid input, would ret 0 - EXPECT_EQ(RET_SUCCESS, AccessTokenKit::UnRegisterTokenSyncCallback()); -} -#endif diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/security_component_grant_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/security_component_grant_test.cpp index 4b7f9276b8838ba3ce6876c9f59da20b10ee7b5a..6b00f84e5d6eda79e13a5550b347180cff08c87a 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/security_component_grant_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/security_component_grant_test.cpp @@ -42,7 +42,7 @@ PermissionStateFull g_infoManagerTestState1 = { HapInfoParams g_infoManagerTestInfoParms = { .userID = 1, - .bundleName = "accesstoken_test", + .bundleName = "security_component_grant_test", .instIndex = 0, .appIDDesc = "test5" }; diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/share_permission_with_sandbox_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/share_permission_with_sandbox_test.cpp index 703566e9be8249fd3018271bee3887b1948d7eeb..ee27ccaeb4e69390c2d15bfd8d5acffb3cd4c561 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/share_permission_with_sandbox_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/share_permission_with_sandbox_test.cpp @@ -17,7 +17,7 @@ #include #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "nativetoken_kit.h" #include "token_setproc.h" @@ -27,14 +27,12 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; namespace { -static const std::string PERMISSION_ALL = "ohos.permission.CAMERA"; -static const std::string PERMISSION_FULL_CONTROL = "ohos.permission.WRITE_MEDIA"; +static const std::string PERMISSION_ALL = "ohos.permission.APP_TRACKING_CONSENT"; +static const std::string PERMISSION_FULL_CONTROL = "ohos.permission.PRINT"; static const std::string PERMISSION_NONE = "ohos.permission.INTERNET"; static const std::string PERMISSION_NOT_DISPLAYED = "ohos.permission.ANSWER_CALL"; static const std::string TEST_PERMISSION_GRANT = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; static const std::string TEST_PERMISSION_REVOKE = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitExtensionTest"}; HapInfoParams g_infoParmsCommon = { .userID = 1, @@ -61,7 +59,7 @@ HapInfoParams g_infoParmsReadOnly = { }; PermissionStateFull g_stateFullControl = { - .permissionName = "ohos.permission.WRITE_MEDIA", + .permissionName = "ohos.permission.PRINT", .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -77,7 +75,7 @@ PermissionStateFull g_stateNone = { }; PermissionStateFull g_stateAll = { - .permissionName = "ohos.permission.CAMERA", + .permissionName = PERMISSION_ALL, .isGeneral = true, .resDeviceID = {"local"}, .grantStatus = {PermissionState::PERMISSION_DENIED}, @@ -136,7 +134,7 @@ void SharePermissionTest::SetUpTestCase() EXPECT_NE(0, tokenIdEx.tokenIdExStruct.tokenID); EXPECT_EQ(true, TokenIdKit::IsSystemAppByFullTokenID(tokenIdEx.tokenIDEx)); EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); - ACCESSTOKEN_LOG_INFO(LABEL, "SetUpTestCase ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUpTestCase ok."); } void SharePermissionTest::TearDownTestCase() @@ -148,7 +146,7 @@ void SharePermissionTest::TearDownTestCase() void SharePermissionTest::SetUp() { - ACCESSTOKEN_LOG_INFO(LABEL, "SetUp ok."); + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); } void SharePermissionTest::TearDown() diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp b/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp deleted file mode 100644 index 6a0d2467bfa2dbd9a7e2a7a27683f5e16732304b..0000000000000000000000000000000000000000 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_client.cpp +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "el5_filekey_manager_client.h" - -#include "el5_filekey_manager_load_callback.h" -#include "el5_filekey_manager_log.h" -#include "el5_filekey_manager_proxy.h" -#include "iservice_registry.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -constexpr int32_t LOAD_SA_TIMEOUT_MS = 5000; -} -El5FilekeyManagerClient::El5FilekeyManagerClient() -{ -} - -El5FilekeyManagerClient::~El5FilekeyManagerClient() -{ -} - -El5FilekeyManagerClient& El5FilekeyManagerClient::GetInstance() -{ - static El5FilekeyManagerClient instance; - return instance; -} - -int32_t El5FilekeyManagerClient::AcquireAccess(DataLockType type) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->AcquireAccess(type); -} - -int32_t El5FilekeyManagerClient::ReleaseAccess(DataLockType type) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->ReleaseAccess(type); -} - -int32_t El5FilekeyManagerClient::GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->GenerateAppKey(uid, bundleName, keyId); -} - -int32_t El5FilekeyManagerClient::DeleteAppKey(const std::string& keyId) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->DeleteAppKey(keyId); -} - -int32_t El5FilekeyManagerClient::GetUserAppKey(int32_t userId, bool getAllFlag, - std::vector>& keyInfos) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->GetUserAppKey(userId, getAllFlag, keyInfos); -} - -int32_t El5FilekeyManagerClient::ChangeUserAppkeysLoadInfo(int32_t userId, - std::vector> &loadInfos) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->ChangeUserAppkeysLoadInfo(userId, loadInfos); -} - -int32_t El5FilekeyManagerClient::SetFilePathPolicy() -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->SetFilePathPolicy(); -} - -int32_t El5FilekeyManagerClient::RegisterCallback(const sptr &callback) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - LOG_ERROR("Get proxy failed, proxy is null."); - return EFM_ERR_SA_GET_PROXY; - } - return proxy->RegisterCallback(callback); -} - -sptr El5FilekeyManagerClient::GetProxy() -{ - std::unique_lock lock(proxyMutex_); - auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (systemAbilityManager == nullptr) { - LOG_ERROR("Get system ability manager failed."); - return nullptr; - } - if (proxy_ == nullptr) { - auto el5FilekeyService = systemAbilityManager->CheckSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID); - if (el5FilekeyService != nullptr) { - deathRecipient_ = new (std::nothrow) El5FilekeyManagerDeathRecipient(); - if (deathRecipient_ != nullptr) { - el5FilekeyService->AddDeathRecipient(deathRecipient_); - } - - proxy_ = iface_cast(el5FilekeyService); - if (proxy_ == nullptr) { - LOG_ERROR("Cast proxy failed, iface_cast get null."); - } - return proxy_; - } - } - - // LoadEl5FilekeyManagerService - sptr loadCallback = new El5FilekeyManagerLoadCallback(); - if (loadCallback == nullptr) { - LOG_ERROR("Load service failed, loadCallback is nullptr."); - return nullptr; - } - int32_t ret = systemAbilityManager->LoadSystemAbility(EL5_FILEKEY_MANAGER_SERVICE_ID, loadCallback); - if (ret != ERR_OK) { - LOG_ERROR("Load el5_filekey_service failed."); - return nullptr; - } - // wait for LoadSystemAbility - LOG_INFO("wait for LoadSystemAbility"); - auto waitStatus = proxyConVar_.wait_for(lock, std::chrono::milliseconds(LOAD_SA_TIMEOUT_MS), - [this]() { return proxy_ != nullptr; }); - if (!waitStatus) { - LOG_WARN("wait for LoadSystemAbility timeout"); - return nullptr; - } - LOG_INFO("El5FilekeyManagerClient GetProxy success"); - - return proxy_; -} - -void El5FilekeyManagerClient::LoadSystemAbilitySuccess(const sptr &remoteObject) -{ - LOG_INFO("El5FilekeyManagerClient LoadSystemAbilitySuccess"); - std::lock_guard lock(proxyMutex_); - if (remoteObject == nullptr) { - LOG_ERROR("After loading el5_filekey_service, remoteObject is null."); - proxy_ = nullptr; - return; - } - - deathRecipient_ = new (std::nothrow) El5FilekeyManagerDeathRecipient(); - if (deathRecipient_ != nullptr) { - remoteObject->AddDeathRecipient(deathRecipient_); - } - - proxy_ = iface_cast(remoteObject); - if (proxy_ == nullptr) { - LOG_ERROR("After loading el5_filekey_service, iface_cast get null."); - } - proxyConVar_.notify_one(); -} - -void El5FilekeyManagerClient::LoadSystemAbilityFail() -{ - std::lock_guard lock(proxyMutex_); - LOG_ERROR("Load el5_filekey_service failed."); - proxy_ = nullptr; - proxyConVar_.notify_one(); -} - -void El5FilekeyManagerClient::OnRemoteDiedHandle() -{ - LOG_INFO("Remote died."); - std::lock_guard lock(proxyMutex_); - proxy_ = nullptr; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index 3d5d7fc633d9b26b38ca4896810b598d293026cd..6c403e02ed59aa611fb6a07d638f32d9d96aec24 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -24,6 +24,7 @@ extern "C" { #define MAX_PROCESS_NAME_LEN 256 #define TOKEN_ID_CFG_FILE_PATH "/data/service/el0/access_token/nativetoken.json" +#define TOKEN_ID_CFG_FILE_LOCK_PATH "/data/service/el0/access_token/nativetoken.json.lock" #define TOKEN_ID_CFG_DIR_PATH "/data/service/el0/access_token" #define TOKEN_NATIVE_TYPE 1 #define TOKEN_SHELL_TYPE 2 @@ -32,13 +33,15 @@ extern "C" { #define MAX_JSON_FILE_LEN 1024000 #define MAX_DCAPS_NUM 32 #define MAX_DCAP_LEN 1024 -#define MAX_PERM_NUM 80 +#define MAX_PERM_NUM 1024 #define MAX_PERM_LEN 256 #define MAX_PARAMTER_LEN 128 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" #define PATH_MAX_LEN 4096 #define MAX_RETRY_TIMES 1000 #define TOKEN_RANDOM_MASK ((1 << 20) - 1) +#define MAX_RETRY_LOCK_TIMES 10 +#define SLEEP_TIME (500*1000) #define ATRET_FAILED 1 #define ATRET_SUCCESS 0 @@ -76,9 +79,9 @@ typedef struct { typedef struct TokenList { NativeAtId tokenId; int32_t apl; - char *dcaps[MAX_DCAPS_NUM]; - char *perms[MAX_PERM_NUM]; - char *acls[MAX_PERM_NUM]; + char **dcaps; + char **perms; + char **acls; int32_t dcapsNum; int32_t permsNum; int32_t aclsNum; @@ -98,4 +101,4 @@ extern int32_t AtlibInit(void); } #endif -#endif // NATIVE_TOKEN_H \ No newline at end of file +#endif // NATIVE_TOKEN_H diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h b/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h index 820f56581be6a542587f5b3a5baff8048f93ea83..b696171dc9e3b2ca05dc36d68aba94787865db51 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken_json_oper.h @@ -24,11 +24,11 @@ extern "C" { #endif -extern void FreeStrArray(char **arr, int32_t num); +extern void FreeStrArray(char ***arr, int32_t num); extern uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); extern uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); extern uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode); -extern uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int32_t *strNum, StrArrayAttr *attr); +extern uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char **strArr[], int32_t *strNum, StrArrayAttr *attr); extern cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr); extern uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record); diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index 9756583ca9c7adbf44f2b186ed30ba9605245cef..f1935c816dd3590414d3f64b9c0ca952b2ec2f9a 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -55,6 +55,7 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) } if (fileStat.st_size == 0) { + NativeTokenKmsg(NATIVETOKEN_KINFO, "[%s]: file is empty", __func__); *retBuff = NULL; return ATRET_SUCCESS; } @@ -109,31 +110,73 @@ static int32_t GetNativeTokenFromJson(cJSON *cjsonItem, NativeTokenList *tokenNo ret |= GetAplFromJson(cjsonItem, tokenNode); StrAttrSet(&attr, MAX_DCAP_LEN, MAX_DCAPS_NUM, DCAPS_KEY_NAME); - ret |= GetInfoArrFromJson(cjsonItem, tokenNode->dcaps, &(tokenNode->dcapsNum), &attr); + ret |= GetInfoArrFromJson(cjsonItem, &tokenNode->dcaps, &(tokenNode->dcapsNum), &attr); if (ret != ATRET_SUCCESS) { NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:GetInfoArrFromJson failed for dcaps.", __func__); return ATRET_FAILED; } StrAttrSet(&attr, MAX_PERM_LEN, MAX_PERM_NUM, PERMS_KEY_NAME); - ret = GetInfoArrFromJson(cjsonItem, tokenNode->perms, &(tokenNode->permsNum), &attr); + ret = GetInfoArrFromJson(cjsonItem, &tokenNode->perms, &(tokenNode->permsNum), &attr); if (ret != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(&tokenNode->dcaps, tokenNode->dcapsNum - 1); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:GetInfoArrFromJson failed for perms.", __func__); return ATRET_FAILED; } StrAttrSet(&attr, MAX_PERM_LEN, MAX_PERM_NUM, ACLS_KEY_NAME); - ret = GetInfoArrFromJson(cjsonItem, tokenNode->acls, &(tokenNode->aclsNum), &attr); + ret = GetInfoArrFromJson(cjsonItem, &tokenNode->acls, &(tokenNode->aclsNum), &attr); if (ret != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); - FreeStrArray(tokenNode->perms, tokenNode->permsNum - 1); + FreeStrArray(&tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(&tokenNode->perms, tokenNode->permsNum - 1); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:GetInfoArrFromJson failed for acls.", __func__); return ATRET_FAILED; } return ATRET_SUCCESS; } +static void FreeTokenNode(NativeTokenList **node) +{ + if (node == NULL || *node == NULL) { + return; + } + FreeStrArray(&(*node)->dcaps, (*node)->dcapsNum - 1); + FreeStrArray(&(*node)->perms, (*node)->permsNum - 1); + FreeStrArray(&(*node)->perms, (*node)->permsNum - 1); + free(*node); + *node = NULL; +} + +static void RemoveNodeFromList(NativeTokenList **node) +{ + if (node == NULL || *node == NULL || g_tokenListHead == NULL) { + return; + } + NativeTokenList *tmp = g_tokenListHead->next; + while (tmp != NULL) { + if (tmp->next == *node) { + tmp->next = (*node)->next; + FreeTokenNode(node); + return; + } + tmp = tmp->next; + } +} + +static void FreeTokenList(void) +{ + if (g_tokenListHead == NULL) { + return; + } + NativeTokenList *tmp = g_tokenListHead->next; + while (tmp != NULL) { + NativeTokenList *toFreeNode = tmp; + tmp = tmp->next; + FreeTokenNode(&toFreeNode); + } + g_tokenListHead->next = NULL; +} + static int32_t GetTokenList(const cJSON *object) { NativeTokenList *tmp = NULL; @@ -143,21 +186,28 @@ static int32_t GetTokenList(const cJSON *object) return ATRET_FAILED; } int32_t arraySize = cJSON_GetArraySize(object); + if (arraySize <= 0) { + NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:array is empty.", __func__); + return ATRET_FAILED; + } for (int32_t i = 0; i < arraySize; i++) { tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (tmp == NULL) { NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:memory alloc failed.", __func__); + FreeTokenList(); return ATRET_FAILED; } cJSON *cjsonItem = cJSON_GetArrayItem(object, i); if (cjsonItem == NULL) { free(tmp); + FreeTokenList(); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } if (GetNativeTokenFromJson(cjsonItem, tmp) != ATRET_SUCCESS) { free(tmp); + FreeTokenList(); return ATRET_FAILED; } @@ -190,9 +240,9 @@ static int32_t ParseTokenInfo(void) return ret; } -static int32_t CreateCfgFile(void) +static int32_t ClearOrCreateCfgFile(void) { - int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); + int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:open failed.", __func__); return ATRET_FAILED; @@ -226,16 +276,24 @@ int32_t AtlibInit(void) return ATRET_FAILED; } g_tokenListHead->next = NULL; + int32_t isClearOrCreate = 0; int32_t ret = ParseTokenInfo(); if (ret != ATRET_SUCCESS) { - free(g_tokenListHead); - g_tokenListHead = NULL; - return ret; + if (g_tokenListHead->next != NULL) { + return ATRET_FAILED; + } + ret = ClearOrCreateCfgFile(); + if (ret != ATRET_SUCCESS) { + free(g_tokenListHead); + g_tokenListHead = NULL; + return ret; + } + isClearOrCreate = 1; } if (g_tokenListHead->next == NULL) { - if (CreateCfgFile() != ATRET_SUCCESS) { + if (isClearOrCreate == 0 && ClearOrCreateCfgFile() != ATRET_SUCCESS) { free(g_tokenListHead); g_tokenListHead = NULL; return ATRET_FAILED; @@ -450,16 +508,30 @@ static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplR return ATRET_SUCCESS; } -static uint32_t CreateStrArray(int32_t num, const char **strArr, char **strArrRes) +static uint32_t CreateStrArray(int32_t num, const char **strArr, char ***strArrRes) { + if (num > MAX_PERM_NUM) { + return ATRET_FAILED; + } + if (num == 0) { + *strArrRes = NULL; + return ATRET_SUCCESS; + } + *strArrRes = (char **)malloc(num * sizeof(char *)); + if (*strArrRes == NULL) { + NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]: strArrRes malloc failed.", __func__); + return ATRET_FAILED; + } for (int32_t i = 0; i < num; i++) { - strArrRes[i] = (char *)malloc(sizeof(char) * (strlen(strArr[i]) + 1)); - if (strArrRes[i] == NULL || - (strcpy_s(strArrRes[i], strlen(strArr[i]) + 1, strArr[i]) != EOK)) { + size_t length = strlen(strArr[i]); + (*strArrRes)[i] = (char *)malloc(sizeof(char) * length + 1); + if ((*strArrRes)[i] == NULL || + (strcpy_s((*strArrRes)[i], length + 1, strArr[i]) != EOK)) { NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:copy strArr[%d] failed.", __func__, i); FreeStrArray(strArrRes, i); return ATRET_FAILED; } + (*strArrRes)[i][length] = '\0'; } return ATRET_SUCCESS; } @@ -491,18 +563,18 @@ static uint32_t AddNewTokenToListAndFile(const NativeTokenInfoParams *tokenInfo, tokenNode->permsNum = tokenInfo->permsNum; tokenNode->aclsNum = tokenInfo->aclsNum; - if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) { + if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, &tokenNode->dcaps) != ATRET_SUCCESS) { free(tokenNode); return ATRET_FAILED; } - if (CreateStrArray(tokenInfo->permsNum, tokenInfo->perms, tokenNode->perms) != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1); + if (CreateStrArray(tokenInfo->permsNum, tokenInfo->perms, &tokenNode->perms) != ATRET_SUCCESS) { + FreeStrArray(&tokenNode->dcaps, tokenInfo->dcapsNum - 1); free(tokenNode); return ATRET_FAILED; } - if (CreateStrArray(tokenInfo->aclsNum, tokenInfo->acls, tokenNode->acls) != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1); - FreeStrArray(tokenNode->perms, tokenInfo->permsNum - 1); + if (CreateStrArray(tokenInfo->aclsNum, tokenInfo->acls, &tokenNode->acls) != ATRET_SUCCESS) { + FreeStrArray(&tokenNode->dcaps, tokenInfo->dcapsNum - 1); + FreeStrArray(&tokenNode->perms, tokenInfo->permsNum - 1); free(tokenNode); return ATRET_FAILED; } @@ -547,29 +619,19 @@ static int32_t ComparePermsInfo(const NativeTokenList *tokenNode, return 0; } -static uint32_t UpdateStrArrayInList(char *strArr[], int32_t *strNum, +static uint32_t UpdateStrArrayInList(char **strArr[], int32_t *strNum, const char **strArrNew, int32_t strNumNew) { if (strNum == NULL) { NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:strNum length is invalid.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < *strNum; i++) { - free(strArr[i]); - strArr[i] = NULL; - } + + FreeStrArray(strArr, *strNum - 1); *strNum = strNumNew; - for (int32_t i = 0; i < strNumNew; i++) { - size_t len = strlen(strArrNew[i]) + 1; - strArr[i] = (char *)malloc(sizeof(char) * len); - if (strArr[i] == NULL || (strcpy_s(strArr[i], len, strArrNew[i]) != EOK)) { - NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:copy strArr[%d] failed.", __func__, i); - FreeStrArray(strArr, i); - return ATRET_FAILED; - } - } - return ATRET_SUCCESS; + + return CreateStrArray(strNumNew, strArrNew, strArr); } static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, @@ -577,21 +639,22 @@ static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, { tokenNode->apl = GetAplLevel(tokenInfo->aplStr); - uint32_t ret = UpdateStrArrayInList(tokenNode->dcaps, &(tokenNode->dcapsNum), + uint32_t ret = UpdateStrArrayInList(&tokenNode->dcaps, &(tokenNode->dcapsNum), tokenInfo->dcaps, tokenInfo->dcapsNum); if (ret != ATRET_SUCCESS) { return ret; } - ret = UpdateStrArrayInList(tokenNode->perms, &(tokenNode->permsNum), + ret = UpdateStrArrayInList(&tokenNode->perms, &(tokenNode->permsNum), tokenInfo->perms, tokenInfo->permsNum); if (ret != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(&tokenNode->dcaps, tokenNode->dcapsNum - 1); + return ret; } - ret = UpdateStrArrayInList(tokenNode->acls, &(tokenNode->aclsNum), + ret = UpdateStrArrayInList(&tokenNode->acls, &(tokenNode->aclsNum), tokenInfo->acls, tokenInfo->aclsNum); if (ret != ATRET_SUCCESS) { - FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum - 1); - FreeStrArray(tokenNode->perms, tokenNode->permsNum - 1); + FreeStrArray(&tokenNode->dcaps, tokenNode->dcapsNum - 1); + FreeStrArray(&tokenNode->perms, tokenNode->permsNum - 1); } return ret; } @@ -631,18 +694,98 @@ static uint32_t UpdateInfoInCfgFile(const NativeTokenList *tokenNode) return ATRET_SUCCESS; } + +static uint32_t LockNativeTokenFile(int32_t *lockFileFd) +{ + int32_t fd = open(TOKEN_ID_CFG_FILE_LOCK_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); + if (fd < 0) { + NativeTokenKmsg(NATIVETOKEN_KERROR, + "[%s]: Failed to open native token file, errno is %d.", __func__, errno); + return ATRET_FAILED; + } +#ifdef WITH_SELINUX + Restorecon(TOKEN_ID_CFG_FILE_LOCK_PATH); +#endif // WITH_SELINUX + struct flock lock; + lock.l_type = F_WRLCK; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 0; // lock entire file + int32_t ret = -1; + for (int i = 0; i < MAX_RETRY_LOCK_TIMES; i++) { + ret = fcntl(fd, F_SETLK, &lock); + if (ret == -1) { + NativeTokenKmsg(NATIVETOKEN_KERROR, + "[%s]: Failed to lock the file, try %d time, errno is %d.", __func__, i, errno); + usleep(SLEEP_TIME); + } else { + break; + } + } + if (ret == -1) { + close(fd); + return ATRET_FAILED; + } + *lockFileFd = fd; + return ATRET_SUCCESS; +} + +static void UnlockNativeTokenFile(int32_t lockFileFd) +{ + struct flock lock; + lock.l_type = F_UNLCK; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 0; + + if (fcntl(lockFileFd, F_SETLK, &lock) == -1) { + NativeTokenKmsg(NATIVETOKEN_KERROR, + "[%s]: Failed to unlock file, errno is %d.", __func__, errno); + } + close(lockFileFd); +} + +static uint32_t AddOrUpdateTokenInfo(NativeTokenInfoParams *tokenInfo, NativeTokenList *tokenNode, + int32_t apl, NativeAtId *tokenId) +{ + uint32_t ret = ATRET_SUCCESS; + if (tokenNode == NULL) { + ret = AddNewTokenToListAndFile(tokenInfo, apl, tokenId); + } else { + int32_t needTokenUpdate = CompareTokenInfo(tokenNode, tokenInfo->dcaps, tokenInfo->dcapsNum, apl); + int32_t needPermUpdate = ComparePermsInfo(tokenNode, tokenInfo->perms, tokenInfo->permsNum); + if ((needTokenUpdate != 0) || (needPermUpdate != 0)) { + ret = UpdateTokenInfoInList(tokenNode, tokenInfo); + if (ret != ATRET_SUCCESS) { + RemoveNodeFromList(&tokenNode); + return ATRET_FAILED; + } + ret = UpdateInfoInCfgFile(tokenNode); + } + } + return ret; +} + uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) { NativeAtId tokenId = 0; uint64_t result = 0; int32_t apl; NativeAtIdEx *atPoint = (NativeAtIdEx *)(&result); + int32_t fd = -1; + uint32_t ret = LockNativeTokenFile(&fd); + if (ret != ATRET_SUCCESS) { + NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]: Failed to lock file", __func__); + return INVALID_TOKEN_ID; + } if ((g_isNativeTokenInited == 0) && (AtlibInit() != ATRET_SUCCESS)) { + UnlockNativeTokenFile(fd); return INVALID_TOKEN_ID; } - uint32_t ret = CheckProcessInfo(tokenInfo, &apl); + ret = CheckProcessInfo(tokenInfo, &apl); if (ret != ATRET_SUCCESS) { + UnlockNativeTokenFile(fd); return INVALID_TOKEN_ID; } @@ -655,21 +798,14 @@ uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo) tokenNode = tokenNode->next; } - if (tokenNode == NULL) { - ret = AddNewTokenToListAndFile(tokenInfo, apl, &tokenId); - } else { - int32_t needTokenUpdate = CompareTokenInfo(tokenNode, tokenInfo->dcaps, tokenInfo->dcapsNum, apl); - int32_t needPermUpdate = ComparePermsInfo(tokenNode, tokenInfo->perms, tokenInfo->permsNum); - if ((needTokenUpdate != 0) || (needPermUpdate != 0)) { - ret = UpdateTokenInfoInList(tokenNode, tokenInfo); - ret |= UpdateInfoInCfgFile(tokenNode); - } - } + ret = AddOrUpdateTokenInfo(tokenInfo, tokenNode, apl, &tokenId); if (ret != ATRET_SUCCESS) { + UnlockNativeTokenFile(fd); return INVALID_TOKEN_ID; } atPoint->tokenId = tokenId; atPoint->tokenAttr = 0; + UnlockNativeTokenFile(fd); return result; } diff --git a/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c b/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c index 4830a1d80877921c7a803dfde18931022f3712fd..0288d6adca07af233a59f6ae46e9217be6242cdb 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken_json_oper.c @@ -19,14 +19,21 @@ #include "nativetoken_klog.h" -void FreeStrArray(char **arr, int32_t num) +void FreeStrArray(char ***arr, int32_t num) { + if (arr == NULL || *arr == NULL) { + return; + } + for (int32_t i = 0; i <= num; i++) { - if (arr[i] != NULL) { - free(arr[i]); - arr[i] = NULL; + if ((*arr)[i] != NULL) { + free((*arr)[i]); + (*arr)[i] = NULL; } } + + free(*arr); + *arr = NULL; } uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) @@ -79,7 +86,7 @@ uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int32_t *strNum, StrArrayAttr *attr) +uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char **strArr[], int32_t *strNum, StrArrayAttr *attr) { cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey); int32_t size = cJSON_GetArraySize(strArrJson); @@ -87,30 +94,42 @@ uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int32_t *strNum, S NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:size = %d is invalid.", __func__, size); return ATRET_FAILED; } + if (size == 0) { + *strArr = NULL; + return ATRET_SUCCESS; + } *strNum = size; + *strArr = (char **)malloc(size * sizeof(char *)); + if (*strArr == NULL) { + NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:strArr malloc failed.", __func__); + return ATRET_FAILED; + } for (int32_t i = 0; i < size; i++) { cJSON *item = cJSON_GetArrayItem(strArrJson, i); if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) { + FreeStrArray(strArr, i - 1); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } size_t length = strlen(item->valuestring); if (length > attr->maxStrLen) { + FreeStrArray(strArr, i - 1); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:item length %zu is invalid.", __func__, length); return ATRET_FAILED; } - strArr[i] = (char *)malloc(sizeof(char) * (length + 1)); - if (strArr[i] == NULL) { + (*strArr)[i] = (char *)malloc(sizeof(char) * (length + 1)); + if ((*strArr)[i] == NULL) { FreeStrArray(strArr, i - 1); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:malloc invalid.", __func__); return ATRET_FAILED; } - if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) { + if (strcpy_s((*strArr)[i], length + 1, item->valuestring) != EOK) { FreeStrArray(strArr, i); NativeTokenKmsg(NATIVETOKEN_KERROR, "[%s]:strcpy_s failed.", __func__); return ATRET_FAILED; } + (*strArr)[i][length] = '\0'; } return ATRET_SUCCESS; } diff --git a/interfaces/innerkits/nativetoken/test/BUILD.gn b/interfaces/innerkits/nativetoken/test/BUILD.gn index 27b4f72aaf95c3ac77b42dfc8970ba2ea8359a11..641453b0aa03c0dd36ad71673bf098aaaf0b6fa5 100644 --- a/interfaces/innerkits/nativetoken/test/BUILD.gn +++ b/interfaces/innerkits/nativetoken/test/BUILD.gn @@ -64,6 +64,7 @@ ohos_unittest("libnativetoken_mock_test") { "../src/nativetoken_json_oper.c", "../src/nativetoken_klog.c", "mock/src/cJSON.c", + "mock/src/secure_function.c", "unittest/mock/nativetoken_oper_test.cpp", ] diff --git a/interfaces/innerkits/nativetoken/test/mock/src/secure_function.c b/interfaces/innerkits/nativetoken/test/mock/src/secure_function.c new file mode 100644 index 0000000000000000000000000000000000000000..486301aab5227e017a1a4e36c09dc0beea1f6f26 --- /dev/null +++ b/interfaces/innerkits/nativetoken/test/mock/src/secure_function.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + + +int g_strcpyTime = 100; +static void *g_handle = NULL; + +static void GetHandle(void) +{ + if (g_handle != NULL) { + return; + } +#if defined(__LP64__) + g_handle = dlopen("/system/lib64/chipset-pub-sdk/libsec_shared.z.so", RTLD_LAZY); +#else + g_handle = dlopen("/system/lib/chipset-pub-sdk/libsec_shared.z.so", RTLD_LAZY); +#endif +} + +int strcpy_s(char *strDest, size_t destMax, const char *strSrc) +{ + GetHandle(); + if (g_handle == NULL) { + printf("dlopen failed\n"); + } + if (g_strcpyTime == 0) { + return -1; + } + + static int (*func)(char *strDest, size_t destMax, const char *strSrc) = NULL; + if (func == NULL) { + func = (int (*)(char *strDest, size_t destMax, const char *strSrc))dlsym(g_handle, "strcpy_s"); + } + if (func == NULL) { + printf("dlsym strcpy_s failed\n"); + return -1; + } + + return func(strDest, destMax, strSrc); +} \ No newline at end of file diff --git a/interfaces/innerkits/nativetoken/test/unittest/mock/nativetoken_oper_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/mock/nativetoken_oper_test.cpp index 3a022a0170d006177bc7ec26eca33161578af563..7a0f3b44be4ad2afb691757f6f1a9caab89abb13 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/mock/nativetoken_oper_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/mock/nativetoken_oper_test.cpp @@ -14,6 +14,7 @@ */ #include "nativetoken_oper_test.h" +#include #include #include #include @@ -41,8 +42,10 @@ void TokenOperTest::TearDown() {} static const int32_t VALID_TIME = 100; static const int32_t DEFAULT_TIME = -1; +static const char *TOKEN_ID_CFG_FILE_COPY_PATH = "/data/service/el0/access_token/nativetoken_copy.json"; extern int g_getArrayItemTime; extern int g_getObjectItem; +extern int g_strcpyTime; extern NativeTokenList *g_tokenListHead; static void SetTimes(void) @@ -60,6 +63,57 @@ static void SetTimes(void) g_parse = VALID_TIME; g_getArraySize = VALID_TIME; g_printUnformatted = VALID_TIME; + g_strcpyTime = VALID_TIME; +} + +static bool isFileEmpty(const std::string& fileName) +{ + FILE *file = fopen(fileName.c_str(), "r"); + if (file == nullptr) { + std::cout << "fopen failed " << fileName << std::endl; + return false; + } + (void)fseek(file, 0, SEEK_END); + bool flag = false; + if (ftell(file) == 0) { + flag = true; + } + (void)fclose(file); + return flag; +} + +static int32_t ClearFile(const char* fileName) +{ + int32_t fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP); + if (fd < 0) { + return -1; + } + + close(fd); + return 0; +} + +static void CopyNativeTokenJson(const std::string& sourceFileName, const std::string& destFileName) +{ + // if dest file exists, clear it; + if (access(destFileName.c_str(), F_OK) == 0) { + if (ClearFile(destFileName.c_str()) != 0) { + std::cout << "dest file exists, failed to remove dest file" << std::endl; + return; + } + } + + std::ifstream sourceFile(sourceFileName, std::ios::binary); + std::ofstream destFile(destFileName, std::ios::binary); + if (!sourceFile.is_open()) { + std::cout << "open source file " << sourceFileName << "failed" << std::endl; + return; + } + + destFile << sourceFile.rdbuf(); + + sourceFile.close(); + destFile.close(); } /** @@ -133,6 +187,12 @@ HWTEST_F(TokenOperTest, UpdateItemcontent002, TestSize.Level1) tokenNode.dcapsNum = 1; tokenNode.aclsNum = 0; tokenNode.permsNum = 0; + tokenNode.dcaps = static_cast(malloc(tokenNode.dcapsNum * sizeof(char *))); + EXPECT_NE(tokenNode.dcaps, nullptr); + tokenNode.perms = static_cast(malloc(tokenNode.permsNum * sizeof(char *))); + EXPECT_NE(tokenNode.perms, nullptr); + tokenNode.acls = static_cast(malloc(tokenNode.aclsNum * sizeof(char *))); + EXPECT_NE(tokenNode.acls, nullptr); std::string stringJson1 = R"([)"\ R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ @@ -161,10 +221,15 @@ HWTEST_F(TokenOperTest, UpdateItemcontent003, TestSize.Level1) SetTimes(); NativeTokenList tokenNode; (void)strcpy_s(tokenNode.processName, MAX_PROCESS_NAME_LEN + 1, "process5"); + int32_t newDcapsNum = 2; tokenNode.apl = 1; tokenNode.dcapsNum = 1; - tokenNode.dcaps[0] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); - EXPECT_NE(tokenNode.dcaps[0], nullptr); + tokenNode.dcaps = static_cast(malloc(sizeof(char *) * newDcapsNum)); + EXPECT_NE(tokenNode.dcaps, nullptr); + for (int32_t i = 0; i < newDcapsNum; ++i) { + tokenNode.dcaps[i] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); + EXPECT_NE(tokenNode.dcaps[i], nullptr); + } (void)strcpy_s(tokenNode.dcaps[0], MAX_DCAP_LEN, "x"); tokenNode.aclsNum = 0; tokenNode.permsNum = 0; @@ -193,7 +258,7 @@ HWTEST_F(TokenOperTest, UpdateItemcontent003, TestSize.Level1) EXPECT_NE(UpdateGoalItemFromRecord(&tokenNode, jsonRoot), 0); cJSON_Delete(jsonRoot); - free(tokenNode.dcaps[0]); + FreeStrArray(&tokenNode.dcaps, newDcapsNum - 1); } /** @@ -207,10 +272,15 @@ HWTEST_F(TokenOperTest, UpdateItemcontent004, TestSize.Level1) SetTimes(); NativeTokenList tokenNode; (void)strcpy_s(tokenNode.processName, MAX_PROCESS_NAME_LEN + 1, "process5"); + int32_t newDcapsNum = 2; tokenNode.apl = 1; tokenNode.dcapsNum = 1; - tokenNode.dcaps[0] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); - EXPECT_NE(tokenNode.dcaps[0], nullptr); + tokenNode.dcaps = static_cast(malloc(sizeof(char *) * newDcapsNum)); + EXPECT_NE(tokenNode.dcaps, nullptr); + for (int32_t i = 0; i < newDcapsNum; ++i) { + tokenNode.dcaps[i] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); + EXPECT_NE(tokenNode.dcaps[i], nullptr); + } (void)strcpy_s(tokenNode.dcaps[0], MAX_DCAP_LEN, "x"); tokenNode.aclsNum = 0; tokenNode.permsNum = 0; @@ -224,18 +294,29 @@ HWTEST_F(TokenOperTest, UpdateItemcontent004, TestSize.Level1) // perms update failed tokenNode.permsNum = 1; + tokenNode.perms = static_cast(malloc(sizeof(char *) * tokenNode.permsNum)); + EXPECT_NE(tokenNode.perms, nullptr); + tokenNode.perms[0] = nullptr; EXPECT_NE(UpdateGoalItemFromRecord(&tokenNode, json), 0); - // perms update failed - tokenNode.aclsNum = 1; + // acls update failed tokenNode.perms[0] = static_cast(malloc(sizeof(char) * MAX_PERM_LEN)); - EXPECT_NE(tokenNode.perms[0], nullptr); (void)strcpy_s(tokenNode.perms[0], MAX_PERM_LEN, "x"); + tokenNode.aclsNum = 1; + tokenNode.acls = static_cast(malloc(sizeof(char *) * tokenNode.aclsNum)); + EXPECT_NE(tokenNode.acls, nullptr); + tokenNode.acls[0] = nullptr; EXPECT_NE(UpdateGoalItemFromRecord(&tokenNode, json), 0); + tokenNode.acls[0] = static_cast(malloc(sizeof(char) * MAX_PERM_LEN)); + EXPECT_NE(tokenNode.acls[0], nullptr); + (void)strcpy_s(tokenNode.acls[0], MAX_PERM_LEN, "x"); + EXPECT_EQ(UpdateGoalItemFromRecord(&tokenNode, json), 0); + cJSON_Delete(json); - free(tokenNode.dcaps[0]); - free(tokenNode.perms[0]); + FreeStrArray(&tokenNode.dcaps, newDcapsNum - 1); + FreeStrArray(&tokenNode.perms, tokenNode.permsNum - 1); + FreeStrArray(&tokenNode.acls, tokenNode.aclsNum - 1); } /** @@ -260,6 +341,8 @@ HWTEST_F(TokenOperTest, CreateNativeTokenJsonObject001, TestSize.Level1) (void)strcpy_s(tokenNode.processName, MAX_PROCESS_NAME_LEN + 1, "process5"); tokenNode.apl = 1; tokenNode.dcapsNum = 1; + tokenNode.dcaps = static_cast(malloc(sizeof(char *) * tokenNode.dcapsNum)); + EXPECT_NE(tokenNode.dcaps, nullptr); tokenNode.dcaps[0] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); EXPECT_NE(tokenNode.dcaps[0], nullptr); (void)strcpy_s(tokenNode.dcaps[0], MAX_DCAP_LEN, "x"); @@ -302,7 +385,7 @@ HWTEST_F(TokenOperTest, CreateNativeTokenJsonObject001, TestSize.Level1) g_addItemToObject = 35; // 35 times EXPECT_EQ(CreateNativeTokenJsonObject(&tokenNode), nullptr); - free(tokenNode.dcaps[0]); + FreeStrArray(&tokenNode.dcaps, tokenNode.dcapsNum - 1); } /** @@ -319,6 +402,8 @@ HWTEST_F(TokenOperTest, CreateNativeTokenJsonObject002, TestSize.Level1) (void)strcpy_s(tokenNode.processName, MAX_PROCESS_NAME_LEN + 1, "process5"); tokenNode.apl = 1; tokenNode.dcapsNum = 1; + tokenNode.dcaps = static_cast(malloc(sizeof(char *) * tokenNode.dcapsNum)); + EXPECT_NE(tokenNode.dcaps, nullptr); tokenNode.dcaps[0] = static_cast(malloc(sizeof(char) * MAX_DCAP_LEN)); EXPECT_NE(tokenNode.dcaps[0], nullptr); (void)strcpy_s(tokenNode.dcaps[0], MAX_DCAP_LEN, "y"); @@ -340,7 +425,7 @@ HWTEST_F(TokenOperTest, CreateNativeTokenJsonObject002, TestSize.Level1) // cJSON_AddItemToObject failed 172 g_addItemToObject = 44; // 44 times EXPECT_EQ(CreateNativeTokenJsonObject(&tokenNode), nullptr); - free(tokenNode.dcaps[0]); + FreeStrArray(&tokenNode.dcaps, tokenNode.dcapsNum - 1); } /** @@ -352,26 +437,35 @@ HWTEST_F(TokenOperTest, CreateNativeTokenJsonObject002, TestSize.Level1) HWTEST_F(TokenOperTest, GetNativeTokenFromJson001, TestSize.Level1) { SetTimes(); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), false); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_PATH, TOKEN_ID_CFG_FILE_COPY_PATH); g_parse = DEFAULT_TIME; AtlibInit(); - EXPECT_EQ(g_tokenListHead, nullptr); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), true); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); g_getArrayItemTime = DEFAULT_TIME; AtlibInit(); - EXPECT_EQ(g_tokenListHead, nullptr); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), true); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); g_getArraySize = DEFAULT_TIME; AtlibInit(); - EXPECT_EQ(g_tokenListHead, nullptr); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), true); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); g_getArraySize = 8; // 8 times AtlibInit(); - EXPECT_EQ(g_tokenListHead, nullptr); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), true); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); g_getArraySize = 17; // 17 times AtlibInit(); - EXPECT_EQ(g_tokenListHead, nullptr); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), true); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); + + std::remove(TOKEN_ID_CFG_FILE_COPY_PATH); } static int32_t Start(const char *processName) @@ -420,15 +514,21 @@ static int32_t Start(const char *processName) HWTEST_F(TokenOperTest, GetInfoArrFromJson001, TestSize.Level1) { SetTimes(); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_PATH, TOKEN_ID_CFG_FILE_COPY_PATH); NativeTokenInfoParams tokenInfo; g_parse = DEFAULT_TIME; EXPECT_EQ(GetAccessTokenId(&tokenInfo), 0); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); + g_parse = VALID_TIME; + AtlibInit(); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), false); // UpdateInfoInCfgFile failed for SaveTokenIdToCfg // tokenNode->dcapsNum != dcapNumIn branch - g_parse = 8; // 8 times + g_parse = 9; // 9 times EXPECT_EQ(Start("foundation"), 0); + EXPECT_EQ(isFileEmpty(TOKEN_ID_CFG_FILE_PATH), false); g_printUnformatted = DEFAULT_TIME; EXPECT_NE(Start("process1"), 0); @@ -437,4 +537,34 @@ HWTEST_F(TokenOperTest, GetInfoArrFromJson001, TestSize.Level1) EXPECT_NE(Start("processUnique"), 0); EXPECT_NE(Start("processUnique1"), 0); + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); + std::remove(TOKEN_ID_CFG_FILE_COPY_PATH); +} + +/** + * @tc.name: RemoveNodeFromList001 + * @tc.desc: GetInfoArrFromJson successfully. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(TokenOperTest, RemoveNodeFromList001, TestSize.Level1) +{ + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_PATH, TOKEN_ID_CFG_FILE_COPY_PATH); + AtlibInit(); + EXPECT_NE(g_tokenListHead, nullptr); + g_strcpyTime = 0; + EXPECT_EQ(Start("foundation"), 0); + + // check the node whether exsits in the list + NativeTokenList *node = g_tokenListHead->next; + while (node != nullptr) { + if (strcmp(node->processName, "foundation") == 0) { + break; + } + node = node->next; + } + EXPECT_EQ(node, nullptr); + + CopyNativeTokenJson(TOKEN_ID_CFG_FILE_COPY_PATH, TOKEN_ID_CFG_FILE_PATH); + std::remove(TOKEN_ID_CFG_FILE_COPY_PATH); } diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_oper_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_oper_test.cpp index dba863a610938480718732a8cdf4b71dbb81e995..abc3a6258ca9ac301cf1a29b50e3c017a3007429 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_oper_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_oper_test.cpp @@ -52,13 +52,17 @@ HWTEST_F(TokenOperTest, FreeStrArray001, TestSize.Level1) test[i] = reinterpret_cast(malloc(sizeof(char))); ASSERT_NE(test[i], nullptr); } - FreeStrArray(test, testSize - 1); - EXPECT_EQ(test[0], nullptr); - FreeStrArray(test, testSize - 1); // arr[i] == nullptr - for (int32_t i = 0; i < testSize; i++) { - free(test[i]); + FreeStrArray(&test, testSize - 1); + EXPECT_EQ(test, nullptr); + FreeStrArray(&test, testSize - 1); // arr[i] == nullptr + if (test != nullptr) { + for (int32_t i = 0; i < testSize; i++) { + if (test[i] != nullptr) { + free(test[i]); + } + } + free(test); } - free(test); } /** @@ -179,27 +183,29 @@ HWTEST_F(TokenOperTest, GetInfoArrFromJson001, TestSize.Level1) attr.strKey = "dcaps"; attr.maxStrNum = 1; attr.maxStrLen = 10; - char *test[testSize]; + char **test = static_cast(malloc(testSize * sizeof(char *))); const char *stringJson1 = "{\"processName\":\"partitionslot_host\"," "\"dcaps\":[\"DCAPS_AT\",\"DCAPS_AT\", \"DCAPS_AT\",\"DCAPS_AT\"]," "\"permissions\":[],\"nativeAcls\":[]}"; cJSON* jsonroot = cJSON_Parse(stringJson1); - EXPECT_NE(GetInfoArrFromJson(jsonroot, test, &resSize, &attr), 0); + EXPECT_NE(GetInfoArrFromJson(jsonroot, &test, &resSize, &attr), 0); cJSON_Delete(jsonroot); stringJson1 = "{\"processName\":\"partitionslot_host\"," "\"APL\":2,\"version\":1,\"tokenId\":672003577,\"tokenAttr\":0,\"dcaps\":[1]," "\"permissions\":[],\"nativeAcls\":[]}"; jsonroot = cJSON_Parse(stringJson1); - EXPECT_NE(GetInfoArrFromJson(jsonroot, test, &resSize, &attr), 0); + EXPECT_NE(GetInfoArrFromJson(jsonroot, &test, &resSize, &attr), 0); cJSON_Delete(jsonroot); stringJson1 = "{\"processName\":\"partitionslot_host\"," "\"APL\":2,\"version\":1,\"tokenId\":672003577,\"tokenAttr\":0,\"dcaps\":[\"DCAPSAAAAAAAA_AT\"]," "\"permissions\":[],\"nativeAcls\":[]}"; jsonroot = cJSON_Parse(stringJson1); - EXPECT_NE(GetInfoArrFromJson(jsonroot, test, &resSize, &attr), 0); + EXPECT_NE(GetInfoArrFromJson(jsonroot, &test, &resSize, &attr), 0); cJSON_Delete(jsonroot); + free(test); + test = nullptr; } /** diff --git a/interfaces/innerkits/privacy/BUILD.gn b/interfaces/innerkits/privacy/BUILD.gn index b680d2f1e31ce5df874abb82f562f73408cce6e4..1b1c41ad0a5461d716ed2cd5b95eca43b8e9a2c3 100644 --- a/interfaces/innerkits/privacy/BUILD.gn +++ b/interfaces/innerkits/privacy/BUILD.gn @@ -42,6 +42,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/privacy/include", "${access_token_path}/frameworks/common/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", + "include", "src", ] @@ -62,6 +63,7 @@ if (is_standard_system) { deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx", "${access_token_path}/frameworks/privacy:privacy_communication_adapter_cxx", + "${access_token_path}/services/common/proxy_death:proxy_death_stub", ] configs = [ @@ -84,5 +86,9 @@ if (is_standard_system) { if (security_component_enhance_enable == true) { cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] } + + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } } } diff --git a/interfaces/innerkits/privacy/include/active_change_response_info.h b/interfaces/innerkits/privacy/include/active_change_response_info.h index 276f72486f278e15e70676c7879bb5a4d2c5f6bf..b8a148965d3522248339beb1d588fa7c08b9400b 100644 --- a/interfaces/innerkits/privacy/include/active_change_response_info.h +++ b/interfaces/innerkits/privacy/include/active_change_response_info.h @@ -39,6 +39,7 @@ #include #include "access_token.h" +#include "permission_used_type.h" namespace OHOS { namespace Security { @@ -50,6 +51,7 @@ enum ActiveChangeType { PERM_INACTIVE = 0, PERM_ACTIVE_IN_FOREGROUND = 1, PERM_ACTIVE_IN_BACKGROUND = 2, + PERM_TEMPORARY_CALL, }; /** @@ -64,6 +66,7 @@ enum LockScreenStatusChangeType { * @brief Permission active state change response struct */ struct ActiveChangeResponse { + AccessTokenID callingTokenID; AccessTokenID tokenID; std::string permissionName; std::string deviceId; @@ -72,6 +75,8 @@ struct ActiveChangeResponse { * see the definition above. */ ActiveChangeType type; + PermissionUsedType usedType; + int32_t pid; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/include/permission_used_result.h b/interfaces/innerkits/privacy/include/permission_used_result.h index f387457f3952bb66a4c40fb28906365af3ad7900..50220410e21c23c688817bdfc587213e4a91c556 100644 --- a/interfaces/innerkits/privacy/include/permission_used_result.h +++ b/interfaces/innerkits/privacy/include/permission_used_result.h @@ -78,6 +78,8 @@ struct PermissionUsedRecord { std::string permissionName; /** permission access count */ int32_t accessCount = 0; + /** permission security access count: picker + seccom */ + int32_t secAccessCount = 0; /** permission reject count */ int32_t rejectCount = 0; /** permission last access timestamp */ diff --git a/interfaces/innerkits/privacy/include/permission_used_type_info.h b/interfaces/innerkits/privacy/include/permission_used_type_info.h index 8b16347265b13a5d50e02bf97eaa1ff3469bf28f..a016301ed40a94ace21f650ad263163a0ac263a7 100644 --- a/interfaces/innerkits/privacy/include/permission_used_type_info.h +++ b/interfaces/innerkits/privacy/include/permission_used_type_info.h @@ -48,6 +48,8 @@ namespace AccessToken { struct PermissionUsedTypeInfo { AccessTokenID tokenId; std::string permissionName; + /** for input parameter only **/ + int32_t pid; /** enum PermissionUsedType, see permission_used_type.h */ PermissionUsedType type = NORMAL_TYPE; }; diff --git a/interfaces/innerkits/privacy/include/privacy_error.h b/interfaces/innerkits/privacy/include/privacy_error.h index bab714d96ac4c1819ed3557cff7a7742af8258eb..d1b622338bdd35cf4ee89ac152f0d843936b7a8d 100644 --- a/interfaces/innerkits/privacy/include/privacy_error.h +++ b/interfaces/innerkits/privacy/include/privacy_error.h @@ -62,6 +62,10 @@ enum PrivacyError { ERR_WINDOW_CALLBACK_FAILED, ERR_EDM_POLICY_CHECK_FAILED, ERR_PRIVACY_POLICY_CHECK_FAILED, + ERR_REMOTE_CONNECTION, + ERR_ADD_DEATH_RECIPIENT_FAILED, + ERR_FIRST_CALLER_NOT_EDM, + PRIVACY_TOGGELE_RESTRICTED, }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/include/privacy_kit.h b/interfaces/innerkits/privacy/include/privacy_kit.h index 056f2a9008b9a9f683724040948531707b8bde20..0cd8b415280e7273eea68785143fd898c96eb76d 100644 --- a/interfaces/innerkits/privacy/include/privacy_kit.h +++ b/interfaces/innerkits/privacy/include/privacy_kit.h @@ -75,13 +75,28 @@ public: * @return error code, see privacy_error.h */ static int32_t AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode = false); + /** + * @brief Set permission used record toggle status. + * @param userID the userID + * @param status permission used record toggle status, true means record, false means not record + * @return error code, see privacy_error.h + */ + static int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status); + /** + * @brief Get permission used record toggle status. + * @param userID the userID + * @param status permission used record toggle status, true means record, false means not record + * @return error code, see privacy_error.h + */ + static int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status); /** * @brief Input tokenID start using input permission. * @param tokenID token id * @param permissionName permission nanme * @return error code, see privacy_error.h */ - static int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName); + static int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1, + PermissionUsedType type = PermissionUsedType::NORMAL_TYPE); /** * @brief Input tokenID start using input permission and return by callback, * only those services which has float window such as camera or @@ -92,21 +107,21 @@ public: * @return error code, see privacy_error.h */ static int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const std::shared_ptr& callback); + const std::shared_ptr& callback, int32_t pid = -1, + PermissionUsedType type = PermissionUsedType::NORMAL_TYPE); /** * @brief Input tokenID stop using input permission. * @param tokenID token id * @param permissionName permission nanme * @return error code, see privacy_error.h */ - static int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName); + static int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1); /** * @brief Remove input tokenID sensitive permission used records. * @param tokenID token id - * @param deviceID device id * @return error code, see privacy_error.h */ - static int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID); + static int32_t RemovePermissionUsedRecords(AccessTokenID tokenID); /** * @brief Get sensitive permission used records. * @param request PermissionUsedRequest quote @@ -140,7 +155,7 @@ public: * @param permissionName permission nanme * @return true means allow to user the permission, false means not allow */ - static bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName); + static bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid = -1); #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE /** @@ -187,9 +202,11 @@ public: * @param policyType policy type, see privacy_param.h * @param caller caller type, see privacy_param.h * @param isMute mute or unmute + * @param tokenID when policyType is EDM, this param should be first caller token id, + * when policyType is not EDM, this param will be ignore. * @return error code, see privacy_error.h */ - static int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute); + static int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID); /** * @brief try set background visit policy. diff --git a/interfaces/innerkits/privacy/libprivacy_sdk.map b/interfaces/innerkits/privacy/libprivacy_sdk.map index 60ecfc90496f021ef1f4327a3f8cad1a02ef9d14..f99cde5012102c72776d2bf4941971fcdc5f1b54 100644 --- a/interfaces/innerkits/privacy/libprivacy_sdk.map +++ b/interfaces/innerkits/privacy/libprivacy_sdk.map @@ -18,17 +18,19 @@ "OHOS::Security::AccessToken::PermActiveStatusCustomizedCbk::~PermActiveStatusCustomizedCbk()"; "OHOS::Security::AccessToken::PrivacyKit::AddPermissionUsedRecord(unsigned int, std::__h::basic_string, std::__h::allocator> const&, int, int, bool)"; "OHOS::Security::AccessToken::PrivacyKit::AddPermissionUsedRecord(OHOS::Security::AccessToken::AddPermParamInfo const&, bool)"; - "OHOS::Security::AccessToken::PrivacyKit::StartUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; - "OHOS::Security::AccessToken::PrivacyKit::StopUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::PrivacyKit::SetPermissionUsedRecordToggleStatus(int, bool)"; + "OHOS::Security::AccessToken::PrivacyKit::GetPermissionUsedRecordToggleStatus(int, bool&)"; + "OHOS::Security::AccessToken::PrivacyKit::StartUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, int, OHOS::Security::AccessToken::PermissionUsedTypeValue)"; + "OHOS::Security::AccessToken::PrivacyKit::StopUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, int)"; "OHOS::Security::AccessToken::PrivacyKit::GetPermissionUsedRecords(OHOS::Security::AccessToken::PermissionUsedRequest const&, OHOS::Security::AccessToken::PermissionUsedResult&)"; "OHOS::Security::AccessToken::PermActiveStatusCustomizedCbk::GetPermList(std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>>&) const"; "OHOS::Security::AccessToken::PrivacyKit::RegisterPermActiveStatusCallback(std::__h::shared_ptr const&)"; "OHOS::Security::AccessToken::PrivacyKit::UnRegisterPermActiveStatusCallback(std::__h::shared_ptr const&)"; - "OHOS::Security::AccessToken::PrivacyKit::RemovePermissionUsedRecords(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::PrivacyKit::RemovePermissionUsedRecords(unsigned int)"; "OHOS::Security::AccessToken::StateCustomizedCbk::StateCustomizedCbk()"; - "OHOS::Security::AccessToken::PrivacyKit::StartUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, std::__h::shared_ptr const&)"; + "OHOS::Security::AccessToken::PrivacyKit::StartUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, std::__h::shared_ptr const&, int, OHOS::Security::AccessToken::PermissionUsedTypeValue)"; "OHOS::Security::AccessToken::PrivacyKit::GetPermissionUsedRecords(OHOS::Security::AccessToken::PermissionUsedRequest const&, OHOS::sptr const&)"; - "OHOS::Security::AccessToken::PrivacyKit::IsAllowedUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::PrivacyKit::IsAllowedUsingPermission(unsigned int, std::__h::basic_string, std::__h::allocator> const&, int)"; "OHOS::Security::AccessToken::PrivacyKit::RegisterSecCompEnhance(OHOS::Security::AccessToken::SecCompEnhanceData const&)"; "OHOS::Security::AccessToken::PrivacyKit::UpdateSecCompEnhance(int, unsigned int)"; "OHOS::Security::AccessToken::PrivacyKit::GetSecCompEnhance(int, OHOS::Security::AccessToken::SecCompEnhanceData&)"; @@ -44,7 +46,7 @@ "OHOS::Security::AccessToken::PrivacyManagerClient::InitProxy()"; "OHOS::Security::AccessToken::PrivacyKit::SetHapWithFGReminder(unsigned int, bool)"; "OHOS::Security::AccessToken::PrivacyKit::GetPermissionUsedTypeInfos(unsigned int, std::__h::basic_string, std::__h::allocator> const&, std::__h::vector>&)"; - "OHOS::Security::AccessToken::PrivacyKit::SetMutePolicy(unsigned int, unsigned int, bool)"; + "OHOS::Security::AccessToken::PrivacyKit::SetMutePolicy(unsigned int, unsigned int, bool, unsigned int)"; ""; }; local: diff --git a/interfaces/innerkits/privacy/src/on_permission_used_record_callback_stub.cpp b/interfaces/innerkits/privacy/src/on_permission_used_record_callback_stub.cpp index 7a84683ae1674a56f7d5f1a3f9fa028809aab240..70c6a5e6f025dea8785741de336731052bcb6346 100644 --- a/interfaces/innerkits/privacy/src/on_permission_used_record_callback_stub.cpp +++ b/interfaces/innerkits/privacy/src/on_permission_used_record_callback_stub.cpp @@ -15,7 +15,7 @@ #include "on_permission_used_record_callback_stub.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" #include "permission_used_result_parcel.h" #include "string_ex.h" @@ -24,19 +24,16 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "OnPermissionUsedRecordCallbackStub" -}; static constexpr int32_t RET_NOK = -1; } int32_t OnPermissionUsedRecordCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry, code: 0x%{public}x", code); + LOGD(PRI_DOMAIN, PRI_TAG, "Entry, code: 0x%{public}x", code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != OnPermissionUsedRecordCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -50,10 +47,10 @@ int32_t OnPermissionUsedRecordCallbackStub::OnRemoteRequest( } sptr resultSptr = data.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable fail"); return RET_NOK; } - ACCESSTOKEN_LOG_INFO(LABEL, "ErrCode: %{public}d", errCode); + LOGI(PRI_DOMAIN, PRI_TAG, "ErrCode: %{public}d", errCode); OnQueried(errCode, resultSptr->result); } else { return IPCObjectStub::OnRemoteRequest(code, data, reply, option); diff --git a/interfaces/innerkits/privacy/src/perm_active_status_change_callback.cpp b/interfaces/innerkits/privacy/src/perm_active_status_change_callback.cpp index 09ffed6b5eae0d59c8fa7bf13bad3121ce207d38..19e86915f105978ecb4afe90f957ffd4d6b69015 100644 --- a/interfaces/innerkits/privacy/src/perm_active_status_change_callback.cpp +++ b/interfaces/innerkits/privacy/src/perm_active_status_change_callback.cpp @@ -16,14 +16,11 @@ #include "perm_active_status_change_callback.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionActiveStatusChangeCallback" -}; PermActiveStatusChangeCallback::PermActiveStatusChangeCallback( const std::shared_ptr &customizedCallback) : customizedCallback_(customizedCallback) @@ -35,7 +32,7 @@ PermActiveStatusChangeCallback::~PermActiveStatusChangeCallback() void PermActiveStatusChangeCallback::ActiveStatusChangeCallback(ActiveChangeResponse& result) { if (customizedCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CustomizedCallback_ is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "CustomizedCallback_ is nullptr"); return; } diff --git a/interfaces/innerkits/privacy/src/perm_active_status_change_callback_stub.cpp b/interfaces/innerkits/privacy/src/perm_active_status_change_callback_stub.cpp index 0198c49d12eb58ea97aa16161f5a275d5c5d7986..8e12f2bd0a2507fc5b542dbc03d77a0facf39e66 100644 --- a/interfaces/innerkits/privacy/src/perm_active_status_change_callback_stub.cpp +++ b/interfaces/innerkits/privacy/src/perm_active_status_change_callback_stub.cpp @@ -15,7 +15,7 @@ #include "perm_active_status_change_callback_stub.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" #include "perm_active_response_parcel.h" #include "string_ex.h" @@ -23,19 +23,14 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermActiveStatusChangeCallbackStub" -}; -} int32_t PermActiveStatusChangeCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry, code: 0x%{public}x", code); + LOGD(PRI_DOMAIN, PRI_TAG, "Entry, code: 0x%{public}x", code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != IPermActiveStatusCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -43,7 +38,7 @@ int32_t PermActiveStatusChangeCallbackStub::OnRemoteRequest( if (msgCode == static_cast(PrivacyActiveChangeInterfaceCode::PERM_ACTIVE_STATUS_CHANGE)) { sptr resultSptr = data.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable fail"); return ERR_READ_PARCEL_FAILED; } diff --git a/interfaces/innerkits/privacy/src/privacy_death_recipient.cpp b/interfaces/innerkits/privacy/src/privacy_death_recipient.cpp index 6322643b8be21f810ddb9927475e048c49d7e8be..3bded569b558f3cb2d814ee89e4143364706ed73 100644 --- a/interfaces/innerkits/privacy/src/privacy_death_recipient.cpp +++ b/interfaces/innerkits/privacy/src/privacy_death_recipient.cpp @@ -14,21 +14,16 @@ */ #include "privacy_death_recipient.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_manager_client.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyDeathRecipient" -}; -} // namespace void PrivacyDeathRecipient::OnRemoteDied(const wptr& object) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + LOGI(PRI_DOMAIN, PRI_TAG, "%{public}s called", __func__); PrivacyManagerClient::GetInstance().OnRemoteDiedHandle(); } } // namespace AccessToken diff --git a/interfaces/innerkits/privacy/src/privacy_death_recipient.h b/interfaces/innerkits/privacy/src/privacy_death_recipient.h index 47bc2892f10a0b04d7d2deb8b6339282b166fa5e..921932db3a457f9b663a78852cb89b5fda9fe020 100644 --- a/interfaces/innerkits/privacy/src/privacy_death_recipient.h +++ b/interfaces/innerkits/privacy/src/privacy_death_recipient.h @@ -25,7 +25,7 @@ namespace AccessToken { class PrivacyDeathRecipient : public IRemoteObject::DeathRecipient { public: PrivacyDeathRecipient() {} - virtual ~PrivacyDeathRecipient() override = default; + ~PrivacyDeathRecipient() override = default; void OnRemoteDied(const wptr& object) override; }; } // namespace AccessToken diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index d6c612dd71c8173e1ce2509472952fdfd3c32098..5f796a8546e2539443973fa5057ce9eff2f102ca 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -18,15 +18,55 @@ #include #include -#include "accesstoken_log.h" #include "constant_common.h" #include "data_validator.h" #include "privacy_error.h" #include "privacy_manager_client.h" +#include "time_util.h" namespace OHOS { namespace Security { namespace AccessToken { +namespace { +constexpr const int64_t MERGE_TIMESTAMP = 200; // 200ms +std::mutex g_lockCache; +struct RecordCache { + int32_t successCount = 0; + int64_t timespamp = 0; +}; +std::map g_recordMap; +} +static std::string GetRecordUniqueStr(const AddPermParamInfo& record) +{ + return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type); +} + +bool FindAndInsertRecord(const AddPermParamInfo& record) +{ + std::lock_guard lock(g_lockCache); + std::string newRecordStr = GetRecordUniqueStr(record); + int64_t curTimestamp = TimeUtil::GetCurrentTimestamp(); + auto iter = g_recordMap.find(newRecordStr); + if (iter == g_recordMap.end()) { + g_recordMap[newRecordStr].successCount = record.successCount; + g_recordMap[newRecordStr].timespamp = curTimestamp; + return false; + } + if (curTimestamp - iter->second.timespamp >= MERGE_TIMESTAMP) { + g_recordMap[newRecordStr].successCount = record.successCount; + g_recordMap[newRecordStr].timespamp = curTimestamp; + return false; + } + if (iter->second.successCount == 0 && record.successCount != 0) { + g_recordMap[newRecordStr].successCount += record.successCount; + g_recordMap[newRecordStr].timespamp = curTimestamp; + return false; + } + g_recordMap[newRecordStr].successCount += record.successCount; + g_recordMap[newRecordStr].timespamp = curTimestamp; + return true; +} + int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName, int32_t successCount, int32_t failCount, bool asyncMode) { @@ -49,33 +89,66 @@ int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool a if (!DataValidator::IsHapCaller(info.tokenId)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + + if (!FindAndInsertRecord(info)) { + int32_t ret = PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + if (ret == PrivacyError::PRIVACY_TOGGELE_RESTRICTED) { + std::lock_guard lock(g_lockCache); + std::string recordStr = GetRecordUniqueStr(info); + g_recordMap.erase(recordStr); + return RET_SUCCESS; + } + return ret; + } + + return RET_SUCCESS; +} + +int32_t PrivacyKit::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) +{ + if (!DataValidator::IsUserIdValid(userID)) { + return PrivacyError::ERR_PARAM_INVALID; + } + return PrivacyManagerClient::GetInstance().SetPermissionUsedRecordToggleStatus(userID, status); } -int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyKit::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) { - if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) { + if (!DataValidator::IsUserIdValid(userID)) { + return PrivacyError::ERR_PARAM_INVALID; + } + return PrivacyManagerClient::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status); +} + +int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid, + PermissionUsedType type) +{ + if ((!DataValidator::IsTokenIDValid(tokenID)) || + (!DataValidator::IsPermissionNameValid(permissionName)) || + (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } if (!DataValidator::IsHapCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, permissionName); + return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, type); } int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const std::shared_ptr& callback) + const std::shared_ptr& callback, int32_t pid, PermissionUsedType type) { - if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) { + if ((!DataValidator::IsTokenIDValid(tokenID)) || + (!DataValidator::IsPermissionNameValid(permissionName)) || + (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } if (!DataValidator::IsHapCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, permissionName, callback); + return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback, type); } -int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) { if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) { return PrivacyError::ERR_PARAM_INVALID; @@ -83,18 +156,18 @@ int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string if (!DataValidator::IsHapCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, permissionName); + return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName); } -int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) +int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID) { - if (!DataValidator::IsTokenIDValid(tokenID) && !DataValidator::IsDeviceIdValid(deviceID)) { + if (!DataValidator::IsTokenIDValid(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } if (!DataValidator::IsHapCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID, deviceID); + return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID); } static bool IsPermissionFlagValid(const PermissionUsedRequest& request) @@ -134,12 +207,12 @@ int32_t PrivacyKit::UnRegisterPermActiveStatusCallback(const std::shared_ptr -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "privacy_error.h" #include "privacy_manager_proxy.h" @@ -27,9 +27,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerClient" -}; const static int32_t MAX_CALLBACK_SIZE = 200; const static int32_t MAX_PERM_LIST_SIZE = 1024; constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; @@ -42,7 +39,8 @@ PrivacyManagerClient& PrivacyManagerClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PrivacyManagerClient(); + PrivacyManagerClient* tmp = new PrivacyManagerClient(); + instance = std::move(tmp); } } return *instance; @@ -53,7 +51,7 @@ PrivacyManagerClient::PrivacyManagerClient() PrivacyManagerClient::~PrivacyManagerClient() { - ACCESSTOKEN_LOG_ERROR(LABEL, "~PrivacyManagerClient"); + LOGE(PRI_DOMAIN, PRI_TAG, "~PrivacyManagerClient"); std::lock_guard lock(proxyMutex_); ReleaseProxy(); } @@ -62,7 +60,7 @@ int32_t PrivacyManagerClient::AddPermissionUsedRecord(const AddPermParamInfo& in { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } AddPermParamInfoParcel infoParcel; @@ -70,90 +68,136 @@ int32_t PrivacyManagerClient::AddPermissionUsedRecord(const AddPermParamInfo& in return proxy->AddPermissionUsedRecord(infoParcel, asyncMode); } -int32_t PrivacyManagerClient::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyManagerClient::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->StartUsingPermission(tokenID, permissionName); + + return proxy->SetPermissionUsedRecordToggleStatus(userID, status); +} + +int32_t PrivacyManagerClient::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); + return PrivacyError::ERR_SERVICE_ABNORMAL; + } + + return proxy->GetPermissionUsedRecordToggleStatus(userID, status); +} + +int32_t PrivacyManagerClient::StartUsingPermission( + AccessTokenID tokenID, int32_t pid, const std::string& permissionName, PermissionUsedType type) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); + return PrivacyError::ERR_SERVICE_ABNORMAL; + } + + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + parcel.info.type = type; + + auto anonyStub = GetAnonyStub(); + if (anonyStub == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy death recipent is null."); + return PrivacyError::ERR_MALLOC_FAILED; + } + return proxy->StartUsingPermission(parcel, anonyStub); } -int32_t PrivacyManagerClient::CreateStateChangeCbk(AccessTokenID tokenId, +int32_t PrivacyManagerClient::CreateStateChangeCbk(uint64_t id, const std::shared_ptr& callback, sptr& callbackWrap) { std::lock_guard lock(stateCbkMutex_); - - auto iter = stateChangeCallbackMap_.find(tokenId); + auto iter = stateChangeCallbackMap_.find(id); if (iter != stateChangeCallbackMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, " Callback has been used."); + LOGE(PRI_DOMAIN, PRI_TAG, " Callback has been used."); return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; } else { callbackWrap = new (std::nothrow) StateChangeCallback(callback); if (callbackWrap == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Memory allocation for callbackWrap failed!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Memory allocation for callbackWrap failed!"); return PrivacyError::ERR_MALLOC_FAILED; } } return RET_SUCCESS; } -int32_t PrivacyManagerClient::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const std::shared_ptr& callback) +int32_t PrivacyManagerClient::StartUsingPermission(AccessTokenID tokenId, int32_t pid, + const std::string& permissionName, const std::shared_ptr& callback, PermissionUsedType type) { if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(PRI_DOMAIN, PRI_TAG, "Callback is nullptr."); return PrivacyError::ERR_PARAM_INVALID; } sptr callbackWrap = nullptr; - int32_t result = CreateStateChangeCbk(tokenId, callback, callbackWrap); + uint64_t id = GetUniqueId(tokenId, pid); + int32_t result = CreateStateChangeCbk(id, callback, callbackWrap); if (result != RET_SUCCESS) { return result; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - - result = proxy->StartUsingPermission(tokenId, permissionName, callbackWrap->AsObject()); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenId; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + parcel.info.type = type; + auto anonyStub = GetAnonyStub(); + if (anonyStub == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy death recipent is null."); + return PrivacyError::ERR_MALLOC_FAILED; + } + result = proxy->StartUsingPermission(parcel, callbackWrap->AsObject(), anonyStub); if (result == RET_SUCCESS) { std::lock_guard lock(stateCbkMutex_); - stateChangeCallbackMap_[tokenId] = callbackWrap; - ACCESSTOKEN_LOG_INFO(LABEL, "CallbackObject added."); + stateChangeCallbackMap_[id] = callbackWrap; + LOGI(PRI_DOMAIN, PRI_TAG, "CallbackObject added."); } return result; } -int32_t PrivacyManagerClient::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyManagerClient::StopUsingPermission( + AccessTokenID tokenID, int32_t pid, const std::string& permissionName) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } if (permissionName == CAMERA_PERMISSION_NAME) { + uint64_t id = GetUniqueId(tokenID, pid); std::lock_guard lock(stateCbkMutex_); - auto iter = stateChangeCallbackMap_.find(tokenID); + auto iter = stateChangeCallbackMap_.find(id); if (iter != stateChangeCallbackMap_.end()) { - stateChangeCallbackMap_.erase(tokenID); + stateChangeCallbackMap_.erase(id); } } - return proxy->StopUsingPermission(tokenID, permissionName); + return proxy->StopUsingPermission(tokenID, pid, permissionName); } -int32_t PrivacyManagerClient::RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) +int32_t PrivacyManagerClient::RemovePermissionUsedRecords(AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->RemovePermissionUsedRecords(tokenID, deviceID); + return proxy->RemovePermissionUsedRecords(tokenID); } int32_t PrivacyManagerClient::GetPermissionUsedRecords( @@ -161,7 +205,7 @@ int32_t PrivacyManagerClient::GetPermissionUsedRecords( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } @@ -178,7 +222,7 @@ int32_t PrivacyManagerClient::GetPermissionUsedRecords(const PermissionUsedReque { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } @@ -213,20 +257,20 @@ int32_t PrivacyManagerClient::RegisterPermActiveStatusCallback( const std::shared_ptr& callback) { if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CustomizedCb is nullptr."); + LOGE(PRI_DOMAIN, PRI_TAG, "CustomizedCb is nullptr."); return PrivacyError::ERR_PARAM_INVALID; } sptr callbackWrap = nullptr; int32_t result = CreateActiveStatusChangeCbk(callback, callbackWrap); if (result != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create callback, err: %{public}d.", result); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create callback, err: %{public}d.", result); return result; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } std::vector permList; @@ -239,7 +283,7 @@ int32_t PrivacyManagerClient::RegisterPermActiveStatusCallback( if (result == RET_SUCCESS) { std::lock_guard lock(activeCbkMutex_); activeCbkMap_[callback] = callbackWrap; - ACCESSTOKEN_LOG_INFO(LABEL, "CallbackObject added."); + LOGI(PRI_DOMAIN, PRI_TAG, "CallbackObject added."); } return result; } @@ -249,14 +293,14 @@ int32_t PrivacyManagerClient::UnRegisterPermActiveStatusCallback( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } std::lock_guard lock(activeCbkMutex_); auto goalCallback = activeCbkMap_.find(callback); if (goalCallback == activeCbkMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GoalCallback already is not exist."); + LOGE(PRI_DOMAIN, PRI_TAG, "GoalCallback already is not exist."); return PrivacyError::ERR_CALLBACK_NOT_EXIST; } @@ -267,14 +311,15 @@ int32_t PrivacyManagerClient::UnRegisterPermActiveStatusCallback( return result; } -bool PrivacyManagerClient::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +bool PrivacyManagerClient::IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, + int32_t pid) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return false; } - return proxy->IsAllowedUsingPermission(tokenID, permissionName); + return proxy->IsAllowedUsingPermission(tokenID, permissionName, pid); } #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE @@ -282,7 +327,7 @@ int32_t PrivacyManagerClient::RegisterSecCompEnhance(const SecCompEnhanceData& e { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_PARAM_INVALID; } SecCompEnhanceDataParcel registerParcel; @@ -294,7 +339,7 @@ int32_t PrivacyManagerClient::UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_PARAM_INVALID; } return proxy->UpdateSecCompEnhance(pid, seqNum); @@ -304,7 +349,7 @@ int32_t PrivacyManagerClient::GetSecCompEnhance(int32_t pid, SecCompEnhanceData& { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_PARAM_INVALID; } SecCompEnhanceDataParcel parcel; @@ -321,7 +366,7 @@ int32_t PrivacyManagerClient::GetSpecialSecCompEnhance(const std::string& bundle { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_PARAM_INVALID; } std::vector parcelList; @@ -341,7 +386,7 @@ int32_t PrivacyManagerClient::GetPermissionUsedTypeInfos(const AccessTokenID tok { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } @@ -356,37 +401,44 @@ int32_t PrivacyManagerClient::GetPermissionUsedTypeInfos(const AccessTokenID tok return RET_SUCCESS; } -int32_t PrivacyManagerClient::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) +int32_t PrivacyManagerClient::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, + AccessTokenID tokenID) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } - return proxy->SetMutePolicy(policyType, callerType, isMute); + return proxy->SetMutePolicy(policyType, callerType, isMute, tokenID); } int32_t PrivacyManagerClient::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null."); return PrivacyError::ERR_SERVICE_ABNORMAL; } return proxy->SetHapWithFGReminder(tokenId, isAllowed); } +uint64_t PrivacyManagerClient::GetUniqueId(uint32_t tokenId, int32_t pid) const +{ + uint32_t tmpPid = (pid <= 0) ? 0 : static_cast(pid); + return (static_cast(tmpPid) << 32) | (static_cast(tokenId) & 0xFFFFFFFF); // 32: bit +} + void PrivacyManagerClient::InitProxy() { - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbilityManager is null"); + LOGD(PRI_DOMAIN, PRI_TAG, "GetSystemAbilityManager is null"); return; } - auto privacySa = sam->GetSystemAbility(IPrivacyManager::SA_ID_PRIVACY_MANAGER_SERVICE); + auto privacySa = sam->CheckSystemAbility(IPrivacyManager::SA_ID_PRIVACY_MANAGER_SERVICE); if (privacySa == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetSystemAbility %{public}d is null", + LOGD(PRI_DOMAIN, PRI_TAG, "CheckSystemAbility %{public}d is null", IPrivacyManager::SA_ID_PRIVACY_MANAGER_SERVICE); return; } @@ -395,9 +447,9 @@ void PrivacyManagerClient::InitProxy() if (serviceDeathObserver_ != nullptr) { privacySa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = iface_cast(privacySa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Iface_cast get null"); + proxy_ = new PrivacyManagerProxy(privacySa); + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { + LOGD(PRI_DOMAIN, PRI_TAG, "Iface_cast get null"); } } } @@ -412,7 +464,7 @@ void PrivacyManagerClient::OnRemoteDiedHandle() sptr PrivacyManagerClient::GetProxy() { std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { InitProxy(); } return proxy_; @@ -426,6 +478,15 @@ void PrivacyManagerClient::ReleaseProxy() proxy_ = nullptr; serviceDeathObserver_ = nullptr; } + +sptr PrivacyManagerClient::GetAnonyStub() +{ + std::lock_guard lock(stubMutex_); + if (anonyStub_ == nullptr) { + anonyStub_ = sptr::MakeSptr(); + } + return anonyStub_; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.h b/interfaces/innerkits/privacy/src/privacy_manager_client.h index 556b6407a12c0ef35ba7e11bb8ef8ee8a7509858..9003ec57c5e2ca50a815b9bc2d014196a222477a 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_client.h +++ b/interfaces/innerkits/privacy/src/privacy_manager_client.h @@ -25,6 +25,7 @@ #include "perm_active_status_change_callback.h" #include "perm_active_status_customized_cbk.h" #include "privacy_death_recipient.h" +#include "proxy_death_callback_stub.h" #include "state_change_callback.h" #include "state_customized_cbk.h" @@ -38,13 +39,16 @@ public: virtual ~PrivacyManagerClient(); int32_t AddPermissionUsedRecord(const AddPermParamInfo& info, bool asyncMode = false); - int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName); - int32_t CreateStateChangeCbk(AccessTokenID tokenId, const std::shared_ptr& callback, + int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status); + int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status); + int32_t StartUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName, + PermissionUsedType type); + int32_t CreateStateChangeCbk(uint64_t id, const std::shared_ptr& callback, sptr& callbackWrap); - int32_t StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const std::shared_ptr& callback); - int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName); - int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID); + int32_t StartUsingPermission(AccessTokenID tokenId, int32_t pid, const std::string& permissionName, + const std::shared_ptr& callback, PermissionUsedType type); + int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName); + int32_t RemovePermissionUsedRecords(AccessTokenID tokenID); int32_t GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result); int32_t GetPermissionUsedRecords( const PermissionUsedRequest& request, const sptr& callback); @@ -53,7 +57,7 @@ public: int32_t CreateActiveStatusChangeCbk( const std::shared_ptr& callback, sptr& callbackWrap); - bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName); + bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid); void OnRemoteDiedHandle(); #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE int32_t RegisterSecCompEnhance(const SecCompEnhanceData& enhance); @@ -64,7 +68,7 @@ public: #endif int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& results); - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute); + int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID); int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed); private: @@ -77,12 +81,16 @@ private: void InitProxy(); sptr GetProxy(); void ReleaseProxy(); + uint64_t GetUniqueId(uint32_t tokenId, int32_t pid) const; + sptr GetAnonyStub(); private: std::mutex activeCbkMutex_; std::map, sptr> activeCbkMap_; std::mutex stateCbkMutex_; - std::map> stateChangeCallbackMap_; + std::map> stateChangeCallbackMap_; + std::mutex stubMutex_; + sptr anonyStub_ = nullptr; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp b/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp index f45ef99a89c988997c7bc2357c21a1debd7aa8f1..77f50a8360f2872c366be8aa02e574b39b03b2fd 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp +++ b/interfaces/innerkits/privacy/src/privacy_manager_proxy.cpp @@ -15,16 +15,13 @@ #include "privacy_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerProxy" -}; #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE static const int MAX_SEC_COMP_ENHANCE_SIZE = 1000; @@ -45,7 +42,7 @@ int32_t PrivacyManagerProxy::AddPermissionUsedRecord(const AddPermParamInfoParce MessageParcel addData; addData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); if (!addData.WriteParcelable(&infoParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(infoParcel)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(infoParcel)"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -54,20 +51,86 @@ int32_t PrivacyManagerProxy::AddPermissionUsedRecord(const AddPermParamInfoParce return PrivacyError::ERR_SERVICE_ABNORMAL; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } -int32_t PrivacyManagerProxy::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyManagerProxy::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write userID"); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteBool(status)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write status"); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS, data, reply)) { + return PrivacyError::ERR_SERVICE_ABNORMAL; + } + + int32_t result = 0; + if (!reply.ReadInt32(result)) { + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server (error=%{public}d)", result); + return ERR_READ_PARCEL_FAILED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); + return result; +} + +int32_t PrivacyManagerProxy::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write userID"); + return ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel reply; + if (!SendRequest(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS, data, reply)) { + return PrivacyError::ERR_SERVICE_ABNORMAL; + } + + int32_t result = 0; + if (!reply.ReadInt32(result)) { + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server (error=%{public}d)", result); + return ERR_READ_PARCEL_FAILED; + } + if (result != RET_SUCCESS) { + LOGE(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); + return result; + } + + if (!reply.ReadBool(status)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read status"); + return ERR_READ_PARCEL_FAILED; + } + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); + return result; +} + +int32_t PrivacyManagerProxy::StartUsingPermission( + const PermissionUsedTypeInfoParcel &infoParcel, const sptr& anonyStub) { MessageParcel startData; startData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!startData.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + if (!startData.WriteParcelable(&infoParcel)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permission used info parcel."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } - if (!startData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName"); + if (!startData.WriteRemoteObject(anonyStub)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -77,49 +140,56 @@ int32_t PrivacyManagerProxy::StartUsingPermission(AccessTokenID tokenID, const s } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } -int32_t PrivacyManagerProxy::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const sptr& callback) +int32_t PrivacyManagerProxy::StartUsingPermission( + const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& callback, const sptr& anonyStub) { MessageParcel data; data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + if (!data.WriteParcelable(&infoParcel)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permission used info parcel."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } - if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName"); + if (!data.WriteRemoteObject(callback)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } - if (!data.WriteRemoteObject(callback)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object."); + + if (!data.WriteRemoteObject(anonyStub)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } MessageParcel reply; if (!SendRequest(PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK, data, reply)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest fail"); return PrivacyError::ERR_SERVICE_ABNORMAL; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } -int32_t PrivacyManagerProxy::StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) +int32_t PrivacyManagerProxy::StopUsingPermission( + AccessTokenID tokenID, int32_t pid, const std::string& permissionName) { MessageParcel stopData; stopData.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); if (!stopData.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write tokenID"); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + if (!stopData.WriteInt32(pid)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write pid"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!stopData.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permissionName"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permissionName"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -129,20 +199,16 @@ int32_t PrivacyManagerProxy::StopUsingPermission(AccessTokenID tokenID, const st } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } -int32_t PrivacyManagerProxy::RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) +int32_t PrivacyManagerProxy::RemovePermissionUsedRecords(AccessTokenID tokenID) { MessageParcel data; data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", tokenID); - return PrivacyError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteString(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteString(deviceID)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenID); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -152,7 +218,7 @@ int32_t PrivacyManagerProxy::RemovePermissionUsedRecords(AccessTokenID tokenID, } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } @@ -162,7 +228,7 @@ int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedReques MessageParcel data; data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); if (!data.WriteParcelable(&request)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(request)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(request)"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -172,13 +238,13 @@ int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedReques } int32_t ret = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", ret); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", ret); if (ret != RET_SUCCESS) { return ret; } sptr resultSptr = reply.ReadParcelable(); if (resultSptr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable fail"); return PrivacyError::ERR_READ_PARCEL_FAILED; } result = *resultSptr; @@ -191,11 +257,11 @@ int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedReques MessageParcel data; data.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); if (!data.WriteParcelable(&request)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(request)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(request)"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(callback->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteRemoteObject(callback)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteRemoteObject(callback)"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } @@ -205,7 +271,7 @@ int32_t PrivacyManagerProxy::GetPermissionUsedRecords(const PermissionUsedReques } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } @@ -214,24 +280,24 @@ int32_t PrivacyManagerProxy::RegisterPermActiveStatusCallback( { MessageParcel data; if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } uint32_t listSize = permList.size(); if (!data.WriteUint32(listSize)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write listSize"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write listSize"); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } for (uint32_t i = 0; i < listSize; i++) { if (!data.WriteString(permList[i])) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write permList[%{public}d], %{public}s", i, permList[i].c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write permList[%{public}d], %{public}s", i, permList[i].c_str()); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } } if (!data.WriteRemoteObject(callback)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write remote object."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write remote object."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } MessageParcel reply; @@ -240,7 +306,7 @@ int32_t PrivacyManagerProxy::RegisterPermActiveStatusCallback( } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server data = %{public}d", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server data = %{public}d", result); return result; } @@ -248,11 +314,11 @@ int32_t PrivacyManagerProxy::UnRegisterPermActiveStatusCallback(const sptr MAX_SEC_COMP_ENHANCE_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size = %{public}d get from request is invalid", size); + LOGE(PRI_DOMAIN, PRI_TAG, "Size = %{public}d get from request is invalid", size); return PrivacyError::ERR_OVERSIZE; } for (uint32_t i = 0; i < size; i++) { @@ -415,15 +486,15 @@ int32_t PrivacyManagerProxy::GetPermissionUsedTypeInfos(const AccessTokenID toke MessageParcel data; MessageParcel reply; if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenId); return false; } if (!data.WriteString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteString(%{public}s)", permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteString(%{public}s)", permissionName.c_str()); return false; } @@ -432,14 +503,14 @@ int32_t PrivacyManagerProxy::GetPermissionUsedTypeInfos(const AccessTokenID toke } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server is %{public}d.", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server is %{public}d.", result); if (result != RET_SUCCESS) { return result; } uint32_t size = reply.ReadUint32(); if (size > MAX_PERMISSION_USED_TYPE_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, results oversize %{public}d, please add query params!", size); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed, results oversize %{public}d, please add query params!", size); return PrivacyError::ERR_OVERSIZE; } for (uint32_t i = 0; i < size; i++) { @@ -451,32 +522,36 @@ int32_t PrivacyManagerProxy::GetPermissionUsedTypeInfos(const AccessTokenID toke return result; } -int32_t PrivacyManagerProxy::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) +int32_t PrivacyManagerProxy::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) { MessageParcel data; MessageParcel reply; if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(policyType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", policyType); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", policyType); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(callerType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", callerType); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", callerType); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteBool(isMute)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}d)", isMute); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}d)", isMute); + return PrivacyError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(tokenID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenID); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!SendRequest(PrivacyInterfaceCode::SET_MUTE_POLICY, data, reply)) { return PrivacyError::ERR_SERVICE_ABNORMAL; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "result from server is %{public}d.", result); + LOGI(PRI_DOMAIN, PRI_TAG, "result from server is %{public}d.", result); return result; } @@ -485,24 +560,24 @@ int32_t PrivacyManagerProxy::SetHapWithFGReminder(uint32_t tokenId, bool isAllow MessageParcel data; MessageParcel reply; if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteUint32(%{public}d)", tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteUint32(%{public}d)", tokenId); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!data.WriteBool(isAllowed)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}d)", isAllowed); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}d)", isAllowed); return PrivacyError::ERR_WRITE_PARCEL_FAILED; } if (!SendRequest(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER, data, reply)) { return PrivacyError::ERR_SERVICE_ABNORMAL; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Result from server is %{public}d.", result); + LOGI(PRI_DOMAIN, PRI_TAG, "Result from server is %{public}d.", result); return result; } @@ -518,13 +593,13 @@ bool PrivacyManagerProxy::SendRequest( MessageOption option(flag); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service null."); return false; } int32_t result = remote->SendRequest(static_cast(code), data, reply, option); if (result != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest(code=%{public}d) fail, result: %{public}d", code, result); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest(code=%{public}d) fail, result: %{public}d", code, result); return false; } return true; diff --git a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h b/interfaces/innerkits/privacy/src/privacy_manager_proxy.h index 1f1cefe26a7005749b1e65ef889365f90511c562..c9da62420386a43fd1c6b77b4d9ce9f4be069d15 100644 --- a/interfaces/innerkits/privacy/src/privacy_manager_proxy.h +++ b/interfaces/innerkits/privacy/src/privacy_manager_proxy.h @@ -30,11 +30,14 @@ public: ~PrivacyManagerProxy() override; int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) override; - int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) override; - int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const sptr& callback) override; - int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) override; - int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) override; + int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) override; + int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) override; + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& anonyStub) override; + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& callback, const sptr& anonyStub) override; + int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) override; + int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) override; int32_t GetPermissionUsedRecords( const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) override; int32_t GetPermissionUsedRecords(const PermissionUsedRequestParcel& request, @@ -42,7 +45,7 @@ public: int32_t RegisterPermActiveStatusCallback( std::vector& permList, const sptr& callback) override; int32_t UnRegisterPermActiveStatusCallback(const sptr& callback) override; - bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName) override; + bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) override; #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE int32_t RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhance) override; int32_t UpdateSecCompEnhance(int32_t pid, uint32_t seqNum) override; @@ -52,7 +55,7 @@ public: #endif int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) override; - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) override; + int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) override; int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) override; private: bool SendRequest(PrivacyInterfaceCode code, MessageParcel& data, MessageParcel& reply, bool asyncMode = false); diff --git a/interfaces/innerkits/privacy/src/state_change_callback.cpp b/interfaces/innerkits/privacy/src/state_change_callback.cpp index 9ed950d575d821790a60f5d0645f10c1aa454f51..4b7e4ae00624c2d5eae8fd2c1422b11a77f0334a 100644 --- a/interfaces/innerkits/privacy/src/state_change_callback.cpp +++ b/interfaces/innerkits/privacy/src/state_change_callback.cpp @@ -13,15 +13,12 @@ * limitations under the License. */ -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "state_change_callback.h" namespace OHOS { namespace Security { namespace AccessToken { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "StateChangeCallback" -}; StateChangeCallback::StateChangeCallback( const std::shared_ptr &customizedCallback) : customizedCallback_(customizedCallback) @@ -33,7 +30,7 @@ StateChangeCallback::~StateChangeCallback() void StateChangeCallback::StateChangeNotify(AccessTokenID tokenId, bool isShowing) { if (customizedCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CustomizedCallback_ is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "CustomizedCallback_ is nullptr"); return; } diff --git a/interfaces/innerkits/privacy/src/state_change_callback_stub.cpp b/interfaces/innerkits/privacy/src/state_change_callback_stub.cpp index 2ebdb770e869a4839014b9f7424d1f4c76ecd472..b083545095c92fcf2b0e8efcdff9d95654b71cda 100644 --- a/interfaces/innerkits/privacy/src/state_change_callback_stub.cpp +++ b/interfaces/innerkits/privacy/src/state_change_callback_stub.cpp @@ -15,7 +15,7 @@ #include "state_change_callback_stub.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" #include "perm_active_response_parcel.h" #include "string_ex.h" @@ -23,19 +23,14 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "StateChangeCallbackStub" -}; -} int32_t StateChangeCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry, code: 0x%{public}x", code); + LOGD(PRI_DOMAIN, PRI_TAG, "Entry, code: 0x%{public}x", code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != IStateChangeCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } diff --git a/interfaces/innerkits/privacy/test/BUILD.gn b/interfaces/innerkits/privacy/test/BUILD.gn index a9d1d3d3f431096e12e38805256eaf7d2a398a3b..e4a1974aea7fe9fedf8791b674b0067eae817fc7 100644 --- a/interfaces/innerkits/privacy/test/BUILD.gn +++ b/interfaces/innerkits/privacy/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -27,6 +27,7 @@ ohos_unittest("libprivacy_sdk_test") { include_dirs = [ "../src", + "mock/src", "unittest/app_manager_client", "${access_token_path}/frameworks/common/include", "${access_token_path}/frameworks/privacy/include", @@ -37,9 +38,7 @@ ohos_unittest("libprivacy_sdk_test") { ] sources = [ - "unittest/app_manager_client/app_manager_access_client.cpp", - "unittest/app_manager_client/app_manager_access_proxy.cpp", - "unittest/app_manager_client/app_state_data.cpp", + "mock/src/app_manager_access_client.cpp", "unittest/src/permission_deny_test.cpp", "unittest/src/privacy_kit_test.cpp", ] @@ -60,12 +59,13 @@ ohos_unittest("libprivacy_sdk_test") { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/common/proxy_death:proxy_death_stub", ] external_deps = [ "c_utils:utils", "hilog:libhilog", "init:libbegetutil", - "ipc:ipc_core", + "ipc:ipc_single", "safwk:system_ability_fwk", "samgr:samgr_proxy", ] @@ -96,6 +96,7 @@ ohos_unittest("libprivacy_mock_test") { "${access_token_path}/frameworks/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", ] sources = [ @@ -122,6 +123,7 @@ ohos_unittest("libprivacy_mock_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/common/proxy_death:proxy_death_stub", ] external_deps = [ @@ -129,10 +131,9 @@ ohos_unittest("libprivacy_mock_test") { "googletest:gmock", "googletest:gtest_main", "hilog:libhilog", - "hisysevent:libhisysevent", "init:libbeget_proxy", "init:libbegetutil", - "ipc:ipc_core", + "ipc:ipc_single", "ipc:libdbinder", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8a54bd06129fa7209ed205f78670dff2955d44bb --- /dev/null +++ b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.cpp @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "app_manager_access_client.h" +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { + +AppManagerAccessClient& AppManagerAccessClient::GetInstance() +{ + static AppManagerAccessClient instance; + return instance; +} + +AppManagerAccessClient::AppManagerAccessClient() +{} + +AppManagerAccessClient::~AppManagerAccessClient() +{ +} + +int32_t AppManagerAccessClient::GetForegroundApplications(std::vector& list) +{ + return 0; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h new file mode 100644 index 0000000000000000000000000000000000000000..cca58e4652578ea8f089e575f11bd04f8ae34cc4 --- /dev/null +++ b/interfaces/innerkits/privacy/test/mock/src/app_manager_access_client.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_APP_MANAGER_ACCESS_CLIENT_H +#define ACCESS_APP_MANAGER_ACCESS_CLIENT_H + +#include +#include +#include "app_state_data.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AppManagerAccessClient final { +public: + static AppManagerAccessClient& GetInstance(); + virtual ~AppManagerAccessClient(); + int32_t GetForegroundApplications(std::vector& list); + +private: + AppManagerAccessClient(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_APP_MANAGER_ACCESS_CLIENT_H \ No newline at end of file diff --git a/interfaces/innerkits/privacy/test/tool/BUILD.gn b/interfaces/innerkits/privacy/test/tool/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6e97cb8e53a58a0639ad5b2533608c46b2c69f76 --- /dev/null +++ b/interfaces/innerkits/privacy/test/tool/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (C) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/security/access_token/access_token.gni") +import("//build/ohos.gni") + +ohos_executable("AddPermissionUsedRecord") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + sources = [ "add_permission_used_record.cpp" ] + + include_dirs = [ + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", + ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_single", + ] + + subsystem_name = "security" + part_name = "access_token" +} diff --git a/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp b/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a9129820ced62ba9b4967e0a407473b6d9be1967 --- /dev/null +++ b/interfaces/innerkits/privacy/test/tool/add_permission_used_record.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include "accesstoken_kit.h" +#include "nativetoken_kit.h" +#include "privacy_kit.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +static void NativeTokenGet() +{ + uint64_t tokenID; + const char **perms = new const char *[1]; // size of array + perms[0] = "ohos.permission.PERMISSION_USED_STATS"; // 0: index + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, // size of permission list + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "AddPermissionUsedRecord"; + tokenID = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenID); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +int32_t main(int argc, char *argv[]) +{ + if (argc < 3) { // 3: size + std::cout << "Help: ./AddPermissionUsedRecord tokenid permisisionName\n" << std::endl; + return 0; + } + + NativeTokenGet(); + + uint32_t tokenId = static_cast(atoi(argv[1])); // 1: index + std::string permisisionName = argv[2]; // 2: index + int32_t ret = PrivacyKit::AddPermissionUsedRecord(tokenId, permisisionName, 1, 0); + if (ret == 0) { + std::cout << "Success" << ret << std::endl; + } else { + std::cout << "Failed, error: " << ret << std::endl; + } + return 0; +} diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_client.cpp b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_client.cpp index 4953e8dc9d9f863a8d62660bf21ff4a56ca20f6d..84a1a1f020542bd1a1abee31871ccdd9f43baad6 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_client.cpp +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_client.cpp @@ -15,7 +15,7 @@ #include "app_manager_access_client.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -23,9 +23,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AppManagerAccessClient" -}; std::recursive_mutex g_instanceMutex; } // namespace @@ -35,7 +32,8 @@ AppManagerAccessClient& AppManagerAccessClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AppManagerAccessClient(); + AppManagerAccessClient* tmp = new AppManagerAccessClient(); + instance = std::move(tmp); } } return *instance; @@ -54,7 +52,7 @@ int32_t AppManagerAccessClient::GetForegroundApplications(std::vectorGetForegroundApplications(list); @@ -64,19 +62,19 @@ void AppManagerAccessClient::InitProxy() { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "GetSystemAbilityManager is null"); return; } auto appManagerSa = sam->GetSystemAbility(APP_MGR_SERVICE_ID); if (appManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + LOGE(PRI_DOMAIN, PRI_TAG, "GetSystemAbility %{public}d is null", APP_MGR_SERVICE_ID); return; } - proxy_ = iface_cast(appManagerSa); + proxy_ = new AppManagerAccessProxy(appManagerSa); if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Iface_cast get null"); } } diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_proxy.cpp b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_proxy.cpp index 51666e0ff2bac18a9fdbe0c86f44390a5e613db4..2ebdefa2d068dd5e45d63127c1813a56e7594fd7 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_proxy.cpp +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_manager_access_proxy.cpp @@ -14,13 +14,12 @@ */ #include "app_manager_access_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AppManagerAccessProxy"}; static constexpr int32_t ERROR = -1; constexpr int32_t CYCLE_LIMIT = 1000; } @@ -31,18 +30,18 @@ int32_t AppManagerAccessProxy::GetForegroundApplications(std::vectorSendRequest( static_cast(IAppMgr::Message::GET_FOREGROUND_APPLICATIONS), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetForegroundApplications failed, error: %{public}d", error); + LOGE(PRI_DOMAIN, PRI_TAG, "GetForegroundApplications failed, error: %{public}d", error); return error; } uint32_t infoSize = reply.ReadUint32(); if (infoSize > CYCLE_LIMIT) { - ACCESSTOKEN_LOG_ERROR(LABEL, "InfoSize is too large"); + LOGE(PRI_DOMAIN, PRI_TAG, "InfoSize is too large"); return ERROR; } for (uint32_t i = 0; i < infoSize; i++) { diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp index e6a4ce72e17a1f4ebe3b124a8cc125c1f1a18a6a..18e40c019351b7ca95edb72b6b86720dce4c41c0 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.cpp @@ -24,7 +24,7 @@ bool AppStateData::Marshalling(Parcel &parcel) const && parcel.WriteInt32(pid) && parcel.WriteUint32(accessTokenId) && parcel.WriteBool(isFocused) && parcel.WriteInt32(extensionType) && parcel.WriteInt32Vector(renderPids) && parcel.WriteString(callerBundleName) && parcel.WriteBool(isSplitScreenMode) - && parcel.WriteBool(isFloatingWindowMode)); + && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex)); } AppStateData *AppStateData::Unmarshalling(Parcel &parcel) @@ -44,6 +44,7 @@ AppStateData *AppStateData::Unmarshalling(Parcel &parcel) appStateData->callerBundleName = parcel.ReadString(); appStateData->isSplitScreenMode = parcel.ReadBool(); appStateData->isFloatingWindowMode = parcel.ReadBool(); + appStateData->appIndex = parcel.ReadInt32(); return appStateData; } } // namespace AccessToken diff --git a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h index 7323f54e982dd0838885bd51a404295a13ba9b6e..3b261d218abf3d2ba206b2ada2f77870689ba80e 100644 --- a/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h +++ b/interfaces/innerkits/privacy/test/unittest/app_manager_client/app_state_data.h @@ -49,6 +49,8 @@ struct AppStateData : public Parcelable { std::string callerBundleName; bool isSplitScreenMode = false; bool isFloatingWindowMode = false; + bool isSpecifyTokenId = false; + int32_t appIndex = 0; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/test/unittest/privacy_mock_test/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/privacy_mock_test/privacy_kit_test.cpp index 6580fee25d5d342c0b71b20672a251eaa1a35138..f548a3bb70c14889393b9cd05f563738d340c6c9 100644 --- a/interfaces/innerkits/privacy/test/unittest/privacy_mock_test/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/privacy_mock_test/privacy_kit_test.cpp @@ -127,8 +127,7 @@ HWTEST_F(PrivacyKitTest, StopUsingPermission001, TestSize.Level1) HWTEST_F(PrivacyKitTest, RemovePermissionUsedRecords001, TestSize.Level1) { AccessTokenID tokenId = 0xff; - std::string device = "device"; - int32_t ret = PrivacyKit::RemovePermissionUsedRecords(tokenId, device); + int32_t ret = PrivacyKit::RemovePermissionUsedRecords(tokenId); ASSERT_EQ(PrivacyError::ERR_SERVICE_ABNORMAL, ret); } @@ -218,6 +217,33 @@ HWTEST_F(PrivacyKitTest, IsAllowedUsingPermissionTest001, TestSize.Level1) ASSERT_EQ(false, ret); } +/** + * @tc.name: SetPermissionUsedRecordToggleStatus001 + * @tc.desc: SetPermissionUsedRecordToggleStatus proxy is null. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, SetPermissionUsedRecordToggleStatus001, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + int32_t ret = PrivacyKit::SetPermissionUsedRecordToggleStatus(userID, status); + ASSERT_EQ(PrivacyError::ERR_SERVICE_ABNORMAL, ret); +} + +/** + * @tc.name: GetPermissionUsedRecordToggleStatus001 + * @tc.desc: GetPermissionUsedRecordToggleStatus proxy is null. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, GetPermissionUsedRecordToggleStatus001, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + int32_t ret = PrivacyKit::GetPermissionUsedRecordToggleStatus(userID, status); + ASSERT_EQ(PrivacyError::ERR_SERVICE_ABNORMAL, ret); +} } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/privacy/test/unittest/src/permission_deny_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/permission_deny_test.cpp index 3873eddaf04da9ae0da307b2e00de514b90001be..ba30b8a57322b87e1a164180930bc2722e3ab1ce 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/permission_deny_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/permission_deny_test.cpp @@ -66,7 +66,7 @@ void PermDenyTest::TearDown() { EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); AccessTokenKit::DeleteToken(g_testTokenId); - PrivacyKit::RemovePermissionUsedRecords(g_testTokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(g_testTokenId); } /** @@ -89,7 +89,7 @@ HWTEST_F(PermDenyTest, AddPermissionUsedRecord001, TestSize.Level1) */ HWTEST_F(PermDenyTest, RemovePermissionUsedRecords001, TestSize.Level1) { - ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, PrivacyKit::RemovePermissionUsedRecords(g_testTokenId, "")); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, PrivacyKit::RemovePermissionUsedRecords(g_testTokenId)); } class CbPermDenyTest : public StateCustomizedCbk { diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index e087558c547312b7f5e229c31d3620e0b3a7054d..69e4db493603ea483970f02c2531f16179399787 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -51,7 +51,7 @@ static AccessTokenID g_nativeToken = 0; #ifdef AUDIO_FRAMEWORK_ENABLE static bool g_isMicMute = false; #endif -static constexpr int32_t RANDOM_TOKENID = 123; +static constexpr uint32_t RANDOM_TOKENID = 123; static constexpr int32_t INVALID_PERMISSIONAME_LENGTH = 257; static constexpr int32_t FIRST_INDEX = 0; static constexpr int32_t SECOND_INDEX = 1; @@ -61,6 +61,9 @@ static constexpr int32_t RESULT_NUM_TWO = 2; static constexpr int32_t RESULT_NUM_THREE = 3; // if change this, origin value in privacy_manager_proxy.cpp should change together const static uint32_t MAX_PERMISSION_USED_TYPE_SIZE = 2000; +const static int32_t NOT_EXSIT_PID = 99999999; +const static int32_t INVALID_USER_ID = -1; +const static int32_t USER_ID_2 = 2; static PermissionStateFull g_infoManagerTestStateA = { .permissionName = "ohos.permission.CAMERA", @@ -98,16 +101,6 @@ static HapInfoParams g_infoParmsB = { .appIDDesc = "privacy_test.bundleB" }; -static PermissionDef g_infoManagerTestPermDefC = { - .permissionName = "ohos.permission.PERMISSION_USED_STATS", - .bundleName = "ohos.privacy_test.bundleC", - .grantMode = 1, - .availableLevel = APL_NORMAL, - .label = "labelC", - .labelId = 1, - .description = "break the door", - .descriptionId = 1 -}; static PermissionStateFull g_infoManagerTestStateC = { .permissionName = "ohos.permission.PERMISSION_USED_STATS", .isGeneral = true, @@ -125,10 +118,17 @@ static HapInfoParams g_infoParmsC = { static HapPolicyParams g_policyPramsC = { .apl = APL_NORMAL, .domain = "test.domain.C", - .permList = {g_infoManagerTestPermDefC}, + .permList = {}, .permStateList = {g_infoManagerTestStateC} }; +static PermissionStateFull g_infoManagerTestStateD = { + .permissionName = "ohos.permission.MICROPHONE_BACKGROUND", + .isGeneral = true, + .resDeviceID = {"localC"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; static HapInfoParams g_infoParmsD = { .userID = 1, .bundleName = "ohos.privacy_test.bundleD", @@ -169,6 +169,17 @@ static HapInfoParams g_infoParmsF = { .appIDDesc = "privacy_test.bundleF" }; +static HapPolicyParams g_policyPramsG = { + .apl = APL_NORMAL, + .domain = "test.domain.G", +}; +static HapInfoParams g_infoParmsG = { + .userID = 2, + .bundleName = "ohos.privacy_test.bundleG", + .instIndex = 0, + .appIDDesc = "privacy_test.bundleG" +}; + static UsedRecordDetail g_usedRecordDetail = { .status = 2, .timestamp = 2L, @@ -212,6 +223,7 @@ static AccessTokenID g_tokenIdB = 0; static AccessTokenIDEx g_tokenIdC = {0}; static AccessTokenID g_tokenIdE = 0; static AccessTokenID g_tokenIdF = 0; +static AccessTokenID g_tokenIdG = 0; static void DeleteTestToken() { @@ -219,43 +231,49 @@ static void DeleteTestToken() g_infoParmsA.bundleName, g_infoParmsA.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_infoParmsB.userID, g_infoParmsB.bundleName, g_infoParmsB.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_infoParmsC.userID, g_infoParmsC.bundleName, g_infoParmsC.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_infoParmsE.userID, g_infoParmsE.bundleName, g_infoParmsE.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_infoParmsF.userID, g_infoParmsF.bundleName, g_infoParmsF.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); + + tokenId = AccessTokenKit::GetHapTokenID(g_infoParmsG.userID, + g_infoParmsG.bundleName, + g_infoParmsG.instIndex); + AccessTokenKit::DeleteToken(tokenId); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_normalInfoParms.userID, g_normalInfoParms.bundleName, g_normalInfoParms.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_systemInfoParms.userID, g_systemInfoParms.bundleName, g_systemInfoParms.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); } void PrivacyKitTest::SetUpTestCase() @@ -287,12 +305,14 @@ void PrivacyKitTest::SetUp() AccessTokenKit::AllocHapToken(g_infoParmsC, g_policyPramsC); AccessTokenKit::AllocHapToken(g_infoParmsE, g_policyPramsE); AccessTokenKit::AllocHapToken(g_infoParmsF, g_policyPramsF); + AccessTokenKit::AllocHapToken(g_infoParmsG, g_policyPramsG); g_tokenIdA = AccessTokenKit::GetHapTokenID(g_infoParmsA.userID, g_infoParmsA.bundleName, g_infoParmsA.instIndex); g_tokenIdB = AccessTokenKit::GetHapTokenID(g_infoParmsB.userID, g_infoParmsB.bundleName, g_infoParmsB.instIndex); g_tokenIdC = AccessTokenKit::GetHapTokenIDEx(g_infoParmsC.userID, g_infoParmsC.bundleName, g_infoParmsC.instIndex); g_tokenIdE = AccessTokenKit::GetHapTokenID(g_infoParmsE.userID, g_infoParmsE.bundleName, g_infoParmsE.instIndex); g_tokenIdF = AccessTokenKit::GetHapTokenID(g_infoParmsF.userID, g_infoParmsF.bundleName, g_infoParmsF.instIndex); + g_tokenIdG = AccessTokenKit::GetHapTokenID(g_infoParmsG.userID, g_infoParmsG.bundleName, g_infoParmsG.instIndex); } void PrivacyKitTest::TearDown() @@ -306,20 +326,12 @@ void PrivacyKitTest::TearDown() DeleteTestToken(); } -std::string PrivacyKitTest::GetLocalDeviceUdid() -{ - const int32_t DEVICE_UUID_LENGTH = 65; - char udid[DEVICE_UUID_LENGTH] = {0}; - GetDevUdid(udid, DEVICE_UUID_LENGTH); - return udid; -} - -void PrivacyKitTest::BuildQueryRequest(AccessTokenID tokenId, const std::string &deviceId, +void PrivacyKitTest::BuildQueryRequest(AccessTokenID tokenId, const std::string &bundleName, const std::vector &permissionList, PermissionUsedRequest &request) { request.tokenId = tokenId; request.isRemote = false; - request.deviceId = deviceId; + request.deviceId = ""; request.bundleName = bundleName; request.permissionList = permissionList; request.beginTimeMillis = 0; @@ -389,7 +401,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord001, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(0), result.bundleRecords.size()); } @@ -421,11 +433,11 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord002, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_nativeToken, "", "", permissionList, request); + BuildQueryRequest(g_nativeToken, "", permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(0), result.bundleRecords.size()); - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(0), result.bundleRecords.size()); } @@ -438,35 +450,8 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord002, TestSize.Level1) */ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord003, TestSize.Level1) { - const char **dcaps = new const char *[2]; - dcaps[0] = "AT_CAP"; - dcaps[1] = "ST_CAP"; - uint64_t tokenId; - const char **acls = new const char *[2]; - acls[0] = "ohos.permission.test1"; - acls[1] = "ohos.permission.test2"; - const char **perms = new const char *[2]; - perms[0] = "ohos.permission.test1"; - perms[1] = "ohos.permission.test2"; - NativeTokenInfoParams infoInstance = { - .dcapsNum = 2, - .permsNum = 2, - .aclsNum = 2, - .dcaps = dcaps, - .perms = perms, - .acls = acls, - .processName = "GetAccessTokenId008", - .aplStr = "system_core", - }; - tokenId = GetAccessTokenId(&infoInstance); - ASSERT_NE(tokenId, static_cast(0)); - - delete[] perms; - delete[] dcaps; - delete[] acls; - AddPermParamInfo info; - info.tokenId = tokenId; + info.tokenId = g_nativeToken; info.permissionName = "ohos.permission.READ_CONTACTS"; info.successCount = 1; info.failCount = 0; @@ -475,7 +460,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord003, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(tokenId, "", "", permissionList, request); + BuildQueryRequest(g_nativeToken, "", permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(0), result.bundleRecords.size()); @@ -508,7 +493,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord004, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); @@ -547,13 +532,13 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord005, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); CheckPermissionUsedResult(request, result, 2, 1, 1); - BuildQueryRequest(g_tokenIdB, GetLocalDeviceUdid(), g_infoParmsB.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdB, g_infoParmsB.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); @@ -587,22 +572,25 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord006, TestSize.Level1) info.successCount = 1; info.failCount = 0; + // <200ms, record is dropped ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); request.flag = FLAG_PERMISSION_USAGE_DETAIL; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords[0].accessRecords.size()); - CheckPermissionUsedResult(request, result, 1, 4, 0); // records in the same minute combine to one + CheckPermissionUsedResult(request, result, 1, 3, 0); // records in the same minute combine to one } /** @@ -660,14 +648,14 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord009, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); request.flag = FLAG_PERMISSION_USAGE_DETAIL; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); ASSERT_EQ(permRecordSize, static_cast(result.bundleRecords[0].permissionRecords.size())); for (int32_t i = 0; i < permRecordSize; i++) { - if (result.bundleRecords[0].permissionRecords[i].permissionName == "ohos.permission.CAMERA") { + if (result.bundleRecords[0].permissionRecords[i].permissionName == "ohos.permission.READ_CONTACTS") { ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords[i].accessRecords.size()); ASSERT_EQ(static_cast(0), result.bundleRecords[0].permissionRecords[i].rejectRecords.size()); ASSERT_EQ(1, result.bundleRecords[0].permissionRecords[i].accessRecords[0].count); @@ -704,7 +692,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord010, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); request.flag = FLAG_PERMISSION_USAGE_DETAIL; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); @@ -715,18 +703,18 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord010, TestSize.Level1) /** * @tc.name: RemovePermissionUsedRecords001 - * @tc.desc: cannot RemovePermissionUsedRecords with illegal tokenId and deviceID. + * @tc.desc: cannot RemovePermissionUsedRecords with illegal tokenId. * @tc.type: FUNC * @tc.require: issueI5P4IU */ HWTEST_F(PrivacyKitTest, RemovePermissionUsedRecords001, TestSize.Level1) { - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::RemovePermissionUsedRecords(0, "")); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::RemovePermissionUsedRecords(0)); } /** * @tc.name: RemovePermissionUsedRecords002 - * @tc.desc: RemovePermissionUsedRecords with invalid tokenId and deviceID. + * @tc.desc: RemovePermissionUsedRecords with invalid tokenId. * @tc.type: FUNC * @tc.require: issueI5P4IU */ @@ -741,39 +729,28 @@ HWTEST_F(PrivacyKitTest, RemovePermissionUsedRecords002, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); - - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RemovePermissionUsedRecords(g_tokenIdA, "invalid_device")); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); - ASSERT_EQ(static_cast(1), result.bundleRecords.size()); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RemovePermissionUsedRecords(123, GetLocalDeviceUdid())); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RemovePermissionUsedRecords(g_tokenIdA)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); - ASSERT_EQ(static_cast(1), result.bundleRecords.size()); + ASSERT_EQ(static_cast(0), result.bundleRecords.size()); } /** * @tc.name: RemovePermissionUsedRecords003 - * @tc.desc: RemovePermissionUsedRecords with valid tokenId and deviceID. + * @tc.desc: RemovePermissionUsedRecords caller is normal app. * @tc.type: FUNC - * @tc.require: issueI5P4IU + * @tc.require: */ HWTEST_F(PrivacyKitTest, RemovePermissionUsedRecords003, TestSize.Level1) { - AddPermParamInfo info; - info.tokenId = g_tokenIdA; - info.permissionName = "ohos.permission.READ_CONTACTS"; - info.successCount = 1; - info.failCount = 0; - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); - PermissionUsedRequest request; - PermissionUsedResult result; - std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); - - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RemovePermissionUsedRecords(g_tokenIdA, "")); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); - ASSERT_EQ(static_cast(0), result.bundleRecords.size()); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_normalInfoParms, g_policyPramsA); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, + PrivacyKit::RemovePermissionUsedRecords(tokenIdEx.tokenIdExStruct.tokenID)); + EXPECT_EQ(0, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); } /** @@ -786,14 +763,14 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords001, TestSize.Level1) { AddPermParamInfo info; info.tokenId = g_tokenIdA; - info.permissionName = "ohos.permission.MICROPHONE"; + info.permissionName = "ohos.permission.READ_CONTACTS"; info.successCount = 1; info.failCount = 0; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); request.beginTimeMillis = -1; request.endTimeMillis = -1; ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::GetPermissionUsedRecords(request, result)); @@ -816,7 +793,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords002, TestSize.Level1) { AddPermParamInfo info; info.tokenId = g_tokenIdA; - info.permissionName = "ohos.permission.MICROPHONE"; + info.permissionName = "ohos.permission.READ_MEDIA"; info.successCount = 1; info.failCount = 0; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); @@ -831,24 +808,24 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords002, TestSize.Level1) PermissionUsedResult result; std::vector permissionList; // query by tokenId - BuildQueryRequest(g_tokenIdA, "", "", permissionList, request); + BuildQueryRequest(g_tokenIdA, "", permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); - request.deviceId = GetLocalDeviceUdid(); + request.deviceId = ""; request.bundleName = g_infoParmsA.bundleName; CheckPermissionUsedResult(request, result, 3, 3, 0); // query by unmatched tokenId, deviceId and bundle Name - BuildQueryRequest(123, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(123, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(0), result.bundleRecords.size()); // query by invalid permission Name permissionList.clear(); permissionList.emplace_back("invalid permission"); - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); - ASSERT_EQ(static_cast(0), result.bundleRecords.size()); + ASSERT_EQ(static_cast(1), result.bundleRecords.size()); } /** @@ -861,32 +838,38 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords003, TestSize.Level1) { AddPermParamInfo info; info.tokenId = g_tokenIdA; - info.permissionName = "ohos.permission.MICROPHONE"; + info.permissionName = "ohos.permission.READ_MEDIA"; info.successCount = 1; info.failCount = 0; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); CheckPermissionUsedResult(request, result, 1, 4, 0); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CONTACTS"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.WRITE_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), g_infoParmsA.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdA, g_infoParmsA.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); CheckPermissionUsedResult(request, result, 4, 7, 0); @@ -920,7 +903,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords004, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(0, GetLocalDeviceUdid(), "", permissionList, request); + BuildQueryRequest(0, "", permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); if (result.bundleRecords.size() < static_cast(2)) { @@ -945,10 +928,48 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords005, TestSize.Level1) PermissionUsedResult result; std::vector permissionList; // query by tokenId - BuildQueryRequest(g_tokenIdA, "", "", permissionList, request); + BuildQueryRequest(g_tokenIdA, "", permissionList, request); ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, PrivacyKit::GetPermissionUsedRecords(request, result)); } +/** + * @tc.name: GetPermissionUsedRecords006 + * @tc.desc: GetPermissionUsedRecords with 200ms. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords006, TestSize.Level1) +{ + AddPermParamInfo info; + info.tokenId = g_tokenIdA; + info.permissionName = "ohos.permission.READ_MEDIA"; + info.successCount = 0; + info.failCount = 1; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); // fail:1, success:0 + + PermissionUsedRequest request; + PermissionUsedResult result1; + std::vector permissionList; + // query by tokenId + BuildQueryRequest(g_tokenIdA, "", permissionList, request); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result1)); + ASSERT_EQ(static_cast(1), result1.bundleRecords.size()); + request.deviceId = ""; + request.bundleName = g_infoParmsA.bundleName; + CheckPermissionUsedResult(request, result1, 1, 0, 1); + + usleep(200000); // 200000us = 200ms + info.permissionName = "ohos.permission.READ_CONTACTS"; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); // fail:1, success:0 + info.successCount = 1; + info.failCount = 0; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); // fail:0, success:1 + PermissionUsedResult result2; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result2)); + ASSERT_EQ(static_cast(1), result2.bundleRecords.size()); + CheckPermissionUsedResult(request, result2, 2, 1, 2); +} + /** * @tc.name: GetPermissionUsedRecordsAsync001 * @tc.desc: cannot GetPermissionUsedRecordsAsync with invalid query time. @@ -965,7 +986,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecordsAsync001, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), "", permissionList, request); + BuildQueryRequest(g_tokenIdA, "", permissionList, request); request.beginTimeMillis = -1; request.endTimeMillis = -1; OHOS::sptr callback(new TestCallBack()); @@ -988,7 +1009,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecordsAsync002, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), "", permissionList, request); + BuildQueryRequest(g_tokenIdA, "", permissionList, request); OHOS::sptr callback(new TestCallBack()); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, callback)); } @@ -1008,11 +1029,30 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecordsAsync003, TestSize.Level1) PermissionUsedRequest request; std::vector permissionList; - BuildQueryRequest(g_tokenIdA, GetLocalDeviceUdid(), "", permissionList, request); + BuildQueryRequest(g_tokenIdA, "", permissionList, request); OHOS::sptr callback(new TestCallBack()); ASSERT_EQ(ERR_PERMISSION_DENIED, PrivacyKit::GetPermissionUsedRecords(request, callback)); } +/** + * @tc.name: GetPermissionUsedRecordsAsync004 + * @tc.desc: cannot GetPermissionUsedRecordsAsync without permission. + * @tc.type: FUNC + * @tc.require: issueI5P4IU + */ +HWTEST_F(PrivacyKitTest, GetPermissionUsedRecordsAsync004, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_normalInfoParms, g_policyPramsA); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + PermissionUsedRequest request; + std::vector permissionList; + BuildQueryRequest(g_tokenIdA, "", permissionList, request); + OHOS::sptr callback(new TestCallBack()); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, PrivacyKit::GetPermissionUsedRecords(request, callback)); +} + class CbCustomizeTest1 : public PermActiveStatusCustomizedCbk { public: explicit CbCustomizeTest1(const std::vector &permList) @@ -1358,6 +1398,61 @@ HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback011, TestSize.Level1) ASSERT_EQ(RET_NO_ERROR, PrivacyKit::UnRegisterPermActiveStatusCallback(callbackPtr1)); } +class CbCustomizeTest5 : public PermActiveStatusCustomizedCbk { +public: + explicit CbCustomizeTest5(const std::vector &permList) + : PermActiveStatusCustomizedCbk(permList) + {} + ~CbCustomizeTest5() + {} + + // change callingTokenID_ and usedType_ to result + virtual void ActiveStatusChangeCallback(ActiveChangeResponse& result) + { + callingTokenID_ = result.callingTokenID; + usedType_ = result.usedType; + pid_ = result.pid; + } + + AccessTokenID callingTokenID_ = INVALID_TOKENID; + PermissionUsedType usedType_ = INVALID_USED_TYPE; + int32_t pid_ = NOT_EXSIT_PID; +}; + +/** + * @tc.name: RegisterPermActiveStatusCallback012 + * @tc.desc: detect callback modify private member. + * @tc.type: FUNC + * @tc.require: issueI66BH3 + */ +HWTEST_F(PrivacyKitTest, RegisterPermActiveStatusCallback012, TestSize.Level1) +{ + std::vector permList = {"ohos.permission.READ_CALL_LOG"}; + auto callbackPtr = std::make_shared(permList); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::RegisterPermActiveStatusCallback(callbackPtr)); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.READ_CALL_LOG")); + + usleep(500000); // 500000us = 0.5s + ASSERT_NE(INVALID_TOKENID, callbackPtr->callingTokenID_); + ASSERT_NE(INVALID_USED_TYPE, callbackPtr->usedType_); + ASSERT_NE(NOT_EXSIT_PID, callbackPtr->pid_); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, "ohos.permission.READ_CALL_LOG")); + usleep(500000); // 500000us = 0.5s + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission( + g_tokenIdE, "ohos.permission.READ_CALL_LOG", NOT_EXSIT_PID)); + usleep(500000); // 500000us = 0.5s + + ASSERT_EQ(NOT_EXSIT_PID, callbackPtr->pid_); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission( + g_tokenIdE, "ohos.permission.READ_CALL_LOG", NOT_EXSIT_PID)); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::UnRegisterPermActiveStatusCallback(callbackPtr)); +} + /** * @tc.name: IsAllowedUsingPermission001 * @tc.desc: IsAllowedUsingPermission with invalid tokenId or permission. @@ -1384,9 +1479,26 @@ HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission002, TestSize.Level1) std::string permissionName = "ohos.permission.CAMERA"; ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(g_tokenIdE, permissionName)); } + +/** + * @tc.name: IsAllowedUsingPermission003 + * @tc.desc: IsAllowedUsingPermission with no permission. + * @tc.type: FUNC + * @tc.require: issueI5RWX3 issueI5RWX8 + */ +HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission003, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_systemInfoParms, g_policyPramsA); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(g_tokenIdE, permissionName)); +} + /** * @tc.name: StartUsingPermission001 - * @tc.desc: StartUsingPermission with invalid tokenId or permission. + * @tc.desc: StartUsingPermission with invalid tokenId or permission or usedType. * @tc.type: FUNC * @tc.require: issueI5NT1X issueI5P4IU issueI5P530 */ @@ -1394,6 +1506,8 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission001, TestSize.Level1) { ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(0, "ohos.permission.CAMERA")); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(0, "permissionName")); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission( + g_tokenIdE, "ohos.permission.READ_CALL_LOG", -1, PermissionUsedType::INVALID_USED_TYPE)); } /** @@ -1419,7 +1533,7 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission002, TestSize.Level1) */ HWTEST_F(PrivacyKitTest, StartUsingPermission003, TestSize.Level1) { - std::string permissionName = "ohos.permission.CAMERA"; + std::string permissionName = "ohos.permission.READ_CONTACTS"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(g_tokenIdE, permissionName, 1, 0)); @@ -1429,7 +1543,7 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission003, TestSize.Level1) PermissionUsedRequest request; PermissionUsedResult result; std::vector permissionList; - BuildQueryRequest(g_tokenIdE, GetLocalDeviceUdid(), g_infoParmsE.bundleName, permissionList, request); + BuildQueryRequest(g_tokenIdE, g_infoParmsE.bundleName, permissionList, request); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); ASSERT_EQ(static_cast(1), result.bundleRecords.size()); ASSERT_EQ(g_tokenIdE, result.bundleRecords[0].tokenId); @@ -1468,7 +1582,7 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission005, TestSize.Level1) /** * @tc.name: StartUsingPermission006 - * @tc.desc: StartUsingPermission with invalid tokenId or permission or callback. + * @tc.desc: StartUsingPermission with invalid tokenId or permission or callback or usedType. * @tc.type: FUNC * @tc.require: issueI5RWX5 issueI5RWX3 issueI5RWXA */ @@ -1481,6 +1595,8 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission006, TestSize.Level1) PrivacyKit::StartUsingPermission(g_tokenIdE, "", callbackPtr)); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(g_tokenIdE, "ohos.permission.CAMERA", nullptr)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission( + g_tokenIdE, "ohos.permission.READ_CALL_LOG", callbackPtr, -1, PermissionUsedType::INVALID_USED_TYPE)); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(g_tokenIdE, "permissionName", callbackPtr)); } @@ -1502,31 +1618,19 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission007, TestSize.Level1) } /** - * @tc.name: StopUsingPermission008 - * @tc.desc: Add record when StopUsingPermission is called. + * @tc.name: StartUsingPermission008 + * @tc.desc: PrivacyKit:: function test input invalid * @tc.type: FUNC - * @tc.require: issueI5RWX5 issueI5RWX3 issueI5RWXA + * @tc.require: issueI61A6M */ -HWTEST_F(PrivacyKitTest, StopUsingPermission008, TestSize.Level1) +HWTEST_F(PrivacyKitTest, StartUsingPermission008, TestSize.Level1) { - std::string permissionName = "ohos.permission.CAMERA"; - auto callbackPtr = std::make_shared(); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, callbackPtr)); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(g_tokenIdE, permissionName, 1, 0)); - - usleep(500000); // 500000us = 0.5s - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName)); - - PermissionUsedRequest request; - PermissionUsedResult result; - std::vector permissionList; - BuildQueryRequest(g_tokenIdE, GetLocalDeviceUdid(), g_infoParmsE.bundleName, permissionList, request); - ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); - ASSERT_EQ(static_cast(1), result.bundleRecords.size()); - ASSERT_EQ(g_tokenIdE, result.bundleRecords[0].tokenId); - ASSERT_EQ(g_infoParmsE.bundleName, result.bundleRecords[0].bundleName); - ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords.size()); - ASSERT_EQ(1, result.bundleRecords[0].permissionRecords[0].accessCount); + AccessTokenID tokenId = 0; + std::string permissionName; + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(tokenId, permissionName)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StopUsingPermission(tokenId, permissionName)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::RemovePermissionUsedRecords(tokenId)); + ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(tokenId, permissionName)); } /** @@ -1563,6 +1667,81 @@ HWTEST_F(PrivacyKitTest, StartUsingPermission010, TestSize.Level1) ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName)); } +/** + * @tc.name: StartUsingPermission011 + * @tc.desc: StartUsingPermission with differet tokenId and pid. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, StartUsingPermission011, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.CAMERA"; + int32_t pid1 = 1001; + int32_t pid2 = 1002; + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StartUsingPermission(g_tokenIdF, permissionName, pid2)); + + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StopUsingPermission(g_tokenIdF, permissionName, pid2)); +} + +/** + * @tc.name: StartUsingPermission012 + * @tc.desc: StartUsingPermission with same tokenId and differet pid. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, StartUsingPermission012, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.CAMERA"; + int32_t pid1 = 1001; + int32_t pid2 = 1002; + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, pid2)); + + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName, pid2)); +} + +/** + * @tc.name: StartUsingPermission013 + * @tc.desc: StartUsingPermission with same tokenId and pid. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, StartUsingPermission013, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.CAMERA"; + int32_t pid1 = 1001; + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_ALREADY_START_USING, + PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, pid1)); + + ASSERT_EQ(RET_SUCCESS, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_NOT_START_USING, + PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName, pid1)); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_NOT_START_USING, + PrivacyKit::StopUsingPermission(g_tokenIdF, permissionName, pid1)); +} + +/** + * @tc.name: StartUsingPermission014 + * @tc.desc: StartUsingPermission caller is normal app. + * @tc.type: FUNC + * @tc.require: issueI5RWX5 issueI5RWX3 issueI5RWXA + */ +HWTEST_F(PrivacyKitTest, StartUsingPermission014, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_normalInfoParms, g_policyPramsA); + ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + std::string permissionName = "ohos.permission.CAMERA"; + auto callbackPtr = std::make_shared(); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, + PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName, callbackPtr)); +} + /** * @tc.name: StopUsingPermission001 * @tc.desc: StopUsingPermission with invalid tokenId or permission. @@ -1648,6 +1827,34 @@ HWTEST_F(PrivacyKitTest, StopUsingPermission006, TestSize.Level1) ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName)); } +/** + * @tc.name: StopUsingPermission007 + * @tc.desc: Add record when StopUsingPermission is called. + * @tc.type: FUNC + * @tc.require: issueI5RWX5 issueI5RWX3 issueI5RWXA + */ +HWTEST_F(PrivacyKitTest, StopUsingPermission007, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.READ_CONTACTS"; + auto callbackPtr = std::make_shared(); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StartUsingPermission(g_tokenIdE, permissionName)); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(g_tokenIdE, permissionName, 1, 0)); + + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::StopUsingPermission(g_tokenIdE, permissionName)); + + PermissionUsedRequest request; + PermissionUsedResult result; + std::vector permissionList; + BuildQueryRequest(g_tokenIdE, g_infoParmsE.bundleName, permissionList, request); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(static_cast(1), result.bundleRecords.size()); + ASSERT_EQ(g_tokenIdE, result.bundleRecords[0].tokenId); + ASSERT_EQ(g_infoParmsE.bundleName, result.bundleRecords[0].bundleName); + ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords.size()); + ASSERT_EQ(1, result.bundleRecords[0].permissionRecords[0].accessCount); +} + class TestCallBack1 : public StateChangeCallbackStub { public: TestCallBack1() = default; @@ -1850,25 +2057,9 @@ HWTEST_F(PrivacyKitTest, InitProxy001, TestSize.Level1) PrivacyManagerClient::GetInstance().proxy_ = proxy; // recovery } -/** - * @tc.name: StartUsingPermission008 - * @tc.desc: PrivacyKit:: function test input invalid - * @tc.type: FUNC - * @tc.require: issueI61A6M - */ -HWTEST_F(PrivacyKitTest, StartUsingPermission008, TestSize.Level1) -{ - AccessTokenID tokenId = 0; - std::string permissionName; - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StartUsingPermission(tokenId, permissionName)); - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::StopUsingPermission(tokenId, permissionName)); - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PrivacyKit::RemovePermissionUsedRecords(tokenId, permissionName)); - ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(tokenId, permissionName)); -} - #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE /** - * @tc.name: StartUsingPermission008 + * @tc.name: RegisterSecCompEnhance001 * @tc.desc: PrivacyKit:: function test register enhance data * @tc.type: FUNC * @tc.require: issueI7MXZ @@ -1909,7 +2100,6 @@ HWTEST_F(PrivacyKitTest, GetSpecialSecCompEnhance001, TestSize.Level1) std::vector res; ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance("", res)); - ASSERT_EQ(static_cast(res.size()), 0); ASSERT_EQ(RET_SUCCESS, PrivacyKit::GetSpecialSecCompEnhance(g_infoParmsA.bundleName, res)); } #endif @@ -2318,7 +2508,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedTypeInfos005, TestSize.Level1) ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, PrivacyKit::GetPermissionUsedTypeInfos( 0, permissionName, results)); - PrivacyKit::RemovePermissionUsedRecords(tokenIdEx.tokenIdExStruct.tokenID, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenIdEx.tokenIdExStruct.tokenID); EXPECT_EQ(0, AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID)); // delete test hap } @@ -2362,7 +2552,7 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedTypeInfos006, TestSize.Level1) ASSERT_EQ(PrivacyError::ERR_OVERSIZE, PrivacyKit::GetPermissionUsedTypeInfos(tokenId, permissionName, results)); for (const auto& id : tokenIdList) { - PrivacyKit::RemovePermissionUsedRecords(id, ""); + PrivacyKit::RemovePermissionUsedRecords(id); ASSERT_EQ(0, AccessTokenKit::DeleteToken(id)); } @@ -2378,18 +2568,20 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedTypeInfos006, TestSize.Level1) HWTEST_F(PrivacyKitTest, SetMutePolicyTest001, TestSize.Level1) { ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PrivacyKit::SetMutePolicy(PolicyType::EDM - 1, CallerType::MICROPHONE, true)); + PrivacyKit::SetMutePolicy(PolicyType::EDM - 1, CallerType::MICROPHONE, true, RANDOM_TOKENID)); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PrivacyKit::SetMutePolicy(PolicyType::MIXED, CallerType::MICROPHONE, true)); + PrivacyKit::SetMutePolicy(PolicyType::MIXED, CallerType::MICROPHONE, true, RANDOM_TOKENID)); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE - 1, true)); + PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE - 1, true, RANDOM_TOKENID)); ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::CAMERA + 1, true)); + PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::CAMERA + 1, true, RANDOM_TOKENID)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, + PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::CAMERA, true, 0)); } /** * @tc.name: SetMutePolicyTest002 - * @tc.desc: Test SetMutePolicy without PERMISSION_USED_STATE + * @tc.desc: Test SetMutePolicy without SET_MUTE_POLICY * @tc.type: FUNC * @tc.require: */ @@ -2398,9 +2590,25 @@ HWTEST_F(PrivacyKitTest, SetMutePolicyTest002, TestSize.Level1) AccessTokenIDEx tokenIdEx = {0}; tokenIdEx = AccessTokenKit::AllocHapToken(g_infoParmsD, g_policyPramsD); ASSERT_NE(INVALID_TOKENID, tokenIdEx.tokenIDEx); - EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); // as a system hap without PERMISSION_USED_STATE + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); // as a system hap without SET_MUTE_POLICY ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, - PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true)); + PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, RANDOM_TOKENID)); +} + +/** + * @tc.name: SetMutePolicyTest003 + * @tc.desc: Test SetMutePolicy with not edm + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, SetMutePolicyTest003, TestSize.Level1) +{ + uint32_t tokenId = AccessTokenKit::GetNativeTokenId("camera_service"); + ASSERT_NE(0, tokenId); + EXPECT_EQ(0, SetSelfTokenID(tokenId)); // as a system service with SET_MUTE_POLICY + + ASSERT_EQ(PrivacyError::ERR_FIRST_CALLER_NOT_EDM, + PrivacyKit::SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, RANDOM_TOKENID)); } /** @@ -2423,6 +2631,92 @@ HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission011, TestSize.Level1) ASSERT_EQ(true, PrivacyKit::IsAllowedUsingPermission(tokenIdForeground, permissionName)); } +/** + * @tc.name: IsAllowedUsingPermission012 + * @tc.desc: IsAllowedUsingPermission with valid pid. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission012, TestSize.Level1) +{ + std::vector list; + ASSERT_EQ(0, AppManagerAccessClient::GetInstance().GetForegroundApplications(list)); + if (list.empty()) { + GTEST_LOG_(INFO) << "GetForegroundApplications empty "; + return; + } + + uint32_t tokenIdForeground = list[0].accessTokenId; + int32_t pidForground = list[0].pid; + std::string permissionName = "ohos.permission.MICROPHONE"; + ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(tokenIdForeground, permissionName, NOT_EXSIT_PID)); + ASSERT_EQ(true, PrivacyKit::IsAllowedUsingPermission(tokenIdForeground, permissionName, pidForground)); + + permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(tokenIdForeground, permissionName, NOT_EXSIT_PID)); + ASSERT_EQ(true, PrivacyKit::IsAllowedUsingPermission(tokenIdForeground, permissionName, pidForground)); +} + +/** + * @tc.name: IsAllowedUsingPermission013 + * @tc.desc: IsAllowedUsingPermission with MICROPHONE_BACKGROUND permission. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, IsAllowedUsingPermission013, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.MICROPHONE"; + ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(g_tokenIdE, permissionName)); + + HapInfoParams info = { + .userID = 1, + .bundleName = "ohos.privacy_test.microphone", + .instIndex = 0, + .appIDDesc = "privacy_test.microphone" + }; + + HapPolicyParams policy = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {g_infoManagerTestStateD} + }; + + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(0, tokenId); // hap MICROPHONE_BACKGROUND permission + ASSERT_EQ(true, PrivacyKit::IsAllowedUsingPermission(tokenId, permissionName)); // background hap + info.isSystemApp = true; + info.bundleName = "ohos.privacy_test.microphone.sys_app"; + tokenIdEx = AccessTokenKit::AllocHapToken(info, policy); + AccessTokenID sysApptokenId = tokenIdEx.tokenIdExStruct.tokenID; + + uint32_t selfUid = getuid(); + setuid(ACCESS_TOKEN_UID); + + uint32_t opCode1 = -1; + uint32_t opCode2 = -1; + ASSERT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); + ASSERT_EQ(true, TransferPermissionToOpcode("ohos.permission.PERMISSION_USED_STATS", opCode2)); + ASSERT_EQ(0, AddPermissionToKernel(sysApptokenId, {opCode1, opCode2}, {1, 1})); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); + GTEST_LOG_(INFO) << "permissionSet OK "; + + // callkit set hap to foreground with MICROPHONE_BACKGROUND + EXPECT_EQ(0, PrivacyKit::SetHapWithFGReminder(tokenId, true)); + EXPECT_EQ(true, PrivacyKit::IsAllowedUsingPermission(tokenId, permissionName)); + + // callkit set g_tokenIdE to foreground without MICROPHONE_BACKGROUND + EXPECT_EQ(0, PrivacyKit::SetHapWithFGReminder(g_tokenIdE, true)); + EXPECT_EQ(true, PrivacyKit::IsAllowedUsingPermission(g_tokenIdE, permissionName)); + + EXPECT_EQ(0, PrivacyKit::SetHapWithFGReminder(tokenId, false)); + EXPECT_EQ(0, PrivacyKit::SetHapWithFGReminder(g_tokenIdE, false)); + ASSERT_EQ(0, RemovePermissionFromKernel(sysApptokenId)); + setuid(selfUid); + ASSERT_EQ(0, AccessTokenKit::DeleteToken(sysApptokenId)); +} + /** * @tc.name: SetHapWithFGReminder01 * @tc.desc: SetHapWithFGReminder with valid tokenId. @@ -2433,8 +2727,11 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder01, TestSize.Level1) { uint32_t opCode1; uint32_t opCode2; - uint32_t tokenTest = 111; /// 111 is a tokenId uint32_t selfUid = getuid(); + setuid(0); + g_infoParmsA.isSystemApp = true; + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_infoParmsA, g_policyPramsA); + uint32_t tokenTest = tokenIdEx.tokenIdExStruct.tokenID; setuid(ACCESS_TOKEN_UID); EXPECT_EQ(true, TransferPermissionToOpcode("ohos.permission.SET_FOREGROUND_HAP_REMINDER", opCode1)); @@ -2443,7 +2740,7 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder01, TestSize.Level1) ASSERT_EQ(res, 0); GTEST_LOG_(INFO) << "permissionSet OK "; - EXPECT_EQ(0, SetSelfTokenID(tokenTest)); + EXPECT_EQ(0, SetSelfTokenID(tokenIdEx.tokenIDEx)); std::string permissionName = "ohos.permission.MICROPHONE"; ASSERT_EQ(false, PrivacyKit::IsAllowedUsingPermission(g_tokenIdE, permissionName)); int32_t ret = PrivacyKit::SetHapWithFGReminder(g_tokenIdE, true); @@ -2452,8 +2749,10 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder01, TestSize.Level1) ret = PrivacyKit::SetHapWithFGReminder(g_tokenIdE, false); ASSERT_EQ(ret, 0); - res = RemovePermissionFromKernel(tokenTest); + res = RemovePermissionFromKernel(tokenIdEx.tokenIDEx); ASSERT_EQ(res, 0); + setuid(0); + ASSERT_EQ(0, AccessTokenKit::DeleteToken(tokenTest)); setuid(selfUid); } @@ -2520,4 +2819,126 @@ HWTEST_F(PrivacyKitTest, SetHapWithFGReminder03, TestSize.Level1) uint32_t invalidTokenId = 0; ret = PrivacyKit::SetHapWithFGReminder(invalidTokenId, true); ASSERT_EQ(ret, PrivacyError::ERR_PARAM_INVALID); -} \ No newline at end of file +} + +/** + * @tc.name: SetPermissionUsedRecordToggleStatus001 + * @tc.desc: SetPermissionUsedRecordToggleStatus and GetPermissionUsedRecordToggleStatus with invalid userID. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, SetPermissionUsedRecordToggleStatus001, TestSize.Level1) +{ + bool status = true; + int32_t resSet = PrivacyKit::SetPermissionUsedRecordToggleStatus(INVALID_USER_ID, status); + int32_t resGet = PrivacyKit::GetPermissionUsedRecordToggleStatus(INVALID_USER_ID, status); + EXPECT_EQ(resSet, PrivacyError::ERR_PARAM_INVALID); + EXPECT_EQ(resGet, PrivacyError::ERR_PARAM_INVALID); +} + +/** + * @tc.name: SetPermissionUsedRecordToggleStatus002 + * @tc.desc: SetPermissionUsedRecordToggleStatus with true status and false status. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, SetPermissionUsedRecordToggleStatus002, TestSize.Level1) +{ + int32_t permRecordSize = 0; + bool status = true; + + int32_t resGet = PrivacyKit::GetPermissionUsedRecordToggleStatus(USER_ID_2, status); + EXPECT_EQ(resGet, 0); + EXPECT_TRUE(status); + + AddPermParamInfo info; + info.tokenId = g_tokenIdG; + info.permissionName = "ohos.permission.READ_CONTACTS"; + info.successCount = 1; + info.failCount = 0; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + permRecordSize++; + + info.permissionName = "ohos.permission.WRITE_CONTACTS"; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + permRecordSize++; + + PermissionUsedRequest request; + PermissionUsedResult result; + std::vector permissionList; + BuildQueryRequest(g_tokenIdG, g_infoParmsG.bundleName, permissionList, request); + + request.flag = FLAG_PERMISSION_USAGE_DETAIL; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(1, static_cast(result.bundleRecords.size())); + ASSERT_EQ(permRecordSize, static_cast(result.bundleRecords[0].permissionRecords.size())); + + int32_t resSet = PrivacyKit::SetPermissionUsedRecordToggleStatus(USER_ID_2, false); + EXPECT_EQ(resSet, 0); + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(0, static_cast(result.bundleRecords.size())); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + info.permissionName = "ohos.permission.READ_CONTACTS"; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(0, static_cast(result.bundleRecords.size())); + + resSet = PrivacyKit::SetPermissionUsedRecordToggleStatus(USER_ID_2, true); + EXPECT_EQ(resSet, 0); +} + +/** + * @tc.name: SetPermissionUsedRecordToggleStatus003 + * @tc.desc: SetPermissionUsedRecordToggleStatus with false status and true status. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyKitTest, SetPermissionUsedRecordToggleStatus003, TestSize.Level1) +{ + int32_t permRecordSize = 0; + bool status = true; + + int32_t resSet = PrivacyKit::SetPermissionUsedRecordToggleStatus(USER_ID_2, false); + int32_t resGet = PrivacyKit::GetPermissionUsedRecordToggleStatus(USER_ID_2, status); + EXPECT_EQ(resSet, 0); + EXPECT_EQ(resGet, 0); + EXPECT_FALSE(status); + + AddPermParamInfo info; + info.tokenId = g_tokenIdG; + info.permissionName = "ohos.permission.READ_CONTACTS"; + info.successCount = 1; + info.failCount = 0; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + + info.permissionName = "ohos.permission.WRITE_CONTACTS"; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + + PermissionUsedRequest request; + PermissionUsedResult result; + std::vector permissionList; + BuildQueryRequest(g_tokenIdG, g_infoParmsG.bundleName, permissionList, request); + request.flag = FLAG_PERMISSION_USAGE_DETAIL; + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(0, static_cast(result.bundleRecords.size())); + + resSet = PrivacyKit::SetPermissionUsedRecordToggleStatus(USER_ID_2, true); + resGet = PrivacyKit::GetPermissionUsedRecordToggleStatus(USER_ID_2, status); + EXPECT_EQ(resSet, 0); + EXPECT_EQ(resGet, 0); + EXPECT_TRUE(status); + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + permRecordSize++; + + info.permissionName = "ohos.permission.READ_CONTACTS"; + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + permRecordSize++; + + ASSERT_EQ(RET_NO_ERROR, PrivacyKit::GetPermissionUsedRecords(request, result)); + ASSERT_EQ(1, static_cast(result.bundleRecords.size())); + ASSERT_EQ(permRecordSize, static_cast(result.bundleRecords[0].permissionRecords.size())); +} diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.h b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.h index 6bb540843f3ce9c7753d8e2747db21172055dca6..3ef705195469c38eb1c4ca3b5d2d6f6cbfc183ba 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.h +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.h @@ -47,7 +47,7 @@ public: } }; std::string GetLocalDeviceUdid(); - void BuildQueryRequest(AccessTokenID tokenId, const std::string& deviceId, const std::string& bundleName, + void BuildQueryRequest(AccessTokenID tokenId, const std::string& bundleName, const std::vector& permissionList, PermissionUsedRequest& request); void CheckPermissionUsedResult(const PermissionUsedRequest& request, const PermissionUsedResult& result, int32_t permRecordSize, int32_t totalSuccessCount, int32_t totalFailCount); diff --git a/interfaces/innerkits/token_callback/src/token_callback_stub.cpp b/interfaces/innerkits/token_callback/src/token_callback_stub.cpp index e8d380ea86eb75694fae7a0789de4efc34c44b2e..67e273d411369da595f81744a877c3ddf600c0c3 100644 --- a/interfaces/innerkits/token_callback/src/token_callback_stub.cpp +++ b/interfaces/innerkits/token_callback/src/token_callback_stub.cpp @@ -16,16 +16,13 @@ #include "token_callback_stub.h" #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "TokenCallbackStub" -}; static const int32_t LIST_SIZE_MAX = 200; static const int32_t FAILED = -1; } @@ -38,10 +35,10 @@ static std::string to_utf8(std::u16string str16) int32_t TokenCallbackStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry, code: 0x%{public}x", code); + LOGD(ATM_DOMAIN, ATM_TAG, "Entry, code: 0x%{public}x", code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != ITokenCallback::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -49,7 +46,7 @@ int32_t TokenCallbackStub::OnRemoteRequest( if (msgCode == ITokenCallback::GRANT_RESULT_CALLBACK) { uint32_t permListSize = data.ReadUint32(); if (permListSize > LIST_SIZE_MAX) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read permListSize fail %{public}u", permListSize); + LOGE(ATM_DOMAIN, ATM_TAG, "Read permListSize fail %{public}u", permListSize); return FAILED; } std::vector permList; @@ -61,7 +58,7 @@ int32_t TokenCallbackStub::OnRemoteRequest( uint32_t statusListSize = data.ReadUint32(); if (statusListSize != permListSize) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read statusListSize fail %{public}u", statusListSize); + LOGE(ATM_DOMAIN, ATM_TAG, "Read statusListSize fail %{public}u", statusListSize); return FAILED; } std::vector grantResults; diff --git a/interfaces/innerkits/token_callback/test/BUILD.gn b/interfaces/innerkits/token_callback/test/BUILD.gn index 38175b2f9daf4d3b375ca8602d84f8a068e79ac3..d2df573b89a72d7428bfed774b0215017ade6ebc 100644 --- a/interfaces/innerkits/token_callback/test/BUILD.gn +++ b/interfaces/innerkits/token_callback/test/BUILD.gn @@ -37,7 +37,7 @@ ohos_unittest("libtoken_callback_test") { deps = [ "../:libtoken_callback_sdk" ] external_deps = [ "c_utils:utils", - "ipc:ipc_core", + "ipc:ipc_single", ] } diff --git a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp index 611a69b1bd10beadeee26c7a1b01adfe1d5d5c77..4338fb20223113a342452dae3ef0eb425626af51 100644 --- a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp +++ b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp @@ -53,8 +53,7 @@ int32_t AddPermissionToKernel( } size_t size = opCodeList.size(); if (size == 0) { - RemovePermissionFromKernel(tokenID); - return ACCESS_TOKEN_OK; + return RemovePermissionFromKernel(tokenID); } struct IoctlAddPermData data; data.token = tokenID; diff --git a/interfaces/innerkits/tokensync/BUILD.gn b/interfaces/innerkits/tokensync/BUILD.gn index 82d3c40982ac94af85c22bc90c511184be5c1a43..4053b2bf1276a3464141f59db174a46b75611fe4 100644 --- a/interfaces/innerkits/tokensync/BUILD.gn +++ b/interfaces/innerkits/tokensync/BUILD.gn @@ -15,7 +15,8 @@ import("../../../access_token.gni") config("tokensync") { visibility = [ ":*" ] - include_dirs = [ "include" ] + include_dirs = + [ "${access_token_path}/interfaces/innerkits/tokensync/include" ] } if (is_standard_system) { @@ -37,7 +38,7 @@ if (is_standard_system) { "${access_token_path}/frameworks/common/include", "${access_token_path}/frameworks/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", - "include", + "${access_token_path}/interfaces/innerkits/tokensync/include", "src", ] diff --git a/interfaces/innerkits/tokensync/src/token_sync_kit.cpp b/interfaces/innerkits/tokensync/src/token_sync_kit.cpp index f66f2dd1c6bc063d98ad87737509e170c20ed6db..e3c6321ae75fad0d3d7487cb6f46cb980bf67907 100644 --- a/interfaces/innerkits/tokensync/src/token_sync_kit.cpp +++ b/interfaces/innerkits/tokensync/src/token_sync_kit.cpp @@ -18,7 +18,7 @@ #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "constant_common.h" #include "token_sync_manager_client.h" @@ -27,26 +27,22 @@ namespace Security { namespace AccessToken { using namespace std; -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncKit"}; -} // namespace - int TokenSyncKit::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s tokenID=%{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, deviceID=%{public}s tokenID=%{public}d", __func__, ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); return TokenSyncManagerClient::GetInstance().GetRemoteHapTokenInfo(deviceID, tokenID); } int TokenSyncKit::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID=%{public}d", __func__, tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, tokenID=%{public}d", __func__, tokenID); return TokenSyncManagerClient::GetInstance().DeleteRemoteHapTokenInfo(tokenID); } int TokenSyncKit::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called tokenID=%{public}d", __func__, tokenInfo.baseInfo.tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called tokenID=%{public}d", __func__, tokenInfo.baseInfo.tokenID); return TokenSyncManagerClient::GetInstance().UpdateRemoteHapTokenInfo(tokenInfo); } } // namespace AccessToken diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp index df0f344eeb8dc7e0d982c6d69e902da328ce3bdf..3df4841c86174fdf0ea68ed3cbfa0ed26ec6f766 100644 --- a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp +++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp @@ -15,16 +15,15 @@ #include "token_sync_manager_client.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "hap_token_info_for_sync_parcel.h" -#include "native_token_info_for_sync_parcel.h" #include "iservice_registry.h" +#include "token_sync_manager_proxy.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerClient"}; std::recursive_mutex g_instanceMutex; } // namespace @@ -34,7 +33,8 @@ TokenSyncManagerClient& TokenSyncManagerClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new TokenSyncManagerClient(); + TokenSyncManagerClient* tmp = new TokenSyncManagerClient(); + instance = std::move(tmp); } } return *instance; @@ -45,15 +45,15 @@ TokenSyncManagerClient::TokenSyncManagerClient() TokenSyncManagerClient::~TokenSyncManagerClient() { - ACCESSTOKEN_LOG_ERROR(LABEL, "~TokenSyncManagerClient"); + LOGE(ATM_DOMAIN, ATM_TAG, "~TokenSyncManagerClient"); } int TokenSyncManagerClient::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called"); + LOGD(ATM_DOMAIN, ATM_TAG, "Called"); auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_SYNC_IPC_ERROR; } return proxy->GetRemoteHapTokenInfo(deviceID, tokenID); @@ -61,10 +61,10 @@ int TokenSyncManagerClient::GetRemoteHapTokenInfo(const std::string& deviceID, A int TokenSyncManagerClient::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called"); + LOGD(ATM_DOMAIN, ATM_TAG, "Called"); auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_SYNC_IPC_ERROR; } return proxy->DeleteRemoteHapTokenInfo(tokenID); @@ -72,10 +72,10 @@ int TokenSyncManagerClient::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) cons int TokenSyncManagerClient::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Called"); + LOGD(ATM_DOMAIN, ATM_TAG, "Called"); auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return TOKEN_SYNC_IPC_ERROR; } return proxy->UpdateRemoteHapTokenInfo(tokenInfo); @@ -85,20 +85,20 @@ sptr TokenSyncManagerClient::GetProxy() const { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "GetSystemAbilityManager is null"); + LOGW(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null"); return nullptr; } auto tokensyncSa = sam->GetSystemAbility(ITokenSyncManager::SA_ID_TOKENSYNC_MANAGER_SERVICE); if (tokensyncSa == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "GetSystemAbility %{public}d is null", + LOGW(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", ITokenSyncManager::SA_ID_TOKENSYNC_MANAGER_SERVICE); return nullptr; } - auto proxy = iface_cast(tokensyncSa); + auto proxy = new TokenSyncManagerProxy(tokensyncSa); if (proxy == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Iface_cast get null"); + LOGW(ATM_DOMAIN, ATM_TAG, "Iface_cast get null"); return nullptr; } return proxy; diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp index 8876c2372411b06c8bc8f4632c7a8f555ff28cad..83cf390c8a0be4257ca3e89bedbed48ddcd6156c 100644 --- a/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp +++ b/interfaces/innerkits/tokensync/src/token_sync_manager_proxy.cpp @@ -15,16 +15,13 @@ #include "token_sync_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "parcel.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerProxy"}; -} TokenSyncManagerProxy::TokenSyncManagerProxy(const sptr& impl) : IRemoteProxy(impl) {} @@ -37,11 +34,11 @@ int TokenSyncManagerProxy::GetRemoteHapTokenInfo(const std::string& deviceID, Ac MessageParcel data; data.WriteInterfaceToken(ITokenSyncManager::GetDescriptor()); if (!data.WriteString(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write deviceID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write deviceID"); return TOKEN_SYNC_PARAMS_INVALID; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); return TOKEN_SYNC_PARAMS_INVALID; } @@ -49,18 +46,18 @@ int TokenSyncManagerProxy::GetRemoteHapTokenInfo(const std::string& deviceID, Ac MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result: %{public}d", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get result from server data = %{public}d", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Get result from server data = %{public}d", result); return result; } @@ -69,7 +66,7 @@ int TokenSyncManagerProxy::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) MessageParcel data; data.WriteInterfaceToken(ITokenSyncManager::GetDescriptor()); if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID"); return TOKEN_SYNC_PARAMS_INVALID; } @@ -77,18 +74,18 @@ int TokenSyncManagerProxy::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result: %{public}d", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get result from server data = %{public}d", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Get result from server data = %{public}d", result); return result; } @@ -101,7 +98,7 @@ int TokenSyncManagerProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& t tokenInfoParcel.hapTokenInfoForSyncParams = tokenInfo; if (!data.WriteParcelable(&tokenInfoParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenInfo"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenInfo"); return TOKEN_SYNC_PARAMS_INVALID; } @@ -109,18 +106,18 @@ int TokenSyncManagerProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& t MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result: %{public}d", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get result from server data = %{public}d", result); + LOGD(ATM_DOMAIN, ATM_TAG, "Get result from server data = %{public}d", result); return result; } } // namespace AccessToken diff --git a/interfaces/innerkits/tokensync/test/BUILD.gn b/interfaces/innerkits/tokensync/test/BUILD.gn index 357d0e3b9eac3d3496b3b32452f855b84045f011..a2bddbd3a3ee576d60677fdf7d18191c757a604d 100644 --- a/interfaces/innerkits/tokensync/test/BUILD.gn +++ b/interfaces/innerkits/tokensync/test/BUILD.gn @@ -29,7 +29,7 @@ ohos_unittest("libtokensync_sdk_test") { "${access_token_path}/frameworks/accesstoken/include", "${access_token_path}/frameworks/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", - "../include", + "${access_token_path}/interfaces/innerkits/tokensync/include", "../src", ] diff --git a/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp index e8a8290d621bd0aad684fe58c5e6447e0bcd4877..1e7dc47ff298e03fb1231035f44fc830d90988a6 100644 --- a/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp +++ b/interfaces/innerkits/tokensync/test/unittest/src/token_sync_kit_test.cpp @@ -37,6 +37,26 @@ void TokenSyncKitTest::SetUp() void TokenSyncKitTest::TearDown() {} +static const int TIME_500_MS = 1000 * 500; // 0.5 second + +static void StartOrStopTokenSyncService(bool start) +{ + pid_t pid = fork(); + int ret = 0; + if (pid == 0) { + if (start) { + ret = execlp("service_control", "service_control", "start", "token_sync_service", nullptr); + } else { + ret = execlp("service_control", "service_control", "stop", "token_sync_service", nullptr); + } + if (ret == -1) { + std::cout << "execlp failed" << std::endl; + } + exit(0); + } + usleep(TIME_500_MS); +} + /** * @tc.name: UpdateRemoteHapTokenInfo001 * @tc.desc: TokenSyncManagerProxy::UpdateRemoteHapTokenInfo function test @@ -49,6 +69,44 @@ HWTEST_F(TokenSyncKitTest, UpdateRemoteHapTokenInfo001, TestSize.Level1) ASSERT_EQ(TokenSyncError::TOKEN_SYNC_IPC_ERROR, TokenSyncManagerClient::GetInstance().UpdateRemoteHapTokenInfo(tokenInfo)); + + StartOrStopTokenSyncService(true); + ASSERT_EQ(0, TokenSyncManagerClient::GetInstance().UpdateRemoteHapTokenInfo(tokenInfo)); + StartOrStopTokenSyncService(false); +} + +/** + * @tc.name: GetRemoteHapTokenInfo001 + * @tc.desc: TokenSyncManagerProxy::GetRemoteHapTokenInfo function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(TokenSyncKitTest, GetRemoteHapTokenInfo001, TestSize.Level1) +{ + ASSERT_EQ(TokenSyncError::TOKEN_SYNC_IPC_ERROR, + TokenSyncManagerClient::GetInstance().GetRemoteHapTokenInfo("", 0)); + + StartOrStopTokenSyncService(true); + ASSERT_EQ(TokenSyncError::TOKEN_SYNC_PARAMS_INVALID, + TokenSyncManagerClient::GetInstance().GetRemoteHapTokenInfo("", 0)); + StartOrStopTokenSyncService(false); +} + +/** + * @tc.name: DeleteRemoteHapTokenInfo001 + * @tc.desc: TokenSyncManagerProxy::DeleteRemoteHapTokenInfo function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(TokenSyncKitTest, DeleteRemoteHapTokenInfo001, TestSize.Level1) +{ + ASSERT_EQ(TokenSyncError::TOKEN_SYNC_IPC_ERROR, + TokenSyncManagerClient::GetInstance().DeleteRemoteHapTokenInfo(0)); + + StartOrStopTokenSyncService(true); + ASSERT_EQ(TokenSyncError::TOKEN_SYNC_PARAMS_INVALID, + TokenSyncManagerClient::GetInstance().DeleteRemoteHapTokenInfo(0)); + StartOrStopTokenSyncService(false); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/capi/BUILD.gn b/interfaces/kits/capi/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..070fee69acb1dd6927c19b4af4eb316c74ef756e --- /dev/null +++ b/interfaces/kits/capi/BUILD.gn @@ -0,0 +1,18 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +group("capi_packages") { + deps = [ "accesstoken:libability_access_control" ] +} diff --git a/interfaces/kits/capi/accesstoken/BUILD.gn b/interfaces/kits/capi/accesstoken/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..11093e09e2c258a134a697180aeaafc6d6b613ff --- /dev/null +++ b/interfaces/kits/capi/accesstoken/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../../access_token.gni") + +config("accesstoken_ndk_config") { + include_dirs = [ "include" ] +} + +ohos_shared_library("libability_access_control") { + innerapi_tags = [ "ndk" ] + output_extension = "so" + public_configs = [ ":accesstoken_ndk_config" ] + + sanitize = { + integer_overflow = true + cfi = true + debug = false + cfi_cross_dso = true + boundary_sanitize = true + ubsan = true + } + + sources = [ "src/ability_access_control.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + ] + + cflags_cc = [ + "-Wall", + "-Werror", + ] + + part_name = "access_token" + subsystem_name = "security" +} diff --git a/interfaces/kits/capi/accesstoken/include/ability_access_control.h b/interfaces/kits/capi/accesstoken/include/ability_access_control.h new file mode 100644 index 0000000000000000000000000000000000000000..121e5b9836d58e0c0d4163d900614acfd5668894 --- /dev/null +++ b/interfaces/kits/capi/accesstoken/include/ability_access_control.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @addtogroup AbilityAccessControl + * @{ + * + * @brief Provides the capability to manage access token. + * + * @since 12 + */ + +/** + * @file ability_access_control.h + * + * @brief Declares the APIs for managing access token. + * + * @library ability_access_control.so + * @kit AbilityKit + * @syscap SystemCapability.Security.AccessToken + * @since 12 + */ + +#ifndef ABILITY_ACCESS_CONTROL_H +#define ABILITY_ACCESS_CONTROL_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Checks whether this application has been granted the given permission. + * + * @param permission - Name of the permission to be granted. + * @return true - The permission has been granted to this application. + * false - The permission has not been granted to this application. + * @since 12 + */ +bool OH_AT_CheckSelfPermission(const char *permission); + +#ifdef __cplusplus +} +#endif + +/** @} */ +#endif /* ABILITY_ACCESS_CONTROL_H */ diff --git a/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp b/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a477dfed0c9e22b2805b21997a624f7cb31cd9e7 --- /dev/null +++ b/interfaces/kits/capi/accesstoken/src/ability_access_control.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ability_access_control.h" + +#include + +#include "accesstoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::Security::AccessToken; + +bool OH_AT_CheckSelfPermission(const char *permission) +{ + if (permission == nullptr) { + return false; + } + + uint64_t tokenId = GetSelfTokenID(); + std::string permissionName(permission); + return (AccessTokenKit::VerifyAccessToken(tokenId, permissionName) == PermissionState::PERMISSION_GRANTED); +} \ No newline at end of file diff --git a/interfaces/kits/cj/BUILD.gn b/interfaces/kits/cj/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..9a726f9867100f82fd41957ff20f8d9bc0ff3176 --- /dev/null +++ b/interfaces/kits/cj/BUILD.gn @@ -0,0 +1,24 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") + +group("cj_packages") { + deps = [] + if (support_jsapi) { + deps += [ + "accesstoken:cj_ability_access_ctrl_ffi", + "screenlockfilemanager:cj_screen_lock_file_manager_ffi", + ] + } +} diff --git a/interfaces/kits/accesstoken/BUILD.gn b/interfaces/kits/cj/accesstoken/BUILD.gn similarity index 55% rename from interfaces/kits/accesstoken/BUILD.gn rename to interfaces/kits/cj/accesstoken/BUILD.gn index 479b9f762cc9b51c6383f5f57f335e259d30702b..b2af68dca668ce8a5a6381e286d0391915e571c4 100644 --- a/interfaces/kits/accesstoken/BUILD.gn +++ b/interfaces/kits/cj/accesstoken/BUILD.gn @@ -12,73 +12,10 @@ # limitations under the License. import("//build/ohos.gni") -import("../../../access_token.gni") - -ohos_shared_library("libabilityaccessctrl") { - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - include_dirs = [ - "${access_token_path}/frameworks/common/include", - "${access_token_path}/interfaces/innerkits/accesstoken/include", - "${access_token_path}/interfaces/innerkits/token_callback/include", - "${access_token_path}/interfaces/innerkits/token_setproc/include", - "../common/include", - "napi/include", - ] - - sources = [ - "napi/src/napi_atmanager.cpp", - "napi/src/napi_context_common.cpp", - "napi/src/napi_request_global_switch_on_setting.cpp", - "napi/src/napi_request_permission.cpp", - "napi/src/napi_request_permission_on_setting.cpp", - ] - - deps = [ - "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", - "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../common:libnapi_common", - ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - external_deps = [ - "ability_base:want", - "ability_runtime:ability_context_native", - "ability_runtime:ability_manager", - "ability_runtime:abilitykit_native", - "ability_runtime:napi_base_context", - "ability_runtime:ui_extension", - "ace_engine:ace_uicontent", - "c_utils:utils", - "hilog:libhilog", - "hisysevent:libhisysevent", - "init:libbegetutil", - "ipc:ipc_single", - "napi:ace_napi", - ] - - if (eventhandler_enable == true) { - cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] - external_deps += [ "eventhandler:libeventhandler" ] - } - - configs = [ - "${access_token_path}/config:access_token_compile_flags", - "${access_token_path}/config:coverage_flags", - ] - - relative_install_dir = "module" - subsystem_name = "security" - part_name = "access_token" -} +import("../../../../access_token.gni") config("cj_ability_access_ctrl_ffi_config") { - include_dirs = [ "cj" ] + include_dirs = [ "include" ] } ohos_shared_library("cj_ability_access_ctrl_ffi") { @@ -93,7 +30,7 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/token_callback/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", - "../common/include", + "../../napi/common/include", ] if (!defined(defines)) { @@ -102,15 +39,17 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { if (!ohos_indep_compiler_enable && product_name != "ohos-sdk") { sources = [ - "cj/ability_access_ctrl_ffi.cpp", - "cj/at_manager_impl.cpp", + "src/ability_access_ctrl_ffi.cpp", + "src/at_manager_impl.cpp", + "src/request_global_switch_on_setting.cpp", + "src/request_permission_on_setting.cpp", ] deps = [ + "${access_token_path}/frameworks/js/napi/common:libnapi_common", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_callback:libtoken_callback_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", - "../common:libnapi_common", ] external_deps = [ @@ -131,7 +70,7 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { ] } else { defines += [ "PREVIEWER" ] - sources = [ "cj/ability_access_ctrl_mock.cpp" ] + sources = [ "src/ability_access_ctrl_mock.cpp" ] external_deps = [ "napi:cj_bind_ffi" ] } diff --git a/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_common.h b/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_common.h new file mode 100644 index 0000000000000000000000000000000000000000..aa6f0d4a8fdcc4df3c0b042aecbe0d3ffbf3063a --- /dev/null +++ b/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_common.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_ABILITY_ACCESS_CTRL_COMMON_H +#define OHOS_ABILITY_ACCESS_CTRL_COMMON_H + +#include +#include + +namespace OHOS { +namespace CJSystemapi { + +const std::string RESULT_ERROR_KEY = "ohos.user.setting.error_code"; +const std::string EXTENSION_TYPE_KEY = "ability.want.params.uiExtensionType"; +const std::string UI_EXTENSION_TYPE = "sys/commonUI"; + +typedef enum { + CJ_OK = 0, + CJ_ERROR_PERMISSION_DENIED = 201, + CJ_ERROR_NOT_SYSTEM_APP = 202, + CJ_ERROR_PARAM_ILLEGAL = 401, + CJ_ERROR_SYSTEM_CAPABILITY_NOT_SUPPORT = 801, + CJ_ERROR_PARAM_INVALID = 12100001, + CJ_ERROR_TOKENID_NOT_EXIST, + CJ_ERROR_PERMISSION_NOT_EXIST, + CJ_ERROR_NOT_USE_TOGETHER, + CJ_ERROR_REGISTERS_EXCEED_LIMITATION, + CJ_ERROR_PERMISSION_OPERATION_NOT_ALLOWED, + CJ_ERROR_SERVICE_NOT_RUNNING, + CJ_ERROR_OUT_OF_MEMORY, + CJ_ERROR_INNER, + CJ_ERROR_REQUEST_IS_ALREADY_EXIST, + CJ_ERROR_ALL_PERM_GRANTED, + CJ_ERROR_PERM_REVOKE_BY_USER, + CJ_ERROR_GLOBAL_SWITCH_IS_ALREADY_OPEN, +} CjErrorCode; +} +} +#endif // OHOS_ABILITY_ACCESS_CTRL_COMMON_H \ No newline at end of file diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.h b/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_ffi.h similarity index 81% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.h rename to interfaces/kits/cj/accesstoken/include/ability_access_ctrl_ffi.h index 3d52bb00f87838229fc78ff8337eccee54cb985e..5e3acedde3520e4e752d66c583bda539e683e070 100644 --- a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.h +++ b/interfaces/kits/cj/accesstoken/include/ability_access_ctrl_ffi.h @@ -21,6 +21,8 @@ #include "cj_common_ffi.h" #include "ffi_remote_data.h" #include "at_manager_impl.h" +#include "request_global_switch_on_setting.h" +#include "request_permission_on_setting.h" extern "C" { FFI_EXPORT int32_t FfiOHOSAbilityAccessCtrlCheckAccessTokenSync(unsigned int tokenID, const char* cPermissionName); @@ -36,6 +38,10 @@ extern "C" { CArrString cPermissionList, void (*callbackRef)(RetDataCPermissionRequestResult infoRef)); FFI_EXPORT void FfiOHOSAbilityAccessCtrlRequestPermissionsFromUserByStdFunc(OHOS::AbilityRuntime::Context* context, CArrString cPermissionList, const std::function *callbackPtr); + FFI_EXPORT void FfiOHOSAbilityAccessCtrlRequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, + CArrString cPermissionList, void (*callbackRef)(RetDataCArrI32 infoRef)); + FFI_EXPORT void FfiOHOSAbilityAccessCtrlRequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, int32_t type, + void (*callbackRef)(RetDataBool infoRef)); } #endif // OHOS_ABILITY_ACCESS_CTRL_FFI_H \ No newline at end of file diff --git a/interfaces/kits/accesstoken/cj/at_manager_impl.h b/interfaces/kits/cj/accesstoken/include/at_manager_impl.h similarity index 89% rename from interfaces/kits/accesstoken/cj/at_manager_impl.h rename to interfaces/kits/cj/accesstoken/include/at_manager_impl.h index b1e0892e257f24e7228892201607ab0b7222cc8e..512f66d930d4bbbab5f6268dc5b5f26950eda64f 100644 --- a/interfaces/kits/accesstoken/cj/at_manager_impl.h +++ b/interfaces/kits/cj/accesstoken/include/at_manager_impl.h @@ -32,9 +32,15 @@ #include "ui_content.h" #include "ui_extension_context.h" +struct CArrBool { + void* head; + int64_t size; +}; + struct CPermissionRequestResult { CArrString permissions; CArrI32 authResults; + CArrBool dialogShownResults; }; struct RetDataCPermissionRequestResult { @@ -75,6 +81,7 @@ struct RequestAsyncContext { int32_t result = AT_PERM_OPERA_SUCC; std::vector permissionList; std::vector permissionsState; + std::vector dialogShownResults; PermissionGrantInfo info; std::shared_ptr abilityContext; std::shared_ptr uiExtensionContext; @@ -102,14 +109,13 @@ private: class AuthorizationResult : public Security::AccessToken::TokenCallbackStub { public: - explicit AuthorizationResult(std::function callbackRef) - : callbackRef_(callbackRef) {} + explicit AuthorizationResult(std::shared_ptr& data) : data_(data) {} ~AuthorizationResult() override = default; void GrantResultsCallback(const std::vector& permissions, const std::vector& grantResults) override; private: - std::function callbackRef_; + std::shared_ptr data_ = nullptr; }; class RegisterPermStateChangeScopePtr : public std::enable_shared_from_this, @@ -143,23 +149,6 @@ struct UnregisterPermStateChangeInfo : public PermStateChangeContext { PermStateChangeScope scopeInfo; }; -typedef enum { - CJ_OK = 0, - CJ_ERROR_PERMISSION_DENIED = 201, - CJ_ERROR_NOT_SYSTEM_APP = 202, - CJ_ERROR_PARAM_ILLEGAL = 401, - CJ_ERROR_SYSTEM_CAPABILITY_NOT_SUPPORT = 801, - CJ_ERROR_PARAM_INVALID = 12100001, - CJ_ERROR_TOKENID_NOT_EXIST, - CJ_ERROR_PERMISSION_NOT_EXIST, - CJ_ERROR_NOT_USE_TOGETHER, - CJ_ERROR_REGISTERS_EXCEED_LIMITATION, - CJ_ERROR_PERMISSION_OPERATION_NOT_ALLOWED, - CJ_ERROR_SERVICE_NOT_RUNNING, - CJ_ERROR_OUT_OF_MEMORY, - CJ_ERROR_INNER, -} CjErrorCode; - class AtManagerImpl { public: static int32_t VerifyAccessTokenSync(unsigned int tokenID, const char* cPermissionName); @@ -194,7 +183,7 @@ private: UnregisterPermStateChangeInfo& unregisterPermStateChangeInfo); static bool IsExistRegister(const RegisterPermStateChangeInfo* registerPermStateChangeInfo); static bool IsDynamicRequest(const std::vector& permissions, - std::vector& permissionsState, PermissionGrantInfo& info); + std::vector& permissionsState, std::vector& dialogShownResults, PermissionGrantInfo& info); static bool FindAndGetSubscriberInVector(UnregisterPermStateChangeInfo* unregisterPermStateChangeInfo, std::vector& batchPermStateChangeRegisters); static void DeleteRegisterFromVector(const PermStateChangeScope& scopeInfo, int64_t subscriberRef); diff --git a/interfaces/kits/accesstoken/cj/macro.h b/interfaces/kits/cj/accesstoken/include/macro.h similarity index 100% rename from interfaces/kits/accesstoken/cj/macro.h rename to interfaces/kits/cj/accesstoken/include/macro.h diff --git a/interfaces/kits/cj/accesstoken/include/request_global_switch_on_setting.h b/interfaces/kits/cj/accesstoken/include/request_global_switch_on_setting.h new file mode 100644 index 0000000000000000000000000000000000000000..5ee7e75ff720127386ef77cc515d979613ee81b5 --- /dev/null +++ b/interfaces/kits/cj/accesstoken/include/request_global_switch_on_setting.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_ABILITY_ACCESS_REQUEST_GLOBAL_SWITCH_ON_SETTING_H +#define OHOS_ABILITY_ACCESS_REQUEST_GLOBAL_SWITCH_ON_SETTING_H + +#include +#include +#include + +#include "accesstoken_kit.h" +#include "cj_common_ffi.h" +#include "cj_lambda.h" +#include "ffi_remote_data.h" +#include "permission_grant_info.h" +#include "ui_content.h" +#include "ui_extension_context.h" + +namespace OHOS { +namespace CJSystemapi { + +struct RequestGlobalSwitchAsyncContext { + OHOS::Security::AccessToken::AccessTokenID tokenId = 0; + int32_t switchType = -1; + int32_t errorCode = -1; + bool switchStatus = false; + OHOS::Security::AccessToken::PermissionGrantInfo info; + std::shared_ptr abilityContext; + std::shared_ptr uiExtensionContext; + bool uiAbilityFlag = false; + bool releaseFlag = false; + std::function callbackRef = nullptr; +}; + +struct RequestGlobalSwitchAsyncContextHandle { + explicit RequestGlobalSwitchAsyncContextHandle( + std::shared_ptr& requestAsyncContext) + { + asyncContextPtr = requestAsyncContext; + } + + std::shared_ptr asyncContextPtr; +}; + +class SwitchOnSettingUICallback { +public: + explicit SwitchOnSettingUICallback(const std::shared_ptr& reqContext); + ~SwitchOnSettingUICallback(); + void SetSessionId(int32_t sessionId); + void OnRelease(int32_t releaseCode); + void OnResult(int32_t resultCode, const OHOS::AAFwk::Want& result); + void OnReceive(const OHOS::AAFwk::WantParams& request); + void OnError(int32_t code, const std::string& name, const std::string& message); + void OnRemoteReady(const std::shared_ptr& uiProxy); + void OnDestroy(); + void ReleaseHandler(int32_t code); + +private: + int32_t sessionId_ = 0; + std::shared_ptr reqContext_ = nullptr; +}; + +class FfiRequestGlobalSwitchOnSetting { +public: + static void RequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, int32_t switchType, + const std::function& callbackRef); +private: + static bool ParseRequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, + const std::shared_ptr& asyncContext); +}; +} +} + +#endif \ No newline at end of file diff --git a/interfaces/kits/cj/accesstoken/include/request_permission_on_setting.h b/interfaces/kits/cj/accesstoken/include/request_permission_on_setting.h new file mode 100644 index 0000000000000000000000000000000000000000..5ac2150911a4e2cc107ce1d28f0553c93bbe0512 --- /dev/null +++ b/interfaces/kits/cj/accesstoken/include/request_permission_on_setting.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_ABILITY_ACCESS_REQUEST_PERMISSION_ON_SETTING_H +#define OHOS_ABILITY_ACCESS_REQUEST_PERMISSION_ON_SETTING_H + +#include +#include +#include + +#include "accesstoken_kit.h" +#include "cj_common_ffi.h" +#include "cj_lambda.h" +#include "permission_grant_info.h" +#include "ui_content.h" +#include "ui_extension_context.h" + +namespace OHOS { +namespace CJSystemapi { + +struct RequestPermOnSettingAsyncContext { + OHOS::Security::AccessToken::AccessTokenID tokenId = 0; + OHOS::Security::AccessToken::PermissionGrantInfo info; + int32_t errorCode = -1; + std::vector permissionList; + std::vector stateList; + std::shared_ptr abilityContext; + std::shared_ptr uiExtensionContext; + bool uiAbilityFlag = false; + bool releaseFlag = false; + std::function callbackRef = nullptr; +}; + +struct RequestOnSettingAsyncContextHandle { + explicit RequestOnSettingAsyncContextHandle(std::shared_ptr& requestAsyncContext) + { + asyncContextPtr = requestAsyncContext; + } + + std::shared_ptr asyncContextPtr; +}; + +class PermissonOnSettingUICallback { +public: + explicit PermissonOnSettingUICallback(const std::shared_ptr& reqContext); + ~PermissonOnSettingUICallback(); + void SetSessionId(int32_t sessionId); + void OnRelease(int32_t releaseCode); + void OnResult(int32_t resultCode, const OHOS::AAFwk::Want& result); + void OnReceive(const OHOS::AAFwk::WantParams& request); + void OnError(int32_t code, const std::string& name, const std::string& message); + void OnRemoteReady(const std::shared_ptr& uiProxy); + void OnDestroy(); + void ReleaseHandler(int32_t code); + +private: + int32_t sessionId_ = 0; + std::shared_ptr reqContext_ = nullptr; +}; + +class FfiRequestPermissionOnSetting { +public: + static void RequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, CArrString cPermissionList, + const std::function& callbackRef); +private: + static bool ParseRequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, CArrString cPermissionList, + const std::shared_ptr& asyncContext); +}; +} +} + +#endif \ No newline at end of file diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.cpp b/interfaces/kits/cj/accesstoken/src/ability_access_ctrl_ffi.cpp similarity index 81% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.cpp rename to interfaces/kits/cj/accesstoken/src/ability_access_ctrl_ffi.cpp index 785e4d2c38c6484be07bc0f3d4a15b80f519326d..e1426fdd623891dc51195a15f4fed47b9bfbe663 100644 --- a/interfaces/kits/accesstoken/cj/ability_access_ctrl_ffi.cpp +++ b/interfaces/kits/cj/accesstoken/src/ability_access_ctrl_ffi.cpp @@ -76,6 +76,22 @@ void FfiOHOSAbilityAccessCtrlRequestPermissionsFromUserByStdFunc(OHOS::AbilityRu auto onChange = *callbackPtr; AtManagerImpl::RequestPermissionsFromUser(context, cPermissionList, onChange); } + +void FfiOHOSAbilityAccessCtrlRequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, + CArrString cPermissionList, void (*callbackRef)(RetDataCArrI32 infoRef)) +{ + auto callback = [lambda = CJLambda::Create(callbackRef)] + (RetDataCArrI32 infoRef) -> void { lambda(infoRef); }; + FfiRequestPermissionOnSetting::RequestPermissionOnSetting(context, cPermissionList, callback); +} + +void FfiOHOSAbilityAccessCtrlRequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, int32_t type, + void (*callbackRef)(RetDataBool infoRef)) +{ + auto callback = [lambda = CJLambda::Create(callbackRef)] + (RetDataBool infoRef) -> void { lambda(infoRef); }; + FfiRequestGlobalSwitchOnSetting::RequestGlobalSwitch(context, type, callback); +} } } // namespace CJSystemapi } // namespace OHOS diff --git a/interfaces/kits/accesstoken/cj/ability_access_ctrl_mock.cpp b/interfaces/kits/cj/accesstoken/src/ability_access_ctrl_mock.cpp similarity index 100% rename from interfaces/kits/accesstoken/cj/ability_access_ctrl_mock.cpp rename to interfaces/kits/cj/accesstoken/src/ability_access_ctrl_mock.cpp diff --git a/interfaces/kits/accesstoken/cj/at_manager_impl.cpp b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp similarity index 94% rename from interfaces/kits/accesstoken/cj/at_manager_impl.cpp rename to interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp index 441cfdcfc47f7e58a4836db773f44c148409aa11..6cf2e6c12f152670ecb99eb0f1c0ed6f595e568d 100644 --- a/interfaces/kits/accesstoken/cj/at_manager_impl.cpp +++ b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp @@ -14,7 +14,7 @@ */ #include "at_manager_impl.h" - +#include "ability_access_ctrl_common.h" #include "ability.h" #include "ability_manager_client.h" #include "access_token.h" @@ -38,8 +38,6 @@ static PermissionParamCache g_paramCache; std::mutex g_lockForPermRequestCallbacks; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; -const std::string EXTENSION_TYPE_KEY = "ability.want.params.uiExtensionType"; -const std::string UI_EXTENSION_TYPE = "sys/commonUI"; const std::string GRANT_ABILITY_BUNDLE_NAME = "com.ohos.permissionmanager"; const std::string GRANT_ABILITY_ABILITY_NAME = "com.ohos.permissionmanager.GrantAbility"; const std::string PERMISSION_KEY = "ohos.user.grant.permission"; @@ -175,6 +173,19 @@ static int32_t* VectorToCArrInt32(const std::vector& vec) return result; } +static bool* VectorToCArrBool(const std::vector& vec) +{ + bool* result = static_cast(malloc(sizeof(bool) * vec.size())); + if (result == nullptr) { + LOGE("VectorToCArrBool: malloc failed!"); + return nullptr; + } + for (size_t i = 0; i < vec.size(); i++) { + result[i] = vec[i]; + } + return result; +} + int32_t AtManagerImpl::VerifyAccessTokenSync(unsigned int tokenID, const char* cPermissionName) { LOGI("ACCESS_CTRL_TEST::AtManagerImpl::VerifyAccessTokenSync START"); @@ -356,16 +367,19 @@ int32_t AtManagerImpl::UnregisterPermStateChangeCallback( return CJ_OK; } -static void fillRequestResult(CArrString& permissions, CArrI32& authResults, std::vector permissionList, - std::vector permissionsState) +static void fillRequestResult(CPermissionRequestResult& retData, std::vector permissionList, + std::vector permissionsState, std::vector dialogShownResults) { - permissions.size = (int64_t)permissionList.size(); - permissions.head = VectorToCArrString(permissionList); - if (permissions.head == nullptr) { + retData.permissions.size = static_cast(permissionList.size()); + retData.permissions.head = VectorToCArrString(permissionList); + if (retData.permissions.head == nullptr) { return; } - authResults.size = (int64_t)permissionsState.size(); - authResults.head = VectorToCArrInt32(permissionsState); + retData.authResults.size = static_cast(permissionsState.size()); + retData.authResults.head = VectorToCArrInt32(permissionsState); + + retData.dialogShownResults.size = static_cast(dialogShownResults.size()); + retData.dialogShownResults.head = VectorToCArrBool(dialogShownResults); } static void UpdateGrantPermissionResultOnly(const std::vector& permissions, @@ -383,22 +397,21 @@ void AuthorizationResult::GrantResultsCallback(const std::vector& p const std::vector& grantResults) { LOGI("AuthorizationResult::GrantResultsCallback"); - RetDataCPermissionRequestResult ret = { .code = ERR_INVALID_INSTANCE_CODE, - .data = { .permissions = {.head = nullptr, .size = 0}, .authResults = {.head = nullptr, .size = 0} }}; - fillRequestResult(ret.data.permissions, ret.data.authResults, permissions, grantResults); + RetDataCPermissionRequestResult ret{}; + fillRequestResult(ret.data, permissions, grantResults, this->data_->dialogShownResults); ret.code = AT_PERM_OPERA_SUCC; - callbackRef_(ret); + data_->callbackRef(ret); } static int32_t StartServiceExtension(std::shared_ptr& asyncContext) { - sptr remoteObject = new (std::nothrow) AuthorizationResult(asyncContext->callbackRef); + sptr remoteObject = new (std::nothrow) AuthorizationResult(asyncContext); if (remoteObject == nullptr) { return CjErrorCode::CJ_ERROR_INNER; } - + AAFwk::Want want; - want.SetElementName(GRANT_ABILITY_BUNDLE_NAME, GRANT_ABILITY_ABILITY_NAME); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.grantServiceAbilityName); want.SetParam(PERMISSION_KEY, asyncContext->permissionList); want.SetParam(STATE_KEY, asyncContext->permissionsState); want.SetParam(TOKEN_KEY, asyncContext->abilityContext->GetToken()); @@ -498,9 +511,8 @@ static void GrantResultsCallbackUI(const std::vector& permissionLis // only permissions which need to grant change the result, other keey as GetSelfPermissionsState result std::vector newGrantResults; UpdateGrantPermissionResultOnly(permissionList, permissionStates, data->permissionsState, newGrantResults); - RetDataCPermissionRequestResult ret = { .code = ERR_INVALID_INSTANCE_CODE, - .data = { .permissions = {.head = nullptr, .size = 0}, .authResults = {.head = nullptr, .size = 0} }}; - fillRequestResult(ret.data.permissions, ret.data.authResults, permissionList, newGrantResults); + RetDataCPermissionRequestResult ret{}; + fillRequestResult(ret.data, permissionList, newGrantResults, data->dialogShownResults); ret.code = AT_PERM_OPERA_SUCC; data->callbackRef(ret); } @@ -634,8 +646,11 @@ static int32_t StartUIExtension(std::shared_ptr asyncContex void AtManagerImpl::RequestPermissionsFromUser(OHOS::AbilityRuntime::Context* context, CArrString cPermissionList, const std::function& callbackRef) { - RetDataCPermissionRequestResult ret = { .code = ERR_INVALID_INSTANCE_CODE, .data = { - .permissions = {.head = nullptr, .size = 0}, .authResults = {.head = nullptr, .size = 0} } }; + RetDataCPermissionRequestResult ret = { .code = ERR_INVALID_INSTANCE_CODE, + .data = { + .permissions = { .head = nullptr, .size = 0 }, + .authResults = { .head = nullptr, .size = 0 }, + .dialogShownResults = { .head = nullptr, .size = 0 } } }; // use handle to protect asyncContext std::shared_ptr asyncContext = std::make_shared(); if (!ParseRequestPermissionFromUser(context, cPermissionList, callbackRef, asyncContext)) { @@ -654,9 +669,10 @@ void AtManagerImpl::RequestPermissionsFromUser(OHOS::AbilityRuntime::Context* co callbackRef(ret); return; } - if (!IsDynamicRequest(asyncContext->permissionList, asyncContext->permissionsState, asyncContext->info)) { - fillRequestResult(ret.data.permissions, ret.data.authResults, asyncContext->permissionList, - asyncContext->permissionsState); + if (!IsDynamicRequest(asyncContext->permissionList, asyncContext->permissionsState, + asyncContext->dialogShownResults, asyncContext->info)) { + fillRequestResult(ret.data, asyncContext->permissionList, asyncContext->permissionsState, + asyncContext->dialogShownResults); ret.code = CJ_OK; callbackRef(ret); return; @@ -838,7 +854,7 @@ bool AtManagerImpl::IsExistRegister(const RegisterPermStateChangeInfo* registerP std::vector targetTokenIDs = targetScopeInfo.tokenIDs; std::vector targetPermList = targetScopeInfo.permList; std::lock_guard lock(g_lockForPermStateChangeRegisters); - + for (const auto& item : g_permStateChangeRegisters) { PermStateChangeScope scopeInfo; item->subscriber->GetScope(scopeInfo); @@ -885,7 +901,7 @@ bool AtManagerImpl::IsExistRegister(const RegisterPermStateChangeInfo* registerP } bool AtManagerImpl::IsDynamicRequest(const std::vector& permissions, - std::vector& permissionsState, PermissionGrantInfo& info) + std::vector& permissionsState, std::vector& dialogShownResults, PermissionGrantInfo& info) { std::vector permList; for (const auto& permission : permissions) { @@ -904,6 +920,7 @@ bool AtManagerImpl::IsDynamicRequest(const std::vector& permissions LOGI("permissions: %{public}s. permissionsState: %{public}u", permState.permissionName.c_str(), permState.state); permissionsState.emplace_back(permState.state); + dialogShownResults.emplace_back(permState.state == TypePermissionOper::DYNAMIC_OPER); } if (permList.size() != permissions.size()) { LOGE("Returned permList size: %{public}zu.", permList.size()); diff --git a/interfaces/kits/cj/accesstoken/src/request_global_switch_on_setting.cpp b/interfaces/kits/cj/accesstoken/src/request_global_switch_on_setting.cpp new file mode 100644 index 0000000000000000000000000000000000000000..cc7e96d7bff384f70722f980296f1e8acf713031 --- /dev/null +++ b/interfaces/kits/cj/accesstoken/src/request_global_switch_on_setting.cpp @@ -0,0 +1,282 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "request_global_switch_on_setting.h" +#include "ability_access_ctrl_common.h" +#include "ability.h" +#include "access_token.h" +#include "macro.h" +#include "token_setproc.h" +#include "want.h" + +using namespace OHOS::FFI; +using OHOS::Security::AccessToken::AccessTokenID; +using OHOS::Security::AccessToken::AccessTokenKit; + +namespace OHOS { +namespace CJSystemapi { +namespace { +const std::string GLOBAL_SWITCH_KEY = "ohos.user.setting.global_switch"; +const std::string GLOBAL_SWITCH_RESULT_KEY = "ohos.user.setting.global_switch.result"; + +// error code from dialog of global switch +const int32_t RET_SUCCESS = 0; +const int32_t REQUEST_REALDY_EXIST = 1; +const int32_t GLOBAL_TYPE_IS_NOT_SUPPORT = 2; +const int32_t SWITCH_IS_ALREADY_OPEN = 3; + +std::mutex g_lockFlag; +} + +extern "C" { +static int32_t TransferToCJErrorCode(int32_t errCode) +{ + int32_t cjCode = CJ_OK; + switch (errCode) { + case RET_SUCCESS: + cjCode = CJ_OK; + break; + case REQUEST_REALDY_EXIST: + cjCode = CJ_ERROR_REQUEST_IS_ALREADY_EXIST; + break; + case GLOBAL_TYPE_IS_NOT_SUPPORT: + cjCode = CJ_ERROR_PARAM_INVALID; + break; + case SWITCH_IS_ALREADY_OPEN: + cjCode = CJ_ERROR_GLOBAL_SWITCH_IS_ALREADY_OPEN; + break; + default: + cjCode = CJ_ERROR_INNER; + break; + } + return cjCode; +} + +void SwitchOnSettingUICallback::ReleaseHandler(int32_t code) +{ + { + std::lock_guard lock(g_lockFlag); + if (this->reqContext_->releaseFlag) { + return; + } + this->reqContext_->releaseFlag = true; + } + Ace::UIContent* uiContent = nullptr; + if (this->reqContext_->uiAbilityFlag) { + uiContent = this->reqContext_->abilityContext->GetUIContent(); + } else { + uiContent = this->reqContext_->uiExtensionContext->GetUIContent(); + } + if (uiContent != nullptr) { + LOGI("Close uiextension component"); + uiContent->CloseModalUIExtension(this->sessionId_); + } + if (code == 0) { // the dialog terminate normally + return; + } + LOGE("ReleaseHandler exception: %{public}d", code); + RetDataBool ret = {.code = code, .data = this->reqContext_->switchStatus}; + this->reqContext_->callbackRef(ret); +} + +SwitchOnSettingUICallback::SwitchOnSettingUICallback(const std::shared_ptr& reqContext) +{ + this->reqContext_ = reqContext; +} + +SwitchOnSettingUICallback::~SwitchOnSettingUICallback() +{} + +void SwitchOnSettingUICallback::SetSessionId(int32_t sessionId) +{ + this->sessionId_ = sessionId; +} + +/* + * when UIExtensionAbility disconnect or use terminate or process die + * releaseCode is 0 when process normal exit + */ +void SwitchOnSettingUICallback::OnRelease(int32_t releaseCode) +{ + LOGI("OnRelease releaseCode is %{public}d", releaseCode); + ReleaseHandler(releaseCode); +} + +/* + * when UIExtensionAbility use terminateSelfWithResult + */ +void SwitchOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Want& result) +{ + this->reqContext_->errorCode = result.GetIntParam(RESULT_ERROR_KEY, -1); + this->reqContext_->switchStatus = result.GetBoolParam(GLOBAL_SWITCH_RESULT_KEY, false); + LOGI("ResultCode is %{public}d, errorCode=%{public}d, switchStatus=%{public}d", + resultCode, this->reqContext_->errorCode, this->reqContext_->switchStatus); + + int32_t cjErrorCode = TransferToCJErrorCode(this->reqContext_->errorCode); + RetDataBool ret = {.code = cjErrorCode, .data = this->reqContext_->switchStatus}; + this->reqContext_->callbackRef(ret); + ReleaseHandler(0); +} + +/* + * when UIExtensionAbility send message to UIExtensionComponent + */ +void SwitchOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) +{ + LOGI("OnReceive called!"); +} + +/* + * when UIExtensionComponent init or turn to background or destroy UIExtensionAbility occur error + */ +void SwitchOnSettingUICallback::OnError(int32_t code, const std::string& name, const std::string& message) +{ + LOGE("OnError: code is %{public}d, name is %{public}s, message is %{public}s", + code, name.c_str(), message.c_str()); + ReleaseHandler(code); +} + +/* + * when UIExtensionComponent connect to UIExtensionAbility, ModalUIExtensionProxy will init, + * UIExtensionComponent can send message to UIExtensionAbility by ModalUIExtensionProxy + */ +void SwitchOnSettingUICallback::OnRemoteReady(const std::shared_ptr& uiProxy) +{ + LOGI("Connect to UIExtensionAbility successfully."); +} + +/* + * when UIExtensionComponent destructed + */ +void SwitchOnSettingUICallback::OnDestroy() +{ + LOGI("UIExtensionAbility destructed."); +} + +static Ace::ModalUIExtensionCallbacks BindCallbacks(std::shared_ptr uiExtCallback) +{ + Ace::ModalUIExtensionCallbacks uiExtensionCallbacks = { + [uiExtCallback](int32_t releaseCode) { + uiExtCallback->OnRelease(releaseCode); + }, + [uiExtCallback](int32_t resultCode, const OHOS::AAFwk::Want& result) { + uiExtCallback->OnResult(resultCode, result); + }, + [uiExtCallback](const OHOS::AAFwk::WantParams& request) { + uiExtCallback->OnReceive(request); + }, + [uiExtCallback](int32_t code, const std::string& name, [[maybe_unused]]const std::string& message) { + uiExtCallback->OnError(code, name, name); + }, + [uiExtCallback](const std::shared_ptr& uiProxy) { + uiExtCallback->OnRemoteReady(uiProxy); + }, + [uiExtCallback] { + uiExtCallback->OnDestroy(); + }, + }; + return uiExtensionCallbacks; +} + +static int32_t CreateUIExtension(const Want &want, std::shared_ptr asyncContext) +{ + if (asyncContext == nullptr) { + return CJ_ERROR_INNER; + } + Ace::UIContent* uiContent = nullptr; + if (asyncContext->uiAbilityFlag) { + uiContent = asyncContext->abilityContext->GetUIContent(); + } else { + uiContent = asyncContext->uiExtensionContext->GetUIContent(); + } + + if (uiContent == nullptr) { + LOGE("Get ui content failed."); + return CJ_ERROR_PARAM_INVALID; + } + auto uiExtCallback = std::make_shared(asyncContext); + auto uiExtensionCallbacks = BindCallbacks(uiExtCallback); + Ace::ModalUIExtensionConfig config; + config.isProhibitBack = true; + int32_t sessionId = uiContent->CreateModalUIExtension(want, uiExtensionCallbacks, config); + if (sessionId == 0) { + LOGE("CreateModalUIExtension failed."); + return CJ_ERROR_INNER; + } + uiExtCallback->SetSessionId(sessionId); + return CJ_OK; +} + +static int32_t StartUIExtension(std::shared_ptr asyncContext) +{ + AAFwk::Want want; + AccessTokenKit::GetPermissionManagerInfo(asyncContext->info); + LOGI("bundleName: %{public}s, globalSwitchAbilityName: %{public}s.", + asyncContext->info.grantBundleName.c_str(), asyncContext->info.globalSwitchAbilityName.c_str()); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.globalSwitchAbilityName); + want.SetParam(GLOBAL_SWITCH_KEY, asyncContext->switchType); + want.SetParam(EXTENSION_TYPE_KEY, UI_EXTENSION_TYPE); + return CreateUIExtension(want, asyncContext); +} + +void FfiRequestGlobalSwitchOnSetting::RequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, int32_t switchType, + const std::function& callbackRef) +{ + RetDataBool ret = {.code = CJ_ERROR_INNER, .data = false}; + std::shared_ptr asyncContext = std::make_shared(); + if (!ParseRequestGlobalSwitch(context, asyncContext)) { + LOGE("RequestGlobalSwitch param invalid."); + ret.code = CJ_ERROR_PARAM_INVALID; + callbackRef(ret); + return; + } + asyncContext->switchType = switchType; + asyncContext->callbackRef = callbackRef; + + int32_t result = StartUIExtension(asyncContext); + ret.code = result; + if (result != CJ_OK) { + callbackRef(ret); + } + return; +} + +bool FfiRequestGlobalSwitchOnSetting::ParseRequestGlobalSwitch(OHOS::AbilityRuntime::Context* context, + const std::shared_ptr& asyncContext) +{ + AccessTokenID tokenID = 0; + auto contextSharedPtr = context->shared_from_this(); + asyncContext->abilityContext = AbilityRuntime::Context::ConvertTo(contextSharedPtr); + if (asyncContext->abilityContext != nullptr) { + asyncContext->uiAbilityFlag = true; + tokenID = asyncContext->abilityContext->GetApplicationInfo()->accessTokenId; + } else { + asyncContext->uiExtensionContext = + AbilityRuntime::Context::ConvertTo(contextSharedPtr); + if (asyncContext->uiExtensionContext == nullptr) { + LOGE("Convert to ui extension context failed"); + return false; + } + tokenID = asyncContext->uiExtensionContext->GetApplicationInfo()->accessTokenId; + } + if (tokenID != static_cast(GetSelfTokenID())) { + LOGE("tokenID error"); + return false; + } + return true; +} +} +} // namespace CJSystemapi +} // namespace OHOS diff --git a/interfaces/kits/cj/accesstoken/src/request_permission_on_setting.cpp b/interfaces/kits/cj/accesstoken/src/request_permission_on_setting.cpp new file mode 100644 index 0000000000000000000000000000000000000000..42d816f86f42f6d286beaf2458802a5ea30c6a94 --- /dev/null +++ b/interfaces/kits/cj/accesstoken/src/request_permission_on_setting.cpp @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "request_permission_on_setting.h" +#include "ability_access_ctrl_common.h" +#include "ability.h" +#include "access_token.h" +#include "macro.h" +#include "token_setproc.h" +#include "want.h" + +using namespace OHOS::FFI; +using OHOS::Security::AccessToken::AccessTokenID; +using OHOS::Security::AccessToken::AccessTokenKit; + +namespace OHOS { +namespace CJSystemapi { +namespace { +const std::string PERMISSION_KEY = "ohos.user.setting.permission"; +const std::string PERMISSION_RESULT_KEY = "ohos.user.setting.permission.result"; + +// error code from dialog +const int32_t RET_SUCCESS = 0; +const int32_t REQUEST_REALDY_EXIST = 1; +const int32_t PERM_NOT_BELONG_TO_SAME_GROUP = 2; +const int32_t PERM_IS_NOT_DECLARE = 3; +const int32_t ALL_PERM_GRANTED = 4; +const int32_t PERM_REVOKE_BY_USER = 5; + +std::mutex g_lockFlag; +} // namespace + +extern "C" { +static int32_t TransferToCJErrorCode(int32_t errCode) +{ + int32_t cjCode = CJ_OK; + switch (errCode) { + case RET_SUCCESS: + cjCode = CJ_OK; + break; + case REQUEST_REALDY_EXIST: + cjCode = CJ_ERROR_REQUEST_IS_ALREADY_EXIST; + break; + case PERM_NOT_BELONG_TO_SAME_GROUP: + cjCode = CJ_ERROR_PARAM_INVALID; + break; + case PERM_IS_NOT_DECLARE: + cjCode = CJ_ERROR_PARAM_INVALID; + break; + case ALL_PERM_GRANTED: + cjCode = CJ_ERROR_ALL_PERM_GRANTED; + break; + case PERM_REVOKE_BY_USER: + cjCode = CJ_ERROR_PERM_REVOKE_BY_USER; + break; + default: + cjCode = CJ_ERROR_INNER; + break; + } + return cjCode; +} + +void PermissonOnSettingUICallback::ReleaseHandler(int32_t code) +{ + { + std::lock_guard lock(g_lockFlag); + if (this->reqContext_->releaseFlag) { + return; + } + this->reqContext_->releaseFlag = true; + } + Ace::UIContent* uiContent = nullptr; + if (this->reqContext_->uiAbilityFlag) { + uiContent = this->reqContext_->abilityContext->GetUIContent(); + } else { + uiContent = this->reqContext_->uiExtensionContext->GetUIContent(); + } + if (uiContent != nullptr) { + LOGI("Close uiextension component"); + uiContent->CloseModalUIExtension(this->sessionId_); + } + if (code == 0) { // dialog terminate normally + return; + } + LOGI("ReleaseHandler code %{public}d", code); + RetDataCArrI32 retArr = {.code = code, .data = {.head = nullptr, .size = 0}}; + this->reqContext_->callbackRef(retArr); +} + +PermissonOnSettingUICallback::PermissonOnSettingUICallback( + const std::shared_ptr& reqContext) +{ + this->reqContext_ = reqContext; +} + +PermissonOnSettingUICallback::~PermissonOnSettingUICallback() +{} + +void PermissonOnSettingUICallback::SetSessionId(int32_t sessionId) +{ + this->sessionId_ = sessionId; +} + +/* + * when UIExtensionAbility use terminateSelfWithResult + */ +void PermissonOnSettingUICallback::OnResult(int32_t resultCode, const AAFwk::Want& result) +{ + this->reqContext_->errorCode = result.GetIntParam(RESULT_ERROR_KEY, 0); + this->reqContext_->stateList = result.GetIntArrayParam(PERMISSION_RESULT_KEY); + LOGI("ResultCode is %{public}d, errorCode=%{public}d, listSize=%{public}zu", + resultCode, this->reqContext_->errorCode, this->reqContext_->stateList.size()); + ReleaseHandler(0); + RetDataCArrI32 retArr = {.code = CJ_OK, .data = {.head = nullptr, .size = 0}}; + if (this->reqContext_->errorCode != 0) { + retArr.code = TransferToCJErrorCode(this->reqContext_->errorCode); + this->reqContext_->callbackRef(retArr); + return; + } + + auto size = this->reqContext_->stateList.size(); + if (size <= 0) { + LOGE("StateList empty"); + retArr.code = CJ_ERROR_INNER; + this->reqContext_->callbackRef(retArr); + return; + } + auto arr = static_cast(malloc(sizeof(int32_t) * size)); + if (!arr) { + LOGE("Array malloc failed"); + retArr.code = CJ_ERROR_INNER; + this->reqContext_->callbackRef(retArr); + return; + } + + for (int i = 0; i < static_cast(size); i++) { + arr[i] = this->reqContext_->stateList[i]; + } + retArr.data.head = arr; + retArr.data.size = static_cast(size); + this->reqContext_->callbackRef(retArr); +} + +/* + * when UIExtensionAbility send message to UIExtensionComponent + */ +void PermissonOnSettingUICallback::OnReceive(const AAFwk::WantParams& receive) +{ + LOGI("OnReceive Called!"); +} + +/* + * when UIExtensionAbility disconnect or use terminate or process die + * releaseCode is 0 when process normal exit + */ +void PermissonOnSettingUICallback::OnRelease(int32_t releaseCode) +{ + LOGI("releaseCode is %{public}d", releaseCode); + ReleaseHandler(releaseCode); +} + +/* + * when UIExtensionComponent init or turn to background or destroy UIExtensionAbility occur error + */ +void PermissonOnSettingUICallback::OnError(int32_t code, const std::string& name, const std::string& message) +{ + LOGE("OnError: code is %{public}d, name is %{public}s, message is %{public}s", + code, name.c_str(), message.c_str()); + ReleaseHandler(code); +} + +/* + * when UIExtensionComponent connect to UIExtensionAbility, ModalUIExtensionProxy will init, + * UIExtensionComponent can send message to UIExtensionAbility by ModalUIExtensionProxy + */ +void PermissonOnSettingUICallback::OnRemoteReady(const std::shared_ptr& uiProxy) +{ + LOGI("Connect to UIExtensionAbility successfully."); +} + +/* + * when UIExtensionComponent destructed + */ +void PermissonOnSettingUICallback::OnDestroy() +{ + LOGI("UIExtensionAbility destructed."); +} + +static Ace::ModalUIExtensionCallbacks BindCallbacks(std::shared_ptr uiExtCallback) +{ + Ace::ModalUIExtensionCallbacks uiExtensionCallbacks = { + [uiExtCallback](int32_t releaseCode) { + uiExtCallback->OnRelease(releaseCode); + }, + [uiExtCallback](int32_t resultCode, const OHOS::AAFwk::Want& result) { + uiExtCallback->OnResult(resultCode, result); + }, + [uiExtCallback](const OHOS::AAFwk::WantParams& request) { + uiExtCallback->OnReceive(request); + }, + [uiExtCallback](int32_t code, const std::string& name, [[maybe_unused]]const std::string& message) { + uiExtCallback->OnError(code, name, name); + }, + [uiExtCallback](const std::shared_ptr& uiProxy) { + uiExtCallback->OnRemoteReady(uiProxy); + }, + [uiExtCallback] { + uiExtCallback->OnDestroy(); + }, + }; + return uiExtensionCallbacks; +} + +static int32_t CreateUIExtension(const Want &want, std::shared_ptr asyncContext) +{ + if (asyncContext == nullptr) { + return CJ_ERROR_INNER; + } + Ace::UIContent* uiContent = nullptr; + if (asyncContext->uiAbilityFlag) { + uiContent = asyncContext->abilityContext->GetUIContent(); + } else { + uiContent = asyncContext->uiExtensionContext->GetUIContent(); + } + if (uiContent == nullptr) { + LOGE("Get ui content failed!"); + return CJ_ERROR_INNER; + } + auto uiExtCallback = std::make_shared(asyncContext); + auto uiExtensionCallbacks = BindCallbacks(uiExtCallback); + Ace::ModalUIExtensionConfig config; + config.isProhibitBack = true; + int32_t sessionId = uiContent->CreateModalUIExtension(want, uiExtensionCallbacks, config); + if (sessionId == 0) { + LOGE("SessionId invalid"); + return CJ_ERROR_INNER; + } + uiExtCallback->SetSessionId(sessionId); + return CJ_OK; +} + +static int32_t StartUIExtension(std::shared_ptr asyncContext) +{ + AAFwk::Want want; + AccessTokenKit::GetPermissionManagerInfo(asyncContext->info); + LOGI("bundleName: %{public}s, permStateAbilityName: %{public}s.", + asyncContext->info.grantBundleName.c_str(), asyncContext->info.permStateAbilityName.c_str()); + want.SetElementName(asyncContext->info.grantBundleName, asyncContext->info.permStateAbilityName); + want.SetParam(PERMISSION_KEY, asyncContext->permissionList); + want.SetParam(EXTENSION_TYPE_KEY, UI_EXTENSION_TYPE); + return CreateUIExtension(want, asyncContext); +} + +void FfiRequestPermissionOnSetting::RequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, + CArrString cPermissionList, const std::function& callbackRef) +{ + RetDataCArrI32 retArr = {.code = CJ_OK, .data = {.head = nullptr, .size = 0}}; + std::shared_ptr asyncContext = + std::make_shared(); + if (!ParseRequestPermissionOnSetting(context, cPermissionList, asyncContext)) { + LOGE("Param invalid"); + retArr.code = CJ_ERROR_PARAM_INVALID; + callbackRef(retArr); + return; + } + asyncContext->callbackRef = callbackRef; + + int32_t result = StartUIExtension(asyncContext); + if (result != CJ_OK) { + LOGE("Start UI failed, result %{public}d", result); + retArr.code = result; + callbackRef(retArr); + } + return; +} + +bool FfiRequestPermissionOnSetting::ParseRequestPermissionOnSetting(OHOS::AbilityRuntime::Context* context, + CArrString cPermissionList, const std::shared_ptr& asyncContext) +{ + AccessTokenID tokenID = 0; + auto contextSharedPtr = context->shared_from_this(); + asyncContext->abilityContext = AbilityRuntime::Context::ConvertTo(contextSharedPtr); + if (asyncContext->abilityContext != nullptr) { + asyncContext->uiAbilityFlag = true; + tokenID = asyncContext->abilityContext->GetApplicationInfo()->accessTokenId; + } else { + asyncContext->uiExtensionContext = + AbilityRuntime::Context::ConvertTo(contextSharedPtr); + if (asyncContext->uiExtensionContext == nullptr) { + LOGE("Convert to ui extension context failed"); + return false; + } + tokenID = asyncContext->uiExtensionContext->GetApplicationInfo()->accessTokenId; + } + if (tokenID != static_cast(GetSelfTokenID())) { + LOGE("tokenID invalid"); + return false; + } + + // check PermissionList + if (cPermissionList.size == 0) { + LOGE("PermissionList is empty"); + return false; + } + + std::vector permList; + for (int64_t i = 0; i < cPermissionList.size; i++) { + permList.emplace_back(std::string(cPermissionList.head[i])); + } + asyncContext->permissionList = permList; + return true; +} +} +} // namespace CJSystemapi +} // namespace OHOS diff --git a/interfaces/kits/cj/screenlockfilemanager/BUILD.gn b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ff1dd353da3acd269671ed34c0c4f0326ea1f6f3 --- /dev/null +++ b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn @@ -0,0 +1,59 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../../access_token.gni") + +config("cj_screen_lock_file_manager_ffi_config") { + include_dirs = [ "include" ] +} + +ohos_shared_library("cj_screen_lock_file_manager_ffi") { + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + include_dirs = [ + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", + "${access_token_path}/interfaces/inner_api/el5filekeymanager/include", + "${access_token_path}/interfaces/kits/cj/access_token/include", + ] + + if (!defined(defines)) { + defines = [] + } + + sources = [ "src/screen_lock_file_manager_ffi.cpp" ] + + deps = [ "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + "napi:cj_bind_ffi", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + public_configs = [ ":cj_screen_lock_file_manager_ffi_config" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + innerapi_tags = [ "platformsdk" ] + subsystem_name = "security" + part_name = "access_token" +} diff --git a/test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/getnativetokenname_fuzzer.h b/interfaces/kits/cj/screenlockfilemanager/include/screen_lock_file_manager_ffi.h similarity index 67% rename from test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/getnativetokenname_fuzzer.h rename to interfaces/kits/cj/screenlockfilemanager/include/screen_lock_file_manager_ffi.h index 9f085f572ee7065edf2fe06b2dcc8e4e88fec8fc..67e539b777bcf0dd244f197bbf41f8a5f6051c2f 100644 --- a/test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/getnativetokenname_fuzzer.h +++ b/interfaces/kits/cj/screenlockfilemanager/include/screen_lock_file_manager_ffi.h @@ -13,16 +13,16 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_GETNATIVETOKENNAME_FUZZER_H -#define TEST_FUZZTEST_GETNATIVETOKENNAME_FUZZER_H +#ifndef OHOS_SCREEN_LOCK_FILE_MGR_FFI_H +#define OHOS_SCREEN_LOCK_FILE_MGR_FFI_H -#include -#include #include -#include -#include -#include -#define FUZZ_PROJECT_NAME "getnativetokenname_fuzzer" +#include "cj_common_ffi.h" -#endif // TEST_FUZZTEST_GETNATIVETOKENNAME_FUZZER_H +extern "C" { + FFI_EXPORT int32_t FfiOHOSScreenLockFileManagerAcquireAccess(); + FFI_EXPORT int32_t FfiOHOSScreenLockFileManagerReleaseAccess(); +} + +#endif // OHOS_SCREEN_LOCK_FILE_MGR_FFI_H \ No newline at end of file diff --git a/interfaces/kits/cj/screenlockfilemanager/src/screen_lock_file_manager_ffi.cpp b/interfaces/kits/cj/screenlockfilemanager/src/screen_lock_file_manager_ffi.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3d38676540bb6f5f0cf6c6a4466a1dd9b430e896 --- /dev/null +++ b/interfaces/kits/cj/screenlockfilemanager/src/screen_lock_file_manager_ffi.cpp @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "screen_lock_file_manager_ffi.h" +#include "data_lock_type.h" +#include "el5_filekey_manager_kit.h" + +using namespace OHOS::Security::AccessToken; + +namespace OHOS { +namespace CJSystemapi { +namespace ScreenLockFileManager { + +extern "C" { +int32_t FfiOHOSScreenLockFileManagerAcquireAccess() +{ + return El5FilekeyManagerKit::AcquireAccess(DEFAULT_DATA); +} + +int32_t FfiOHOSScreenLockFileManagerReleaseAccess() +{ + return El5FilekeyManagerKit::ReleaseAccess(DEFAULT_DATA); +} +} +} // namespace ScreenLockFileManager +} // namespace CJSystemapi +} // namespace OHOS diff --git a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h b/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h similarity index 88% rename from interfaces/kits/accesstoken/napi/include/napi_atmanager.h rename to interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h index daff7e4df1c4b39a207ab0c72e8a099e694f8fb3..d36729b2795319dafb075653e42e271230ac8985 100644 --- a/interfaces/kits/accesstoken/napi/include/napi_atmanager.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h @@ -85,6 +85,16 @@ struct AtManagerAsyncContext : public AtManagerAsyncWorkData { int32_t errorCode = 0; }; +struct AtManagerSyncContext { + explicit AtManagerSyncContext() {} + + napi_env env = nullptr; + AccessTokenID tokenId = 0; + std::string permissionName; + int32_t result = RET_FAILED; + int32_t errorCode = 0; +}; + struct PermissionStatusCache { int32_t status; std::string paramValue; @@ -113,9 +123,12 @@ private: static napi_value GetVersion(napi_env env, napi_callback_info info); static napi_value SetPermissionRequestToggleStatus(napi_env env, napi_callback_info info); static napi_value GetPermissionRequestToggleStatus(napi_env env, napi_callback_info info); + static napi_value RequestAppPermOnSetting(napi_env env, napi_callback_info info); static bool ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info, AtManagerAsyncContext& asyncContext); + static bool ParseInputVerifyPermissionSync(const napi_env env, const napi_callback_info info, + AtManagerSyncContext& syncContext); static bool ParseInputSetToggleStatus(const napi_env env, const napi_callback_info info, AtManagerAsyncContext& asyncContext); static bool ParseInputGetToggleStatus(const napi_env env, const napi_callback_info info, @@ -138,14 +151,20 @@ private: static void SetPermissionRequestToggleStatusComplete(napi_env env, napi_status status, void *data); static void GetPermissionRequestToggleStatusExecute(napi_env env, void *data); static void GetPermissionRequestToggleStatusComplete(napi_env env, napi_status status, void *data); + static void RequestAppPermOnSettingExecute(napi_env env, void *data); + static void RequestAppPermOnSettingComplete(napi_env env, napi_status status, void *data); static void SetNamedProperty(napi_env env, napi_value dstObj, const int32_t objValue, const char *propName); static void CreateObjects(napi_env env, napi_value exports); + static bool GetPermStateChangeType(const napi_env env, const size_t argc, const napi_value* argv, + std::string& type); static bool FillPermStateChangeInfo(const napi_env env, const napi_value* argv, const std::string& type, const napi_value thisVar, RegisterPermStateChangeInfo& registerPermStateChangeInfo); static bool ParseInputToRegister(const napi_env env, const napi_callback_info cbInfo, RegisterPermStateChangeInfo& registerPermStateChangeInfo); static napi_value RegisterPermStateChangeCallback(napi_env env, napi_callback_info cbInfo); static bool IsExistRegister(const napi_env env, const RegisterPermStateChangeInfo* registerPermStateChangeInfo); + static bool FillPermStateChangeScope(const napi_env env, const napi_value* argv, + const std::string& type, PermStateChangeScope& scopeInfo); static bool ParseInputToUnregister(const napi_env env, napi_callback_info cbInfo, UnregisterPermStateChangeInfo& unregisterPermStateChangeInfo); static napi_value UnregisterPermStateChangeCallback(napi_env env, napi_callback_info cbInfo); @@ -154,7 +173,7 @@ private: static void DeleteRegisterFromVector(const PermStateChangeScope& scopeInfo, const napi_env env, napi_ref subscriberRef); static std::string GetPermParamValue(); - static void UpdatePermissionCache(AtManagerAsyncContext* asyncContext); + static void UpdatePermissionCache(AtManagerSyncContext* syncContext); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/accesstoken/napi/include/napi_context_common.h b/interfaces/kits/js/napi/accesstoken/include/napi_context_common.h similarity index 100% rename from interfaces/kits/accesstoken/napi/include/napi_context_common.h rename to interfaces/kits/js/napi/accesstoken/include/napi_context_common.h diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h new file mode 100644 index 0000000000000000000000000000000000000000..2578f88ab1cea5dff2fe6b87f9568b9131b903f1 --- /dev/null +++ b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H +#define ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum ReqPermFromUserErrorCode { + TOKENID_INCONSISTENCY = 0, + ABILITY_FLAG_ERROR = 1, + GET_UI_CONTENT_FAILED = 2, + CREATE_MODAL_UI_FAILED = 3, + TRIGGER_RELEASE = 4, + TRIGGER_ONERROR = 5, + TRIGGER_DESTROY = 6, +}; +enum VerifyAccessTokenEventCode { + VERIFY_TOKENID_INCONSISTENCY = 0, +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_global_switch_on_setting.h b/interfaces/kits/js/napi/accesstoken/include/napi_request_global_switch_on_setting.h similarity index 95% rename from interfaces/kits/accesstoken/napi/include/napi_request_global_switch_on_setting.h rename to interfaces/kits/js/napi/accesstoken/include/napi_request_global_switch_on_setting.h index e880776f2c17fedcbbf98a3eb885ad82c58601c6..76f9a1989e7af94161761bc02745b8c74cb4b133 100644 --- a/interfaces/kits/accesstoken/napi/include/napi_request_global_switch_on_setting.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_request_global_switch_on_setting.h @@ -15,6 +15,10 @@ #ifndef INTERFACES_ACCESSTOKEN_KITS_NAPI_REQUEST_GLOBAL_SWITCHN_ON_SETTING_H #define INTERFACES_ACCESSTOKEN_KITS_NAPI_REQUEST_GLOBAL_SWITCHN_ON_SETTING_H +#ifdef EVENTHANDLER_ENABLE +#include "event_handler.h" +#include "event_queue.h" +#endif #include "napi_context_common.h" #include "permission_grant_info.h" #include "ui_content.h" @@ -47,6 +51,9 @@ struct RequestGlobalSwitchAsyncContext : public AtManagerAsyncWorkData { std::shared_ptr uiExtensionContext; bool uiAbilityFlag = false; bool releaseFlag = false; +#ifdef EVENTHANDLER_ENABLE + std::shared_ptr handler_ = nullptr; +#endif }; struct RequestGlobalSwitchAsyncContextHandle { diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_permission.h b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h similarity index 97% rename from interfaces/kits/accesstoken/napi/include/napi_request_permission.h rename to interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h index e04575c29f739754f5b951e410bf3c36be580aa1..8e74fc9548f1abe2f7bb26c711ff6ca7ea77b5f0 100644 --- a/interfaces/kits/accesstoken/napi/include/napi_request_permission.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h @@ -36,12 +36,14 @@ struct RequestAsyncContext : public AtManagerAsyncWorkData { } AccessTokenID tokenId = 0; + std::string bundleName = ""; bool needDynamicRequest = true; int32_t result = RET_SUCCESS; int32_t instanceId = -1; std::vector permissionList; std::vector permissionsState; napi_value requestResult = nullptr; + std::vector errorReasons; std::vector dialogShownResults; std::vector permissionQueryResults; PermissionGrantInfo info; @@ -91,11 +93,13 @@ public: private: int32_t sessionId_ = 0; std::shared_ptr reqContext_ = nullptr; + std::atomic isOnResult_; }; struct ResultCallback { std::vector permissions; std::vector grantResults; + std::vector errorReasons; std::vector dialogShownResults; std::shared_ptr data = nullptr; }; @@ -128,7 +132,6 @@ private: RequestAsyncContext& asyncContext); static void GetPermissionsStatusExecute(napi_env env, void *data); static void GetPermissionsStatusComplete(napi_env env, napi_status status, void *data); - static void StartServiceExtension(std::shared_ptr& asyncContext); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/kits/accesstoken/napi/include/napi_request_permission_on_setting.h b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission_on_setting.h similarity index 94% rename from interfaces/kits/accesstoken/napi/include/napi_request_permission_on_setting.h rename to interfaces/kits/js/napi/accesstoken/include/napi_request_permission_on_setting.h index d9d876f6a6bd6dc46d9e0435b5910e340eeeedeb..7318e28393cce2f8144751b869221b6409c0f197 100644 --- a/interfaces/kits/accesstoken/napi/include/napi_request_permission_on_setting.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission_on_setting.h @@ -15,6 +15,10 @@ #ifndef INTERFACES_ACCESSTOKEN_KITS_NAPI_REQUEST_PERMISSION_ON_SETTING_H #define INTERFACES_ACCESSTOKEN_KITS_NAPI_REQUEST_PERMISSION_ON_SETTING_H +#ifdef EVENTHANDLER_ENABLE +#include "event_handler.h" +#include "event_queue.h" +#endif #include "napi_context_common.h" #include "permission_grant_info.h" #include "ui_content.h" @@ -43,6 +47,9 @@ struct RequestPermOnSettingAsyncContext : public AtManagerAsyncWorkData { std::shared_ptr uiExtensionContext; bool uiAbilityFlag = false; bool releaseFlag = false; +#ifdef EVENTHANDLER_ENABLE + std::shared_ptr handler_ = nullptr; +#endif }; struct RequestOnSettingAsyncContextHandle { diff --git a/interfaces/kits/common/include/napi_common.h b/interfaces/kits/js/napi/common/include/napi_common.h similarity index 100% rename from interfaces/kits/common/include/napi_common.h rename to interfaces/kits/js/napi/common/include/napi_common.h diff --git a/interfaces/kits/common/include/napi_error.h b/interfaces/kits/js/napi/common/include/napi_error.h similarity index 100% rename from interfaces/kits/common/include/napi_error.h rename to interfaces/kits/js/napi/common/include/napi_error.h diff --git a/interfaces/kits/el5filekeymanager/napi/include/el5_filekey_manager_napi.h b/interfaces/kits/js/napi/el5filekeymanager/include/el5_filekey_manager_napi.h similarity index 89% rename from interfaces/kits/el5filekeymanager/napi/include/el5_filekey_manager_napi.h rename to interfaces/kits/js/napi/el5filekeymanager/include/el5_filekey_manager_napi.h index 43df1464dac02dc5644d23e57b5fbeb78c7f77c5..2dfe14844477593fed8062e8bf4a9f0f98af57ae 100644 --- a/interfaces/kits/el5filekeymanager/napi/include/el5_filekey_manager_napi.h +++ b/interfaces/kits/js/napi/el5filekeymanager/include/el5_filekey_manager_napi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -31,6 +31,12 @@ enum ReleaseStatus { RELEASE_GRANTED = 0 }; +enum KeyStatus { + KEY_NOT_EXIST = -2, + KEY_RELEASED = -1, + KEY_EXIST = 0 +}; + /* * function for module exports */ diff --git a/interfaces/kits/privacy/napi/include/napi_context_common.h b/interfaces/kits/js/napi/privacy/include/napi_context_common.h similarity index 97% rename from interfaces/kits/privacy/napi/include/napi_context_common.h rename to interfaces/kits/js/napi/privacy/include/napi_context_common.h index 555e084bff3fc819977da7e0967194d2e4c4c639..59772dc473b7295745b1f9ba3b7e9d15a5f89cff 100644 --- a/interfaces/kits/privacy/napi/include/napi_context_common.h +++ b/interfaces/kits/js/napi/privacy/include/napi_context_common.h @@ -69,7 +69,6 @@ struct PermActiveChangeContext { std::thread::id threadId_; }; -void UvQueueWorkActiveStatusChange(uv_work_t* work, int status); bool ConvertActiveChangeResponse(napi_env env, napi_value value, const ActiveChangeResponse& result); void NotifyChangeResponse(const PermActiveStatusWorker* permActiveStatusData); } // namespace AccessToken diff --git a/interfaces/kits/privacy/napi/include/native_module.h b/interfaces/kits/js/napi/privacy/include/native_module.h similarity index 93% rename from interfaces/kits/privacy/napi/include/native_module.h rename to interfaces/kits/js/napi/privacy/include/native_module.h index 886dbe8318ce4e3d3ff632bcfa4dc2190d67fc4e..3cc60386d64534211c160a05fa8054cd8b7d045a 100644 --- a/interfaces/kits/privacy/napi/include/native_module.h +++ b/interfaces/kits/js/napi/privacy/include/native_module.h @@ -30,6 +30,8 @@ namespace AccessToken { * function for module exports */ static napi_value Init(napi_env env, napi_value exports); + +static void CreateObjects(const napi_env& env, const napi_value& exports); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/kits/privacy/napi/include/permission_record_manager_napi.h b/interfaces/kits/js/napi/privacy/include/permission_record_manager_napi.h similarity index 92% rename from interfaces/kits/privacy/napi/include/permission_record_manager_napi.h rename to interfaces/kits/js/napi/privacy/include/permission_record_manager_napi.h index 36d48ceb83f92d725fd9df945a5286896ca338be..b659614feef914ba81139a99516e9a5f77b89af5 100644 --- a/interfaces/kits/privacy/napi/include/permission_record_manager_napi.h +++ b/interfaces/kits/js/napi/privacy/include/permission_record_manager_napi.h @@ -37,10 +37,12 @@ struct RecordManagerAsyncContext : public PrivacyAsyncWorkData { std::string permissionName; int32_t successCount = 0; int32_t failCount = 0; + int32_t pid = -1; PermissionUsedType type = PermissionUsedType::NORMAL_TYPE; PermissionUsedRequest request; PermissionUsedResult result; int32_t retCode = -1; + bool status = true; }; struct PermissionUsedTypeAsyncContext : public PrivacyAsyncWorkData { @@ -64,6 +66,8 @@ napi_value GetPermissionUsedRecords(napi_env env, napi_callback_info cbinfo); napi_value RegisterPermActiveChangeCallback(napi_env env, napi_callback_info cbInfo); napi_value UnregisterPermActiveChangeCallback(napi_env env, napi_callback_info cbInfo); napi_value GetPermissionUsedTypeInfos(napi_env env, napi_callback_info cbInfo); +napi_value SetPermissionUsedRecordToggleStatus(napi_env env, napi_callback_info cbInfo); +napi_value GetPermissionUsedRecordToggleStatus(napi_env env, napi_callback_info cbinfo); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index d73d33efb05351af16884773a0c6e79e2d9ae089..becae31e7d00d75b97fd7097febfe13c17017620 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -47,21 +47,24 @@ if (is_standard_system) { "${access_token_path}/frameworks/accesstoken/include", "${access_token_path}/frameworks/common/include", "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/interfaces/innerkits/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/tokensync/src", + "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", "${access_token_path}/services/common/utils/include", "main/cpp/include/callback", + "main/cpp/include/database", + "main/cpp/include/dfx", "main/cpp/include/service", "main/cpp/include/form_manager", "main/cpp/include/token", "main/cpp/include/permission", - "main/cpp/include/database", ] include_dirs += access_token_impl_include_dirs @@ -71,28 +74,28 @@ if (is_standard_system) { "main/cpp/src/callback/callback_death_recipients.cpp", "main/cpp/src/callback/callback_manager.cpp", "main/cpp/src/database/access_token_db.cpp", + "main/cpp/src/database/access_token_db_util.cpp", + "main/cpp/src/database/access_token_open_callback.cpp", "main/cpp/src/database/data_translator.cpp", "main/cpp/src/database/token_field_const.cpp", + "main/cpp/src/dfx/hisysevent_adapter.cpp", "main/cpp/src/form_manager/form_instance.cpp", "main/cpp/src/form_manager/form_manager_access_client.cpp", "main/cpp/src/form_manager/form_manager_access_proxy.cpp", "main/cpp/src/form_manager/form_manager_death_recipient.cpp", "main/cpp/src/form_manager/form_status_change_callback.cpp", - "main/cpp/src/form_manager/running_form_info.cpp", + "main/cpp/src/permission/permission_data_brief.cpp", "main/cpp/src/permission/permission_definition_cache.cpp", - "main/cpp/src/permission/permission_definition_parser.cpp", "main/cpp/src/permission/permission_grant_event.cpp", "main/cpp/src/permission/permission_manager.cpp", - "main/cpp/src/permission/permission_policy_set.cpp", "main/cpp/src/permission/permission_validator.cpp", + "main/cpp/src/permission/short_grant_manager.cpp", "main/cpp/src/permission/temp_permission_observer.cpp", "main/cpp/src/service/accesstoken_manager_service.cpp", "main/cpp/src/service/accesstoken_manager_stub.cpp", "main/cpp/src/token/accesstoken_id_manager.cpp", "main/cpp/src/token/accesstoken_info_manager.cpp", "main/cpp/src/token/hap_token_info_inner.cpp", - "main/cpp/src/token/native_token_info_inner.cpp", - "main/cpp/src/token/native_token_receptor.cpp", ] sources += access_token_impl_sources @@ -107,10 +110,7 @@ if (is_standard_system) { if (dlp_permission_enable == true) { cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - sources += [ - "main/cpp/src/permission/dlp_permission_set_manager.cpp", - "main/cpp/src/permission/dlp_permission_set_parser.cpp", - ] + sources += [ "main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } if (build_variant == "user") { @@ -136,11 +136,10 @@ if (is_standard_system) { "hilog:libhilog", "hisysevent:libhisysevent", "init:libbegetutil", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", + "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", - "sqlite:sqlite", ] if (ohos_indep_compiler_enable) { diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg index ed7b9b46ffd7ef50f34ede414651fe6e5549fa0c..bb33d8e58c533236bb6e9b354972c8827f708587 100644 --- a/services/accesstokenmanager/access_token.cfg +++ b/services/accesstokenmanager/access_token.cfg @@ -15,17 +15,21 @@ "services" : [{ "name" : "accesstoken_service", "path" : ["/system/bin/sa_main", "/system/profile/accesstoken_service.json"], + "critical" : [1, 4, 240], "importance" : -20, "uid" : "access_token", "gid" : [ "access_token", - "access_token" + "access_token", + "data_reserve" ], "permission" : [ "ohos.permission.ACCESS_SERVICE_DM", "ohos.permission.DISTRIBUTED_DATASYNC", "ohos.permission.RUNNING_STATE_OBSERVER", - "ohos.permission.GET_RUNNING_INFO" + "ohos.permission.GET_RUNNING_INFO", + "ohos.permission.KILL_APP_PROCESSES", + "ohos.permission.ACCESS_SECURITY_PRIVACY_CENTER" ], "secon" : "u:r:accesstoken_service:s0" } diff --git a/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h b/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h index 813a86180bfc7b4b57980a53e611cd702be67529..56f976f7caac5921fc41b7a6ee64f81e436969a3 100644 --- a/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h +++ b/services/accesstokenmanager/main/cpp/include/callback/callback_manager.h @@ -20,7 +20,7 @@ #include #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #ifdef RESOURCESCHEDULE_FFRT_ENABLE #include "ffrt.h" #endif @@ -55,7 +55,7 @@ public: void ExecuteCallbackAsync(AccessTokenID tokenID, const std::string& permName, int32_t changeType); private: - void ExcuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, + void ExecuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, int32_t changeType); void GetCallbackObjectList(AccessTokenID tokenID, const std::string& permName, std::vector>& list); diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h index 4c64163127a1c2c1dead073cd0eef4af27740e8a..58a5512956ed0593a0e289fcdf85825debe6e93f 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h @@ -17,88 +17,54 @@ #define ACCESS_TOKEN_DB_H #include -#include #include "access_token.h" + +#include "access_token_db_util.h" #include "generic_values.h" #include "nocopyable.h" +#include "rdb_predicates.h" +#include "rdb_store.h" #include "rwlock.h" -#include "sqlite_helper.h" -#include "token_field_const.h" namespace OHOS { namespace Security { namespace AccessToken { -class AccessTokenDb : public SqliteHelper { +class AccessTokenDb final { public: - enum ExecuteResult { FAILURE = -1, SUCCESS }; - struct SqliteTable { - public: - std::string tableName_; - std::vector tableColumnNames_; - }; - enum DataType { - ACCESSTOKEN_HAP_INFO, - ACCESSTOKEN_NATIVE_INFO, - ACCESSTOKEN_PERMISSION_DEF, - ACCESSTOKEN_PERMISSION_STATE, - ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - }; - static AccessTokenDb& GetInstance(); + virtual ~AccessTokenDb() = default; - ~AccessTokenDb() override; - - int Add(const DataType type, const std::vector& values); - - int Remove(const DataType type, const GenericValues& conditions); - - int Modify(const DataType type, const GenericValues& modifyValues, const GenericValues& conditions); - - int Find(const DataType type, std::vector& results); - - int RefreshAll(const DataType type, const std::vector& values); - - int32_t FindByConditions(DataType type, const GenericValues& andConditions, std::vector& results); - - void OnCreate() override; - void OnUpdate(int32_t version) override; + int32_t Modify(const AtmDataType type, const GenericValues& modifyValue, const GenericValues& conditionValue); + int32_t Find(AtmDataType type, const GenericValues& conditionValue, std::vector& results); + std::shared_ptr GetRdb(); + int32_t DeleteAndInsertValues( + const std::vector& delDataTypes, const std::vector& delValues, + const std::vector& addDataTypes, const std::vector>& addValues); private: - int CreateHapTokenInfoTable() const; - int CreateNativeTokenInfoTable() const; - int CreatePermissionDefinitionTable() const; - int CreatePermissionStateTable() const; - int32_t CreatePermissionRequestToggleStatusTable() const; - - int64_t Count(DataType type); - - std::string CreateInsertPrepareSqlCmd(const DataType type) const; - std::string CreateDeletePrepareSqlCmd( - const DataType type, const std::vector& columnNames = std::vector()) const; - std::string CreateUpdatePrepareSqlCmd(const DataType type, const std::vector& modifyColumns, - const std::vector& conditionColumns) const; - std::string CreateSelectPrepareSqlCmd(const DataType type) const; - std::string CreateCountPrepareSqlCmd(DataType type) const; - std::string CreateSelectByConditionPrepareSqlCmd(DataType type, const std::vector& andColumns) const; - int32_t AddAvailableTypeColumn() const; - int32_t AddPermDialogCapColumn() const; - int32_t AddRequestToggleStatusColumn() const; - AccessTokenDb(); DISALLOW_COPY_AND_MOVE(AccessTokenDb); - std::map dataTypeToSqlTable_; + int32_t RestoreAndInsertIfCorrupt(const int32_t resultCode, int64_t& outInsertNum, + const std::string& tableName, const std::vector& buckets, + const std::shared_ptr& db); + int32_t RestoreAndDeleteIfCorrupt(const int32_t resultCode, int32_t& deletedRows, + const NativeRdb::RdbPredicates& predicates, const std::shared_ptr& db); + int32_t RestoreAndUpdateIfCorrupt(const int32_t resultCode, int32_t& changedRows, + const NativeRdb::ValuesBucket& bucket, const NativeRdb::RdbPredicates& predicates, + const std::shared_ptr& db); + int32_t RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates& predicates, + const std::vector& columns, std::shared_ptr& queryResultSet, + const std::shared_ptr& db); + void InitRdb(); + + int32_t AddValues(const AtmDataType type, const std::vector& addValues); + int32_t RemoveValues(const AtmDataType type, const GenericValues& conditionValue); + OHOS::Utils::RWLock rwLock_; - inline static constexpr const char* HAP_TOKEN_INFO_TABLE = "hap_token_info_table"; - inline static constexpr const char* NATIVE_TOKEN_INFO_TABLE = "native_token_info_table"; - inline static constexpr const char* PERMISSION_DEF_TABLE = "permission_definition_table"; - inline static constexpr const char* PERMISSION_STATE_TABLE = "permission_state_table"; - inline static constexpr const char* - PERMISSION_REQUEST_TOGGLE_STATUS_TABLE = "permission_request_toggle_status_table"; - inline static constexpr const char* DATABASE_NAME = "access_token.db"; - inline static constexpr const char* DATABASE_PATH = "/data/service/el1/public/access_token/"; - static const int DATABASE_VERSION = VERISION_4; + std::shared_ptr db_ = nullptr; + std::mutex dbLock_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h similarity index 39% rename from services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h rename to services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h index 4509c8ec5117d8b08f9fabf731de4023154ccaf1..6f74f7a202094a4acd6a6a5bbb59e9a23ae77731 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,43 +13,41 @@ * limitations under the License. */ -#ifndef ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H -#define ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H +#ifndef SECURITY_ACCESS_TOKEN_DB_UTIL_H +#define SECURITY_ACCESS_TOKEN_DB_UTIL_H -#include #include - -#include "native_token_info_inner.h" +#include #include "access_token.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" -#include "permission_policy_set.h" -#include "permission_state_full.h" +#include "generic_values.h" +#include "rdb_predicates.h" +#include "result_set.h" +#include "values_bucket.h" namespace OHOS { namespace Security { namespace AccessToken { -const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; -constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M -constexpr size_t BUFFER_SIZE = 1024; -class NativeTokenReceptor final { -public: - static NativeTokenReceptor& GetInstance(); - virtual ~NativeTokenReceptor() = default; - int Init(); +enum AtmDataType { + ACCESSTOKEN_HAP_INFO, + ACCESSTOKEN_NATIVE_INFO, + ACCESSTOKEN_PERMISSION_DEF, + ACCESSTOKEN_PERMISSION_STATE, + ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, +}; -private: - NativeTokenReceptor() {} - DISALLOW_COPY_AND_MOVE(NativeTokenReceptor); - int ReadCfgFile(std::string &nativeRawData); - void FromJson(const nlohmann::json &jsonObject, - std::vector>& tokenInfos); - int32_t ParserNativeRawData(const std::string& nativeRawData, - std::vector>& tokenInfos); - void from_json(const nlohmann::json& j, NativeTokenInfo& p); +class AccessTokenDbUtil final { +public: + static void GetTableNameByType(const AtmDataType type, std::string& tableName); + static bool IsColumnStringType(const std::string& column); + static void ToRdbValueBucket(const GenericValues& value, NativeRdb::ValuesBucket& bucket); + static void ToRdbValueBuckets(const std::vector& values, + std::vector& buckets); + static void ToRdbPredicates(const GenericValues& conditionValue, NativeRdb::RdbPredicates& predicates); + static void ResultToGenericValues(const std::shared_ptr& resultSet, GenericValues& value); }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ACCESSTOKEN_NATIVE_TOKEN_RECEPTOR_H + +#endif // SECURITY_ACCESS_TOKEN_DB_UTIL_H diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h b/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h new file mode 100644 index 0000000000000000000000000000000000000000..77c4ea63a4c9de1b84dd9764d61575bd4e7d5636 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_open_callback.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SECURITY_ACCESS_TOKEN_OPEN_CALLBACK_H +#define SECURITY_ACCESS_TOKEN_OPEN_CALLBACK_H + +#include "access_token_db_util.h" +#include "rdb_open_callback.h" +#include "rdb_store.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +static constexpr const char* DATABASE_PATH = "/data/service/el1/public/access_token/"; + +static constexpr const int32_t DATABASE_VERSION_1 = 1; +static constexpr const int32_t DATABASE_VERSION_2 = 2; +static constexpr const int32_t DATABASE_VERSION_3 = 3; +static constexpr const int32_t DATABASE_VERSION_4 = 4; + +class AccessTokenOpenCallback : public NativeRdb::RdbOpenCallback { +public: + /** + * Called when the database associate with this RdbStore is created with the first time. + * This is where the creation of tables and insert the initial data of tables should happen. + * + * param store The RdbStore object. + */ + int32_t OnCreate(NativeRdb::RdbStore& rdbStore) override; + /** + * Called when the database associate whit this RdbStore needs to be upgrade. + * + * param store The RdbStore object. + * param oldVersion The old database version. + * param newVersion The new database version. + */ + int32_t OnUpgrade(NativeRdb::RdbStore& rdbStore, int32_t currentVersion, int32_t targetVersion) override; + +private: + // OnCreate + int32_t CreateHapTokenInfoTable(NativeRdb::RdbStore& rdbStore); + int32_t CreateNativeTokenInfoTable(NativeRdb::RdbStore& rdbStore); + int32_t CreatePermissionDefinitionTable(NativeRdb::RdbStore& rdbStore); + int32_t CreatePermissionStateTable(NativeRdb::RdbStore& rdbStore); + int32_t CreatePermissionRequestToggleStatusTable(NativeRdb::RdbStore& rdbStore); + + // OnUpdate + int32_t AddAvailableTypeColumn(NativeRdb::RdbStore& rdbStore); + int32_t AddRequestToggleStatusColumn(NativeRdb::RdbStore& rdbStore); + int32_t AddPermDialogCapColumn(NativeRdb::RdbStore& rdbStore); + int32_t HandleUpdateWithFlag(NativeRdb::RdbStore& rdbStore, uint32_t flag); + int32_t UpdateFromVersionOne(NativeRdb::RdbStore& rdbStore, int32_t targetVersion); + int32_t UpdateFromVersionTwo(NativeRdb::RdbStore& rdbStore, int32_t targetVersion); + int32_t UpdateFromVersionThree(NativeRdb::RdbStore& rdbStore, int32_t targetVersion); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS + +#endif // SECURITY_ACCESS_TOKEN_OPEN_CALLBACK_H diff --git a/services/accesstokenmanager/main/cpp/include/database/data_translator.h b/services/accesstokenmanager/main/cpp/include/database/data_translator.h index a731e9b2f60f72b4ec0ae9c6891da4815b795f7b..1c694c3c2b936879063e603211a089a090506e5d 100644 --- a/services/accesstokenmanager/main/cpp/include/database/data_translator.h +++ b/services/accesstokenmanager/main/cpp/include/database/data_translator.h @@ -18,9 +18,9 @@ #include -#include "hap_token_info_inner.h" -#include "native_token_info_inner.h" #include "generic_values.h" +#include "permission_def.h" +#include "permission_status.h" namespace OHOS { namespace Security { @@ -29,10 +29,10 @@ class DataTranslator final { public: static int TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues); static int TranslationIntoPermissionDef(const GenericValues& inGenericValues, PermissionDef& outPermissionDef); - static int TranslationIntoGenericValues(const PermissionStateFull& inPermissionState, - const unsigned int grantIndex, GenericValues& outGenericValues); - static int TranslationIntoPermissionStateFull(const GenericValues& inGenericValues, - PermissionStateFull& outPermissionState); + static int TranslationIntoGenericValues(const PermissionStatus& inPermissionState, + GenericValues& outGenericValues); + static int TranslationIntoPermissionStatus(const GenericValues& inGenericValues, + PermissionStatus& outPermissionState); }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h new file mode 100644 index 0000000000000000000000000000000000000000..ea480d4406ad42e01a82271f1cf1d1fd4475c6d6 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_HISYSEVENT_ADAPTER_H +#define ACCESSTOKEN_HISYSEVENT_ADAPTER_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum SceneCode { + SA_PUBLISH_FAILED, + EVENTRUNNER_CREATE_ERROR, + INIT_HAP_TOKENINFO_ERROR, + INIT_NATIVE_TOKENINFO_ERROR, + INIT_PERM_DEF_JSON_ERROR, + TOKENID_NOT_EQUAL, +}; +enum UpdatePermStatusErrorCode { + GRANT_TEMP_PERMISSION_FAILED = 0, + DLP_CHECK_FAILED = 1, + UPDATE_PERMISSION_STATUS_FAILED = 2, +}; +void ReportSysEventPerformance(); +void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); +void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_HISYSEVENT_ADAPTER_H diff --git a/services/accesstokenmanager/main/cpp/include/form_manager/form_instance.h b/services/accesstokenmanager/main/cpp/include/form_manager/form_instance.h index 07c0493457526e83eb676db1ac59cfa8d6934853..650ade9fb9fd20aac0e700204dc5a172d88c0d7f 100644 --- a/services/accesstokenmanager/main/cpp/include/form_manager/form_instance.h +++ b/services/accesstokenmanager/main/cpp/include/form_manager/form_instance.h @@ -57,6 +57,9 @@ struct FormInstance : public Parcelable { std::string abilityName_ = ""; std::string formName_ = ""; FormUsageState formUsageState_ = FormUsageState::USED; + std::string description_; + int32_t appIndex_ = 0; + int32_t userId_ = -1; bool ReadFromParcel(Parcel &parcel); bool Marshalling(Parcel &parcel) const override; diff --git a/services/accesstokenmanager/main/cpp/include/form_manager/form_manager_access_proxy.h b/services/accesstokenmanager/main/cpp/include/form_manager/form_manager_access_proxy.h index 90e354b3c4bfdcfb6c8f899a1c411e0c0972f1ea..fb74c78122a7721cc54670e74cb98514bd8f5699 100644 --- a/services/accesstokenmanager/main/cpp/include/form_manager/form_manager_access_proxy.h +++ b/services/accesstokenmanager/main/cpp/include/form_manager/form_manager_access_proxy.h @@ -18,8 +18,6 @@ #include #include "form_instance.h" -#include "running_form_info.h" -#include "service_ipc_interface_code.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_manager.h b/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_manager.h index 7954ff228d00057ab9268888012cb3f3dbe11f03..3f6020e75874ea8404531f52ad36a914dee7dc81 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_manager.h @@ -21,7 +21,7 @@ #include "nocopyable.h" #include "permission_dlp_mode.h" -#include "permission_state_full.h" +#include "permission_status.h" namespace OHOS { namespace Security { @@ -31,7 +31,7 @@ public: static DlpPermissionSetManager& GetInstance(); virtual ~DlpPermissionSetManager(); - void UpdatePermStateWithDlpInfo(int32_t hapDlpType, std::vector& permStateList); + void UpdatePermStateWithDlpInfo(int32_t hapDlpType, std::vector& permStateList); bool IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType, int32_t permDlpMode); void ProcessDlpPermInfos(const std::vector& info); int32_t GetPermDlpMode(const std::string& permissionName); diff --git a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h b/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h deleted file mode 100644 index 67b9e12bebdc45b50a0801b114945a2d90133162..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/dlp_permission_set_parser.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H -#define ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H - -#include -#include - -#include "permission_dlp_mode.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -const std::string CLONE_PERMISSION_CONFIG_FILE = "/system/etc/dlp_permission/clone_app_permission.json"; -constexpr int32_t MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE = 5 * 1024 * 1024; -constexpr size_t MAX_BUFFER_SIZE = 1024; -class DlpPermissionSetParser final { -public: - static DlpPermissionSetParser& GetInstance(); - virtual ~DlpPermissionSetParser() = default; - int32_t Init(); - -private: - DlpPermissionSetParser() : ready_(false) {} - DISALLOW_COPY_AND_MOVE(DlpPermissionSetParser); - int ReadCfgFile(std::string& dlpPermsRawData); - void FromJson(const nlohmann::json& jsonObject, std::vector& dlpPerms); - int32_t ParserDlpPermsRawData(const std::string& dlpPermsRawData, - std::vector& dlpPerms); - void from_json(const nlohmann::json& j, PermissionDlpMode& p); - void ProcessDlpPermsInfos(std::vector& dlpPerms); - - bool ready_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_DLP_PERMISSION_SET_PARSER_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h new file mode 100644 index 0000000000000000000000000000000000000000..cb3e4dd510bd1dce591451e874697896f898c078 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef PERMISSION_DATA_BRIEF_H +#define PERMISSION_DATA_BRIEF_H + +#include +#include +#include +#include +#include +#include +#include "access_token.h" +#include "permission_status.h" +#include "generic_values.h" + +#include "rwlock.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +typedef struct { + int8_t status; + uint8_t reserved; + uint16_t permCode; + uint32_t flag; +} BriefPermData; + +typedef struct { + uint16_t permCode; + uint16_t reserved; + uint32_t tokenId; +} BriefSecCompData; + +class PermissionDataBrief final { +public: + static PermissionDataBrief& GetInstance(); + virtual ~PermissionDataBrief() = default; + + int32_t DeleteBriefPermDataByTokenId(AccessTokenID tokenID); + int32_t SetBriefPermData(AccessTokenID tokenID, int32_t opCode, bool status, uint32_t flag); + int32_t GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector& data); + void ToString(std::string& info); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode); + bool IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName); + int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission); + int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); + void ClearAllSecCompGrantedPerm(); + void GetGrantedPermByTokenId(AccessTokenID tokenID, + const std::vector& constrainedList, std::vector& permissionList); + void GetPermStatusListByTokenId(AccessTokenID tokenID, + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); + int32_t RefreshPermStateToKernel(const std::vector& constrainedList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList); + void AddPermToBriefPermission(AccessTokenID tokenId, + const std::vector& permStateList, bool defCheck); + void Update(AccessTokenID tokenId, const std::vector& permStateList); + void RestorePermissionBriefData(AccessTokenID tokenId, const std::vector& permStateRes); + int32_t StorePermissionBriefData(AccessTokenID tokenId, std::vector& permStateValueList); + int32_t UpdatePermissionStatus(AccessTokenID tokenId, + const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged); + int32_t ResetUserGrantPermissionStatus(AccessTokenID tokenID); +private: + bool GetPermissionBriefData(const PermissionStatus &permState, BriefPermData& briefPermData); + bool GetPermissionStatus(const BriefPermData& briefPermData, PermissionStatus &permState); + void GetPermissionBriefDataList( + const std::vector &permStateList, std::vector& list); + int32_t AddBriefPermDataByTokenId(AccessTokenID tokenID, const std::vector& listInput); + void UpdatePermStatus(const BriefPermData& permOld, BriefPermData& permNew); + uint32_t GetFlagWroteToDb(uint32_t grantFlag); + void MergePermBriefData(std::vector& permBriefDataList, BriefPermData& data); + int32_t UpdatePermStateList(AccessTokenID tokenId, uint32_t opCode, bool isGranted, uint32_t flag); + int32_t UpdateSecCompGrantedPermList(AccessTokenID tokenId, const std::string& permissionName, bool isToGrant); + int32_t VerifyPermissionStatus(AccessTokenID tokenID, uint32_t permCode); + void ClearAllSecCompGrantedPermById(AccessTokenID tokenID); + void SecCompGrantedPermListUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isAdded); + int32_t GetBriefPermDataByTokenIdInner(AccessTokenID tokenID, std::vector& list); + PermissionDataBrief() = default; + DISALLOW_COPY_AND_MOVE(PermissionDataBrief); + OHOS::Utils::RWLock permissionStateDataLock_; + std::map> requestedPermData_; + std::list secCompList_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PERMISSION_DATA_BRIEF_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 9ca0aa894f4600d8701a68e3a6bf3e653789644b..d387721ecec6638ba368fb0ab2d26857d2902b7d 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -38,7 +38,7 @@ public: bool Update(const PermissionDef& info, AccessTokenID tokenId); - void DeleteByBundleName(const std::string& bundleName); + void DeleteByToken(AccessTokenID tokenId); int FindByPermissionName(const std::string& permissionName, PermissionDef& info); @@ -60,6 +60,8 @@ public: bool HasHapPermissionDefinitionForHap(const std::string& permissionName); + uint32_t GetDefPermissionsSize(); + private: PermissionDefinitionCache(); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h deleted file mode 100644 index ed18c2f3a517eec1ea2fbc8a55a274d3c8db446d..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_parser.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_DEFINITION_PARSER_H -#define PERMISSION_DEFINITION_PARSER_H - -#include - -#include "accesstoken_log.h" -#include "nlohmann/json.hpp" -#include "nocopyable.h" -#include "permission_def.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -struct PermissionDefParseRet { - PermissionDef permDef; - bool isSuccessful = false; -}; -class PermissionDefinitionParser final { -public: - static PermissionDefinitionParser& GetInstance(); - virtual ~PermissionDefinitionParser() = default; - int32_t Init(); - -private: - PermissionDefinitionParser() : ready_(false) {} - DISALLOW_COPY_AND_MOVE(PermissionDefinitionParser); - int ReadCfgFile(std::string& PermsRawData); - int32_t GetPermissionDefList(const nlohmann::json& json, const std::string& permsRawData, const std::string& type, - std::vector& permDefList); - int32_t ParserPermsRawData(const std::string& permsRawData, std::vector& perms); - void from_json(const nlohmann::json& j, PermissionDefParseRet& p); - void ProcessPermsInfos(std::vector& Perms); - - bool ready_; -}; - -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_DEFINITION_PARSER_H \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1f83e19598e0f54990a2d26eccb00c84fd363a9c..1b11210d4fdef7d4aa9dc052cfdcefff7ad190ae 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -20,15 +20,17 @@ #include #include +#include "ability_manager_access_loader.h" #include "access_token.h" #include "hap_token_info_inner.h" #include "iremote_broker.h" +#include "libraryloader.h" #include "permission_def.h" #include "permission_grant_event.h" #include "permission_list_state.h" #include "permission_list_state_parcel.h" #include "permission_state_change_info.h" -#include "permission_state_full.h" +#include "permission_status.h" #include "temp_permission_observer.h" #include "rwlock.h" @@ -48,7 +50,6 @@ struct LocationIndex { uint32_t accurateIndex = PERMISSION_NOT_REQUSET; uint32_t backIndex = PERMISSION_NOT_REQUSET; }; - class PermissionManager { public: static PermissionManager& GetInstance(); @@ -60,44 +61,49 @@ public: void AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); - int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); - PermUsedTypeEnum GetUserGrantedPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); - virtual int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult); - int GetDefPermissions(AccessTokenID tokenID, std::vector& permList); + void GetDefPermissions(AccessTokenID tokenID, std::vector& permList); int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant); int GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); - int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); - int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); + int32_t RequestAppPermOnSetting(const HapTokenInfo& hapInfo, + const std::string& bundleName, const std::string& abilityName); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); + int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag, bool needKill); int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); int32_t RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); - void ClearUserGrantedPermissionState(AccessTokenID tokenID); - void GetSelfPermissionState(const std::vector& permsList, + int32_t GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); + void GetSelfPermissionState(const std::vector& permsList, PermissionListState& permState, int32_t apiVersion); int32_t AddPermStateChangeCallback( const PermStateChangeScope& scope, const sptr& callback); int32_t RemovePermStateChangeCallback(const sptr& callback); bool GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& apiVersion); bool LocationPermissionSpecialHandle(AccessTokenID tokenID, std::vector& reqPermList, - std::vector& permsList, int32_t apiVersion); + std::vector& permsList, int32_t apiVersion); void NotifyPermGrantStoreResult(bool result, uint64_t timestamp); - void ClearAllSecCompGrantedPerm(const std::vector& tokenIdList); void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered); void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr); - int32_t ClearUserGrantedPermission(AccessTokenID tokenID); - int32_t DumpPermDefInfo(std::string& dumpInfo); - void AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy); + void AddNativePermToKernel( + AccessTokenID tokenID, const std::vector& opCodeList, const std::vector& statusList); + void AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList); void RemovePermFromKernel(AccessTokenID tokenID); void SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted); - bool InitPermissionList(const std::string& appDistributionType, - const HapPolicyParams& policy, std::vector& initializedList); + bool InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, + std::vector& initializedList, HapInfoCheckResult& result); bool InitDlpPermissionList(const std::string& bundleName, int32_t userId, - std::vector& initializedList); + std::vector& initializedList); + void GetStateOrFlagChangedList(std::vector& stateListBefore, + std::vector& stateListAfter, std::vector& stateChangeList); + void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, + const std::vector& grantedPermListAfter, AccessTokenID tokenID); + protected: static void RegisterImpl(PermissionManager* implInstance); private: @@ -105,20 +111,15 @@ private: const std::vector& tokenIDs, const std::vector& permList); int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); int32_t UpdateTokenPermissionState( - AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); - std::string TransferPermissionDefToString(const PermissionDef& inPermissionDef); + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); + int32_t UpdateTokenPermissionStateCheck(const std::shared_ptr& infoPtr, + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag); bool IsPermissionVaild(const std::string& permissionName); bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, - std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); - void NotifyUpdatedPermList(const std::vector& grantedPermListBefore, - const std::vector& grantedPermListAfter, AccessTokenID tokenID); - int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); - void AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); - void PermDefToString(const PermissionDef& def, std::string& info) const; - bool IsPermissionStateOrFlagMatched(const PermissionStateFull& stata1, const PermissionStateFull& stata2); - void GetStateOrFlagChangedList(std::vector& stateListBefore, - std::vector& stateListAfter, std::vector& stateChangeList); + std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); + bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); + AbilityManagerAccessLoaderInterface* GetAbilityManager(); PermissionGrantEvent grantEvent_; static std::recursive_mutex mutex_; @@ -129,6 +130,9 @@ private: OHOS::Utils::RWLock permToggleStateLock_; DISALLOW_COPY_AND_MOVE(PermissionManager); + + std::mutex abilityManagerMutex_; + std::shared_ptr abilityManagerLoader_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h deleted file mode 100644 index 5d2d3b2ceb64e97d0a019017f6b774b78f04e32e..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_POLICY_SET_H -#define PERMISSION_POLICY_SET_H - -#include -#include -#include - -#include "access_token.h" -#include "callback_manager.h" -#include "generic_values.h" -#include "permission_def.h" -#include "permission_state_full.h" -#include "rwlock.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -struct PermissionPolicySet final { -public: - PermissionPolicySet() : tokenId_(0) {} - virtual ~PermissionPolicySet(); - - static std::shared_ptr BuildPermissionPolicySet(AccessTokenID tokenId, - const std::vector& permStateList); - static std::shared_ptr BuildPolicySetWithoutDefCheck(AccessTokenID tokenId, - const std::vector& permStateList); - static std::shared_ptr RestorePermissionPolicy(AccessTokenID tokenId, - const std::vector& permStateRes); - void StorePermissionPolicySet(std::vector& permStateValueList); - void Update(const std::vector& permStateList); - - PermUsedTypeEnum GetUserGrantedPermissionUsedType(const std::string& permissionName); - int VerifyPermissionStatus(const std::string& permissionName); - void GetDefPermissions(std::vector& permList); - void GetPermissionStateFulls(std::vector& permList); - int QueryPermissionFlag(const std::string& permissionName, int& flag); - int32_t UpdatePermissionStatus(const std::string& permissionName, bool isGranted, uint32_t flag); - void ToString(std::string& info); - bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, - const std::vector& nativeAcls); - void PermStateToString(int32_t tokenApl, const std::vector& nativeAcls, std::string& info); - void GetPermissionStateList(std::vector& stateList); - void ResetUserGrantPermissionStatus(void); - void ClearSecCompGrantedPerm(void); - static uint32_t GetFlagWithoutSpecifiedElement(uint32_t fullFlag, uint32_t removedFlag); - static uint32_t GetFlagWroteToDb(uint32_t grantFlag); - void GetDeletedPermissionListToNotify(std::vector& permissionList); - void GetGrantedPermissionList(std::vector& permissionList); - - void GetPermissionStateList(std::vector& opCodeList, std::vector& statusList); - uint32_t GetReqPermissionSize(); -private: - static void MergePermissionStateFull(std::vector& permStateList, - PermissionStateFull& state); - void UpdatePermStateFull(const PermissionStateFull& permOld, PermissionStateFull& permNew); - void StorePermissionDef(std::vector& valueList) const; - void StorePermissionState(std::vector& valueList) const; - void PermDefToString(const PermissionDef& def, std::string& info) const; - void PermStateFullToString(const PermissionStateFull& state, std::string& info) const; - int32_t UpdateSecCompGrantedPermList(const std::string& permissionName, bool isGranted); - int32_t UpdatePermStateList(const std::string& permissionName, bool isGranted, uint32_t flag); - void SetPermissionFlag(const std::string& permissionName, uint32_t flag, bool needToAdd); - void SecCompGrantedPermListUpdated(const std::string& permissionName, bool isToGrant); - OHOS::Utils::RWLock permPolicySetLock_; - std::vector permStateList_; - std::vector secCompGrantedPermList_; - AccessTokenID tokenId_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_POLICY_SET_H - diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h index a3d0408b59d504f06916059980fec16c3af4ff66..aec8b663e3de759a952c71c17cf79e365ea5a105 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h @@ -16,7 +16,7 @@ #ifndef PERMISSION_VALIDATOR_H #define PERMISSION_VALIDATOR_H #include "permission_def.h" -#include "permission_state_full.h" +#include "permission_status.h" namespace OHOS { namespace Security { @@ -32,15 +32,13 @@ public: static bool IsToggleStatusValid(const uint32_t status); static bool IsPermissionFlagValid(uint32_t flag); static bool IsPermissionDefValid(const PermissionDef& permDef); - static bool IsPermissionStateValid(const PermissionStateFull& permState); + static bool IsPermissionStateValid(const PermissionStatus& permState); static void FilterInvalidPermissionDef( const std::vector& permList, std::vector& result); static void FilterInvalidPermissionState(ATokenTypeEnum tokenType, bool doPermAvailableCheck, - const std::vector& permList, std::vector& result); + const std::vector& permList, std::vector& result); static bool IsGrantModeValid(int grantMode); static bool IsGrantStatusValid(int grantStatus); -private: - static void DeduplicateResDevID(const PermissionStateFull& permState, PermissionStateFull& result); }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h new file mode 100644 index 0000000000000000000000000000000000000000..9eae834bca516ce668d14904d2b3520cb66587b3 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/permission/short_grant_manager.h @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef SHORT_GRANT_MANAGER_H +#define SHORT_GRANT_MANAGER_H + +#include +#include +#include +#include + +#include "access_event_handler.h" +#include "app_manager_death_callback.h" +#include "app_status_change_callback.h" +#include "permission_manager.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +using AccessTokenID = uint32_t; + +typedef struct { + AccessTokenID tokenID; + std::string permissionName; + uint32_t firstGrantTimes; + uint32_t revokeTimes; +} PermTimerData; + +class ShortPermAppStateObserver : public ApplicationStateObserverStub { +public: + ShortPermAppStateObserver() = default; + ~ShortPermAppStateObserver() = default; + + void OnAppStopped(const AppStateData &appStateData) override; + + DISALLOW_COPY_AND_MOVE(ShortPermAppStateObserver); +}; + +class ShortPermAppManagerDeathCallback : public AppManagerDeathCallback { +public: + ShortPermAppManagerDeathCallback() = default; + ~ShortPermAppManagerDeathCallback() = default; + + void NotifyAppManagerDeath() override; + DISALLOW_COPY_AND_MOVE(ShortPermAppManagerDeathCallback); +}; + +class ShortGrantManager { +public: + static ShortGrantManager& GetInstance(); + + void OnAppMgrRemoteDiedHandle(); + +#ifdef EVENTHANDLER_ENABLE + void InitEventHandler(); +#endif + + int RefreshPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime); + + bool IsShortGrantPermission(const std::string& permissionName); + + void ClearShortPermissionByTokenID(AccessTokenID tokenID); + + void RegisterAppStopListener(); + + void UnRegisterAppStopListener(); +private: + ShortGrantManager(); + ~ShortGrantManager(); + uint32_t GetCurrentTime(); + void ScheduleRevokeTask(AccessTokenID tokenID, const std::string& permission, + const std::string& taskName, uint32_t cancelTimes); + void ClearShortPermissionData(AccessTokenID tokenID, const std::string& permission); + bool CancelTaskOfPermissionRevoking(const std::string& taskName); + uint32_t maxTime_; + std::vector shortGrantData_; + std::mutex shortGrantDataMutex_; + +#ifdef EVENTHANDLER_ENABLE + std::shared_ptr GetEventHandler(); + std::shared_ptr eventHandler_; + std::mutex eventHandlerLock_; +#endif + sptr appStopCallBack_; + std::mutex appStopCallbackMutex_; + + std::mutex appManagerDeathMutex_; + std::shared_ptr appManagerDeathCallback_ = nullptr; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // SHORT_GRANT_MANAGER_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h index c830a78907db17edb752e155a05f21ae4b3b0e84..c9e96dc8fbebb0d7424011f45ede90f256204160 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h +++ b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h @@ -25,7 +25,6 @@ #include "access_event_handler.h" #endif #include "app_manager_death_callback.h" -#include "app_manager_death_recipient.h" #include "app_status_change_callback.h" #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE #include "continuous_task_change_callback.h" @@ -41,9 +40,10 @@ public: PermissionAppStateObserver() = default; ~PermissionAppStateObserver() = default; - void OnApplicationStateChanged(const AppStateData &appStateData) override; - void OnForegroundApplicationChanged(const AppStateData &appStateData) override; - void OnProcessDied(const ProcessData &processData) override; + void OnAppStopped(const AppStateData &appStateData) override; + void OnAppStateChanged(const AppStateData &appStateData) override; + void OnAppCacheStateChanged(const AppStateData &appStateData) override; + DISALLOW_COPY_AND_MOVE(PermissionAppStateObserver); }; @@ -86,16 +86,21 @@ public: void OnAppMgrRemoteDiedHandle(); bool IsAllowGrantTempPermission(AccessTokenID tokenID, const std::string& permissionName); + bool CheckPermissionState(AccessTokenID tokenID, const std::string& permissionName, const std::string& bundleName); void AddTempPermTokenToList(AccessTokenID tokenID, const std::string& bundleName, const std::string& permissionName, const std::vector& list); void RevokeAllTempPermission(AccessTokenID tokenID); - bool GetPermissionStateFull(AccessTokenID tokenID, std::vector& permissionStateFullList); + void RevokeTempPermission(AccessTokenID tokenID, const std::string& permissionName); + bool GetPermissionState(AccessTokenID tokenID, std::vector& permissionStateList); bool GetAppStateListByTokenID(AccessTokenID tokenID, std::vector& list); void ModifyAppState(AccessTokenID tokenID, int32_t index, bool flag); bool GetTokenIDByBundle(const std::string &bundleName, AccessTokenID& tokenID); + void AddContinuousTask(AccessTokenID tokenID); + void DelContinuousTask(AccessTokenID tokenID); + bool FindContinuousTask(AccessTokenID tokenID); #ifdef EVENTHANDLER_ENABLE - void InitEventHandler(const std::shared_ptr& eventHandler); - void GetConfigValue(); + void InitEventHandler(); + void SetCancelTime(int32_t cancelTime); #endif bool DelayRevokePermission(AccessToken::AccessTokenID tokenId, const std::string& taskName); bool CancleTaskOfPermissionRevoking(const std::string& taskName); @@ -111,12 +116,17 @@ public: private: #ifdef EVENTHANDLER_ENABLE + std::shared_ptr GetEventHandler(); std::shared_ptr eventHandler_; + std::mutex eventHandlerLock_; #endif int32_t cancleTimes_; std::mutex tempPermissionMutex_; std::map> tempPermTokenMap_; + std::mutex continuousTaskMutex_; + std::map continuousTaskMap_; + // appState std::mutex appStateCallbackMutex_; sptr appStateCallback_ = nullptr; @@ -129,6 +139,7 @@ private: std::mutex formStateCallbackMutex_; sptr formVisibleCallback_ = nullptr; sptr formInvisibleCallback_ = nullptr; + std::mutex formTokenMutex_; std::map formTokenMap_; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 7cf7d75190e63f7ab3e81bac767c6e8ec25507ec..ade78794ce9cec8040149f4bcb68647aa1b4f67e 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -42,18 +42,21 @@ class AccessTokenManagerService final : public SystemAbility, public AccessToken public: void OnStart() override; void OnStop() override; + void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; AccessTokenIDEx AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) override; - PermUsedTypeEnum GetUserGrantedPermissionUsedType( + PermUsedTypeEnum GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) override; int32_t InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, - AccessTokenIDEx& fullTokenId) override; + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) override; int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) override; + int VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) override; int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override; int GetDefPermissions(AccessTokenID tokenID, std::vector& permList) override; int GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) override; PermissionOper GetSelfPermissionsState(std::vector& reqPermList, PermissionGrantInfoParcel& infoParcel) override; int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector& reqPermList) override; @@ -62,32 +65,37 @@ public: int32_t userID) override; int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID) override; + int32_t RequestAppPermOnSetting(AccessTokenID tokenID) override; int GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override; + int GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override; int ClearUserGrantedPermissionState(AccessTokenID tokenID) override; int DeleteToken(AccessTokenID tokenID) override; int GetTokenType(AccessTokenID tokenID) override; - int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) override; AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) override; AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) override; int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) override; + int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) override; int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) override; - int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, - const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel) override; + int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) override; int32_t RegisterPermStateChangeCallback( const PermStateChangeScopeParcel& scope, const sptr& callback) override; int32_t UnRegisterPermStateChangeCallback(const sptr& callback) override; + int32_t RegisterSelfPermStateChangeCallback(const PermStateChangeScopeParcel& scope, + const sptr& callback) override; + int32_t UnRegisterSelfPermStateChangeCallback(const sptr& callback) override; #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t ReloadNativeTokenInfo() override; #endif + int GetHapTokenInfoExtension(AccessTokenID tokenID, + HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) override; AccessTokenID GetNativeTokenId(const std::string& processName) override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) override; int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override; - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) override; int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override; AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override; int DeleteRemoteDeviceTokens(const std::string& deviceID) override; @@ -97,31 +105,26 @@ public: int SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) override; void GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) override; - int32_t GetNativeTokenName(AccessTokenID tokenID, std::string& name) override; + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList) override; + int32_t UpdateUserPolicy(const std::vector& userList) override; + int32_t ClearUserPolicy() override; void DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) override; - int32_t DumpPermDefInfo(std::string& dumpInfo) override; int32_t GetVersion(uint32_t& version) override; int Dump(int fd, const std::vector& args) override; private: void GetValidConfigFilePathList(std::vector& pathList); - bool GetConfigGrantValueFromFile(std::string& fileContent); void GetConfigValue(); bool Initialize(); - void DumpTokenIfNeeded(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); -#ifdef EVENTHANDLER_ENABLE - std::shared_ptr eventRunner_; - std::shared_ptr dumpEventRunner_; - std::shared_ptr eventHandler_; - std::shared_ptr dumpEventHandler_; -#endif ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; + std::string grantServiceAbilityName_; std::string permStateAbilityName_; std::string globalSwitchAbilityName_; + std::string applicationSettingAbilityName_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 7804b8a28ff818eeb2c6a19bff7e8642156eb043..7a1783b86b4ebaf486b731b0006ab22672e72abe 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -34,8 +34,9 @@ public: int OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& options) override; private: - void GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); + void GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply); void VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply); + void VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply); void GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply); void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply); @@ -44,31 +45,35 @@ private: void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply); void SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); void GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply); + void RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply); void GrantPermissionInner(MessageParcel& data, MessageParcel& reply); void RevokePermissionInner(MessageParcel& data, MessageParcel& reply); + void GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply); void ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply); void AllocHapTokenInner(MessageParcel& data, MessageParcel& reply); void InitHapTokenInner(MessageParcel& data, MessageParcel& reply); void DeleteTokenInfoInner(MessageParcel& data, MessageParcel& reply); void UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply); + void GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply); void GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); void GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply); void GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply); - void CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply); void GetTokenTypeInner(MessageParcel& data, MessageParcel& reply); void RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); void UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); + void RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); + void UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply); #ifndef ATM_BUILD_VARIANT_USER_ENABLE void ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); + void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); #endif + void GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply); void GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply); #ifdef TOKEN_SYNC_ENABLE void GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply); - void GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); @@ -79,11 +84,12 @@ private: void SetPermissionOpFuncInMap(); void SetLocalTokenOpFuncInMap(); void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply); void GetVersionInner(MessageParcel& data, MessageParcel& reply); void SetPermDialogCapInner(MessageParcel& data, MessageParcel& reply); void GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply); - void GetNativeTokenNameInner(MessageParcel& data, MessageParcel& reply); + void InitUserPolicyInner(MessageParcel& data, MessageParcel& reply); + void UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply); + void ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply); bool IsPrivilegedCalling() const; bool IsAccessTokenCalling(); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h index 7d70df4693f7bd10f778ff91938b1de783d4d153..f4b8ce39ccbe3a36fa57f48f4511cd3cc37ceb3e 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_id_manager.h @@ -42,7 +42,6 @@ public: int GetTokenIdDlpFlag(AccessTokenID id); int GetTokenIdCloneFlag(AccessTokenID id); static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id); - void GetHapTokenIdList(std::vector& idList); private: AccessTokenIDManager() = default; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 8772b2dff727c6f453fe4ba82d19fce743ee03bf..c01a2ebcc0b8ab03469ec321f9f10fbcadf1b98a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,9 +16,11 @@ #ifndef ACCESSTOKEN_TOKEN_INFO_MANAGER_H #define ACCESSTOKEN_TOKEN_INFO_MANAGER_H +#include #include #include #include +#include #include #include "access_token.h" @@ -28,16 +30,11 @@ #endif #include "hap_token_info.h" #include "hap_token_info_inner.h" -#include "native_token_info_inner.h" -#ifndef RESOURCESCHEDULE_FFRT_ENABLE -#include "thread_pool.h" -#endif +#include "native_token_info_base.h" namespace OHOS { namespace Security { namespace AccessToken { -static const int UDID_MAX_LENGTH = 128; // udid/uuid max length - #ifdef TOKEN_SYNC_ENABLE class AccessTokenDmInitCallback final : public DistributedHardware::DmInitCallback { void OnRemoteDied() override @@ -50,93 +47,96 @@ public: static AccessTokenInfoManager& GetInstance(); ~AccessTokenInfoManager(); void Init(); + void InitNativeTokenInfos(const std::vector& tokenInfos); + int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList); std::shared_ptr GetHapTokenInfoInner(AccessTokenID id); int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& infoParcel); - std::shared_ptr GetNativeTokenInfoInner(AccessTokenID id); - int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& infoParcel); + int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info); int AllocAccessTokenIDEx(const HapInfoParams& info, AccessTokenID tokenId, AccessTokenIDEx& tokenIdEx); - std::shared_ptr GetNativePermissionPolicySet(AccessTokenID id); - std::shared_ptr GetHapPermissionPolicySet(AccessTokenID id); int RemoveHapTokenInfo(AccessTokenID id); int RemoveNativeTokenInfo(AccessTokenID id); - int32_t AddAllNativeTokenInfoToDb(void); - int32_t ModifyHapTokenInfoFromDb(AccessTokenID tokenID); - int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx); - int CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap); + int32_t GetHapAppIdByTokenId(AccessTokenID tokenID, std::string& appId); + int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx); AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); - void ProcessNativeTokenInfos(const std::vector>& tokenInfos); int32_t UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const std::vector& permStateList, ATokenAplEnum apl, + const std::vector& permStateList, ATokenAplEnum apl, const std::vector& permList); void DumpTokenInfo(const AtmToolsParamInfo& info, std::string& dumpInfo); - void RefreshTokenInfoIfNeeded(); bool IsTokenIdExist(AccessTokenID id); AccessTokenID GetNativeTokenId(const std::string& processName); void GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector& tokenIdList); int32_t GetHapTokenDlpType(AccessTokenID id); int32_t SetPermDialogCap(AccessTokenID tokenID, bool enable); + int32_t InitUserPolicy(const std::vector& userList, const std::vector& permList); + int32_t UpdateUserPolicy(const std::vector& userList); + int32_t ClearUserPolicy(); bool GetPermDialogCap(AccessTokenID tokenID); - int32_t ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission); void DumpToken(); int32_t GetCurDumpTaskNum(); void AddDumpTaskNum(); void ReduceDumpTaskNum(); - int32_t GetNativeTokenName(AccessTokenID tokenId, std::string& name); + void ClearUserGrantedPermissionState(AccessTokenID tokenID); + int32_t ClearUserGrantedPermission(AccessTokenID tokenID); + bool IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName); + int32_t VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName); + int32_t VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); #ifdef TOKEN_SYNC_ENABLE /* tokensync needed */ + void InitDmCallback(void); int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync); - void GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes); int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync); - int SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList); bool IsRemoteHapTokenValid(const std::string& deviceID, const HapTokenInfoForSync& hapSync); int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID); AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID); int DeleteRemoteDeviceTokens(const std::string& deviceID); #endif -#ifdef RESOURCESCHEDULE_FFRT_ENABLE - int32_t GetCurTaskNum(); - void AddCurTaskNum(); - void ReduceCurTaskNum(); -#endif - bool UpdateStatesToDatabase(AccessTokenID tokenID, std::vector& stateChangeList); bool UpdateCapStateToDatabase(AccessTokenID tokenID, bool enable); + int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID); + int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID); private: AccessTokenInfoManager(); DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager); - void InitHapTokenInfos(); - void InitNativeTokenInfos(); + void InitHapTokenInfos(uint32_t& hapSize); int AddHapTokenInfo(const std::shared_ptr& info); - int AddNativeTokenInfo(const std::shared_ptr& info); std::string GetHapUniqueStr(const std::shared_ptr& info) const; std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; - bool TryUpdateExistNativeToken(const std::shared_ptr& infoPtr); - int AllocNativeToken(const std::shared_ptr& infoPtr); - void StoreAllTokenInfo(); - int AddHapTokenInfoToDb(AccessTokenID tokenID); + int AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, + const std::string& appId, ATokenAplEnum apl, bool isUpdate); int RemoveHapTokenInfoFromDb(AccessTokenID tokenID); int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); void PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id); void DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo); void DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo); - void DumpAllHapTokenInfo(std::string& dumpInfo); + void DumpAllHapTokenname(std::string& dumpInfo); void DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo); - void DumpAllNativeTokenInfo(std::string& dumpInfo); - -#ifdef RESOURCESCHEDULE_FFRT_ENABLE - std::atomic_int32_t curTaskNum_; - std::shared_ptr ffrtTaskQueue_ = std::make_shared("TokenStore"); -#else - OHOS::ThreadPool tokenDataWorker_; -#endif + void DumpAllNativeTokenName(std::string& dumpInfo); + int32_t ParseUserPolicyInfo(const std::vector& userList, + const std::vector& permList, std::map& changedUserList); + int32_t ParseUserPolicyInfo(const std::vector& userList, + std::map& changedUserList); + int32_t UpdatePermissionStateToKernel(const std::vector& permCodeList, + const std::map& tokenIdList); + int32_t UpdatePermissionStateToKernel(const std::map& tokenIdList); + void GetGoalHapList(std::map& tokenIdList, + std::map& changedUserList); + int32_t AddPermRequestToggleStatusToDb(int32_t userID, const std::string& permissionName, int32_t status); + int32_t FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName); + void GetNativePermissionList(const NativeTokenInfoBase& native, + std::vector& opCodeList, std::vector& statusList); + bool IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls); + int32_t GetNativeCfgInfo(std::vector& tokenInfos); + void NativeTokenToString(AccessTokenID tokenID, std::string& info); + int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy); + void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId); bool hasInited_; std::atomic_int32_t dumpTaskNum_; @@ -147,8 +147,11 @@ private: std::map> hapTokenInfoMap_; std::map hapTokenIdMap_; - std::map> nativeTokenInfoMap_; - std::map nativeTokenIdMap_; + std::map nativeTokenInfoMap_; + + OHOS::Utils::RWLock userPolicyLock_; + std::vector inactiveUserList_; + std::vector permPolicyList_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h index 8cb735f6f6cf4f49e04f539a39d5f3936c643fb8..80637308f694872238e03816b1e9330726c898b5 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_remote_token_manager.h @@ -23,18 +23,15 @@ #include "access_token.h" #include "hap_token_info.h" #include "hap_token_info_inner.h" -#include "native_token_info.h" -#include "native_token_info_inner.h" #include "nocopyable.h" #include "rwlock.h" -#include "thread_pool.h" namespace OHOS { namespace Security { namespace AccessToken { class AccessTokenRemoteDevice final { public: - std::string DeviceID_; // networkID + std::string deviceID_; // networkID std::map MappingTokenIDPairMap_; }; diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index e8eba035228554d00660a81d01c75b576e8801d0..cbe2de083ff9c92a0fe481e11a858679c8d18b0a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -23,9 +23,10 @@ #include "access_token.h" #include "generic_values.h" #include "hap_token_info.h" +#include "permission_data_brief.h" #include "permission_def.h" -#include "permission_policy_set.h" -#include "permission_state_full.h" +#include "permission_status.h" +#include "rwlock.h" namespace OHOS { namespace Security { @@ -33,22 +34,20 @@ namespace AccessToken { class HapTokenInfoInner final { public: HapTokenInfoInner(); - HapTokenInfoInner(AccessTokenID id, const HapInfoParams& info, const HapPolicyParams& policy); + HapTokenInfoInner(AccessTokenID id, const HapInfoParams& info, const HapPolicy& policy); HapTokenInfoInner(AccessTokenID id, const HapTokenInfo &info, - const std::vector& permStateList); + const std::vector& permStateList); HapTokenInfoInner(AccessTokenID id, const HapTokenInfoForSync& info); virtual ~HapTokenInfoInner(); - void Update(const UpdateHapInfoParams& info, - const std::vector& permStateList, ATokenAplEnum apl); + void Update(const UpdateHapInfoParams& info, const std::vector& permStateList); void TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const; - void StoreHapInfo(std::vector& valueList) const; - void StorePermissionPolicy(std::vector& permStateValues) const; + void StoreHapInfo(std::vector& valueList, const std::string& appId, ATokenAplEnum apl) const; + void StorePermissionPolicy(std::vector& permStateValues); int RestoreHapTokenInfo(AccessTokenID tokenId, const GenericValues& tokenValue, const std::vector& permStateRes); - std::shared_ptr GetHapInfoPermissionPolicySet() const; - uint32_t GetReqPermissionSize() const; + uint32_t GetReqPermissionSize(); HapTokenInfo GetHapInfoBasic() const; int GetUserID() const; int GetDlpType() const; @@ -56,19 +55,40 @@ public: int GetInstIndex() const; AccessTokenID GetTokenID() const; void SetTokenBaseInfo(const HapTokenInfo& baseInfo); - void SetPermissionPolicySet(std::shared_ptr& policySet); - void ToString(std::string& info) const; + void ToString(std::string& info); bool IsRemote() const; void SetRemote(bool isRemote); bool IsPermDialogForbidden() const; void SetPermDialogForbidden(bool isForbidden); + int32_t UpdatePermissionStatus( + const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged); + int32_t GetPermissionStateList(std::vector& permList); + int32_t ResetUserGrantPermissionStatus(void); + void UpdateRemoteHapTokenInfo(AccessTokenID mapID, + const HapTokenInfo& baseInfo, std::vector& permStateList); + + static void RefreshPermStateToKernel(const std::vector& constrainedList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList); + static int32_t VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permissionName); + static PermUsedTypeEnum GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName); + static int32_t QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag); + static void GetPermStatusListByTokenId(AccessTokenID tokenID, + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList); + static void GetGrantedPermByTokenId(AccessTokenID tokenID, + const std::vector& constrainedList, std::vector& permissionList); + static void ClearAllSecCompGrantedPerm(); + static bool IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName); + uint64_t permUpdateTimestamp_; private: int32_t GetApiVersion(int32_t apiVersion); void StoreHapBasicInfo(std::vector& valueList) const; void TranslationIntoGenericValues(GenericValues& outGenericValues) const; int RestoreHapTokenBasicInfo(const GenericValues& inGenericValues); + bool UpdateStatesToDB(AccessTokenID tokenID, std::vector& stateChangeList); + static void PermToString(const std::vector& permList, + const std::vector& permStateList, std::string& info); HapTokenInfo tokenInfoBasic_; @@ -77,7 +97,7 @@ private: /** permission dialog is forbidden */ bool isPermDialogForbidden_ = false; - std::shared_ptr permPolicySet_; + OHOS::Utils::RWLock policySetLock_; }; } // namespace AccessToken } // namespace Security diff --git a/frameworks/common/include/json_parser.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h similarity index 47% rename from frameworks/common/include/json_parser.h rename to services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h index 44a19837d9a57698b2d498ef69c9ecce9a5eb4e7..47cbf7d9c147f162d2f8f3c141c63412a8f33811 100644 --- a/frameworks/common/include/json_parser.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_base.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -12,27 +12,37 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -#ifndef ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H -#define ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H +#ifndef ACCESSTOKEN_NATIVE_TOKEN_INFO_BASE_H +#define ACCESSTOKEN_NATIVE_TOKEN_INFO_BASE_H #include - -#include "nlohmann/json.hpp" +#include +#include "access_token.h" +#include "permission_status.h" namespace OHOS { namespace Security { namespace AccessToken { -class JsonParser final { -public: -static bool GetStringFromJson(const nlohmann::json& j, const std::string& tag, std::string& out); -static bool GetIntFromJson(const nlohmann::json& j, const std::string& tag, int& out); -static bool GetUnsignedIntFromJson(const nlohmann::json& j, const std::string& tag, unsigned int& out); -static bool GetBoolFromJson(const nlohmann::json& j, const std::string& tag, bool& out); -static int32_t ReadCfgFile(const std::string& file, std::string& rawData); -static bool IsDirExsit(const std::string& file); +struct NativeTokenInfoBase { + /** native token info */ + ATokenAplEnum apl; + unsigned char ver; + std::string processName; + std::vector dcap; + AccessTokenID tokenID; + AccessTokenAttr tokenAttr; + std::vector nativeAcls; + /** permission state list */ + std::vector permStateList; +}; + +struct NativeTokenInfoCache { + ATokenAplEnum apl; + std::string processName; + std::vector opCodeList; + std::vector statusList; }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ACCESS_TOKEN_FRAMEWORK_COMMON_INCLUDE_JSON_PARSER_H \ No newline at end of file +#endif // ACCESSTOKEN_NATIVE_TOKEN_INFO_BASE_H \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h deleted file mode 100644 index 332d446ef9fb24a3f4802f9f1bdeeebec7aa43a0..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H -#define ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H - -#include -#include -#include "access_token.h" -#include "generic_values.h" -#include "native_token_info.h" -#include "permission_policy_set.h" -#include "permission_state_full.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -static const int MAX_DCAPS_NUM = 10 * 1024; -static const int MAX_REQ_PERM_NUM = 10 * 1024; - -struct TokenInfo { - AccessTokenID id; - std::string processName; - int apl; -}; - -class NativeTokenInfoInner final { -public: - NativeTokenInfoInner(); - NativeTokenInfoInner(NativeTokenInfo& info, - const std::vector& permStateList); - virtual ~NativeTokenInfoInner(); - - int Init(const TokenInfo& tokenInfo, const std::vector& dcap, - const std::vector& nativeAcls, - const std::vector& permStateList); - void StoreNativeInfo(std::vector& valueList) const; - void StorePermissionPolicy(std::vector& permStateValues) const; - void TranslateToNativeTokenInfo(NativeTokenInfo& infoParcel) const; - void SetDcaps(const std::string& dcapStr); - void SetNativeAcls(const std::string& AclsStr); - void ToString(std::string& info) const; - int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, - const std::vector& permStateRes); - void Update(AccessTokenID tokenId, const std::string& processName, - int apl, const std::vector& dcap, - const std::vector& nativeAcls); - - std::vector GetDcap() const; - std::vector GetNativeAcls() const; - AccessTokenID GetTokenID() const; - std::string GetProcessName() const; - NativeTokenInfo GetNativeTokenInfo() const; - std::shared_ptr GetNativeInfoPermissionPolicySet() const; - uint32_t GetReqPermissionSize() const; - bool IsRemote() const; - void SetRemote(bool isRemote); - -private: - int TranslationIntoGenericValues(GenericValues& outGenericValues) const; - std::string DcapToString(const std::vector& dcap) const; - std::string NativeAclsToString(const std::vector& nativeAcls) const; - - // true means sync from remote. - bool isRemote_; - NativeTokenInfo tokenInfoBasic_; - std::shared_ptr permPolicySet_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESSTOKEN_NATIVE_TOKEN_INFO_INNER_H diff --git a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp index 759789ca66b0c0acb453b9fe9244ab56dee619ca..7addfb80fca59b0c1726d44596d58682d9f38e73 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp @@ -16,7 +16,7 @@ #include "accesstoken_callback_proxys.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #ifdef TOKEN_SYNC_ENABLE #include "hap_token_info_for_sync_parcel.h" #endif // TOKEN_SYNC_ENABLE @@ -28,11 +28,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenCallbackProxys" -}; -} PermissionStateChangeCallbackProxy::PermissionStateChangeCallbackProxy(const sptr& impl) : IRemoteProxy(impl) { @@ -44,30 +39,33 @@ PermissionStateChangeCallbackProxy::~PermissionStateChangeCallbackProxy() void PermissionStateChangeCallbackProxy::PermStateChangeCallback(PermStateChangeInfo& result) { MessageParcel data; - data.WriteInterfaceToken(IPermissionStateCallback::GetDescriptor()); + if (!data.WriteInterfaceToken(IPermissionStateCallback::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "write interfacetoken failed."); + return; + } PermissionStateChangeInfoParcel resultParcel; resultParcel.changeInfo = result; if (!data.WriteParcelable(&resultParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteParcelable failed."); return; } MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); + MessageOption option(MessageOption::TF_ASYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return; } int32_t requestResult = remote->SendRequest( static_cast(AccesstokenStateChangeInterfaceCode::PERMISSION_STATE_CHANGE), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result: %{public}d", requestResult); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "SendRequest success"); + LOGI(ATM_DOMAIN, ATM_TAG, "SendRequest success"); } #ifdef TOKEN_SYNC_ENABLE @@ -81,14 +79,17 @@ TokenSyncCallbackProxy::~TokenSyncCallbackProxy() int32_t TokenSyncCallbackProxy::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) { MessageParcel data; - data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor()); + if (!data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "write interfacetoken failed."); + return TOKEN_SYNC_PARAMS_INVALID; + } if (!data.WriteString(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write deviceID."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write deviceID."); return TOKEN_SYNC_PARAMS_INVALID; } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); return TOKEN_SYNC_PARAMS_INVALID; } @@ -96,27 +97,30 @@ int32_t TokenSyncCallbackProxy::GetRemoteHapTokenInfo(const std::string& deviceI MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncCallbackInterfaceCode::GET_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result = %{public}d.", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result = %{public}d.", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Get result from callback, data = %{public}d.", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Get result from callback, data = %{public}d.", result); return result; } int32_t TokenSyncCallbackProxy::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) { MessageParcel data; - data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor()); + if (!data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "write interfacetoken failed."); + return TOKEN_SYNC_PARAMS_INVALID; + } if (!data.WriteUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenID."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenID."); return TOKEN_SYNC_PARAMS_INVALID; } @@ -124,31 +128,34 @@ int32_t TokenSyncCallbackProxy::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncCallbackInterfaceCode::DELETE_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result: %{public}d", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Get result from callback, data = %{public}d", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Get result from callback, data = %{public}d", result); return result; } int32_t TokenSyncCallbackProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) { MessageParcel data; - data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor()); + if (!data.WriteInterfaceToken(ITokenSyncCallback::GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "write interfacetoken failed."); + return TOKEN_SYNC_PARAMS_INVALID; + } HapTokenInfoForSyncParcel tokenInfoParcel; tokenInfoParcel.hapTokenInfoForSyncParams = tokenInfo; if (!data.WriteParcelable(&tokenInfoParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenInfo."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenInfo."); return TOKEN_SYNC_PARAMS_INVALID; } @@ -156,18 +163,18 @@ int32_t TokenSyncCallbackProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSy MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service null."); return TOKEN_SYNC_IPC_ERROR; } int32_t requestResult = remote->SendRequest(static_cast( TokenSyncCallbackInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result = %{public}d", requestResult); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request fail, result = %{public}d", requestResult); return TOKEN_SYNC_IPC_ERROR; } int32_t result = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Get result from callback, data = %{public}d", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Get result from callback, data = %{public}d", result); return result; } #endif // TOKEN_SYNC_ENABLE diff --git a/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp b/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp index 3b9cfd08f82b12e0655530e55852b5af6a6f927d..f83995377f241222f03fe7adad65cb15144ebba6 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp @@ -24,39 +24,34 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "CallbackDeathRecipients" -}; -} void PermStateCallbackDeathRecipient::OnRemoteDied(const wptr& remote) { - ACCESSTOKEN_LOG_INFO(LABEL, "Enter"); + LOGI(ATM_DOMAIN, ATM_TAG, "Enter"); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote object is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote object is nullptr"); return; } sptr object = remote.promote(); if (object == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Object is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "Object is nullptr"); return; } CallbackManager::GetInstance().RemoveCallback(object); - ACCESSTOKEN_LOG_INFO(LABEL, "End"); + LOGI(ATM_DOMAIN, ATM_TAG, "End"); } #ifdef TOKEN_SYNC_ENABLE void TokenSyncCallbackDeathRecipient::OnRemoteDied(const wptr& remote) { - ACCESSTOKEN_LOG_INFO(LABEL, "Call OnRemoteDied."); + LOGI(ATM_DOMAIN, ATM_TAG, "Call OnRemoteDied."); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote object is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote object is nullptr."); return; } TokenModifyNotifier::GetInstance().UnRegisterTokenSyncCallback(); - ACCESSTOKEN_LOG_INFO(LABEL, "Call UnRegisterTokenSyncCallback end."); + LOGI(ATM_DOMAIN, ATM_TAG, "Call UnRegisterTokenSyncCallback end."); } #endif // TOKEN_SYNC_ENABLE } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp index db15a25e7bffeda5358d94a8856f9e4d6fb2b728..70a6d93d824e9b34dc5ccdd188117795a5ccd6cf 100644 --- a/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp @@ -29,10 +29,8 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "CallbackManager"}; static const uint32_t MAX_CALLBACK_SIZE = 1024; #ifndef RESOURCESCHEDULE_FFRT_ENABLE -static const time_t MAX_TIMEOUT_SEC = 30; static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length #endif std::recursive_mutex g_instanceMutex; @@ -44,7 +42,8 @@ CallbackManager& CallbackManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new CallbackManager(); + CallbackManager* tmp = new CallbackManager(); + instance = std::move(tmp); } } return *instance; @@ -62,7 +61,7 @@ CallbackManager::~CallbackManager() int32_t CallbackManager::AddCallback(const PermStateChangeScope& scopeRes, const sptr& callback) { if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "Input is nullptr"); return AccessTokenError::ERR_PARAM_INVALID; } auto callbackScopePtr = std::make_shared(scopeRes); @@ -73,10 +72,13 @@ int32_t CallbackManager::AddCallback(const PermStateChangeScope& scopeRes, const std::lock_guard lock(mutex_); #endif if (callbackInfoList_.size() >= MAX_CALLBACK_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback size has reached limitation"); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback size has reached limitation"); return AccessTokenError::ERR_CALLBACKS_EXCEED_LIMITATION; } - callback->AddDeathRecipient(callbackDeathRecipient_); + if (callback->IsProxyObject() && !callback->AddDeathRecipient(callbackDeathRecipient_)) { + LOGE(ATM_DOMAIN, ATM_TAG, "add death recipient failed"); + return AccessTokenError::ERR_ADD_DEATH_RECIPIENT_FAILED; + } CallbackRecord recordInstance; recordInstance.callbackObject_ = callback; @@ -84,14 +86,13 @@ int32_t CallbackManager::AddCallback(const PermStateChangeScope& scopeRes, const callbackInfoList_.emplace_back(recordInstance); - ACCESSTOKEN_LOG_INFO(LABEL, "RecordInstance is added"); return RET_SUCCESS; } int32_t CallbackManager::RemoveCallback(const sptr& callback) { if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); return AccessTokenError::ERR_PARAM_INVALID; } @@ -103,7 +104,7 @@ int32_t CallbackManager::RemoveCallback(const sptr& callback) for (auto it = callbackInfoList_.begin(); it != callbackInfoList_.end(); ++it) { if (callback == (*it).callbackObject_) { - ACCESSTOKEN_LOG_INFO(LABEL, "Find callback"); + LOGI(ATM_DOMAIN, ATM_TAG, "Find callback"); if (callbackDeathRecipient_ != nullptr) { callback->RemoveDeathRecipient(callbackDeathRecipient_); } @@ -112,7 +113,7 @@ int32_t CallbackManager::RemoveCallback(const sptr& callback) break; } } - ACCESSTOKEN_LOG_INFO(LABEL, "CallbackInfoList_ %{public}u", (uint32_t)callbackInfoList_.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "CallbackInfoList_ %{public}u", (uint32_t)callbackInfoList_.size()); return RET_SUCCESS; } @@ -135,28 +136,30 @@ bool CallbackManager::CalledAccordingToPermLlist(const std::vector& [permName](const std::string& perm) { return perm == permName; }); } -void CallbackManager::ExcuteAllCallback(std::vector>& list, AccessTokenID tokenID, +void CallbackManager::ExecuteAllCallback(std::vector>& list, AccessTokenID tokenID, const std::string& permName, int32_t changeType) { for (auto it = list.begin(); it != list.end(); ++it) { #ifdef RESOURCESCHEDULE_FFRT_ENABLE auto callbackSingle = [it, tokenID, permName, changeType]() { - auto callback = iface_cast(*it); + sptr callback = new PermissionStateChangeCallbackProxy(*it); if (callback != nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Callback execute"); + LOGI(ATM_DOMAIN, ATM_TAG, "Callback execute, id=%{public}u perm=%{public}s changeType=%{public}d", + tokenID, permName.c_str(), changeType); PermStateChangeInfo resInfo; resInfo.permStateChangeType = changeType; resInfo.permissionName = permName; resInfo.tokenID = tokenID; callback->PermStateChangeCallback(resInfo); - ACCESSTOKEN_LOG_INFO(LABEL, "Callback execute end"); + LOGI(ATM_DOMAIN, ATM_TAG, "Callback execute end, " + "id=%{public}u perm=%{public}s changeType=%{public}d", tokenID, permName.c_str(), changeType); } }; ffrt::submit(callbackSingle, {}, {}, ffrt::task_attr().qos(ffrt::qos_default)); #else - auto callback = iface_cast(*it); + sptr callback = new PermissionStateChangeCallbackProxy(*it); if (callback != nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Callback execute"); + LOGI(ATM_DOMAIN, ATM_TAG, "Callback execute"); PermStateChangeInfo resInfo; resInfo.permStateChangeType = changeType; resInfo.permissionName = permName; @@ -181,12 +184,12 @@ void CallbackManager::GetCallbackObjectList(AccessTokenID tokenID, const std::st for (auto it = callbackInfoList_.begin(); it != callbackInfoList_.end(); ++it) { std::shared_ptr scopePtr = (*it).scopePtr_; if (scopePtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ScopePtr is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "ScopePtr is nullptr"); continue; } if (!CalledAccordingToTokenIdLlist(scopePtr->tokenIDs, tokenID) || !CalledAccordingToPermLlist(scopePtr->permList, permName)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "tokenID is %{public}u, permName is %{public}s", tokenID, permName.c_str()); continue; } @@ -196,36 +199,29 @@ void CallbackManager::GetCallbackObjectList(AccessTokenID tokenID, const std::st void CallbackManager::ExecuteCallbackAsync(AccessTokenID tokenID, const std::string& permName, int32_t changeType) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); + LOGI(ATM_DOMAIN, ATM_TAG, "Entry, id=%{public}u perm=%{public}s changeType=%{public}d", + tokenID, permName.c_str(), changeType); auto callbackStart = [this, tokenID, permName, changeType]() { - ACCESSTOKEN_LOG_INFO(LABEL, "CallbackStart"); + LOGI(ATM_DOMAIN, ATM_TAG, "CallbackStart, id=%{public}u perm=%{public}s changeType=%{public}d", + tokenID, permName.c_str(), changeType); #ifndef RESOURCESCHEDULE_FFRT_ENABLE std::string name = "AtmCallback"; pthread_setname_np(pthread_self(), name.substr(0, MAX_PTHREAD_NAME_LEN).c_str()); #endif std::vector> list; this->GetCallbackObjectList(tokenID, permName, list); - this->ExcuteAllCallback(list, tokenID, permName, changeType); + this->ExecuteAllCallback(list, tokenID, permName, changeType); }; #ifdef RESOURCESCHEDULE_FFRT_ENABLE std::string taskName = "AtmCallback"; - ffrt::task_handle h = ffrt::submit_h(callbackStart, {}, {}, + ffrt::submit_h(callbackStart, {}, {}, ffrt::task_attr().qos(ffrt::qos_default).name(taskName.c_str())); - ffrt::wait({h}); #else std::packaged_task callbackTask(callbackStart); - std::future fut = callbackTask.get_future(); std::make_unique(std::move(callbackTask))->detach(); - - ACCESSTOKEN_LOG_DEBUG(LABEL, "Waiting for the callback execution complete..."); - std::future_status status = fut.wait_for(std::chrono::seconds(MAX_TIMEOUT_SEC)); - if (status == std::future_status::timeout) { - ACCESSTOKEN_LOG_WARN(LABEL, "CallbackTask callback execution timeout"); - return; - } #endif - ACCESSTOKEN_LOG_DEBUG(LABEL, "The callback execution is complete"); + LOGD(ATM_DOMAIN, ATM_TAG, "The callback execution is complete"); } } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index 36160a825a92c77b9511074f7fa786766edff0aa..e120ba381306631aca9eff2c8808185f756b9e2f 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -15,18 +15,23 @@ #include "access_token_db.h" +#include #include #include -#include "accesstoken_log.h" + +#include "accesstoken_common_log.h" +#include "access_token_error.h" +#include "access_token_open_callback.h" +#include "rdb_helper.h" +#include "time_util.h" +#include "token_field_const.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenDb"}; -static const std::string FIELD_COUNT_NUMBER = "count"; -static const std::string INTEGER_STR = " integer not null,"; -static const std::string TEXT_STR = " text not null,"; +constexpr const char* DATABASE_NAME = "access_token.db"; +constexpr const char* ACCESSTOKEN_SERVICE_NAME = "accesstoken_service"; std::recursive_mutex g_instanceMutex; } @@ -36,598 +41,377 @@ AccessTokenDb& AccessTokenDb::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenDb(); + AccessTokenDb* tmp = new AccessTokenDb(); + instance = std::move(tmp); } } return *instance; } -AccessTokenDb::~AccessTokenDb() +AccessTokenDb::AccessTokenDb() { - Close(); + InitRdb(); } -void AccessTokenDb::OnCreate() +int32_t AccessTokenDb::RestoreAndInsertIfCorrupt(const int32_t resultCode, int64_t& outInsertNum, + const std::string& tableName, const std::vector& buckets, + const std::shared_ptr& db) { - ACCESSTOKEN_LOG_INFO(LABEL, "DB OnCreate."); - CreateHapTokenInfoTable(); - CreateNativeTokenInfoTable(); - CreatePermissionDefinitionTable(); - CreatePermissionStateTable(); - CreatePermissionRequestToggleStatusTable(); -} - -void AccessTokenDb::OnUpdate(int32_t version) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DB OnUpdate(version: %{public}d).", version); - if (version < DataBaseVersion::VERISION_2) { - AddAvailableTypeColumn(); - AddPermDialogCapColumn(); + if (resultCode != NativeRdb::E_SQLITE_CORRUPT) { + return resultCode; } - if (version < DataBaseVersion::VERISION_3) { - CreatePermissionRequestToggleStatusTable(); + + LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); + int32_t res = db->Restore(""); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + return res; } - if (version < DataBaseVersion::VERISION_4) { - AddRequestToggleStatusColumn(); + LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try insert again!"); + + res = db->BatchInsert(outInsertNum, tableName, buckets); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s again, res is %{public}d.", + tableName.c_str(), res); + return res; } -} -AccessTokenDb::AccessTokenDb() : SqliteHelper(DATABASE_NAME, DATABASE_PATH, DATABASE_VERSION) -{ - SqliteTable hapTokenInfoTable; - hapTokenInfoTable.tableName_ = HAP_TOKEN_INFO_TABLE; - hapTokenInfoTable.tableColumnNames_ = { - TokenFiledConst::FIELD_TOKEN_ID, TokenFiledConst::FIELD_USER_ID, - TokenFiledConst::FIELD_BUNDLE_NAME, TokenFiledConst::FIELD_INST_INDEX, TokenFiledConst::FIELD_DLP_TYPE, - TokenFiledConst::FIELD_APP_ID, TokenFiledConst::FIELD_DEVICE_ID, - TokenFiledConst::FIELD_APL, TokenFiledConst::FIELD_TOKEN_VERSION, - TokenFiledConst::FIELD_TOKEN_ATTR, TokenFiledConst::FIELD_API_VERSION, - TokenFiledConst::FIELD_FORBID_PERM_DIALOG - }; - - SqliteTable nativeTokenInfoTable; - nativeTokenInfoTable.tableName_ = NATIVE_TOKEN_INFO_TABLE; - nativeTokenInfoTable.tableColumnNames_ = { - TokenFiledConst::FIELD_TOKEN_ID, TokenFiledConst::FIELD_PROCESS_NAME, - TokenFiledConst::FIELD_TOKEN_VERSION, TokenFiledConst::FIELD_TOKEN_ATTR, - TokenFiledConst::FIELD_DCAP, TokenFiledConst::FIELD_NATIVE_ACLS, TokenFiledConst::FIELD_APL - }; - - SqliteTable permissionDefTable; - permissionDefTable.tableName_ = PERMISSION_DEF_TABLE; - permissionDefTable.tableColumnNames_ = { - TokenFiledConst::FIELD_TOKEN_ID, TokenFiledConst::FIELD_PERMISSION_NAME, - TokenFiledConst::FIELD_BUNDLE_NAME, TokenFiledConst::FIELD_GRANT_MODE, - TokenFiledConst::FIELD_AVAILABLE_LEVEL, TokenFiledConst::FIELD_PROVISION_ENABLE, - TokenFiledConst::FIELD_DISTRIBUTED_SCENE_ENABLE, TokenFiledConst::FIELD_LABEL, - TokenFiledConst::FIELD_LABEL_ID, TokenFiledConst::FIELD_DESCRIPTION, - TokenFiledConst::FIELD_DESCRIPTION_ID, TokenFiledConst::FIELD_AVAILABLE_TYPE - }; - - SqliteTable permissionStateTable; - permissionStateTable.tableName_ = PERMISSION_STATE_TABLE; - permissionStateTable.tableColumnNames_ = { - TokenFiledConst::FIELD_TOKEN_ID, TokenFiledConst::FIELD_PERMISSION_NAME, - TokenFiledConst::FIELD_DEVICE_ID, TokenFiledConst::FIELD_GRANT_IS_GENERAL, - TokenFiledConst::FIELD_GRANT_STATE, TokenFiledConst::FIELD_GRANT_FLAG - }; - - SqliteTable permissionRequestToggleStatusTable; - permissionRequestToggleStatusTable.tableName_ = PERMISSION_REQUEST_TOGGLE_STATUS_TABLE; - permissionRequestToggleStatusTable.tableColumnNames_ = { - TokenFiledConst::FIELD_USER_ID, TokenFiledConst::FIELD_PERMISSION_NAME, - TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS - }; - - dataTypeToSqlTable_ = { - {ACCESSTOKEN_HAP_INFO, hapTokenInfoTable}, - {ACCESSTOKEN_NATIVE_INFO, nativeTokenInfoTable}, - {ACCESSTOKEN_PERMISSION_DEF, permissionDefTable}, - {ACCESSTOKEN_PERMISSION_STATE, permissionStateTable}, - {ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, permissionRequestToggleStatusTable}, - }; - - Open(); + return 0; } -int AccessTokenDb::Add(const DataType type, const std::vector& values) +void AccessTokenDb::InitRdb() { - size_t addSize = values.size(); - ACCESSTOKEN_LOG_INFO(LABEL, "Add type=%{public}d, size=%{public}zu.", type, addSize); - if (addSize == 0) { - return SUCCESS; - } - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - std::string prepareSql = CreateInsertPrepareSqlCmd(type); - auto statement = Prepare(prepareSql); - BeginTransaction(); - bool isExecuteSuccessfully = true; - uint32_t addFailCount = 0; - int64_t beforeCnt = Count(type); - for (const auto& value : values) { - std::vector columnNames = value.GetAllKeys(); - for (const auto& columnName : columnNames) { - statement.Bind(columnName, value.Get(columnName)); - } - int ret = statement.Step(); - if (ret != Statement::State::DONE) { - addFailCount++; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Failed, errorMsg: %{public}s.", SpitError().c_str()); - isExecuteSuccessfully = false; - } - statement.Reset(); - } - if (!isExecuteSuccessfully) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, addFailCount = %{public}d errorMsg = %{public}s. Rollback transaction.", - addFailCount, SpitError().c_str()); - RollbackTransaction(); - return FAILURE; - } - int64_t afterCnt = Count(type); - if ((beforeCnt + static_cast(addSize)) != afterCnt) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to add to db, beforeCnt=%{public}" PRId64 ", afterCnt=%{public}" PRId64 - ".", beforeCnt, afterCnt); + std::string dbPath = std::string(DATABASE_PATH) + std::string(DATABASE_NAME); + NativeRdb::RdbStoreConfig config(dbPath); + config.SetSecurityLevel(NativeRdb::SecurityLevel::S3); + config.SetAllowRebuild(true); + config.SetHaMode(NativeRdb::HAMode::MAIN_REPLICA); // Real-time dual-write backup database + config.SetServiceName(std::string(ACCESSTOKEN_SERVICE_NAME)); + AccessTokenOpenCallback callback; + int32_t res = NativeRdb::E_OK; + // pragma user_version will done by rdb, they store path and db_ as pair in RdbStoreManager + db_ = NativeRdb::RdbHelper::GetRdbStore(config, DATABASE_VERSION_4, callback, res); + if ((res != NativeRdb::E_OK) || (db_ == nullptr)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to init rdb, res is %{public}d.", res); } - CommitTransaction(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Commit Add transaction."); - return SUCCESS; } -int AccessTokenDb::Remove(const DataType type, const GenericValues& conditions) +std::shared_ptr AccessTokenDb::GetRdb() { - ACCESSTOKEN_LOG_INFO(LABEL, "Remove type(%{public}d).", type); - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - std::vector columnNames = conditions.GetAllKeys(); - std::string prepareSql = CreateDeletePrepareSqlCmd(type, columnNames); - auto statement = Prepare(prepareSql); - for (const auto& columnName : columnNames) { - statement.Bind(columnName, conditions.Get(columnName)); + std::lock_guard lock(dbLock_); + if (db_ == nullptr) { + InitRdb(); } - int ret = statement.Step(); - return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; + return db_; } -int AccessTokenDb::Modify(const DataType type, const GenericValues& modifyValues, const GenericValues& conditions) +int32_t AccessTokenDb::AddValues(const AtmDataType type, const std::vector& addValues) { - ACCESSTOKEN_LOG_INFO(LABEL, "Modify type(%{public}d).", type); - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - std::vector modifyColumns = modifyValues.GetAllKeys(); - std::vector conditionColumns = conditions.GetAllKeys(); - std::string prepareSql = CreateUpdatePrepareSqlCmd(type, modifyColumns, conditionColumns); - auto statement = Prepare(prepareSql); - for (const auto& columnName : modifyColumns) { - statement.Bind(columnName, modifyValues.Get(columnName)); + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(type, tableName); + if (tableName.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Table name is empty."); + return AccessTokenError::ERR_PARAM_INVALID; } - for (const auto& columnName : conditionColumns) { - statement.Bind(columnName, conditions.Get(columnName)); - } - int ret = statement.Step(); - return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; -} -int AccessTokenDb::Find(const DataType type, std::vector& results) -{ - OHOS::Utils::UniqueReadGuard lock(this->rwLock_); - std::string prepareSql = CreateSelectPrepareSqlCmd(type); - auto statement = Prepare(prepareSql); - while (statement.Step() == Statement::State::ROW) { - int columnCount = statement.GetColumnCount(); - GenericValues value; - for (int i = 0; i < columnCount; i++) { - value.Put(statement.GetColumnName(i), statement.GetValue(i, false)); - } - results.emplace_back(value); + // if nothing to insert, no need to call BatchInsert + if (addValues.empty()) { + return 0; } - ACCESSTOKEN_LOG_INFO(LABEL, "Find type(%{public}d), results size=%{public}zu.", type, results.size()); - return SUCCESS; -} -int32_t AccessTokenDb::FindByConditions(DataType type, - const GenericValues& andConditions, std::vector& results) -{ - OHOS::Utils::UniqueReadGuard lock(this->rwLock_); - std::vector andColumns = andConditions.GetAllKeys(); - std::string prepareSql = CreateSelectByConditionPrepareSqlCmd(type, andColumns); - if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); - return FAILURE; + std::shared_ptr db = GetRdb(); + if (db == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } - auto statement = Prepare(prepareSql); - for (const auto& columnName : andColumns) { - statement.Bind(columnName, andConditions.Get(columnName)); - } + // fill buckets with addValues + int64_t outInsertNum = 0; + std::vector buckets; + AccessTokenDbUtil::ToRdbValueBuckets(addValues, buckets); - while (statement.Step() == Statement::State::ROW) { - int32_t columnCount = statement.GetColumnCount(); - GenericValues value; - for (int32_t i = 0; i < columnCount; i++) { - value.Put(statement.GetColumnName(i), statement.GetValue(i, false)); + int32_t res = db->BatchInsert(outInsertNum, tableName, buckets); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s, res is %{public}d.", + tableName.c_str(), res); + int32_t result = RestoreAndInsertIfCorrupt(res, outInsertNum, tableName, buckets, db); + if (result != NativeRdb::E_OK) { + return result; } - results.emplace_back(value); } - return SUCCESS; -} - -int64_t AccessTokenDb::Count(DataType type) -{ - GenericValues result; - std::string countSql = CreateCountPrepareSqlCmd(type); - auto countStatement = Prepare(countSql); - if (countStatement.Step() == Statement::State::ROW) { - int32_t column = 0; - result.Put(FIELD_COUNT_NUMBER, countStatement.GetValue(column, true)); + if (outInsertNum <= 0) { // rdb bug, adapt it + LOGE(ATM_DOMAIN, ATM_TAG, "Insert count %{public}" PRId64 " abnormal.", outInsertNum); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } - return result.GetInt64(FIELD_COUNT_NUMBER); + LOGI(ATM_DOMAIN, ATM_TAG, "Batch insert %{public}" PRId64 " records to table %{public}s.", outInsertNum, + tableName.c_str()); + + return 0; } -int AccessTokenDb::RefreshAll(const DataType type, const std::vector& values) +int32_t AccessTokenDb::RestoreAndDeleteIfCorrupt(const int32_t resultCode, int32_t& deletedRows, + const NativeRdb::RdbPredicates& predicates, const std::shared_ptr& db) { - size_t refreshCont = values.size(); - ACCESSTOKEN_LOG_INFO(LABEL, "Refresh type=%{public}d=, results size=%{public}zu=.", type, refreshCont); - OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); - std::string deleteSql = CreateDeletePrepareSqlCmd(type); - std::string insertSql = CreateInsertPrepareSqlCmd(type); - auto deleteStatement = Prepare(deleteSql); - auto insertStatement = Prepare(insertSql); - BeginTransaction(); - bool canCommit = deleteStatement.Step() == Statement::State::DONE; - for (const auto& value : values) { - std::vector columnNames = value.GetAllKeys(); - for (const auto& columnName : columnNames) { - insertStatement.Bind(columnName, value.Get(columnName)); - } - int ret = insertStatement.Step(); - if (ret != Statement::State::DONE) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Insert failed, errorMsg: %{public}s.", SpitError().c_str()); - canCommit = false; - } - insertStatement.Reset(); + if (resultCode != NativeRdb::E_SQLITE_CORRUPT) { + return resultCode; } - if (!canCommit) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Rollback transaction."); - RollbackTransaction(); - return FAILURE; + + LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); + int32_t res = db->Restore(""); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + return res; } - int64_t count = Count(type); - if (count != static_cast(refreshCont)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "Failed to refresh to db, refreshCont=%{public}zu, dbCount=%{public}" PRId64 ". Rollback transaction.", - refreshCont, count); + LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try delete again!"); + + res = db->Delete(deletedRows, predicates); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s again, res is %{public}d.", + predicates.GetTableName().c_str(), res); + return res; } - CommitTransaction(); - ACCESSTOKEN_LOG_INFO(LABEL, "Commit refresh transaction."); - return SUCCESS; + + return 0; } -std::string AccessTokenDb::CreateInsertPrepareSqlCmd(const DataType type) const +int32_t AccessTokenDb::RemoveValues(const AtmDataType type, const GenericValues& conditionValue) { - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); - } - std::string sql = "insert into " + it->second.tableName_ + " values("; - int i = 1; - for (const auto& columnName : it->second.tableColumnNames_) { - sql.append(":" + columnName); - if (i < static_cast(it->second.tableColumnNames_.size())) { - sql.append(","); + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(type, tableName); + if (tableName.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Table name is empty."); + return AccessTokenError::ERR_PARAM_INVALID; + } + + std::shared_ptr db = GetRdb(); + if (db == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } + + int32_t deletedRows = 0; + NativeRdb::RdbPredicates predicates(tableName); + AccessTokenDbUtil::ToRdbPredicates(conditionValue, predicates); + + int32_t res = db->Delete(deletedRows, predicates); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s, res is %{public}d.", + tableName.c_str(), res); + int32_t result = RestoreAndDeleteIfCorrupt(res, deletedRows, predicates, db); + if (result != NativeRdb::E_OK) { + return result; } - i += 1; } - sql.append(")"); - return sql; + + LOGI(ATM_DOMAIN, ATM_TAG, "Delete %{public}d records from table %{public}s.", deletedRows, tableName.c_str()); + + return 0; } -std::string AccessTokenDb::CreateDeletePrepareSqlCmd( - const DataType type, const std::vector& columnNames) const +int32_t AccessTokenDb::RestoreAndUpdateIfCorrupt(const int32_t resultCode, int32_t& changedRows, + const NativeRdb::ValuesBucket& bucket, const NativeRdb::RdbPredicates& predicates, + const std::shared_ptr& db) { - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); + if (resultCode != NativeRdb::E_SQLITE_CORRUPT) { + return resultCode; } - std::string sql = "delete from " + it->second.tableName_ + " where 1 = 1"; - for (const auto& columnName : columnNames) { - sql.append(" and "); - sql.append(columnName + "=:" + columnName); + + LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); + int32_t res = db->Restore(""); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + return res; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try update again!"); + + res = db->Update(changedRows, bucket, predicates); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s again, res is %{public}d.", + predicates.GetTableName().c_str(), res); + return res; } - return sql; + + return 0; } -std::string AccessTokenDb::CreateUpdatePrepareSqlCmd(const DataType type, const std::vector& modifyColumns, - const std::vector& conditionColumns) const +int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue) { - if (modifyColumns.empty()) { - return std::string(); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(type, tableName); + if (tableName.empty()) { + return AccessTokenError::ERR_PARAM_INVALID; } - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); + NativeRdb::ValuesBucket bucket; + + AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket); + if (bucket.IsEmpty()) { + return AccessTokenError::ERR_PARAM_INVALID; } - std::string sql = "update " + it->second.tableName_ + " set "; - int i = 1; - for (const auto& columnName : modifyColumns) { - sql.append(columnName + "=:" + columnName); - if (i < static_cast(modifyColumns.size())) { - sql.append(","); + NativeRdb::RdbPredicates predicates(tableName); + AccessTokenDbUtil::ToRdbPredicates(conditionValue, predicates); + + int32_t changedRows = 0; + { + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); + auto db = GetRdb(); + if (db == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } - i += 1; - } - if (!conditionColumns.empty()) { - sql.append(" where 1 = 1"); - for (const auto& columnName : conditionColumns) { - sql.append(" and "); - sql.append(columnName + "=:" + columnName); + int32_t res = db->Update(changedRows, bucket, predicates); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s, res is %{public}d.", + tableName.c_str(), res); + int32_t result = RestoreAndUpdateIfCorrupt(res, changedRows, bucket, predicates, db); + if (result != NativeRdb::E_OK) { + return result; + } } } - return sql; -} -std::string AccessTokenDb::CreateSelectPrepareSqlCmd(const DataType type) const -{ - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); - } - std::string sql = "select * from " + it->second.tableName_; - return sql; + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(ATM_DOMAIN, ATM_TAG, "Modify cost %{public}" PRId64 + ", update %{public}d records from table %{public}s.", endTime - beginTime, changedRows, tableName.c_str()); + + return 0; } -std::string AccessTokenDb::CreateSelectByConditionPrepareSqlCmd( - DataType type, const std::vector& andColumns) const +int32_t AccessTokenDb::RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates& predicates, + const std::vector& columns, std::shared_ptr& queryResultSet, + const std::shared_ptr& db) { - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); + int32_t count = 0; + int32_t res = queryResultSet->GetRowCount(count); + if (res != NativeRdb::E_OK) { + if (res == NativeRdb::E_SQLITE_CORRUPT) { + queryResultSet->Close(); + queryResultSet = nullptr; + + LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); + res = db->Restore(""); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + return res; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try query again!"); + + queryResultSet = db->Query(predicates, columns); + if (queryResultSet == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", + predicates.GetTableName().c_str()); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } + } else { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } } - std::string sql = "select * from " + it->second.tableName_ + " where 1 = 1"; - for (const auto& andColName : andColumns) { - sql.append(" and "); - sql.append(andColName + "=:" + andColName); - } - return sql; + return 0; } -std::string AccessTokenDb::CreateCountPrepareSqlCmd(DataType type) const +int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValue, + std::vector& results) { - auto it = dataTypeToSqlTable_.find(type); - if (it == dataTypeToSqlTable_.end()) { - return std::string(); - } - std::string sql = "select count(*) from " + it->second.tableName_; - return sql; -} + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(type, tableName); + if (tableName.empty()) { + return AccessTokenError::ERR_PARAM_INVALID; + } + + NativeRdb::RdbPredicates predicates(tableName); + AccessTokenDbUtil::ToRdbPredicates(conditionValue, predicates); + + std::vector columns; // empty columns means query all columns + int count = 0; + { + OHOS::Utils::UniqueReadGuard lock(this->rwLock_); + auto db = GetRdb(); + if (db == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } -int AccessTokenDb::CreateHapTokenInfoTable() const -{ - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_HAP_INFO); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string sql = "create table if not exists "; - sql.append(it->second.tableName_ + " (") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_USER_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_BUNDLE_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_INST_INDEX) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_DLP_TYPE) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_APP_ID) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_DEVICE_ID) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_APL) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_TOKEN_VERSION) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_TOKEN_ATTR) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_API_VERSION) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_FORBID_PERM_DIALOG) - .append(INTEGER_STR) - .append("primary key(") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append("))"); - return ExecuteSql(sql); -} + auto queryResultSet = db->Query(predicates, columns); + if (queryResultSet == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", + tableName.c_str()); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } -int AccessTokenDb::CreateNativeTokenInfoTable() const -{ - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_NATIVE_INFO); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string sql = "create table if not exists "; - sql.append(it->second.tableName_ + " (") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_PROCESS_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_TOKEN_VERSION) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_TOKEN_ATTR) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_DCAP) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_NATIVE_ACLS) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_APL) - .append(INTEGER_STR) - .append("primary key(") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append("))"); - return ExecuteSql(sql); -} + int32_t res = RestoreAndQueryIfCorrupt(predicates, columns, queryResultSet, db); + if (res != 0) { + return res; + } -int AccessTokenDb::CreatePermissionDefinitionTable() const -{ - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_DEF); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string sql = "create table if not exists "; - sql.append(it->second.tableName_ + " (") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_BUNDLE_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_GRANT_MODE) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_AVAILABLE_LEVEL) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_PROVISION_ENABLE) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_DISTRIBUTED_SCENE_ENABLE) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_LABEL) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_LABEL_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_DESCRIPTION) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_DESCRIPTION_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_AVAILABLE_TYPE) - .append(INTEGER_STR) - .append("primary key(") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(",") - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append("))"); - return ExecuteSql(sql); -} + while (queryResultSet->GoToNextRow() == NativeRdb::E_OK) { + GenericValues value; + AccessTokenDbUtil::ResultToGenericValues(queryResultSet, value); + if (value.GetAllKeys().empty()) { + continue; + } -int32_t AccessTokenDb::AddAvailableTypeColumn() const -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_DEF); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string checkSql = "SELECT 1 FROM " + it->second.tableName_ + " WHERE " + - TokenFiledConst::FIELD_AVAILABLE_TYPE + "=" + - std::to_string(ATokenAvailableTypeEnum::NORMAL); - int32_t checkResult = ExecuteSql(checkSql); - ACCESSTOKEN_LOG_INFO(LABEL, "Check result:%{public}d", checkResult); - if (checkResult != -1) { - return SUCCESS; + results.emplace_back(value); + count++; + } } - std::string sql = "alter table "; - sql.append(it->second.tableName_ + " add column ") - .append(TokenFiledConst::FIELD_AVAILABLE_TYPE) - .append(" integer default ") - .append(std::to_string(ATokenAvailableTypeEnum::NORMAL)); - int32_t insertResult = ExecuteSql(sql); - ACCESSTOKEN_LOG_INFO(LABEL, "Insert column result:%{public}d.", insertResult); - return insertResult; -} + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(ATM_DOMAIN, ATM_TAG, "Find cost %{public}" PRId64 + ", query %{public}d records from table %{public}s.", endTime - beginTime, count, tableName.c_str()); -int32_t AccessTokenDb::AddRequestToggleStatusColumn() const -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_HAP_INFO); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string sql = "alter table "; - sql.append(it->second.tableName_ + " add column ") - .append(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS) - .append(" integer default ") - .append(std::to_string(0)); // 0: close - int32_t insertResult = ExecuteSql(sql); - ACCESSTOKEN_LOG_INFO(LABEL, "Insert column result:%{public}d.", insertResult); - return insertResult; + return 0; } -int32_t AccessTokenDb::AddPermDialogCapColumn() const +int32_t AccessTokenDb::DeleteAndInsertValues( + const std::vector& delDataTypes, const std::vector& delValues, + const std::vector& addDataTypes, const std::vector>& addValues) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_HAP_INFO); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string checkSql = "SELECT 1 FROM " + it->second.tableName_ + " WHERE " + - TokenFiledConst::FIELD_FORBID_PERM_DIALOG + "=" + std::to_string(false); - int32_t checkResult = ExecuteSql(checkSql); - ACCESSTOKEN_LOG_INFO(LABEL, "Check result:%{public}d.", checkResult); - if (checkResult != -1) { - return SUCCESS; - } + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + { + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); + std::shared_ptr db = GetRdb(); + if (db == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; + } - std::string sql = "alter table "; - sql.append(it->second.tableName_ + " add column ") - .append(TokenFiledConst::FIELD_FORBID_PERM_DIALOG) - .append(" integer default ") - .append(std::to_string(false)); - int32_t insertResult = ExecuteSql(sql); - ACCESSTOKEN_LOG_INFO(LABEL, "Insert column result:%{public}d.", insertResult); - return insertResult; -} + db->BeginTransaction(); -int AccessTokenDb::CreatePermissionStateTable() const -{ - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_STATE); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; - } - std::string sql = "create table if not exists "; - sql.append(it->second.tableName_ + " (") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_DEVICE_ID) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_GRANT_IS_GENERAL) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_GRANT_STATE) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_GRANT_FLAG) - .append(INTEGER_STR) - .append("primary key(") - .append(TokenFiledConst::FIELD_TOKEN_ID) - .append(",") - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append(",") - .append(TokenFiledConst::FIELD_DEVICE_ID) - .append("))"); - return ExecuteSql(sql); -} + int32_t res = 0; + size_t count = delDataTypes.size(); + for (size_t i = 0; i < count; ++i) { + res = RemoveValues(delDataTypes[i], delValues[i]); + if (res != 0) { + db->RollBack(); + return res; + } + } -int32_t AccessTokenDb::CreatePermissionRequestToggleStatusTable() const -{ - auto it = dataTypeToSqlTable_.find(DataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS); - if (it == dataTypeToSqlTable_.end()) { - return FAILURE; + count = addDataTypes.size(); + for (size_t i = 0; i < count; ++i) { + res = AddValues(addDataTypes[i], addValues[i]); + if (res != 0) { + db->RollBack(); + return res; + } + } + + db->Commit(); } - std::string sql = "create table if not exists "; - sql.append(it->second.tableName_ + " (") - .append(TokenFiledConst::FIELD_USER_ID) - .append(INTEGER_STR) - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append(TEXT_STR) - .append(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS) - .append(INTEGER_STR) - .append("primary key(") - .append(TokenFiledConst::FIELD_USER_ID) - .append(",") - .append(TokenFiledConst::FIELD_PERMISSION_NAME) - .append("))"); - return ExecuteSql(sql); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(ATM_DOMAIN, ATM_TAG, "DeleteAndInsertNative cost %{public}" PRId64 ".", endTime - beginTime); + + return 0; } } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3f9c4164d1814a5ff13b9a0f0efe967f58f24327 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "access_token_db_util.h" + +#include + +#include "token_field_const.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::vector g_StringTypeColumns = { + "description", "permission_name", "device_id", "bundle_name", + "app_id", "process_name", "dcap", "native_acls", "label", +}; + +static const std::map g_DateTypeToTableName = { + {AtmDataType::ACCESSTOKEN_HAP_INFO, "hap_token_info_table"}, + {AtmDataType::ACCESSTOKEN_NATIVE_INFO, "native_token_info_table"}, + {AtmDataType::ACCESSTOKEN_PERMISSION_DEF, "permission_definition_table"}, + {AtmDataType::ACCESSTOKEN_PERMISSION_STATE, "permission_state_table"}, + {AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, "permission_request_toggle_status_table"}, +}; +} + +void AccessTokenDbUtil::GetTableNameByType(const AtmDataType type, std::string& tableName) +{ + auto iterator = g_DateTypeToTableName.find(type); + if (iterator != g_DateTypeToTableName.end()) { + tableName = iterator->second; + } +} + +bool AccessTokenDbUtil::IsColumnStringType(const std::string& column) +{ + auto iterator = std::find(g_StringTypeColumns.begin(), g_StringTypeColumns.end(), column); + if (iterator != g_StringTypeColumns.end()) { + return true; + } + + return false; +} + +void AccessTokenDbUtil::ToRdbValueBucket(const GenericValues& value, NativeRdb::ValuesBucket& bucket) +{ + std::vector columnNames = value.GetAllKeys(); + uint32_t size = columnNames.size(); // size 0 means insert or update nonthing, this should ignore + + for (uint32_t i = 0; i < size; ++i) { + std::string column = columnNames[i]; + + if (IsColumnStringType(column)) { + bucket.PutString(column, value.GetString(column)); + } else { + bucket.PutInt(column, value.GetInt(column)); + } + } +} + +void AccessTokenDbUtil::ToRdbValueBuckets(const std::vector& values, + std::vector& buckets) +{ + for (const auto& value : values) { + NativeRdb::ValuesBucket bucket; + + ToRdbValueBucket(value, bucket); + if (bucket.IsEmpty()) { + continue; + } + buckets.emplace_back(bucket); + } +} + +void AccessTokenDbUtil::ToRdbPredicates(const GenericValues& conditionValue, NativeRdb::RdbPredicates& predicates) +{ + std::vector columnNames = conditionValue.GetAllKeys(); + uint32_t size = columnNames.size(); // size 0 is possible, maybe delete or query or update all records + for (uint32_t i = 0; i < size; ++i) { + std::string column = columnNames[i]; + + if (IsColumnStringType(column)) { + predicates.EqualTo(column, conditionValue.GetString(column)); + } else { + predicates.EqualTo(column, conditionValue.GetInt(column)); + } + + if (i != size - 1) { + predicates.And(); + } + } +} + +void AccessTokenDbUtil::ResultToGenericValues(const std::shared_ptr& resultSet, + GenericValues& value) +{ + std::vector columnNames; + resultSet->GetAllColumnNames(columnNames); + uint32_t size = columnNames.size(); // size 0 means insert or update nonthing, this should ignore + + for (uint32_t i = 0; i < size; ++i) { + std::string columnName = columnNames[i]; + int32_t columnIndex = 0; + resultSet->GetColumnIndex(columnName, columnIndex); + + NativeRdb::ColumnType type; + resultSet->GetColumnType(columnIndex, type); + + if (type == NativeRdb::ColumnType::TYPE_INTEGER) { + int32_t data = 0; + resultSet->GetInt(columnIndex, data); + value.Put(columnName, data); + } else if (type == NativeRdb::ColumnType::TYPE_STRING) { + std::string data; + resultSet->GetString(columnIndex, data); + value.Put(columnName, data); + } + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6136237d8ff094c703d688c47a23f11d09facd3e --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp @@ -0,0 +1,486 @@ +/* + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "access_token_open_callback.h" + +#include "access_token_error.h" +#include "access_token.h" +#include "accesstoken_common_log.h" +#include "token_field_const.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr const char* INTEGER_STR = " integer not null,"; +constexpr const char* TEXT_STR = " text not null,"; +// back up name is xxx_slave fixed, can not be changed +constexpr const char* DATABASE_NAME_BACK = "access_token_slave.db"; + +constexpr const uint32_t FLAG_HANDLE_FROM_ONE_TO_TWO = 1; +constexpr const uint32_t FLAG_HANDLE_FROM_TWO_TO_THREE = 1 << 1; +constexpr const uint32_t FLAG_HANDLE_FROM_THREE_TO_FOUR = 1 << 2; +} + +int32_t AccessTokenOpenCallback::CreateHapTokenInfoTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_HAP_INFO, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_USER_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_BUNDLE_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_INST_INDEX) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_DLP_TYPE) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_APP_ID) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_DEVICE_ID) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_APL) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_TOKEN_VERSION) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_TOKEN_ATTR) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_API_VERSION) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_FORBID_PERM_DIALOG) + .append(INTEGER_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreateNativeTokenInfoTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_NATIVE_INFO, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PROCESS_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_TOKEN_VERSION) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_TOKEN_ATTR) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_DCAP) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_NATIVE_ACLS) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_APL) + .append(INTEGER_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreatePermissionDefinitionTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_BUNDLE_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_GRANT_MODE) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_AVAILABLE_LEVEL) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PROVISION_ENABLE) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_DISTRIBUTED_SCENE_ENABLE) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_LABEL) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_LABEL_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_DESCRIPTION) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_DESCRIPTION_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_AVAILABLE_TYPE) + .append(INTEGER_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(",") + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreatePermissionStateTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_DEVICE_ID) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_GRANT_IS_GENERAL) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_GRANT_STATE) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_GRANT_FLAG) + .append(INTEGER_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_TOKEN_ID) + .append(",") + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append(",") + .append(TokenFiledConst::FIELD_DEVICE_ID) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::CreatePermissionRequestToggleStatusTable(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, tableName); + + std::string sql = "create table if not exists " + tableName; + sql.append(" (") + .append(TokenFiledConst::FIELD_USER_ID) + .append(INTEGER_STR) + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append(TEXT_STR) + .append(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS) + .append(INTEGER_STR) + .append("primary key(") + .append(TokenFiledConst::FIELD_USER_ID) + .append(",") + .append(TokenFiledConst::FIELD_PERMISSION_NAME) + .append("))"); + + return rdbStore.ExecuteSql(sql); +} + +int32_t AccessTokenOpenCallback::OnCreate(NativeRdb::RdbStore& rdbStore) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DB OnCreate."); + + int32_t res = CreateHapTokenInfoTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table hap_token_info_table."); + return res; + } + + res = CreateNativeTokenInfoTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table native_token_info_table."); + return res; + } + + res = CreatePermissionDefinitionTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_definition_table."); + return res; + } + + res = CreatePermissionStateTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_state_table."); + return res; + } + + res = CreatePermissionRequestToggleStatusTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_request_toggle_status_table."); + return res; + } + + std::string dbBackPath = std::string(DATABASE_PATH) + std::string(DATABASE_NAME_BACK); + if (access(dbBackPath.c_str(), NativeRdb::E_OK) != 0) { + return 0; + } + + // if OnCreate solution found back up db, restore from backup, may be origin db has lost + LOGW(ATM_DOMAIN, ATM_TAG, "Detech origin database disappear, restore from backup!"); + + res = rdbStore.Restore(""); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + } + + LOGW(ATM_DOMAIN, ATM_TAG, "Database restore from backup success!"); + + return 0; +} + +int32_t AccessTokenOpenCallback::AddAvailableTypeColumn(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, tableName); + + // check if column available_type exsit + std::string checkSql = "SELECT 1 FROM " + tableName + " WHERE " + + TokenFiledConst::FIELD_AVAILABLE_TYPE + "=" + std::to_string(ATokenAvailableTypeEnum::NORMAL); + + int32_t checkRes = rdbStore.ExecuteSql(checkSql); + LOGI(ATM_DOMAIN, ATM_TAG, "Check result is %{public}d.", checkRes); + if (checkRes == NativeRdb::E_OK) { + // success means there exsit column available_type in table + return NativeRdb::E_OK; + } + + // alter table add column + std::string sql = "alter table " + tableName + " add column " + + TokenFiledConst::FIELD_AVAILABLE_TYPE + " integer default " + std::to_string(ATokenAvailableTypeEnum::NORMAL); + + int32_t res = rdbStore.ExecuteSql(sql); + LOGI(ATM_DOMAIN, ATM_TAG, "Insert column result is %{public}d.", res); + + return res; +} + +int32_t AccessTokenOpenCallback::AddRequestToggleStatusColumn(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, tableName); + + // check if column status exsit + std::string checkSql = "SELECT 1 FROM " + tableName + " WHERE " + + TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS + "=" + std::to_string(0); + + int32_t checkRes = rdbStore.ExecuteSql(checkSql); + LOGI(ATM_DOMAIN, ATM_TAG, "Check result is %{public}d.", checkRes); + if (checkRes == NativeRdb::E_OK) { + // success means there exsit column status in table + return NativeRdb::E_OK; + } + + // alter table add column + std::string sql = "alter table " + tableName + " add column " + + TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS + " integer default " + std::to_string(0); // 0: close + + int32_t res = rdbStore.ExecuteSql(sql); + LOGI(ATM_DOMAIN, ATM_TAG, "Insert column result is %{public}d.", res); + + return res; +} + +int32_t AccessTokenOpenCallback::AddPermDialogCapColumn(NativeRdb::RdbStore& rdbStore) +{ + std::string tableName; + AccessTokenDbUtil::GetTableNameByType(AtmDataType::ACCESSTOKEN_HAP_INFO, tableName); + + // check if column perm_dialog_cap_state exsit + std::string checkSql = "SELECT 1 FROM " + tableName + " WHERE " + + TokenFiledConst::FIELD_FORBID_PERM_DIALOG + "=" + std::to_string(0); + + int32_t checkRes = rdbStore.ExecuteSql(checkSql); + LOGI(ATM_DOMAIN, ATM_TAG, "Check result is %{public}d.", checkRes); + if (checkRes == NativeRdb::E_OK) { + // success means there exsit column perm_dialog_cap_state in table + return NativeRdb::E_OK; + } + + // alter table add column + std::string sql = "alter table " + tableName + " add column " + + TokenFiledConst::FIELD_FORBID_PERM_DIALOG + " integer default " + std::to_string(false); + + int32_t res = rdbStore.ExecuteSql(sql); + LOGI(ATM_DOMAIN, ATM_TAG, "Insert column result is %{public}d.", res); + + return res; +} + +int32_t AccessTokenOpenCallback::HandleUpdateWithFlag(NativeRdb::RdbStore& rdbStore, uint32_t flag) +{ + int32_t res = NativeRdb::E_OK; + + if ((flag & FLAG_HANDLE_FROM_ONE_TO_TWO) == FLAG_HANDLE_FROM_ONE_TO_TWO) { + res = AddAvailableTypeColumn(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to add column available_type."); + return res; + } + + res = AddPermDialogCapColumn(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to add column perm_dialog_cap_state."); + return res; + } + } + + if ((flag & FLAG_HANDLE_FROM_TWO_TO_THREE) == FLAG_HANDLE_FROM_TWO_TO_THREE) { + res = CreatePermissionRequestToggleStatusTable(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create table permission_request_toggle_status_table."); + return res; + } + } + + if ((flag & FLAG_HANDLE_FROM_THREE_TO_FOUR) == FLAG_HANDLE_FROM_THREE_TO_FOUR) { + res = AddRequestToggleStatusColumn(rdbStore); + if (res != NativeRdb::E_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to add column status."); + return res; + } + } + + return res; +} + +int32_t AccessTokenOpenCallback::UpdateFromVersionOne(NativeRdb::RdbStore& rdbStore, int32_t targetVersion) +{ + int32_t res = 0; + uint32_t flag = 0; + + switch (targetVersion) { + case DATABASE_VERSION_2: + flag = FLAG_HANDLE_FROM_ONE_TO_TWO; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + case DATABASE_VERSION_3: + flag = FLAG_HANDLE_FROM_ONE_TO_TWO + FLAG_HANDLE_FROM_TWO_TO_THREE; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + case DATABASE_VERSION_4: + flag = FLAG_HANDLE_FROM_ONE_TO_TWO + FLAG_HANDLE_FROM_TWO_TO_THREE + FLAG_HANDLE_FROM_THREE_TO_FOUR; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + default: + break; + } + + return res; +} + +int32_t AccessTokenOpenCallback::UpdateFromVersionTwo(NativeRdb::RdbStore& rdbStore, int32_t targetVersion) +{ + int32_t res = 0; + uint32_t flag = 0; + + switch (targetVersion) { + case DATABASE_VERSION_3: + flag = FLAG_HANDLE_FROM_TWO_TO_THREE; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + case DATABASE_VERSION_4: + flag = FLAG_HANDLE_FROM_TWO_TO_THREE + FLAG_HANDLE_FROM_THREE_TO_FOUR; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + default: + break; + } + + return res; +} + +int32_t AccessTokenOpenCallback::UpdateFromVersionThree(NativeRdb::RdbStore& rdbStore, int32_t targetVersion) +{ + int32_t res = 0; + uint32_t flag = 0; + + switch (targetVersion) { + case DATABASE_VERSION_4: + flag = FLAG_HANDLE_FROM_THREE_TO_FOUR; + res = HandleUpdateWithFlag(rdbStore, flag); + if (res != NativeRdb::E_OK) { + return res; + } + break; + + default: + break; + } + + return res; +} + +int32_t AccessTokenOpenCallback::OnUpgrade(NativeRdb::RdbStore& rdbStore, int32_t currentVersion, int32_t targetVersion) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DB OnUpgrade from currentVersion %{public}d to targetVersion %{public}d.", + currentVersion, targetVersion); + + int32_t res = 0; + + switch (currentVersion) { + case DATABASE_VERSION_1: + res = UpdateFromVersionOne(rdbStore, targetVersion); + if (res != 0) { + return res; + } + break; + + case DATABASE_VERSION_2: + res = UpdateFromVersionTwo(rdbStore, targetVersion); + if (res != 0) { + return res; + } + break; + + case DATABASE_VERSION_3: + res = UpdateFromVersionThree(rdbStore, targetVersion); + if (res != 0) { + return res; + } + break; + + default: + break; + } + + return res; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp index 595fa0e179e4e1ddac28cd34cd954a1db1a1e672..7fccb5ec2a0ae71722207044aa3fdda6bfc954d3 100644 --- a/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp @@ -18,7 +18,7 @@ #include #include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "data_validator.h" #include "permission_validator.h" @@ -27,9 +27,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DataTranslator"}; -} int DataTranslator::TranslationIntoGenericValues(const PermissionDef& inPermissionDef, GenericValues& outGenericValues) { @@ -55,7 +52,7 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV outPermissionDef.grantMode = inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_MODE); int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_AVAILABLE_LEVEL); if (!DataValidator::IsAplNumValid(aplNum)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Apl is wrong."); + LOGE(ATM_DOMAIN, ATM_TAG, "Apl is wrong."); return ERR_PARAM_INVALID; } outPermissionDef.availableLevel = static_cast(aplNum); @@ -71,70 +68,52 @@ int DataTranslator::TranslationIntoPermissionDef(const GenericValues& inGenericV return RET_SUCCESS; } -int DataTranslator::TranslationIntoGenericValues(const PermissionStateFull& inPermissionState, - const unsigned int grantIndex, GenericValues& outGenericValues) +int DataTranslator::TranslationIntoGenericValues(const PermissionStatus& inPermissionState, + GenericValues& outGenericValues) { - if (grantIndex >= inPermissionState.resDeviceID.size() || grantIndex >= inPermissionState.grantStatus.size() || - grantIndex >= inPermissionState.grantFlags.size()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Perm status grant size is wrong"); - return ERR_PARAM_INVALID; - } outGenericValues.Put(TokenFiledConst::FIELD_PERMISSION_NAME, inPermissionState.permissionName); - outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, inPermissionState.resDeviceID[grantIndex]); - outGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, inPermissionState.isGeneral ? 1 : 0); - outGenericValues.Put(TokenFiledConst::FIELD_GRANT_STATE, inPermissionState.grantStatus[grantIndex]); - int32_t grantFlags = static_cast(inPermissionState.grantFlags[grantIndex]); - outGenericValues.Put(TokenFiledConst::FIELD_GRANT_FLAG, grantFlags); + outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); + outGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); + outGenericValues.Put(TokenFiledConst::FIELD_GRANT_STATE, inPermissionState.grantStatus); + int32_t grantFlag = static_cast(inPermissionState.grantFlag); + outGenericValues.Put(TokenFiledConst::FIELD_GRANT_FLAG, grantFlag); return RET_SUCCESS; } -int DataTranslator::TranslationIntoPermissionStateFull(const GenericValues& inGenericValues, - PermissionStateFull& outPermissionState) +int DataTranslator::TranslationIntoPermissionStatus(const GenericValues& inGenericValues, + PermissionStatus& outPermissionState) { - outPermissionState.isGeneral = - ((inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_IS_GENERAL) == 1) ? true : false); outPermissionState.permissionName = inGenericValues.GetString(TokenFiledConst::FIELD_PERMISSION_NAME); if (!DataValidator::IsPermissionNameValid(outPermissionState.permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission name is wrong"); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission name is wrong"); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "permission name error"); return ERR_PARAM_INVALID; } - std::string devID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID); - if (!DataValidator::IsDeviceIdValid(devID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "DevID is wrong"); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "permission deviceId error"); - return ERR_PARAM_INVALID; - } - outPermissionState.resDeviceID.push_back(devID); - int grantFlag = (PermissionFlag)inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_FLAG); if (!PermissionValidator::IsPermissionFlagValid(grantFlag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantFlag is wrong"); + LOGE(ATM_DOMAIN, ATM_TAG, "GrantFlag is wrong"); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "permission grant flag error"); return ERR_PARAM_INVALID; } - - outPermissionState.grantFlags.push_back(grantFlag); + outPermissionState.grantFlag = static_cast(grantFlag); int grantStatus = (PermissionState)inGenericValues.GetInt(TokenFiledConst::FIELD_GRANT_STATE); if (!PermissionValidator::IsGrantStatusValid(grantStatus)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantStatus is wrong"); + LOGE(ATM_DOMAIN, ATM_TAG, "GrantStatus is wrong"); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "permission grant status error"); return ERR_PARAM_INVALID; } - if (grantFlag == PERMISSION_ALLOW_THIS_TIME) { + if (static_cast(grantFlag) & PERMISSION_ALLOW_THIS_TIME) { grantStatus = PERMISSION_DENIED; } - outPermissionState.grantStatus.push_back(grantStatus); + outPermissionState.grantStatus = grantStatus; return RET_SUCCESS; } diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..18558ee01ff2c7a3d5b34c505385f8f4ef4b849a --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hisysevent_adapter.h" +#include "accesstoken_common_log.h" +#include "hisysevent.h" +#include "time_util.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static const std::string ACCESSTOKEN_PROCESS_NAME = "accesstoken_service"; +static constexpr char ADD_DOMAIN[] = "PERFORMANCE"; +} + +void ReportSysEventPerformance() +{ + // accesstoken_service add CPU_SCENE_ENTRY system event in OnStart, avoid CPU statistics + long id = 1 << 0; // first scene + int64_t time = AccessToken::TimeUtil::GetCurrentTimestamp(); + + int32_t ret = HiSysEventWrite(ADD_DOMAIN, "CPU_SCENE_ENTRY", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "PACKAGE_NAME", ACCESSTOKEN_PROCESS_NAME, "SCENE_ID", std::to_string(id).c_str(), "HAPPEN_TIME", time); + if (ret != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to report performance, ret %{public}d.", ret); + } +} + +void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START", + HiviewDFX::HiSysEvent::EventType::STATISTIC, + "PID", pid, "HAP_SIZE", hapSize, "NATIVE_SIZE", nativeSize, "PERM_DEFINITION_SIZE", permDefSize); + if (ret != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} + +void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", scene, "ERROR_CODE", errCode, "ERROR_MSG", errMsg); + if (ret != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp index 19f9d2a989b4a6fe49dac05042cc3f5c86cccec8..6d251b17755d9ef6c88a03c7d11c0061277e1c03 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp @@ -14,41 +14,33 @@ */ #include "form_instance.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "FormInstance" -}; -} + bool FormInstance::ReadFromParcel(Parcel &parcel) { if (!parcel.ReadInt64(formId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt64 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt64 failed."); return false; } std::u16string u16FormHostName; if (!parcel.ReadString16(u16FormHostName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString16 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString16 failed."); return false; } formHostName_ = Str16ToStr8(u16FormHostName); int32_t formVisiblity; - if (!parcel.ReadInt32(formVisiblity)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + if ((!parcel.ReadInt32(formVisiblity)) || (!parcel.ReadInt32(specification_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return false; } formVisiblity_ = static_cast(formVisiblity); - if (!parcel.ReadInt32(specification_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); - return false; - } std::u16string u16BundleName; std::u16string u16ModuleName; @@ -56,7 +48,7 @@ bool FormInstance::ReadFromParcel(Parcel &parcel) std::u16string u16FormName; if (!parcel.ReadString16(u16BundleName) || (!parcel.ReadString16(u16ModuleName)) || (!parcel.ReadString16(u16AbilityName)) || (!parcel.ReadString16(u16FormName))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString16 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString16 failed."); return false; } bundleName_ = Str16ToStr8(u16BundleName); @@ -66,57 +58,64 @@ bool FormInstance::ReadFromParcel(Parcel &parcel) int32_t formUsageState; if (!parcel.ReadInt32(formUsageState)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return false; } formUsageState_ = static_cast(formUsageState); + std::u16string u16description; + if (!parcel.ReadString16(u16description)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString16 failed."); + return false; + } + description_ = Str16ToStr8(u16description); + + if ((!parcel.ReadInt32(appIndex_)) || (!parcel.ReadInt32(userId_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); + return false; + } + return true; } bool FormInstance::Marshalling(Parcel &parcel) const { if (!parcel.WriteInt64(formId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt64 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt64 failed."); return false; } if (!parcel.WriteString16(Str8ToStr16(formHostName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteInt32(static_cast(formVisiblity_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString16 failed."); return false; } - if (!parcel.WriteInt32(specification_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + if ((!parcel.WriteInt32(static_cast(formVisiblity_))) || (!parcel.WriteInt32(specification_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } - if (!parcel.WriteString16(Str8ToStr16(bundleName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); + if ((!parcel.WriteString16(Str8ToStr16(bundleName_))) || (!parcel.WriteString16(Str8ToStr16(moduleName_))) || + (!parcel.WriteString16(Str8ToStr16(abilityName_))) || (!parcel.WriteString16(Str8ToStr16(formName_)))) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString16 failed."); return false; } - if (!parcel.WriteString16(Str8ToStr16(moduleName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); + if (!parcel.WriteInt32(static_cast(formUsageState_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } - - if (!parcel.WriteString16(Str8ToStr16(abilityName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); + if (!parcel.WriteString16(Str8ToStr16(description_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString16 failed."); return false; } - if (!parcel.WriteString16(Str8ToStr16(formName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); + if (!parcel.WriteInt32(appIndex_)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } - if (!parcel.WriteInt32(static_cast(formUsageState_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + if (!parcel.WriteInt32(userId_)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } return true; diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp index 8909f95b27bf9f18beba06131793a36f5dff7c00..b7b26361447d5c556a7711fba5ecb8ca0f42fc84 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp @@ -15,7 +15,7 @@ #include "form_manager_access_client.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -23,9 +23,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "FormManagerAccessClient" -}; std::recursive_mutex g_instanceMutex; } // namespace @@ -35,7 +32,8 @@ FormManagerAccessClient& FormManagerAccessClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new FormManagerAccessClient(); + FormManagerAccessClient* tmp = new FormManagerAccessClient(); + instance = std::move(tmp); } } return *instance; @@ -54,12 +52,12 @@ int32_t FormManagerAccessClient::RegisterAddObserver( const std::string &bundleName, const sptr &callerToken) { if (callerToken == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); return -1; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return -1; } return proxy->RegisterAddObserver(bundleName, callerToken); @@ -69,12 +67,12 @@ int32_t FormManagerAccessClient::RegisterRemoveObserver( const std::string &bundleName, const sptr &callerToken) { if (callerToken == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); return -1; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return -1; } return proxy->RegisterRemoveObserver(bundleName, callerToken); @@ -84,7 +82,7 @@ bool FormManagerAccessClient::HasFormVisible(const uint32_t tokenId) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); return false; } return proxy->HasFormVisible(tokenId); @@ -94,12 +92,12 @@ void FormManagerAccessClient::InitProxy() { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null."); return; } auto formManagerSa = sam->GetSystemAbility(FORM_MGR_SERVICE_ID); if (formManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null.", + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null.", APP_MGR_SERVICE_ID); return; } @@ -109,9 +107,9 @@ void FormManagerAccessClient::InitProxy() formManagerSa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = iface_cast(formManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null."); + proxy_ = new FormManagerAccessProxy(formManagerSa); + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null."); } } @@ -124,7 +122,7 @@ void FormManagerAccessClient::OnRemoteDiedHandle() sptr FormManagerAccessClient::GetProxy() { std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { InitProxy(); } return proxy_; diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp index 9728235c6e0b4b5c26a07423f2589d2bffa1a918..12e483354015c566f11fc2d521c5df4852e2ae18 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp @@ -14,13 +14,12 @@ */ #include "form_manager_access_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "FormManagerAccessProxy"}; static constexpr int32_t ERROR = -1; } @@ -31,21 +30,26 @@ int32_t FormManagerAccessProxy::RegisterAddObserver( MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERROR; } if (!data.WriteString(bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write bundleName failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write bundleName failed."); return ERROR; } if (!data.WriteRemoteObject(callerToken)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write callerToken failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_REGISTER_ADD_OBSERVER), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterAddObserver failed, error: %{public}d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "RegisterAddObserver failed, error: %{public}d", error); return ERROR; } return reply.ReadInt32(); @@ -58,21 +62,26 @@ int32_t FormManagerAccessProxy::RegisterRemoveObserver( MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return ERROR; } if (!data.WriteString(bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write bundleName failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write bundleName failed."); return ERROR; } if (!data.WriteRemoteObject(callerToken)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write callerToken failed."); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); return ERROR; } - int32_t error = Remote()->SendRequest( + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_REGISTER_REMOVE_OBSERVER), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnregisterAddObserver failed, error: %d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "UnregisterAddObserver failed, error: %d", error); return error; } return reply.ReadInt32(); @@ -84,18 +93,23 @@ bool FormManagerAccessProxy::HasFormVisible(const uint32_t tokenId) MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); return false; } if (!data.WriteUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write tokenId."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write tokenId."); return false; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return false; + } + int32_t error = remote->SendRequest( static_cast(IFormMgr::Message::FORM_MGR_HAS_FORM_VISIBLE_WITH_TOKENID), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get form visibility failed, error: %{public}d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "Get form visibility failed, error: %{public}d", error); return false; } return reply.ReadBool(); diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp index 9ad8b8231e60637c17be117364c9728295efaafc..81362db775dd6530bf24cead5703fa489bf3b87c 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp @@ -14,21 +14,16 @@ */ #include "form_manager_death_recipient.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "form_manager_access_client.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "FormMgrDeathRecipient" -}; -} // namespace void FormMgrDeathRecipient::OnRemoteDied(const wptr& object) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called", __func__); FormManagerAccessClient::GetInstance().OnRemoteDiedHandle(); } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp index fc8c18e86c8cf48c41eff79e5ba7cb85d21b8dc3..fac1298684034d84808e4a3d117636ea6aceb43e 100644 --- a/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp +++ b/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp @@ -15,7 +15,7 @@ #include "form_status_change_callback.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" namespace OHOS { @@ -23,26 +23,23 @@ namespace Security { namespace AccessToken { namespace { static constexpr int32_t MAX_ALLOW_SIZE = 8 * 1024; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "FormStateObserverStub" -}; } FormStateObserverStub::FormStateObserverStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "FormStateObserverStub Instance create."); + LOGI(ATM_DOMAIN, ATM_TAG, "FormStateObserverStub Instance create."); } FormStateObserverStub::~FormStateObserverStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "FormStateObserverStub Instance destroy."); + LOGI(ATM_DOMAIN, ATM_TAG, "FormStateObserverStub Instance destroy."); } int32_t FormStateObserverStub::OnRemoteRequest( uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { if (data.ReadInterfaceToken() != GetDescriptor()) { - ACCESSTOKEN_LOG_INFO(LABEL, "FormStateObserverStub: ReadInterfaceToken failed."); + LOGI(ATM_DOMAIN, ATM_TAG, "FormStateObserverStub: ReadInterfaceToken failed."); return ERROR_IPC_REQUEST_FAIL; } switch (static_cast(code)) { @@ -51,7 +48,7 @@ int32_t FormStateObserverStub::OnRemoteRequest( return NO_ERROR; } default: { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Default case code: %{public}d.", code); + LOGD(ATM_DOMAIN, ATM_TAG, "Default case code: %{public}d.", code); return IPCObjectStub::OnRemoteRequest(code, data, reply, option); } } @@ -65,13 +62,13 @@ int32_t FormStateObserverStub::HandleNotifyWhetherFormsVisible(MessageParcel &da std::vector formInstances; int32_t infoSize = data.ReadInt32(); if (infoSize < 0 || infoSize > MAX_ALLOW_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid size: %{public}d.", infoSize); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid size: %{public}d.", infoSize); return ERR_OVERSIZE; } for (int32_t i = 0; i < infoSize; i++) { std::unique_ptr info(data.ReadParcelable()); if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Read Parcelable infos."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Read Parcelable infos."); return RET_FAILED; } formInstances.emplace_back(*info); diff --git a/services/accesstokenmanager/main/cpp/src/form_manager/running_form_info.cpp b/services/accesstokenmanager/main/cpp/src/form_manager/running_form_info.cpp deleted file mode 100644 index 94400c08e017d725fbe9133cdc0ed362fb0ce0ae..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/form_manager/running_form_info.cpp +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "running_form_info.h" -#include "accesstoken_log.h" -#include "string_ex.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "RunningFormInfo" -}; -} -bool RunningFormInfo::ReadFromParcel(Parcel &parcel) -{ - if (!parcel.ReadInt64(formId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - std::u16string u16FormName; - std::u16string u16BundleName; - std::u16string u16ModuleName; - std::u16string u16AbilityName; - if ((!parcel.ReadString16(u16FormName)) || (!parcel.ReadString16(u16BundleName)) || - (!parcel.ReadString16(u16ModuleName)) || (!parcel.ReadString16(u16AbilityName))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString16 failed."); - return false; - } - formName_ = Str16ToStr8(u16FormName); - bundleName_ = Str16ToStr8(u16BundleName); - moduleName_ = Str16ToStr8(u16ModuleName); - abilityName_ = Str16ToStr8(u16AbilityName); - - if (!parcel.ReadString(description_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString failed."); - return false; - } - - if (!parcel.ReadInt32(dimension_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); - return false; - } - - std::u16string u16HostBundleName; - if (!parcel.ReadString16(u16HostBundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString16 failed."); - return false; - } - hostBundleName_ = Str16ToStr8(u16HostBundleName); - - int32_t formVisiblity; - int32_t formUsageState; - int32_t formLocation; - if ((!parcel.ReadInt32(formVisiblity)) || (!parcel.ReadInt32(formUsageState)) || - (!parcel.ReadInt32(formLocation))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); - return false; - } - formVisiblity_ = static_cast(formVisiblity); - formUsageState_ = static_cast(formUsageState); - formLocation_ = static_cast(formLocation); - return true; -} - -bool RunningFormInfo::Marshalling(Parcel &parcel) const -{ - if (!parcel.WriteInt64(formId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt64 failed."); - return false; - } - - if (!parcel.WriteString16(Str8ToStr16(formName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteString16(Str8ToStr16(bundleName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteString16(Str8ToStr16(moduleName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteString16(Str8ToStr16(abilityName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteString(description_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed."); - return false; - } - - if (!parcel.WriteInt32(dimension_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); - return false; - } - - if (!parcel.WriteString16(Str8ToStr16(hostBundleName_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); - return false; - } - - if (!parcel.WriteInt32((int32_t)formVisiblity_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); - return false; - } - - if (!parcel.WriteInt32(static_cast(formUsageState_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); - return false; - } - - if (!parcel.WriteInt32(static_cast(formLocation_))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); - return false; - } - return true; -} - -RunningFormInfo* RunningFormInfo::Unmarshalling(Parcel &parcel) -{ - std::unique_ptr object = std::make_unique(); - if (object && !object->ReadFromParcel(parcel)) { - object = nullptr; - return nullptr; - } - return object.release(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp index 2efc2cc774ab8822d83c43016d27dc388f0c6e10..a78ccefb4d7bdf83defdd8d2073c0fdbb900e6c0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp @@ -18,7 +18,7 @@ #include #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "data_validator.h" #include "securec.h" @@ -27,7 +27,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetManager"}; std::recursive_mutex g_instanceMutex; } @@ -37,7 +36,8 @@ DlpPermissionSetManager& DlpPermissionSetManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new DlpPermissionSetManager(); + DlpPermissionSetManager* tmp = new DlpPermissionSetManager(); + instance = std::move(tmp); } } return *instance; @@ -54,7 +54,7 @@ void DlpPermissionSetManager::ProcessDlpPermInfos(const std::vectorpermissionName); if (it != dlpPermissionModeMap_.end()) { - ACCESSTOKEN_LOG_WARN(LABEL, + LOGW(ATM_DOMAIN, ATM_TAG, "info for permission: %{public}s dlpMode %{public}d has been insert, please check!", iter->permissionName.c_str(), iter->dlpMode); continue; @@ -67,7 +67,7 @@ int32_t DlpPermissionSetManager::GetPermDlpMode(const std::string& permissionNam { auto it = dlpPermissionModeMap_.find(permissionName); if (it == dlpPermissionModeMap_.end()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Can not find permission: %{public}s in dlp permission cfg", + LOGD(ATM_DOMAIN, ATM_TAG, "Can not find permission: %{public}s in dlp permission cfg", permissionName.c_str()); return DLP_PERM_ALL; } @@ -75,17 +75,17 @@ int32_t DlpPermissionSetManager::GetPermDlpMode(const std::string& permissionNam } void DlpPermissionSetManager::UpdatePermStateWithDlpInfo(int32_t hapDlpType, - std::vector& permStateList) + std::vector& permStateList) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DlpType: %{public}d", hapDlpType); + LOGD(ATM_DOMAIN, ATM_TAG, "DlpType: %{public}d", hapDlpType); for (auto iter = permStateList.begin(); iter != permStateList.end(); ++iter) { - if (iter->grantStatus[0] == PERMISSION_DENIED) { + if (iter->grantStatus == PERMISSION_DENIED) { continue; } int32_t permissionDlpMode = GetPermDlpMode(iter->permissionName); bool res = IsPermDlpModeAvailableToDlpHap(hapDlpType, permissionDlpMode); if (!res) { - iter->grantStatus[0] = PERMISSION_DENIED; + iter->grantStatus = PERMISSION_DENIED; } } } @@ -99,7 +99,7 @@ bool DlpPermissionSetManager::IsPermissionAvailableToDlpHap(int32_t hapDlpType, bool DlpPermissionSetManager::IsPermDlpModeAvailableToDlpHap(int32_t hapDlpType, int32_t permDlpMode) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "DlpType: %{public}d dlpMode %{public}d", hapDlpType, permDlpMode); + LOGD(ATM_DOMAIN, ATM_TAG, "DlpType: %{public}d dlpMode %{public}d", hapDlpType, permDlpMode); /* permission is available to all dlp hap */ if ((hapDlpType == DLP_COMMON) || (permDlpMode == DLP_PERM_ALL)) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp b/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp deleted file mode 100644 index 4752ecf381f7cbb8db4a8b4b0fdeffa53c40cc12..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "dlp_permission_set_parser.h" - -#include -#include -#include -#include -#include - -#include "access_token_error.h" -#include "accesstoken_log.h" -#include "data_validator.h" -#include "dlp_permission_set_manager.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DlpPermissionSetParser"}; -std::recursive_mutex g_instanceMutex; -} - -// nlohmann json need the function named from_json to parse -void from_json(const nlohmann::json& j, PermissionDlpMode& p) -{ - if (j.find("name") == j.end() || (!j.at("name").is_string())) { - return; - } - p.permissionName = j.at("name").get(); - if (!DataValidator::IsProcessNameValid(p.permissionName)) { - return; - } - - if (j.find("dlpGrantRange") == j.end() || (!j.at("dlpGrantRange").is_string())) { - return; - } - std::string dlpModeStr = j.at("dlpGrantRange").get(); - if (dlpModeStr == "all") { - p.dlpMode = DLP_PERM_ALL; - return; - } - if (dlpModeStr == "full_control") { - p.dlpMode = DLP_PERM_FULL_CONTROL; - return; - } - p.dlpMode = DLP_PERM_NONE; - return; -} - -int32_t DlpPermissionSetParser::ParserDlpPermsRawData(const std::string& dlpPermsRawData, - std::vector& dlpPerms) -{ - nlohmann::json jsonRes = nlohmann::json::parse(dlpPermsRawData, nullptr, false); - if (jsonRes.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - - if ((jsonRes.find("dlpPermissions") != jsonRes.end()) && (jsonRes.at("dlpPermissions").is_array())) { - nlohmann::json dlpPermTokenJson = jsonRes.at("dlpPermissions").get(); - dlpPerms = dlpPermTokenJson.get>(); - } - - return RET_SUCCESS; -} - -int32_t DlpPermissionSetParser::ReadCfgFile(std::string& dlpPermsRawData) -{ - int32_t fd = open(CLONE_PERMISSION_CONFIG_FILE.c_str(), O_RDONLY); - if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Open failed errno %{public}d.", errno); - return ERR_FILE_OPERATE_FAILED; - } - struct stat statBuffer; - - if (fstat(fd, &statBuffer) != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fstat failed errno %{public}d.", errno); - close(fd); - return ERR_FILE_OPERATE_FAILED; - } - - if (statBuffer.st_size == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Config file size is 0."); - close(fd); - return ERR_PARAM_INVALID; - } - if (statBuffer.st_size > MAX_CLONE_PERMISSION_CONFIG_FILE_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Config file size is too large."); - close(fd); - return ERR_OVERSIZE; - } - dlpPermsRawData.reserve(statBuffer.st_size); - - char buff[MAX_BUFFER_SIZE] = { 0 }; - ssize_t readLen = 0; - while ((readLen = read(fd, buff, MAX_BUFFER_SIZE)) > 0) { - dlpPermsRawData.append(buff, readLen); - } - close(fd); - - if (readLen == 0) { - return RET_SUCCESS; - } - return ERR_FILE_OPERATE_FAILED; -} - -int32_t DlpPermissionSetParser::Init() -{ - if (ready_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlp permission has been set."); - return RET_SUCCESS; - } - - std::string dlpPermsRawData; - int32_t ret = ReadCfgFile(dlpPermsRawData); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadCfgFile failed."); - return ret; - } - std::vector dlpPerms; - ret = ParserDlpPermsRawData(dlpPermsRawData, dlpPerms); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ParserDlpPermsRawData failed."); - return ERR_FILE_OPERATE_FAILED; - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); - - ready_ = true; - ACCESSTOKEN_LOG_INFO(LABEL, "Init ok."); - return RET_SUCCESS; -} - -DlpPermissionSetParser& DlpPermissionSetParser::GetInstance() -{ - static DlpPermissionSetParser* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new DlpPermissionSetParser(); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8caae91ebe17c69044335bd3875aa9f29ca8f6bf --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -0,0 +1,704 @@ +/* + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_data_brief.h" + +#include +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "constant_common.h" +#include "permission_map.h" +#include "perm_setproc.h" +#include "permission_validator.h" +#include "accesstoken_id_manager.h" +#include "data_validator.h" +#include "token_field_const.h" +#include "data_translator.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +std::recursive_mutex g_briefInstanceMutex; + +PermissionDataBrief& PermissionDataBrief::GetInstance() +{ + static PermissionDataBrief* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_briefInstanceMutex); + if (instance == nullptr) { + PermissionDataBrief* tmp = new PermissionDataBrief(); + instance = std::move(tmp); + } + } + return *instance; +} + +bool PermissionDataBrief::GetPermissionBriefData(const PermissionStatus &permState, BriefPermData& briefPermData) +{ + uint32_t code; + if (TransferPermissionToOpcode(permState.permissionName, code) && + PermissionValidator::IsGrantStatusValid(permState.grantStatus)) { + briefPermData.status = static_cast(permState.grantStatus); + briefPermData.permCode = code; + briefPermData.flag = permState.grantFlag; + return true; + } + + return false; +} + +bool PermissionDataBrief::GetPermissionStatus(const BriefPermData& briefPermData, PermissionStatus &permState) +{ + std::string permissionName; + if (TransferOpcodeToPermission(briefPermData.permCode, permissionName)) { + permState.grantStatus = static_cast(briefPermData.status); + permState.permissionName = permissionName; + permState.grantFlag = briefPermData.flag; + return true; + } + return false; +} + +void PermissionDataBrief::GetPermissionBriefDataList(const std::vector &permStateList, + std::vector& list) +{ + for (const auto& state : permStateList) { + BriefPermData data = {0}; + if (GetPermissionBriefData(state, data)) { + list.emplace_back(data); + } + } +} + +int32_t PermissionDataBrief::AddBriefPermDataByTokenId( + AccessTokenID tokenID, const std::vector& listInput) +{ + auto iter = requestedPermData_.find(tokenID); + if (iter != requestedPermData_.end()) { + requestedPermData_.erase(tokenID); + } + requestedPermData_[tokenID] = listInput; + return RET_SUCCESS; +} + +void PermissionDataBrief::AddPermToBriefPermission( + AccessTokenID tokenId, const std::vector& permStateList, bool defCheck) +{ + ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); + std::vector permStateListRes; + if (defCheck) { + PermissionValidator::FilterInvalidPermissionState(tokenType, true, permStateList, permStateListRes); + } else { + permStateListRes.assign(permStateList.begin(), permStateList.end()); + } + + std::vector list; + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + GetPermissionBriefDataList(permStateListRes, list); + AddBriefPermDataByTokenId(tokenId, list); +} + +void PermissionDataBrief::UpdatePermStatus(const BriefPermData& permOld, BriefPermData& permNew) +{ + // if user_grant permission is not operated by user, it keeps the new initalized state. + // the new state can be pre_authorization. + if ((permOld.flag == PERMISSION_DEFAULT_FLAG) && (permOld.status == PERMISSION_DENIED)) { + return; + } + // if old user_grant permission is granted by pre_authorization fixed, it keeps the new initalized state. + // the new state can be pre_authorization or not. + if ((permOld.flag == PERMISSION_SYSTEM_FIXED) || + // if old user_grant permission is granted by pre_authorization unfixed + // and the user has not operated this permission, it keeps the new initalized state. + (permOld.flag == PERMISSION_GRANTED_BY_POLICY)) { + return; + } + + permNew.status = permOld.status; + permNew.flag = permOld.flag; +} + +void PermissionDataBrief::Update(AccessTokenID tokenId, const std::vector& permStateList) +{ + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + std::vector permStateFilterList; + PermissionValidator::FilterInvalidPermissionState(TOKEN_HAP, true, permStateList, permStateFilterList); + LOGI(ATM_DOMAIN, ATM_TAG, "PermStateFilterList size: %{public}zu.", permStateFilterList.size()); + + std::vector newList; + GetPermissionBriefDataList(permStateFilterList, newList); + std::vector briefPermDataList; + (void)GetBriefPermDataByTokenIdInner(tokenId, briefPermDataList); + for (BriefPermData& newPermData : newList) { + auto iter = std::find_if(briefPermDataList.begin(), briefPermDataList.end(), + [newPermData](const BriefPermData& oldPermData) { + return newPermData.permCode == oldPermData.permCode; + }); + if (iter != briefPermDataList.end()) { + UpdatePermStatus(*iter, newPermData); + } + } + AddBriefPermDataByTokenId(tokenId, newList); +} + +uint32_t PermissionDataBrief::GetFlagWroteToDb(uint32_t grantFlag) +{ + return ConstantCommon::GetFlagWithoutSpecifiedElement(grantFlag, PERMISSION_COMPONENT_SET); +} + +void PermissionDataBrief::RestorePermissionBriefData(AccessTokenID tokenId, + const std::vector& permStateRes) +{ + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + std::vector list; + for (const GenericValues& stateValue : permStateRes) { + if ((AccessTokenID)stateValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID) != tokenId) { + continue; + } + PermissionStatus state; + int ret = DataTranslator::TranslationIntoPermissionStatus(stateValue, state); + if (ret == RET_SUCCESS) { + BriefPermData data = {0}; + if (!GetPermissionBriefData(state, data)) { + continue; + } + MergePermBriefData(list, data); + } else { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId 0x%{public}x permState is wrong.", tokenId); + } + } + AddBriefPermDataByTokenId(tokenId, list); +} + +void PermissionDataBrief::MergePermBriefData(std::vector& permBriefDataList, + BriefPermData& data) +{ + uint32_t flag = GetFlagWroteToDb(data.flag); + data.flag = flag; + for (auto iter = permBriefDataList.begin(); iter != permBriefDataList.end(); iter++) { + if (data.permCode == iter->permCode) { + iter->status = data.status; + iter->flag = data.flag; + LOGD(ATM_DOMAIN, ATM_TAG, "Update permission: %{public}d.", static_cast(data.permCode)); + return; + } + } + LOGD(ATM_DOMAIN, ATM_TAG, "Add permission: %{public}d.", static_cast(data.permCode)); + permBriefDataList.emplace_back(data); +} + +int32_t PermissionDataBrief::StorePermissionBriefData(AccessTokenID tokenId, + std::vector& permStateValueList) +{ + std::vector permBriefDatalist; + { + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + int32_t ret = GetBriefPermDataByTokenIdInner(tokenId, permBriefDatalist); + if (ret != RET_SUCCESS) { + return ret; + } + } + + for (const auto& data : permBriefDatalist) { + LOGD(ATM_DOMAIN, ATM_TAG, "PermissionName: %{public}d", static_cast(data.permCode)); + GenericValues genericValues; + PermissionStatus permState; + if (!GetPermissionStatus(data, permState)) { + return ERR_PERMISSION_NOT_EXIST; + } + genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + DataTranslator::TranslationIntoGenericValues(permState, genericValues); + permStateValueList.emplace_back(genericValues); + } + return RET_SUCCESS; +} + +static uint32_t UpdateWithNewFlag(uint32_t oldFlag, uint32_t currFlag) +{ + uint32_t newFlag = currFlag | (oldFlag & PERMISSION_GRANTED_BY_POLICY); + return newFlag; +} + +int32_t PermissionDataBrief::UpdatePermStateList( + AccessTokenID tokenId, uint32_t opCode, bool isGranted, uint32_t flag) +{ + auto iterPermData = requestedPermData_.find(tokenId); + if (iterPermData == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); + return ERR_TOKEN_INVALID; + } + std::vector& permBriefDatalist = requestedPermData_[tokenId]; + auto iter = std::find_if(permBriefDatalist.begin(), permBriefDatalist.end(), + [opCode](const BriefPermData& permData) { + return opCode == permData.permCode; + }); + if (iter == permBriefDatalist.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!"); + return AccessTokenError::ERR_PARAM_INVALID; + } + + if ((static_cast(iter->flag) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); + return AccessTokenError::ERR_PARAM_INVALID; + } + iter->status = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; + iter->flag = UpdateWithNewFlag(iter->flag, flag); + return RET_SUCCESS; +} + +int32_t PermissionDataBrief::UpdateSecCompGrantedPermList(AccessTokenID tokenId, + const std::string& permissionName, bool isToGrant) +{ + uint32_t flag = 0; + int32_t ret = QueryPermissionFlag(tokenId, permissionName, flag); + + LOGD(ATM_DOMAIN, ATM_TAG, "Ret is %{public}d. flag is %{public}d", ret, flag); + // if the permission has been operated by user or the permission has been granted by system. + if ((ConstantCommon::IsPermOperatedByUser(flag) || ConstantCommon::IsPermOperatedBySystem(flag))) { + LOGD(ATM_DOMAIN, ATM_TAG, "The permission has been operated."); + if (isToGrant) { + // The data included in requested perm list. + int32_t status = VerifyPermissionStatus(tokenId, permissionName); + // Permission has been granted, there is no need to add perm state in security component permList. + if (status == PERMISSION_GRANTED) { + return RET_SUCCESS; + } else { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); + return ERR_PERMISSION_DENIED; + } + } else { + /* revoke is called while the permission has been operated by user or system */ + SecCompGrantedPermListUpdated( + tokenId, permissionName, false); + return RET_SUCCESS; + } + } + // the permission has not been operated by user or the app has not applied for this permission in config.json + SecCompGrantedPermListUpdated(tokenId, permissionName, isToGrant); + return RET_SUCCESS; +} + +int32_t PermissionDataBrief::UpdatePermissionStatus(AccessTokenID tokenId, + const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); + return ERR_PARAM_INVALID; + } + int32_t ret; + int32_t oldStatus = VerifyPermissionStatus(tokenId, opCode); + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + if (!ConstantCommon::IsPermGrantedBySecComp(flag)) { + ret = UpdatePermStateList(tokenId, opCode, isGranted, flag); + } else { + LOGD(ATM_DOMAIN, ATM_TAG, "Permission is set by security component."); + ret = UpdateSecCompGrantedPermList(tokenId, permissionName, isGranted); + } + int32_t newStatus = VerifyPermissionStatus(tokenId, opCode); + statusChanged = (oldStatus == newStatus) ? false : true; + return ret; +} + +int32_t PermissionDataBrief::ResetUserGrantPermissionStatus(AccessTokenID tokenID) +{ + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); + return ERR_TOKEN_INVALID; + } + for (auto& perm : iter->second) { + uint32_t oldFlag = static_cast(perm.flag); + if ((oldFlag & PERMISSION_SYSTEM_FIXED) != 0) { + continue; + } + /* A user_grant permission has been set by system for cancellable pre-authorization. */ + /* it should keep granted when the app reset. */ + if ((oldFlag & PERMISSION_GRANTED_BY_POLICY) != 0) { + perm.status = PERMISSION_GRANTED; + perm.flag = PERMISSION_GRANTED_BY_POLICY; + continue; + } + perm.status = PERMISSION_DENIED; + perm.flag = PERMISSION_DEFAULT_FLAG; + } + ClearAllSecCompGrantedPermById(tokenID); + return RET_SUCCESS; +} + +int32_t PermissionDataBrief::DeleteBriefPermDataByTokenId(AccessTokenID tokenID) +{ + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); + return ERR_TOKEN_INVALID; + } + requestedPermData_.erase(tokenID); + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end();) { + if (secCompData->tokenId != tokenID) { + ++secCompData; + } else { + secCompData = secCompList_.erase(secCompData); + } + } + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID %{public}u is deleted.", tokenID); + return RET_SUCCESS; +} +int32_t PermissionDataBrief::GetBriefPermDataByTokenIdInner(AccessTokenID tokenID, std::vector& list) +{ + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); + return ERR_TOKEN_INVALID; + } + for (const auto& data : iter->second) { + list.emplace_back(data); + } + return RET_SUCCESS; +} + +int32_t PermissionDataBrief::GetBriefPermDataByTokenId(AccessTokenID tokenID, std::vector& list) +{ + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + return GetBriefPermDataByTokenIdInner(tokenID, list); +} + +void PermissionDataBrief::GetGrantedPermByTokenId(AccessTokenID tokenID, + const std::vector& constrainedList, std::vector& permissionList) +{ + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); + return; + } + for (const auto& data : iter->second) { + if (data.status == PERMISSION_GRANTED) { + std::string permission; + (void)TransferOpcodeToPermission(data.permCode, permission); + if (constrainedList.empty() || + (std::find(constrainedList.begin(), constrainedList.end(), permission) == constrainedList.end())) { + permissionList.emplace_back(permission); + LOGD(ATM_DOMAIN, ATM_TAG, "Permission %{public}s is granted.", permission.c_str()); + } + } + } + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if (secCompData->tokenId == tokenID) { + std::string permission; + (void)TransferOpcodeToPermission(secCompData->permCode, permission); + permissionList.emplace_back(permission); + LOGD(ATM_DOMAIN, ATM_TAG, "Permission %{public}s is granted by secComp.", permission.c_str()); + } + } + return; +} + +void PermissionDataBrief::GetPermStatusListByTokenId(AccessTokenID tokenID, + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) +{ + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenID); + return; + } + for (const auto& data : iter->second) { + /* The permission is not constrained by user policy. */ + if (constrainedList.empty() || + (std::find(constrainedList.begin(), constrainedList.end(), data.permCode) == constrainedList.end())) { + opCodeList.emplace_back(data.permCode); + bool status = data.status == PERMISSION_GRANTED ? true : false; + statusList.emplace_back(status); + } else { + /* The permission is constrained by user policy which is in constrainedList. */ + opCodeList.emplace_back(data.permCode); + statusList.emplace_back(false); + } + } + + AccessTokenIDInner *idInner = reinterpret_cast(&tokenID); + if (static_cast(idInner->type) != TOKEN_HAP) { + return; + } + /* Only an application can be granted by secComp. */ + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if (secCompData->tokenId == tokenID) { + opCodeList.emplace_back(secCompData->permCode); + statusList.emplace_back(true); + } + } + return; +} + +PermUsedTypeEnum PermissionDataBrief::GetPermissionUsedType(AccessTokenID tokenID, int32_t opCode) +{ + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { + return (data.permCode == opCode); + }); + if (it != iter->second.end()) { + if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { + return PermUsedTypeEnum::SEC_COMPONENT_TYPE; + } + if (it->status == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission of %{public}d is requested, but not granted.", tokenID); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + return PermUsedTypeEnum::NORMAL_TYPE; + } + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if ((secCompData->tokenId == tokenID) && (secCompData->permCode == opCode)) { + return PermUsedTypeEnum::SEC_COMPONENT_TYPE; + } + } + return PermUsedTypeEnum::INVALID_USED_TYPE; +} +int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, uint32_t permCode) +{ + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); + return PERMISSION_DENIED; + } + auto it = std::find_if(iter->second.begin(), iter->second.end(), [permCode](BriefPermData data) { + return (data.permCode == permCode); + }); + if (it != iter->second.end()) { + if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, permission is granted by secComp", tokenID); + return PERMISSION_GRANTED; + } + return static_cast(it->status); + } + + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if ((secCompData->tokenId == tokenID) && (secCompData->permCode == permCode)) { + LOGD(ATM_DOMAIN, ATM_TAG, + "TokenID: %{public}d, permission is not requested. While it is granted by secComp", tokenID); + return PERMISSION_GRANTED; + } + } + return PERMISSION_DENIED; +} + +int32_t PermissionDataBrief::VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permission) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "tokenID %{public}d, permissionName %{public}s.", tokenID, permission.c_str()); + uint32_t opCode; + if (!TransferPermissionToOpcode(permission, opCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permission.c_str()); + return PERMISSION_DENIED; + } + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + return VerifyPermissionStatus(tokenID, opCode); +} + +bool PermissionDataBrief::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); + return false; + } + + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist %{public}d.", tokenID); + return false; + } + auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { + return (data.permCode == opCode); + }); + if (it != iter->second.end()) { + if (ConstantCommon::IsPermGrantedBySecComp(it->flag)) { + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, permission is granted by secComp", tokenID); + return true; + } + } + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { + return true; + } + } + return false; +} + +int32_t PermissionDataBrief::QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, + uint32_t& flag) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid %{public}u.", tokenID); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; + } + auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { + return (data.permCode == opCode); + }); + if (it != iter->second.end()) { + flag = it->flag; + return RET_SUCCESS; + } + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is not in requestedPerm list %{public}s.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; +} + +void PermissionDataBrief::SecCompGrantedPermListUpdated( + AccessTokenID tokenID, const std::string& permissionName, bool isAdded) +{ + uint32_t opCode; + if (!TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName is invalid %{public}s.", permissionName.c_str()); + return; + } + + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenID); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid %{public}u.", tokenID); + return; + } + + if (isAdded) { + BriefSecCompData secCompData = { 0 }; + secCompData.permCode = opCode; + secCompData.tokenId = tokenID; + secCompList_.push_back(secCompData); + } else { + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end(); ++secCompData) { + if (secCompData->tokenId == tokenID && secCompData->permCode == opCode) { + secCompList_.erase(secCompData); + break; + } + } + } + + auto it = std::find_if(iter->second.begin(), iter->second.end(), [opCode](BriefPermData data) { + return (data.permCode == opCode); + }); + if (it != iter->second.end()) { + uint32_t oldFlag = it->flag; + uint32_t newFlag = + isAdded ? (oldFlag | PERMISSION_COMPONENT_SET) : (oldFlag & (~PERMISSION_COMPONENT_SET)); + it->flag = newFlag; + LOGI(ATM_DOMAIN, ATM_TAG, "Update flag newFlag %{public}u, oldFlag %{public}u .", newFlag, oldFlag); + } + return; +} + +void PermissionDataBrief::ClearAllSecCompGrantedPerm() +{ + Utils::UniqueWriteGuard infoGuard(this->permissionStateDataLock_); + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end();) { + secCompData = secCompList_.erase(secCompData); + } +} + +void PermissionDataBrief::ClearAllSecCompGrantedPermById(AccessTokenID tokenID) +{ + std::list::iterator secCompData; + for (secCompData = secCompList_.begin(); secCompData != secCompList_.end();) { + if (secCompData->tokenId == tokenID) { + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID is cleared %{public}u.", tokenID); + secCompData = secCompList_.erase(secCompData); + } else { + ++secCompData; + } + } +} + +int32_t PermissionDataBrief::RefreshPermStateToKernel(const std::vector& constrainedList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList) +{ + std::vector constrainedCodeList; + for (const auto& perm : constrainedList) { + uint32_t code; + if (TransferPermissionToOpcode(perm, code)) { + constrainedCodeList.emplace_back(code); + } else { + LOGW(ATM_DOMAIN, ATM_TAG, "Perm %{public}s is not exist.", perm.c_str()); + } + } + if (constrainedCodeList.empty()) { + LOGD(ATM_DOMAIN, ATM_TAG, "constrainedCodeList is null."); + return RET_SUCCESS; + } + + Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); + auto iter = requestedPermData_.find(tokenId); + if (iter == requestedPermData_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not exist in requestedPermData_ %{public}u.", tokenId); + return AccessTokenError::ERR_PARAM_INVALID; + } + + for (const auto& data : iter->second) { + if (std::find(constrainedCodeList.begin(), constrainedCodeList.end(), data.permCode) == + constrainedCodeList.end()) { + continue; + } + bool isGrantedCurr; + int32_t ret = GetPermissionFromKernel(tokenId, data.permCode, isGrantedCurr); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetPermissionToKernel err=%{public}d", ret); + continue; + } + bool isGrantedToBe = (data.status == PERMISSION_GRANTED) && hapUserIsActive; + LOGI(ATM_DOMAIN, ATM_TAG, + "id=%{public}u, opCode=%{public}u, isGranted=%{public}d, hapUserIsActive=%{public}d", + tokenId, data.permCode, isGrantedToBe, hapUserIsActive); + if (isGrantedCurr == isGrantedToBe) { + continue; + } + ret = SetPermissionToKernel(tokenId, data.permCode, isGrantedToBe); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "SetPermissionToKernel err=%{public}d", ret); + continue; + } + std::string permission; + (void)TransferOpcodeToPermission(data.permCode, permission); + refreshedPermList[permission] = isGrantedToBe; + } + return RET_SUCCESS; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index ef9e84a8976878a66ca566a8c5db64332782a3c2..a73ced1f7b147e86b4c6d2d5adc641247af74065 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -15,9 +15,10 @@ #include "permission_definition_cache.h" +#include #include "access_token.h" #include "access_token_error.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "generic_values.h" #include "token_field_const.h" @@ -26,9 +27,6 @@ namespace Security { namespace AccessToken { namespace { static const int32_t EXTENSION_PERMISSION_ID = 0; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionDefinitionCache" -}; std::recursive_mutex g_instanceMutex; } @@ -38,7 +36,8 @@ PermissionDefinitionCache& PermissionDefinitionCache::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PermissionDefinitionCache(); + PermissionDefinitionCache* tmp = new PermissionDefinitionCache(); + instance = std::move(tmp); } } return *instance; @@ -55,7 +54,7 @@ bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(info.permissionName); if (it != permissionDefinitionMap_.end()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Info for permission: %{public}s has been insert, please check!", + LOGD(ATM_DOMAIN, ATM_TAG, "Info for permission: %{public}s has been insert, please check!", info.permissionName.c_str()); return false; } @@ -75,13 +74,13 @@ bool PermissionDefinitionCache::Update(const PermissionDef& info, AccessTokenID return true; } -void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName) +void PermissionDefinitionCache::DeleteByToken(AccessTokenID tokenId) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { - if (bundleName == it->second.permDef.bundleName) { - permissionDefinitionMap_.erase(it++); + if (tokenId == it->second.tokenId) { + it = permissionDefinitionMap_.erase(it); } else { ++it; } @@ -93,7 +92,7 @@ int PermissionDefinitionCache::FindByPermissionName(const std::string& permissio Utils::UniqueReadGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(permissionName); if (it == permissionDefinitionMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Can not find definition info for permission: %{public}s", + LOGE(ATM_DOMAIN, ATM_TAG, "Can not find definition info for permission: %{public}s", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } @@ -163,7 +162,7 @@ void PermissionDefinitionCache::StorePermissionDef(std::vector& v void PermissionDefinitionCache::StorePermissionDef(AccessTokenID tokenID, std::vector& valueList) { - Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { if (tokenID == it->second.tokenId) { @@ -196,13 +195,19 @@ int32_t PermissionDefinitionCache::RestorePermDefInfo(std::vector AccessTokenID tokenId = (AccessTokenID)defValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); int32_t ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId 0x%{public}x permDef is wrong.", tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId 0x%{public}x permDef is wrong.", tokenId); return ret; } Insert(def, tokenId); } return RET_SUCCESS; } + +uint32_t PermissionDefinitionCache::GetDefPermissionsSize() +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + return static_cast(permissionDefinitionMap_.size()); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp deleted file mode 100644 index 85660bc58b01e4b81e02c9d35c7413f1d3fc2a13..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "permission_definition_parser.h" - -#include -#include -#include -#include -#include - -#include "accesstoken_log.h" -#include "access_token.h" -#include "access_token_error.h" -#include "accesstoken_info_manager.h" -#include "data_validator.h" -#include "json_parser.h" -#include "permission_def.h" -#include "permission_definition_cache.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -static const int32_t EXTENSION_PERMISSION_ID = 0; -static const std::string PERMISSION_NAME = "name"; -static const std::string PERMISSION_GRANT_MODE = "grantMode"; -static const std::string PERMISSION_AVAILABLE_LEVEL = "availableLevel"; -static const std::string PERMISSION_AVAILABLE_TYPE = "availableType"; -static const std::string PERMISSION_PROVISION_ENABLE = "provisionEnable"; -static const std::string PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; -static const std::string PERMISSION_LABEL = "label"; -static const std::string PERMISSION_DESCRIPTION = "description"; -static const std::string AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; -static const std::string AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; -static const std::string AVAILABLE_TYPE_MDM = "MDM"; -static const std::string AVAILABLE_TYPE_SYSTEM_AND_MDM = "SYSTEM_AND_MDM"; -static const std::string AVAILABLE_TYPE_SERVICE = "SERVICE"; -static const std::string AVAILABLE_LEVEL_NORMAL = "normal"; -static const std::string AVAILABLE_LEVEL_SYSTEM_BASIC = "system_basic"; -static const std::string AVAILABLE_LEVEL_SYSTEM_CORE = "system_core"; -static const std::string PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; -static const std::string PERMISSION_GRANT_MODE_USER_GRANT = "user_grant"; -static const std::string SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; -static const std::string USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; -static const std::string DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "PermissionDefinitionParser"}; -} - -static bool GetPermissionApl(const std::string &apl, AccessToken::ATokenAplEnum& aplNum) -{ - if (apl == AVAILABLE_LEVEL_SYSTEM_CORE) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_CORE; - return true; - } - if (apl == AVAILABLE_LEVEL_SYSTEM_BASIC) { - aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC; - return true; - } - if (apl == AVAILABLE_LEVEL_NORMAL) { - aplNum = AccessToken::ATokenAplEnum::APL_NORMAL; - return true; - } - ACCESSTOKEN_LOG_ERROR(LABEL, "Apl: %{public}s is invalid.", apl.c_str()); - return false; -} - -static bool GetPermissionAvailableType(const std::string &availableType, AccessToken::ATokenAvailableTypeEnum& typeNum) -{ - if (availableType == AVAILABLE_TYPE_NORMAL_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::NORMAL; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_HAP) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM; - return true; - } - if (availableType == AVAILABLE_TYPE_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SYSTEM_AND_MDM) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM_AND_MDM; - return true; - } - if (availableType == AVAILABLE_TYPE_SERVICE) { - typeNum = AccessToken::ATokenAvailableTypeEnum::SERVICE; - return true; - } - typeNum = AccessToken::ATokenAvailableTypeEnum::INVALID; - ACCESSTOKEN_LOG_ERROR(LABEL, "AvailableType: %{public}s is invalid.", availableType.c_str()); - return false; -} - -static int32_t GetPermissionGrantMode(const std::string &mode) -{ - if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { - return AccessToken::GrantMode::SYSTEM_GRANT; - } - return AccessToken::GrantMode::USER_GRANT; -} - -void from_json(const nlohmann::json& j, PermissionDefParseRet& result) -{ - result.isSuccessful = false; - PermissionDef permDef; - if (!JsonParser::GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || - !DataValidator::IsProcessNameValid(permDef.permissionName)) { - return; - } - std::string grantModeStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_GRANT_MODE, grantModeStr)) { - return; - } - permDef.grantMode = GetPermissionGrantMode(grantModeStr); - - std::string availableLevelStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_AVAILABLE_LEVEL, availableLevelStr)) { - return; - } - if (!GetPermissionApl(availableLevelStr, permDef.availableLevel)) { - return; - } - - std::string availableTypeStr; - if (!JsonParser::GetStringFromJson(j, PERMISSION_AVAILABLE_TYPE, availableTypeStr)) { - return; - } - if (!GetPermissionAvailableType(availableTypeStr, permDef.availableType)) { - return; - } - - if (!JsonParser::GetBoolFromJson(j, PERMISSION_PROVISION_ENABLE, permDef.provisionEnable)) { - return; - } - if (!JsonParser::GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { - return; - } - permDef.bundleName = "system_ability"; - if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { - result.permDef = permDef; - result.isSuccessful = true; - return; - } - if (!JsonParser::GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { - return; - } - if (!JsonParser::GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { - return; - } - result.permDef = permDef; - result.isSuccessful = true; - return; -} - -static bool CheckPermissionDefRules(const PermissionDef& permDef) -{ - // Extension permission support permission for service only. - if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s is for hap.", permDef.permissionName.c_str()); - return false; - } - return true; -} - -int32_t PermissionDefinitionParser::GetPermissionDefList(const nlohmann::json& json, const std::string& permsRawData, - const std::string& type, std::vector& permDefList) -{ - if ((json.find(type) == json.end()) || (!json.at(type).is_array())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Json is not array."); - return ERR_PARAM_INVALID; - } - - nlohmann::json JsonData = json.at(type).get(); - for (auto it = JsonData.begin(); it != JsonData.end(); it++) { - auto result = it->get(); - if (!result.isSuccessful) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get permission def failed."); - return ERR_PERM_REQUEST_CFG_FAILED; - } - if (!CheckPermissionDefRules(result.permDef)) { - continue; - } - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s insert.", result.permDef.permissionName.c_str()); - permDefList.emplace_back(result.permDef); - } - return RET_SUCCESS; -} - -int32_t PermissionDefinitionParser::ParserPermsRawData(const std::string& permsRawData, - std::vector& permDefList) -{ - nlohmann::json jsonRes = nlohmann::json::parse(permsRawData, nullptr, false); - if (jsonRes.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - - int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get system_grant permission def list failed."); - return ret; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Get system_grant permission size=%{public}zu.", permDefList.size()); - ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get user_grant permission def list failed."); - return ret; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Get permission size=%{public}zu.", permDefList.size()); - return RET_SUCCESS; -} - -int32_t PermissionDefinitionParser::Init() -{ - ACCESSTOKEN_LOG_INFO(LABEL, "System permission set begin."); - if (ready_) { - ACCESSTOKEN_LOG_ERROR(LABEL, " system permission has been set."); - return RET_SUCCESS; - } - - std::string permsRawData; - int32_t ret = JsonParser::ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadCfgFile failed."); - return ERR_FILE_OPERATE_FAILED; - } - std::vector permDefList; - ret = ParserPermsRawData(permsRawData, permDefList); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ParserPermsRawData failed."); - return ret; - } - - for (const auto& perm : permDefList) { - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } - ready_ = true; - ACCESSTOKEN_LOG_INFO(LABEL, "Init ok."); - return RET_SUCCESS; -} - -PermissionDefinitionParser& PermissionDefinitionParser::GetInstance() -{ - static PermissionDefinitionParser* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new PermissionDefinitionParser(); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp index 14db0cda5f72d6451fb7fa9c949c2082987ec37b..4e3437fcba3ee32db41281b596e922e773fea20a 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp @@ -17,7 +17,7 @@ #include #include #include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index dd3f9c106e30f8ee08ed589b35eb2e31307fcb0e..82b8fb437447858203781273ec537c87c7cc8d03 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -24,31 +24,33 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_db.h" #include "app_manager_access_client.h" #include "callback_manager.h" +#include "constant_common.h" #ifdef SUPPORT_SANDBOX_APP #include "dlp_permission_set_manager.h" #endif #include "ipc_skeleton.h" +#include "hisysevent_adapter.h" #include "parameter.h" #include "permission_definition_cache.h" +#include "short_grant_manager.h" #include "permission_map.h" #include "permission_validator.h" +#include "perm_setproc.h" +#include "token_field_const.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif -#include "perm_setproc.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionManager"}; static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change"; static constexpr int32_t VALUE_MAX_LEN = 32; -static constexpr int32_t BASE_USER_RANGE = 200000; static const std::vector g_notDisplayedPerms = { "ohos.permission.ANSWER_CALL", "ohos.permission.MANAGE_VOICEMAIL", @@ -59,7 +61,8 @@ static const std::vector g_notDisplayedPerms = { "ohos.permission.RECEIVE_WAP_MESSAGES", "ohos.permission.SEND_MESSAGES", "ohos.permission.READ_CALL_LOG", - "ohos.permission.WRITE_CALL_LOG" + "ohos.permission.WRITE_CALL_LOG", + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" }; constexpr const char* APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; } @@ -87,7 +90,7 @@ PermissionManager::PermissionManager() char value[VALUE_MAX_LEN] = {0}; int32_t ret = GetParameter(PERMISSION_STATUS_CHANGE_KEY, "", value, VALUE_MAX_LEN - 1); if (ret < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Return default value, ret=%{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Return default value, ret=%{public}d", ret); paramValue_ = 0; return; } @@ -97,28 +100,11 @@ PermissionManager::PermissionManager() PermissionManager::~PermissionManager() {} -void PermissionManager::ClearAllSecCompGrantedPerm(const std::vector& tokenIdList) -{ - for (const auto& tokenId : tokenIdList) { - std::shared_ptr tokenInfoPtr = - AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId); - if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId is invalid, tokenId=%{public}u", tokenId); - continue; - } - std::shared_ptr permPolicySet = tokenInfoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet != nullptr) { - permPolicySet->ClearSecCompGrantedPerm(); - } - } -} - void PermissionManager::AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, bool updateFlag) { std::vector permFilterList; PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); - ACCESSTOKEN_LOG_INFO(LABEL, "PermFilterList size: %{public}zu", permFilterList.size()); for (const auto& perm : permFilterList) { if (updateFlag) { PermissionDefinitionCache::GetInstance().Update(perm, tokenId); @@ -128,164 +114,68 @@ void PermissionManager::AddDefPermissions(const std::vector& perm if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); } else { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission %{public}s has define", - TransferPermissionDefToString(perm).c_str()); + PermissionDefinitionCache::GetInstance().Update(perm, tokenId); + LOGI(ATM_DOMAIN, ATM_TAG, "Permission %{public}s has define", perm.permissionName.c_str()); } } } void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); - std::shared_ptr tokenInfo = - AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (tokenInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params(tokenID: %{public}u)!", tokenID); - return; - } - std::string bundleName = tokenInfo->GetBundleName(); - PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName); + LOGI(ATM_DOMAIN, ATM_TAG, "tokenID: %{public}u", tokenID); + PermissionDefinitionCache::GetInstance().DeleteByToken(tokenID); } int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName) { - std::shared_ptr tokenInfoPtr = - AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, can not find tokenInfo!", tokenID); - return PERMISSION_DENIED; - } - std::shared_ptr permPolicySet = tokenInfoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, invalid params!", tokenID); - return PERMISSION_DENIED; - } - - return permPolicySet->VerifyPermissionStatus(permissionName); -} - -int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName) -{ - std::shared_ptr tokenInfoPtr = - AccessTokenInfoManager::GetInstance().GetNativeTokenInfoInner(tokenID); - if (tokenInfoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Can not find tokenInfo!"); - return PERMISSION_DENIED; - } - - NativeTokenInfo info; - tokenInfoPtr->TranslateToNativeTokenInfo(info); - if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission definition set has not been installed!"); - if (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) == TOKEN_NATIVE) { - return PERMISSION_GRANTED; - } - ACCESSTOKEN_LOG_ERROR(LABEL, "Token: %{public}d type error!", tokenID); - return PERMISSION_DENIED; - } - ACCESSTOKEN_LOG_ERROR(LABEL, "No definition for permission: %{public}s!", permissionName.c_str()); - return PERMISSION_DENIED; - } - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return PERMISSION_DENIED; - } - - return permPolicySet->VerifyPermissionStatus(permissionName); + return HapTokenInfoInner::VerifyPermissionStatus(tokenID, permissionName); // 从data获取 } -PermUsedTypeEnum PermissionManager::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum PermissionManager::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { if ((tokenID == INVALID_TOKENID) || (TOKEN_HAP != AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d is invalid.", tokenID); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - PermissionDef permissionDefResult; - int ret = GetDefPermission(permissionName, permissionDefResult); - if (RET_SUCCESS != ret) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Query permission info of %{public}s failed.", permissionName.c_str()); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID=%{public}d, invalid params.", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d is invalid.", tokenID); return PermUsedTypeEnum::INVALID_USED_TYPE; } - - return permPolicySet->GetUserGrantedPermissionUsedType(permissionName); -} - -int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) -{ - if (tokenID == INVALID_TOKENID) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", VERIFY_TOKEN_ID_ERROR, "CALLER_TOKENID", - static_cast(IPCSkeleton::GetCallingTokenID()), "PERMISSION_NAME", permissionName); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID is invalid"); - return PERMISSION_DENIED; - } - - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, invalid params!", tokenID); - return PERMISSION_DENIED; - } - - ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); - if ((tokenType == TOKEN_NATIVE) || (tokenType == TOKEN_SHELL)) { - return VerifyNativeAccessToken(tokenID, permissionName); - } - if (tokenType == TOKEN_HAP) { - return VerifyHapAccessToken(tokenID, permissionName); - } - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, invalid tokenType!", tokenID); - return PERMISSION_DENIED; + PermUsedTypeEnum ret = HapTokenInfoInner::GetPermissionUsedType(tokenID, permissionName); + LOGI(ATM_DOMAIN, ATM_TAG, + "Application %{public}u apply for %{public}s for type %{public}d.", tokenID, permissionName.c_str(), ret); + return ret; } int PermissionManager::GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid params!"); return AccessTokenError::ERR_PARAM_INVALID; } return PermissionDefinitionCache::GetInstance().FindByPermissionName(permissionName, permissionDefResult); } -int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) +void PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; - } - - permPolicySet->GetDefPermissions(permList); - return RET_SUCCESS; + PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenID); } int PermissionManager::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d", + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d", __func__, tokenID, isSystemGrant); - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - GrantMode mode = isSystemGrant ? SYSTEM_GRANT : USER_GRANT; - std::vector tmpList; - permPolicySet->GetPermissionStateFulls(tmpList); + std::vector tmpList; + int32_t ret = infoPtr->GetPermissionStateList(tmpList); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetPermissionStateList failed, token %{public}u is invalid.", tokenID); + return ret; + } for (const auto& perm : tmpList) { PermissionDef permDef; GetDefPermission(perm.permissionName, permDef); @@ -296,24 +186,27 @@ int PermissionManager::GetReqPermissions( return RET_SUCCESS; } -static bool IsPermissionRequestedInHap(const std::vector& permsList, - const std::string &permission, int32_t& status, uint32_t& flag) +static bool IsPermissionRequestedInHap(const std::vector& permsList, + PermissionListState& permState, int32_t& status, uint32_t& flag) { + const std::string permission = permState.permissionName; if (!PermissionDefinitionCache::GetInstance().HasHapPermissionDefinitionForHap(permission)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No definition for hap permission: %{public}s!", permission.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "No definition for hap permission: %{public}s!", permission.c_str()); + permState.errorReason = PERM_INVALID; return false; } - auto iter = std::find_if(permsList.begin(), permsList.end(), [permission](const PermissionStateFull& perm) { + auto iter = std::find_if(permsList.begin(), permsList.end(), [permission](const PermissionStatus& perm) { return permission == perm.permissionName; }); if (iter == permsList.end()) { - ACCESSTOKEN_LOG_WARN(LABEL, "Can not find permission: %{public}s define!", permission.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Can not find permission: %{public}s define!", permission.c_str()); + permState.errorReason = PERM_NOT_DECLEARED; return false; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Find goal permission: %{public}s, status: %{public}d, flag: %{public}d", - permission.c_str(), iter->grantStatus[0], iter->grantFlags[0]); - status = iter->grantStatus[0]; - flag = static_cast(iter->grantFlags[0]); + LOGD(ATM_DOMAIN, ATM_TAG, "Find goal permission: %{public}s, status: %{public}d, flag: %{public}d", + permission.c_str(), iter->grantStatus, iter->grantFlag); + status = iter->grantStatus; + flag = static_cast(iter->grantFlag); return true; } @@ -323,7 +216,7 @@ static bool IsPermissionRestrictedByRules(const std::string& permission) // Specified apps can get the permission by pre-authorization instead of Pop-ups. auto iterator = std::find(g_notDisplayedPerms.begin(), g_notDisplayedPerms.end(), permission); if (iterator != g_notDisplayedPerms.end()) { - ACCESSTOKEN_LOG_WARN(LABEL, "Permission is not available to common apps: %{public}s!", permission.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to common apps: %{public}s!", permission.c_str()); return true; } @@ -333,7 +226,7 @@ static bool IsPermissionRestrictedByRules(const std::string& permission) int32_t dlpType = AccessTokenInfoManager::GetInstance().GetHapTokenDlpType(callingTokenId); if ((dlpType != DLP_COMMON) && !DlpPermissionSetManager::GetInstance().IsPermissionAvailableToDlpHap(dlpType, permission)) { - ACCESSTOKEN_LOG_WARN(LABEL, + LOGW(ATM_DOMAIN, ATM_TAG, "callingTokenId is not allowed to grant dlp permission: %{public}s!", permission.c_str()); return true; } @@ -342,7 +235,7 @@ static bool IsPermissionRestrictedByRules(const std::string& permission) return false; } -void PermissionManager::GetSelfPermissionState(const std::vector& permsList, +void PermissionManager::GetSelfPermissionState(const std::vector& permsList, PermissionListState& permState, int32_t apiVersion) { int32_t goalGrantStatus; @@ -351,211 +244,102 @@ void PermissionManager::GetSelfPermissionState(const std::vector permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; - } - int32_t fullFlag; - int32_t ret = permPolicySet->QueryPermissionFlag(permissionName, fullFlag); + uint32_t fullFlag; + int32_t ret = HapTokenInfoInner::QueryPermissionFlag(tokenID, permissionName, fullFlag); if (ret == RET_SUCCESS) { - flag = permPolicySet->GetFlagWithoutSpecifiedElement(fullFlag, PERMISSION_GRANTED_BY_POLICY); + flag = ConstantCommon::GetFlagWithoutSpecifiedElement(fullFlag, PERMISSION_GRANTED_BY_POLICY); } return ret; } -void PermissionManager::PermDefToString(const PermissionDef& def, std::string& info) const +AbilityManagerAccessLoaderInterface* PermissionManager::GetAbilityManager() { - info.append(R"( {)"); - info.append("\n"); - info.append(R"( "permissionName": ")" + def.permissionName + R"(")" + ",\n"); - info.append(R"( "grantMode": )" + std::to_string(def.grantMode) + ",\n"); - info.append(R"( "availableLevel": )" + std::to_string(def.availableLevel) + ",\n"); - info.append(R"( "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n"); - info.append(R"( "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n"); - info.append(R"( "label": ")" + def.label + R"(")" + ",\n"); - info.append(R"( "labelId": )" + std::to_string(def.labelId) + ",\n"); - info.append(R"( "description": ")" + def.description + R"(")" + ",\n"); - info.append(R"( "descriptionId": )" + std::to_string(def.descriptionId) + ",\n"); - info.append(R"( })"); -} - -int32_t PermissionManager::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get all permission definition info."); - - std::vector permDefRes; - - dumpInfo.append(R"({)"); - dumpInfo.append("\n"); - dumpInfo.append(R"( "permDefList": [)"); - dumpInfo.append("\n"); - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, permDefRes); - for (auto iter = permDefRes.begin(); iter != permDefRes.end(); iter++) { - PermissionDef def; - int32_t ret = DataTranslator::TranslationIntoPermissionDef(*iter, def); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermDef is wrong."); - return ret; - } - PermDefToString(def, dumpInfo); - if (iter != (permDefRes.end() - 1)) { - dumpInfo.append(",\n"); + if (abilityManagerLoader_ == nullptr) { + std::lock_guard lock(abilityManagerMutex_); + if (abilityManagerLoader_ == nullptr) { + abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); } - dumpInfo.append("\n"); } - dumpInfo.append("\n ]\n"); - dumpInfo.append("}"); - return RET_SUCCESS; -} -int32_t PermissionManager::FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName) -{ - std::vector permRequestToggleStatusRes; - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); - conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - - AccessTokenDb::GetInstance().FindByConditions(AccessTokenDb::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - conditionValue, permRequestToggleStatusRes); - if (permRequestToggleStatusRes.empty()) { - // never set, return default status: CLOSED if APP_TRACKING_CONSENT - return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? - PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN;; - } - return permRequestToggleStatusRes[0].GetInt(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS); + return abilityManagerLoader_->GetObject(); } -void PermissionManager::AddPermRequestToggleStatusToDb( - int32_t userID, const std::string& permissionName, int32_t status) +int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, + const std::string& bundleName, const std::string& abilityName) { - Utils::UniqueWriteGuard infoGuard(this->permToggleStateLock_); - GenericValues value; - value.Put(TokenFiledConst::FIELD_USER_ID, userID); - value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - AccessTokenDb::GetInstance().Remove(AccessTokenDb::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, value); - - std::vector permRequestToggleStatusValues; - value.Put(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS, status); - permRequestToggleStatusValues.emplace_back(value); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - permRequestToggleStatusValues); -} + LOGI(ATM_DOMAIN, ATM_TAG, "bundleName=%{public}s, abilityName=%{public}s, hapInfo.bundleName=%{public}s", + bundleName.c_str(), abilityName.c_str(), hapInfo.bundleName.c_str()); -int32_t PermissionManager::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, - int32_t userID) -{ - if (userID == 0) { - userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; - } + InnerWant innerWant = { + .bundleName = bundleName, + .abilityName = abilityName, + .hapBundleName = hapInfo.bundleName, + .hapAppIndex = hapInfo.instIndex, + .hapUserID = hapInfo.userID, + .callerTokenId = IPCSkeleton::GetCallingTokenID() + }; - ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permissionName=%{public}s, status=%{public}d", userID, - permissionName.c_str(), status); - if (!PermissionValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission name is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to set."); - return AccessTokenError::ERR_PARAM_INVALID; + AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); + if (abilityManager == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); + return AccessTokenError::ERR_SERVICE_ABNORMAL; } - if (!PermissionValidator::IsToggleStatusValid(status)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Status is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; + ErrCode err = abilityManager->StartAbility(innerWant, nullptr); + if (err != ERR_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to StartAbility, err:%{public}d", err); + return AccessTokenError::ERR_SERVICE_ABNORMAL; } - - AddPermRequestToggleStatusToDb(userID, permissionName, status); - - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERM_DIALOG_STATUS_INFO", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "USERID", userID, "PERMISSION_NAME", permissionName, - "TOGGLE_STATUS", status); - - return 0; -} - -int32_t PermissionManager::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, - int32_t userID) -{ - if (userID == 0) { - userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "UserID=%{public}u, permissionName=%{public}s", userID, permissionName.c_str()); - if (!PermissionValidator::IsUserIdValid(userID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserID is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission name is invalid."); - return AccessTokenError::ERR_PARAM_INVALID; - } - if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Permission=%{public}s is not defined.", permissionName.c_str()); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; - } - if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Only support permissions of user_grant to get."); - return AccessTokenError::ERR_PARAM_INVALID; - } - - status = static_cast(FindPermRequestToggleStatusFromDb(userID, permissionName)); - - return 0; + return ERR_OK; } void PermissionManager::ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered) @@ -564,11 +348,11 @@ void PermissionManager::ParamUpdate(const std::string& permissionName, uint32_t if (filtered || (PermissionDefinitionCache::GetInstance().IsUserGrantedPermission(permissionName) && ((flag != PERMISSION_GRANTED_BY_POLICY) && (flag != PERMISSION_SYSTEM_FIXED)))) { paramValue_++; - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "paramValue_ change %{public}llu", static_cast(paramValue_)); int32_t res = SetParameter(PERMISSION_STATUS_CHANGE_KEY, std::to_string(paramValue_).c_str()); if (res != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SetParameter failed %{public}d", res); + LOGE(ATM_DOMAIN, ATM_TAG, "SetParameter failed %{public}d", res); } } } @@ -576,7 +360,7 @@ void PermissionManager::ParamUpdate(const std::string& permissionName, uint32_t void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, const std::shared_ptr& infoPtr) { - ACCESSTOKEN_LOG_INFO(LABEL, "IsUpdated"); + LOGI(ATM_DOMAIN, ATM_TAG, "IsUpdated"); int32_t changeType = isGranted ? STATE_CHANGE_GRANTED : STATE_CHANGE_REVOKED; // set to kernel(grant/revoke) @@ -597,56 +381,101 @@ void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, } int32_t PermissionManager::UpdateTokenPermissionState( - AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag) + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill) { - std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + LOGE(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote token can not update"); - return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; + + int32_t ret = UpdateTokenPermissionStateCheck(infoPtr, id, permission, isGranted, flag); + if (ret != ERR_OK) { + return ret; } - if (flag == PERMISSION_ALLOW_THIS_TIME) { - if (isGranted) { - if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(tokenID, permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Grant permission failed, tokenID:%{public}d, permissionName:%{public}s", - tokenID, permissionName.c_str()); - return ERR_IDENTITY_CHECK_FAILED; + + // statusBefore cannot use VerifyPermissionStatus in permPolicySet, because the function exclude secComp + bool isSecCompGrantedBefore = HapTokenInfoInner::IsPermissionGrantedWithSecComp(id, permission); + bool statusChanged = false; + ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); + if (ret != RET_SUCCESS) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", UPDATE_PERMISSION_STATUS_FAILED, "TOKENID", id, + "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", ret, + "INT_VAL2", static_cast(flag), "NEED_KILL", needKill); + return ret; + } + if (statusChanged) { + NotifyWhenPermissionStateUpdated(id, permission, isGranted, flag, infoPtr); + // To notify kill process when perm is revoke + if (needKill && (!isGranted && !isSecCompGrantedBefore)) { + LOGI(ATM_DOMAIN, ATM_TAG, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); + AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); + if (abilityManager == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); + } else if ((ret = abilityManager->KillProcessForPermissionUpdate(id)) != ERR_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "kill process failed, ret=%{public}d.", ret); } } } - std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return AccessTokenError::ERR_PARAM_INVALID; + +#ifdef TOKEN_SYNC_ENABLE + TokenModifyNotifier::GetInstance().NotifyTokenModify(id); +#endif + return RET_SUCCESS; +} + +int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr& infoPtr, + AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag) +{ + if (infoPtr->IsRemote()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); + return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; + } + if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) { + if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); + return ERR_IDENTITY_CHECK_FAILED; + } } + #ifdef SUPPORT_SANDBOX_APP int32_t hapDlpType = infoPtr->GetDlpType(); if (hapDlpType != DLP_COMMON) { - int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permissionName); + int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}u is not allowed to be granted permissionName %{public}s", - tokenID, permissionName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", DLP_CHECK_FAILED, "TOKENID", id, "PERM", + permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", hapDlpType, "INT_VAL2", permDlpMode); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } } #endif - int32_t statusBefore = permPolicySet->VerifyPermissionStatus(permissionName); - int32_t ret = permPolicySet->UpdatePermissionStatus(permissionName, isGranted, flag); + return ERR_OK; +} + +int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag, bool needKill) +{ + int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill); if (ret != RET_SUCCESS) { return ret; } - int32_t statusAfter = permPolicySet->VerifyPermissionStatus(permissionName); - if (statusAfter != statusBefore) { - NotifyWhenPermissionStateUpdated(tokenID, permissionName, isGranted, flag, infoPtr); - } -#ifdef TOKEN_SYNC_ENABLE - TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); +#ifdef SUPPORT_SANDBOX_APP + // The action of sharing would be taken place only if the grant operation or revoke operation equals to success. + std::vector tokenIdList; + AccessTokenInfoManager::GetInstance().GetRelatedSandBoxHapList(tokenID, tokenIdList); + for (const auto& id : tokenIdList) { + (void)UpdateTokenPermissionState(id, permissionName, isGranted, flag, needKill); + } #endif - AccessTokenInfoManager::GetInstance().ModifyHapPermStateFromDb(tokenID, permissionName); + + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME", + permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); return RET_SUCCESS; } @@ -654,37 +483,31 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const bool isGranted, uint32_t flag) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "No definition for permission: %{public}s!", permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } if (!PermissionValidator::IsPermissionFlagValid(flag)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + LOGE(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); return AccessTokenError::ERR_PARAM_INVALID; } - int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag); - if (ret != RET_SUCCESS) { - return ret; + bool needKill = false; + // To kill process when perm is revoke + if (!isGranted && flag != PERMISSION_COMPONENT_SET) { + LOGI(ATM_DOMAIN, ATM_TAG, "Perm(%{public}s) is revoked, kill process(%{public}u).", + permissionName.c_str(), tokenID); + needKill = true; } -#ifdef SUPPORT_SANDBOX_APP - // The action of sharing would be taken place only if the grant operation or revoke operation equals to success. - std::vector tokenIdList; - AccessTokenInfoManager::GetInstance().GetRelatedSandBoxHapList(tokenID, tokenIdList); - for (const auto& id : tokenIdList) { - (void)UpdateTokenPermissionState(id, permissionName, isGranted, flag); - } -#endif - return RET_SUCCESS; + return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill); } int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, true, flag); @@ -692,12 +515,21 @@ int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::str int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", __func__, tokenID, permissionName.c_str(), flag); return CheckAndUpdatePermission(tokenID, permissionName, false, flag); } +int32_t PermissionManager::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + LOGI(ATM_DOMAIN, ATM_TAG, + "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, onceTime: %{public}d", + __func__, tokenID, permissionName.c_str(), onceTime); + return ShortGrantManager::GetInstance().RefreshPermission(tokenID, permissionName, onceTime); +} + void PermissionManager::ScopeToString( const std::vector& tokenIDs, const std::vector& permList) { @@ -708,7 +540,7 @@ void PermissionManager::ScopeToString( std::string permStr; permStr = accumulate(permList.begin(), permList.end(), std::string(" ")); - ACCESSTOKEN_LOG_INFO(LABEL, "TokenidStr = %{public}s permStr =%{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "TokenidStr = %{public}s permStr =%{public}s", tokenidStr.c_str(), permStr.c_str()); } @@ -722,7 +554,7 @@ int32_t PermissionManager::ScopeFilter(const PermStateChangeScope& scopeSrc, Per tokenIdSet.insert(tokenId); continue; } - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}d invalid!", tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}d invalid!", tokenId); } std::set permSet; for (const auto& permissionName : scopeSrc.permList) { @@ -732,14 +564,14 @@ int32_t PermissionManager::ScopeFilter(const PermStateChangeScope& scopeSrc, Per permSet.insert(permissionName); continue; } - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission %{public}s invalid!", permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission %{public}s invalid!", permissionName.c_str()); } if ((scopeRes.tokenIDs.empty()) && (!scopeSrc.tokenIDs.empty())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Valid tokenid size is 0!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Valid tokenid size is 0!"); return AccessTokenError::ERR_PARAM_INVALID; } if ((scopeRes.permList.empty()) && (!scopeSrc.permList.empty())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Valid permission size is 0!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Valid permission size is 0!"); return AccessTokenError::ERR_PARAM_INVALID; } ScopeToString(scopeRes.tokenIDs, scopeRes.permList); @@ -749,7 +581,6 @@ int32_t PermissionManager::ScopeFilter(const PermStateChangeScope& scopeSrc, Per int32_t PermissionManager::AddPermStateChangeCallback( const PermStateChangeScope& scope, const sptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); PermStateChangeScope scopeRes; int32_t result = ScopeFilter(scope, scopeRes); if (result != RET_SUCCESS) { @@ -760,7 +591,7 @@ int32_t PermissionManager::AddPermStateChangeCallback( int32_t PermissionManager::RemovePermStateChangeCallback(const sptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called"); return CallbackManager::GetInstance().RemoveCallback(callback); } @@ -770,14 +601,14 @@ bool PermissionManager::GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& a AccessTokenIDInner *idInner = reinterpret_cast(&tokenID); ATokenTypeEnum tokenType = (ATokenTypeEnum)(idInner->type); if (tokenType != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid token type %{public}d", tokenType); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid token type %{public}d", tokenType); return false; } HapTokenInfo hapInfo; int ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get hap token info error!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get hap token info error!"); return false; } @@ -789,12 +620,12 @@ bool PermissionManager::GetApiVersionByTokenId(AccessTokenID tokenID, int32_t& a bool PermissionManager::IsPermissionVaild(const std::string& permissionName) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Invalid permissionName %{public}s", permissionName.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Invalid permissionName %{public}s", permissionName.c_str()); return false; } if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Permission %{public}s has no definition ", permissionName.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Permission %{public}s has no definition ", permissionName.c_str()); return false; } return true; @@ -827,7 +658,7 @@ bool PermissionManager::GetLocationPermissionIndex(std::vector& reqPermList, std::vector& permsList, + std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex) { bool needVagueDynamic = false; @@ -856,6 +687,7 @@ bool PermissionManager::GetLocationPermissionState(AccessTokenID tokenID, // vague permissoion is not pop and permission status os not granted if (!needVagueDynamic && !isVagueGranted) { reqPermList[locationIndex.accurateIndex].permsState.state = INVALID_OPER; + reqPermList[locationIndex.accurateIndex].permsState.errorReason = CONDITIONS_NOT_MET; needAccurateDynamic = false; } } @@ -867,11 +699,14 @@ bool PermissionManager::GetLocationPermissionState(AccessTokenID tokenID, // with back and vague permission, request back can not pop dynamic dialog if (locationIndex.vagueIndex != PERMISSION_NOT_REQUSET) { reqPermList[locationIndex.vagueIndex].permsState.state = INVALID_OPER; + reqPermList[locationIndex.vagueIndex].permsState.errorReason = CONDITIONS_NOT_MET; } if (locationIndex.accurateIndex != PERMISSION_NOT_REQUSET) { reqPermList[locationIndex.accurateIndex].permsState.state = INVALID_OPER; + reqPermList[locationIndex.accurateIndex].permsState.errorReason = CONDITIONS_NOT_MET; } reqPermList[locationIndex.backIndex].permsState.state = INVALID_OPER; + reqPermList[locationIndex.backIndex].permsState.errorReason = CONDITIONS_NOT_MET; return false; } // with back and vague permission @@ -880,8 +715,10 @@ bool PermissionManager::GetLocationPermissionState(AccessTokenID tokenID, if (reqPermList[locationIndex.backIndex].permsState.state == DYNAMIC_OPER) { if (needAccurateDynamic || needVagueDynamic) { reqPermList[locationIndex.backIndex].permsState.state = SETTING_OPER; + reqPermList[locationIndex.backIndex].permsState.errorReason = REQ_SUCCESS; } else { reqPermList[locationIndex.backIndex].permsState.state = INVALID_OPER; + reqPermList[locationIndex.backIndex].permsState.errorReason = CONDITIONS_NOT_MET; } } } @@ -891,7 +728,7 @@ bool PermissionManager::GetLocationPermissionState(AccessTokenID tokenID, bool PermissionManager::LocationPermissionSpecialHandle( AccessTokenID tokenID, std::vector& reqPermList, - std::vector& permsList, int32_t apiVersion) + std::vector& permsList, int32_t apiVersion) { struct LocationIndex locationIndex; if (!GetLocationPermissionIndex(reqPermList, locationIndex)) { @@ -900,22 +737,11 @@ bool PermissionManager::LocationPermissionSpecialHandle( return GetLocationPermissionState(tokenID, reqPermList, permsList, apiVersion, locationIndex); } -void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) -{ - if (ClearUserGrantedPermission(tokenID) != RET_SUCCESS) { - return; - } - std::vector tokenIdList; - AccessTokenInfoManager::GetInstance().GetRelatedSandBoxHapList(tokenID, tokenIdList); - for (const auto& id : tokenIdList) { - (void)ClearUserGrantedPermission(id); - } -} - void PermissionManager::NotifyUpdatedPermList(const std::vector& grantedPermListBefore, const std::vector& grantedPermListAfter, AccessTokenID tokenID) { for (uint32_t i = 0; i < grantedPermListBefore.size(); i++) { + LOGI(ATM_DOMAIN, ATM_TAG, "grantedPermListBefore[i] %{public}s.", grantedPermListBefore[i].c_str()); auto it = find(grantedPermListAfter.begin(), grantedPermListAfter.end(), grantedPermListBefore[i]); if (it == grantedPermListAfter.end()) { CallbackManager::GetInstance().ExecuteCallbackAsync( @@ -924,6 +750,7 @@ void PermissionManager::NotifyUpdatedPermList(const std::vector& gr } } for (uint32_t i = 0; i < grantedPermListAfter.size(); i++) { + LOGI(ATM_DOMAIN, ATM_TAG, "grantedPermListAfter[i] %{public}s.", grantedPermListAfter[i].c_str()); auto it = find(grantedPermListBefore.begin(), grantedPermListBefore.end(), grantedPermListAfter[i]); if (it == grantedPermListBefore.end()) { CallbackManager::GetInstance().ExecuteCallbackAsync( @@ -933,20 +760,20 @@ void PermissionManager::NotifyUpdatedPermList(const std::vector& gr } } -bool PermissionManager::IsPermissionStateOrFlagMatched(const PermissionStateFull& state1, - const PermissionStateFull& state2) +bool PermissionManager::IsPermissionStateOrFlagMatched(const PermissionStatus& state1, + const PermissionStatus& state2) { - return ((state1.grantStatus[0] == state2.grantStatus[0]) && (state1.grantFlags[0] == state2.grantFlags[0])); + return ((state1.grantStatus == state2.grantStatus) && (state1.grantFlag == state2.grantFlag)); } -void PermissionManager::GetStateOrFlagChangedList(std::vector& stateListBefore, - std::vector& stateListAfter, std::vector& stateChangeList) +void PermissionManager::GetStateOrFlagChangedList(std::vector& stateListBefore, + std::vector& stateListAfter, std::vector& stateChangeList) { uint32_t size = stateListBefore.size(); for (uint32_t i = 0; i < size; ++i) { - PermissionStateFull state1 = stateListBefore[i]; - PermissionStateFull state2 = stateListAfter[i]; + PermissionStatus state1 = stateListBefore[i]; + PermissionStatus state2 = stateListAfter[i]; if (!IsPermissionStateOrFlagMatched(state1, state2)) { stateChangeList.emplace_back(state2); @@ -954,92 +781,38 @@ void PermissionManager::GetStateOrFlagChangedList(std::vector infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID); - return ERR_PARAM_INVALID; - } - if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", tokenID); - return ERR_IDENTITY_CHECK_FAILED; - } - std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return ERR_PARAM_INVALID; - } - std::vector grantedPermListBefore; - permPolicySet->GetGrantedPermissionList(grantedPermListBefore); - std::vector stateListBefore; - permPolicySet->GetPermissionStateList(stateListBefore); - - // reset permission. - permPolicySet->ResetUserGrantPermissionStatus(); - // clear security component granted permission which is not requested in module.json. - permPolicySet->ClearSecCompGrantedPerm(); - -#ifdef SUPPORT_SANDBOX_APP - // update permission status with dlp permission rule. - std::vector permListOfHap; - permPolicySet->GetPermissionStateFulls(permListOfHap); - DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo( - infoPtr->GetDlpType(), permListOfHap); - permPolicySet->Update(permListOfHap); -#endif - - std::vector grantedPermListAfter; - permPolicySet->GetGrantedPermissionList(grantedPermListAfter); - std::vector stateListAfter; - permPolicySet->GetPermissionStateList(stateListAfter); - std::vector stateChangeList; - GetStateOrFlagChangedList(stateListBefore, stateListAfter, stateChangeList); - if (!AccessTokenInfoManager::GetInstance().UpdateStatesToDatabase(tokenID, stateChangeList)) { - return ERR_DATABASE_OPERATE_FAILED; - } - - // clear - AddPermToKernel(tokenID, permPolicySet); - - NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, tokenID); - return RET_SUCCESS; -} - void PermissionManager::NotifyPermGrantStoreResult(bool result, uint64_t timestamp) { grantEvent_.NotifyPermGrantStoreResult(result, timestamp); } -std::string PermissionManager::TransferPermissionDefToString(const PermissionDef& inPermissionDef) +void PermissionManager::AddNativePermToKernel(AccessTokenID tokenID, + const std::vector& opCodeList, const std::vector& statusList) { - std::string infos; - infos.append(R"({"permissionName": ")" + inPermissionDef.permissionName + R"(")"); - infos.append(R"(, "bundleName": ")" + inPermissionDef.bundleName + R"(")"); - infos.append(R"(, "grantMode": )" + std::to_string(inPermissionDef.grantMode)); - infos.append(R"(, "availableLevel": )" + std::to_string(inPermissionDef.availableLevel)); - infos.append(R"(, "provisionEnable": )" + std::to_string(inPermissionDef.provisionEnable)); - infos.append(R"(, "distributedSceneEnable": )" + std::to_string(inPermissionDef.distributedSceneEnable)); - infos.append(R"(, "label": ")" + inPermissionDef.label + R"(")"); - infos.append(R"(, "labelId": )" + std::to_string(inPermissionDef.labelId)); - infos.append(R"(, "description": ")" + inPermissionDef.description + R"(")"); - infos.append(R"(, "descriptionId": )" + std::to_string(inPermissionDef.descriptionId)); - infos.append(R"(, "availableType": )" + std::to_string(inPermissionDef.availableType)); - infos.append("}"); - return infos; + int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); + if (ret != ACCESS_TOKEN_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", + tokenID, opCodeList.size(), ret); + } } -void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::shared_ptr& policy) +void PermissionManager::AddHapPermToKernel(AccessTokenID tokenID, const std::vector& permList) { - if (policy == nullptr) { - return; + std::vector permCodeList; + for (const auto &permission : permList) { + uint32_t code; + if (!TransferPermissionToOpcode(permission, code)) { + continue; + } + permCodeList.emplace_back(code); } + std::vector opCodeList; std::vector statusList; - policy->GetPermissionStateList(opCodeList, statusList); + HapTokenInfoInner::GetPermStatusListByTokenId(tokenID, permCodeList, opCodeList, statusList); int32_t ret = AddPermissionToKernel(tokenID, opCodeList, statusList); if (ret != ACCESS_TOKEN_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", + LOGE(ATM_DOMAIN, ATM_TAG, "AddPermissionToKernel(token=%{public}d), size=%{public}zu, err=%{public}d", tokenID, opCodeList.size(), ret); } } @@ -1047,27 +820,33 @@ void PermissionManager::AddPermToKernel(AccessTokenID tokenID, const std::shared void PermissionManager::RemovePermFromKernel(AccessTokenID tokenID) { int32_t ret = RemovePermissionFromKernel(tokenID); - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "RemovePermissionFromKernel(token=%{public}d), err=%{public}d", tokenID, ret); } -void PermissionManager::SetPermToKernel(AccessTokenID tokenID, const std::string& permissionName, bool isGranted) +void PermissionManager::SetPermToKernel( + AccessTokenID tokenID, const std::string& permissionName, bool isGranted) { uint32_t code; if (!TransferPermissionToOpcode(permissionName, code)) { return; } int32_t ret = SetPermissionToKernel(tokenID, code, isGranted); - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "SetPermissionToKernel(token=%{public}d, permission=(%{public}s), err=%{public}d", tokenID, permissionName.c_str(), ret); } -bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicyParams& policy) +bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) { + if (policy.checkIgnore == HapPolicyCheckIgnore::ACL_IGNORE_CHECK) { + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", permDef.permissionName.c_str()); + return true; + } + if (policy.apl < permDef.availableLevel) { if (!permDef.provisionEnable) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s provisionEnable is false.", permDef.permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", permDef.permissionName.c_str()); return false; } auto isAclExist = std::any_of( @@ -1075,7 +854,7 @@ bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicyParams& policy) return permDef.permissionName == perm; }); if (!isAclExist) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s need acl.", permDef.permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", permDef.permissionName.c_str()); return false; } } @@ -1086,12 +865,12 @@ bool IsPermAvailableRangeSatisfied(const PermissionDef& permDef, const std::stri { if (permDef.availableType == ATokenAvailableTypeEnum::MDM) { if (appDistributionType == "none") { - ACCESSTOKEN_LOG_INFO(LABEL, "Debug app use permission: %{public}s.", + LOGI(ATM_DOMAIN, ATM_TAG, "Debug app use permission: %{public}s.", permDef.permissionName.c_str()); return true; } if (appDistributionType != APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s is a mdm permission, the hap is not a mdm application.", + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s is a mdm permission, the hap is not a mdm application.", permDef.permissionName.c_str()); return false; } @@ -1106,7 +885,7 @@ bool IsUserGrantPermPreAuthorized(const std::vector &list, return info.permissionName == permissionName; }); if (iter == list.end()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission(%{public}s) is not in the list", permissionName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Permission(%{public}s) is not in the list", permissionName.c_str()); return false; } @@ -1115,51 +894,56 @@ bool IsUserGrantPermPreAuthorized(const std::vector &list, } bool PermissionManager::InitDlpPermissionList(const std::string& bundleName, int32_t userId, - std::vector& initializedList) + std::vector& initializedList) { // get dlp original app AccessTokenIDEx tokenId = AccessTokenInfoManager::GetInstance().GetHapTokenID(userId, bundleName, 0); - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenId.tokenIdExStruct.tokenID); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + std::shared_ptr infoPtr = + AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId.tokenIdExStruct.tokenID); + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenId.tokenIdExStruct.tokenID); return false; } - permPolicySet->GetPermissionStateFulls(initializedList); + (void)infoPtr->GetPermissionStateList(initializedList); return true; } -bool PermissionManager::InitPermissionList(const std::string& appDistributionType, - const HapPolicyParams& policy, std::vector& initializedList) +bool PermissionManager::InitPermissionList(const std::string& appDistributionType, const HapPolicy& policy, + std::vector& initializedList, HapInfoCheckResult& result) { - ACCESSTOKEN_LOG_INFO(LABEL, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu.", - policy.permStateList.size(), policy.preAuthorizationInfo.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "Before, request perm list size: %{public}zu, preAuthorizationInfo size %{public}zu, " + "ACLRequestedList size %{public}zu.", + policy.permStateList.size(), policy.preAuthorizationInfo.size(), policy.aclRequestedList.size()); for (auto state : policy.permStateList) { PermissionDef permDef; int32_t ret = PermissionManager::GetInstance().GetDefPermission( state.permissionName, permDef); if (ret != AccessToken::AccessTokenKitRet::RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get definition of %{public}s failed, ret = %{public}d.", + LOGE(ATM_DOMAIN, ATM_TAG, "Get definition of %{public}s failed, ret = %{public}d.", state.permissionName.c_str(), ret); continue; } if (!IsAclSatisfied(permDef, policy)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Acl of %{public}s is invalid.", permDef.permissionName.c_str()); + result.permCheckResult.permissionName = state.permissionName; + result.permCheckResult.rule = PERMISSION_ACL_RULE; + LOGE(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", permDef.permissionName.c_str()); return false; } // edm check if (!IsPermAvailableRangeSatisfied(permDef, appDistributionType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Available range of %{public}s is invalid.", permDef.permissionName.c_str()); + result.permCheckResult.permissionName = state.permissionName; + result.permCheckResult.rule = PERMISSION_EDM_RULE; + LOGE(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", permDef.permissionName.c_str()); return false; } - state.grantFlags[0] = PERMISSION_DEFAULT_FLAG; - state.grantStatus[0] = PERMISSION_DENIED; + state.grantFlag = PERMISSION_DEFAULT_FLAG; + state.grantStatus = PERMISSION_DENIED; if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { - state.grantFlags[0] = PERMISSION_SYSTEM_FIXED; - state.grantStatus[0] = PERMISSION_GRANTED; + state.grantFlag = PERMISSION_SYSTEM_FIXED; + state.grantStatus = PERMISSION_GRANTED; initializedList.emplace_back(state); continue; } @@ -1169,12 +953,12 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp } bool userCancelable = true; if (IsUserGrantPermPreAuthorized(policy.preAuthorizationInfo, state.permissionName, userCancelable)) { - state.grantFlags[0] = userCancelable ? PERMISSION_GRANTED_BY_POLICY : PERMISSION_SYSTEM_FIXED; - state.grantStatus[0] = PERMISSION_GRANTED; + state.grantFlag = userCancelable ? PERMISSION_GRANTED_BY_POLICY : PERMISSION_SYSTEM_FIXED; + state.grantStatus = PERMISSION_GRANTED; } initializedList.emplace_back(state); } - ACCESSTOKEN_LOG_INFO(LABEL, "After, request perm list size: %{public}zu.", initializedList.size()); + LOGI(ATM_DOMAIN, ATM_TAG, "After, request perm list size: %{public}zu.", initializedList.size()); return true; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp deleted file mode 100644 index e9f57bd7e2f68564cc128b729570d5fd84d02f87..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ /dev/null @@ -1,645 +0,0 @@ -/* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_policy_set.h" - -#include - -#include "accesstoken_id_manager.h" -#include "accesstoken_log.h" -#include "access_token_db.h" -#include "access_token_error.h" -#include "permission_definition_cache.h" -#include "permission_map.h" -#include "permission_validator.h" -#include "data_translator.h" -#include "token_field_const.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionPolicySet"}; -} - -PermissionPolicySet::~PermissionPolicySet() -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, - "%{public}s called, tokenID: 0x%{public}x destruction", __func__, tokenId_); -} - -std::shared_ptr PermissionPolicySet::BuildPermissionPolicySet( - AccessTokenID tokenId, const std::vector& permStateList) -{ - ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); - std::shared_ptr policySet = std::make_shared(); - PermissionValidator::FilterInvalidPermissionState(tokenType, true, permStateList, policySet->permStateList_); - policySet->tokenId_ = tokenId; - return policySet; -} - -std::shared_ptr PermissionPolicySet::BuildPolicySetWithoutDefCheck( - AccessTokenID tokenId, const std::vector& permStateList) -{ - std::shared_ptr policySet = std::make_shared(); - PermissionValidator::FilterInvalidPermissionState( - TOKEN_TYPE_BUTT, false, permStateList, policySet->permStateList_); - policySet->tokenId_ = tokenId; - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, permStateList_ size: %{public}zu", - tokenId, policySet->permStateList_.size()); - return policySet; -} - -void PermissionPolicySet::UpdatePermStateFull(const PermissionStateFull& permOld, PermissionStateFull& permNew) -{ - if (permNew.isGeneral == permOld.isGeneral) { - // if user_grant permission is not operated by user, it keeps the new initalized state. - // the new state can be pre_authorization. - if ((permOld.grantFlags[0] == PERMISSION_DEFAULT_FLAG) && (permOld.grantStatus[0] == PERMISSION_DENIED)) { - return; - } - // if old user_grant permission is granted by pre_authorization fixed, it keeps the new initalized state. - // the new state can be pre_authorization or not. - if ((permOld.grantFlags[0] == PERMISSION_SYSTEM_FIXED) || - // if old user_grant permission is granted by pre_authorization unfixed - // and the user has not operated this permission, it keeps the new initalized state. - (permOld.grantFlags[0] == PERMISSION_GRANTED_BY_POLICY)) { - return; - } - - // if old user_grant permission has been operated by user, it keeps the old status and old flag. - permNew.resDeviceID = permOld.resDeviceID; - permNew.grantStatus = permOld.grantStatus; - permNew.grantFlags = permOld.grantFlags; - } -} - -void PermissionPolicySet::Update(const std::vector& permStateList) -{ - std::vector permStateFilterList; - PermissionValidator::FilterInvalidPermissionState(TOKEN_HAP, true, permStateList, permStateFilterList); - ACCESSTOKEN_LOG_INFO(LABEL, "PermStateFilterList size: %{public}zu.", permStateFilterList.size()); - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - - for (PermissionStateFull& permStateNew : permStateFilterList) { - auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), - [permStateNew](const PermissionStateFull& permStateOld) { - return permStateNew.permissionName == permStateOld.permissionName; - }); - if (iter != permStateList_.end()) { - UpdatePermStateFull(*iter, permStateNew); - } - } - permStateList_ = permStateFilterList; -} - -uint32_t PermissionPolicySet::GetFlagWroteToDb(uint32_t grantFlag) -{ - return GetFlagWithoutSpecifiedElement(grantFlag, PERMISSION_COMPONENT_SET); -} - -std::shared_ptr PermissionPolicySet::RestorePermissionPolicy(AccessTokenID tokenId, - const std::vector& permStateRes) -{ - std::shared_ptr policySet = std::make_shared(); - policySet->tokenId_ = tokenId; - - for (const GenericValues& stateValue : permStateRes) { - if ((AccessTokenID)stateValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID) == tokenId) { - PermissionStateFull state; - int ret = DataTranslator::TranslationIntoPermissionStateFull(stateValue, state); - if (ret == RET_SUCCESS) { - MergePermissionStateFull(policySet->permStateList_, state); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId 0x%{public}x permState is wrong.", tokenId); - } - } - } - return policySet; -} - -void PermissionPolicySet::MergePermissionStateFull(std::vector& permStateList, - PermissionStateFull& state) -{ - uint32_t flag = GetFlagWroteToDb(state.grantFlags[0]); - state.grantFlags[0] = flag; - for (auto iter = permStateList.begin(); iter != permStateList.end(); iter++) { - if (state.permissionName == iter->permissionName) { - iter->resDeviceID.emplace_back(state.resDeviceID[0]); - iter->grantStatus.emplace_back(state.grantStatus[0]); - iter->grantFlags.emplace_back(state.grantFlags[0]); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Update permission: %{public}s.", state.permissionName.c_str()); - return; - } - } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Add permission: %{public}s.", state.permissionName.c_str()); - permStateList.emplace_back(state); -} - -void PermissionPolicySet::StorePermissionState(std::vector& valueList) const -{ - for (const auto& permissionState : permStateList_) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName: %{public}s", permissionState.permissionName.c_str()); - if (permissionState.isGeneral) { - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId_)); - DataTranslator::TranslationIntoGenericValues(permissionState, 0, genericValues); - valueList.emplace_back(genericValues); - continue; - } - - unsigned int stateSize = permissionState.resDeviceID.size(); - for (unsigned int i = 0; i < stateSize; i++) { - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId_)); - DataTranslator::TranslationIntoGenericValues(permissionState, i, genericValues); - valueList.emplace_back(genericValues); - } - } -} - -void PermissionPolicySet::StorePermissionPolicySet(std::vector& permStateValueList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - StorePermissionState(permStateValueList); -} - -static bool IsPermOperatedByUser(int32_t flag) -{ - uint32_t uFlag = static_cast(flag); - return (uFlag & PERMISSION_USER_FIXED) || (uFlag & PERMISSION_USER_SET); -} - -static bool IsPermOperatedBySystem(int32_t flag) -{ - uint32_t uFlag = static_cast(flag); - return (uFlag & PERMISSION_SYSTEM_FIXED) || (uFlag & PERMISSION_GRANTED_BY_POLICY); -} - -static bool IsPermGrantedBySecComp(int32_t flag) -{ - uint32_t uFlag = static_cast(flag); - return uFlag & PERMISSION_COMPONENT_SET; -} - -uint32_t PermissionPolicySet::GetFlagWithoutSpecifiedElement(uint32_t fullFlag, uint32_t removedFlag) -{ - uint32_t unmaskedFlag = (fullFlag) & (~removedFlag); - return unmaskedFlag; -} - -PermUsedTypeEnum PermissionPolicySet::GetUserGrantedPermissionUsedType(const std::string& permissionName) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), - [permissionName](const PermissionStateFull& permState) { - return permissionName == permState.permissionName; - }); - if (iter != permStateList_.end()) { - if (!iter->isGeneral) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s of %{public}d is not general.", - permissionName.c_str(), tokenId_); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - - if (IsPermGrantedBySecComp(iter->grantFlags[0])) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is granted by seccomp, tokenID=%{public}d.", tokenId_); - return PermUsedTypeEnum::SEC_COMPONENT_TYPE; - } - - if (iter->grantStatus[0] != PERMISSION_GRANTED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s of %{public}d is requested, not granted.", - permissionName.c_str(), tokenId_); - return PermUsedTypeEnum::INVALID_USED_TYPE; - } - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s of %{public}d is applied for normally.", - permissionName.c_str(), tokenId_); - return PermUsedTypeEnum::NORMAL_TYPE; - } - - if (std::any_of(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), - [permissionName](const auto& permission) { return permission == permissionName; })) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is granted by seccomp, tokenID=%{public}d.", tokenId_); - return PermUsedTypeEnum::SEC_COMPONENT_TYPE; - } - ACCESSTOKEN_LOG_ERROR(LABEL, "Application %{public}u not apply for %{public}s.", tokenId_, permissionName.c_str()); - return PermUsedTypeEnum::INVALID_USED_TYPE; -} - -int PermissionPolicySet::VerifyPermissionStatus(const std::string& permissionName) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), - [permissionName](const PermissionStateFull& permState) { - return permissionName == permState.permissionName; - }); - if (iter != permStateList_.end()) { - if (!iter->isGeneral) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not general", - tokenId_, permissionName.c_str()); - return PERMISSION_DENIED; - } - if (IsPermGrantedBySecComp(iter->grantFlags[0])) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, permission is granted by seccomp", tokenId_); - return PERMISSION_GRANTED; - } - if (iter->grantStatus[0] != PERMISSION_GRANTED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: %{public}d, permission: %{public}s is not granted", - tokenId_, permissionName.c_str()); - return PERMISSION_DENIED; - } - return PERMISSION_GRANTED; - } - // check if undeclared permission is granted by security component. - if (std::any_of(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), - [permissionName](const auto& permission) { return permission == permissionName; })) { - return PERMISSION_GRANTED; - } - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d, permission: %{public}s is undeclared", - tokenId_, permissionName.c_str()); - return PERMISSION_DENIED; -} - -void PermissionPolicySet::GetDefPermissions(std::vector& permList) -{ - PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenId_); -} - -void PermissionPolicySet::GetPermissionStateFulls(std::vector& permList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - permList.assign(permStateList_.begin(), permStateList_.end()); -} - -int PermissionPolicySet::QueryPermissionFlag(const std::string& permissionName, int& flag) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - for (const auto& perm : permStateList_) { - if (perm.permissionName == permissionName) { - if (perm.isGeneral) { - flag = perm.grantFlags[0]; - return RET_SUCCESS; - } else { - return AccessTokenError::ERR_PARAM_INVALID; - } - } - } - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); - return AccessTokenError::ERR_PERMISSION_NOT_EXIST; -} - -static uint32_t UpdateWithNewFlag(uint32_t oldFlag, uint32_t currFlag) -{ - uint32_t newFlag = currFlag | (oldFlag & PERMISSION_GRANTED_BY_POLICY); - return newFlag; -} - -int32_t PermissionPolicySet::UpdatePermStateList(const std::string& permissionName, bool isGranted, uint32_t flag) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - auto iter = std::find_if(permStateList_.begin(), permStateList_.end(), - [permissionName](const PermissionStateFull& permState) { - return permissionName == permState.permissionName; - }); - if (iter != permStateList_.end()) { - if (iter->isGeneral) { - if ((static_cast(iter->grantFlags[0]) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission fixed by system!"); - return AccessTokenError::ERR_PARAM_INVALID; - } - iter->grantStatus[0] = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; - iter->grantFlags[0] = UpdateWithNewFlag(iter->grantFlags[0], flag); - } else { - ACCESSTOKEN_LOG_WARN(LABEL, "Perm isGeneral is false."); - } - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission not request!"); - return AccessTokenError::ERR_PARAM_INVALID; - } - return RET_SUCCESS; -} - -void PermissionPolicySet::SecCompGrantedPermListUpdated(const std::string& permissionName, bool isAdded) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - if (isAdded) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "The permission in secCompGrantedPermList_ is added."); - auto iter = std::find_if(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), - [permissionName](const std::string &grantedPerm) { - return permissionName == grantedPerm; - }); - if (iter == secCompGrantedPermList_.end()) { - secCompGrantedPermList_.emplace_back(permissionName); - return; - } - } else { - ACCESSTOKEN_LOG_DEBUG(LABEL, "The permission in secCompGrantedPermList_ is deleted."); - auto iter = std::find_if(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end(), - [permissionName](const std::string &grantedPerm) { - return permissionName == grantedPerm; - }); - if (iter != secCompGrantedPermList_.end()) { - secCompGrantedPermList_.erase(iter); - return; - } - } - return; -} - -void PermissionPolicySet::SetPermissionFlag(const std::string& permissionName, uint32_t flag, bool needToAdd) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - for (auto& perm : permStateList_) { - if (perm.permissionName == permissionName) { - if (perm.isGeneral) { - uint32_t oldFlag = perm.grantFlags[0]; - uint32_t newFlag = - needToAdd ? (oldFlag | flag) : (oldFlag & (~PERMISSION_COMPONENT_SET)); - perm.grantFlags[0] = newFlag; - return; - } - } - } - return; -} - -int32_t PermissionPolicySet::UpdateSecCompGrantedPermList(const std::string& permissionName, bool isToGrant) -{ - int32_t flag = 0; - int32_t ret = QueryPermissionFlag(permissionName, flag); - - ACCESSTOKEN_LOG_DEBUG(LABEL, "Ret is %{public}d. flag is %{public}d", ret, flag); - // if the permission has been operated by user or the permission has been granted by system. - if ((IsPermOperatedByUser(flag) || IsPermOperatedBySystem(flag))) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "The permission has been operated."); - if (isToGrant) { - int32_t status = VerifyPermissionStatus(permissionName); - // Permission has been granted, there is no need to add perm state in security component permList. - if (status == PERMISSION_GRANTED) { - return RET_SUCCESS; - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission has been revoked by user."); - return ERR_PERMISSION_DENIED; - } - } else { - /* revoke is called while the permission has been operated by user or system */ - /* the permission need to be deleted from secCompGrantedPermList_ */ - SecCompGrantedPermListUpdated(permissionName, false); - return RET_SUCCESS; - } - } - // the permission has not been operated by user or the app has not applied for this permission in config.json - SecCompGrantedPermListUpdated(permissionName, isToGrant); - // If the app has applied for this permission and security component operation has taken effect. - SetPermissionFlag(permissionName, PERMISSION_COMPONENT_SET, isToGrant); - return RET_SUCCESS; -} - -int32_t PermissionPolicySet::UpdatePermissionStatus(const std::string& permissionName, bool isGranted, uint32_t flag) -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermissionName %{public}s.", permissionName.c_str()); - if (!IsPermGrantedBySecComp(flag)) { - return UpdatePermStateList(permissionName, isGranted, flag); - } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Permission is set by security component."); - return UpdateSecCompGrantedPermList(permissionName, isGranted); -} - -void PermissionPolicySet::ClearSecCompGrantedPerm(void) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - secCompGrantedPermList_.erase(secCompGrantedPermList_.begin(), secCompGrantedPermList_.end()); - for (auto& perm : permStateList_) { - if (perm.isGeneral) { - perm.grantFlags[0] = GetFlagWithoutSpecifiedElement(perm.grantFlags[0], PERMISSION_COMPONENT_SET); - } - } -} - -void PermissionPolicySet::ResetUserGrantPermissionStatus(void) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - for (auto& perm : permStateList_) { - if (perm.isGeneral) { - uint32_t oldFlag = static_cast(perm.grantFlags[0]); - if ((oldFlag & PERMISSION_SYSTEM_FIXED) != 0) { - continue; - } - /* A user_grant permission has been set by system for cancellable pre-authorization. */ - /* it should keep granted when the app reset. */ - if ((oldFlag & PERMISSION_GRANTED_BY_POLICY) != 0) { - perm.grantStatus[0] = PERMISSION_GRANTED; - perm.grantFlags[0] = PERMISSION_GRANTED_BY_POLICY; - continue; - } - perm.grantStatus[0] = PERMISSION_DENIED; - perm.grantFlags[0] = PERMISSION_DEFAULT_FLAG; - } else { - continue; - } - } -} - -void PermissionPolicySet::GetPermissionStateList(std::vector& stateList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - for (const auto& state : permStateList_) { - stateList.emplace_back(state); - } -} - -void PermissionPolicySet::GetGrantedPermissionList(std::vector& permissionList) -{ - Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - for (const auto& perm : permStateList_) { - if (perm.isGeneral && (perm.grantStatus[0] == PERMISSION_GRANTED)) { - permissionList.emplace_back(perm.permissionName); - } - } - - for (const auto& permission : secCompGrantedPermList_) { - permissionList.emplace_back(permission); - } -} - -void PermissionPolicySet::GetDeletedPermissionListToNotify(std::vector& permissionList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - for (const auto& perm : permStateList_) { - if (perm.isGeneral) { - if (perm.grantStatus[0] == PERMISSION_GRANTED) { - permissionList.emplace_back(perm.permissionName); - } - } - } - for (const auto& permission : secCompGrantedPermList_) { - permissionList.emplace_back(permission); - } -} - -void PermissionPolicySet::GetPermissionStateList(std::vector& opCodeList, std::vector& statusList) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - for (const auto& state : permStateList_) { - uint32_t code; - if (TransferPermissionToOpcode(state.permissionName, code)) { - opCodeList.emplace_back(code); - statusList.emplace_back(state.grantStatus[0] == PERMISSION_GRANTED); - } - } -} - -uint32_t PermissionPolicySet::GetReqPermissionSize() -{ - return static_cast(permStateList_.size()); -} - -void PermissionPolicySet::PermDefToString(const PermissionDef& def, std::string& info) const -{ - info.append(R"( {)"); - info.append("\n"); - info.append(R"( "permissionName": ")" + def.permissionName + R"(")" + ",\n"); - info.append(R"( "bundleName": ")" + def.bundleName + R"(")" + ",\n"); - info.append(R"( "grantMode": )" + std::to_string(def.grantMode) + ",\n"); - info.append(R"( "availableLevel": )" + std::to_string(def.availableLevel) + ",\n"); - info.append(R"( "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n"); - info.append(R"( "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n"); - info.append(R"( "label": ")" + def.label + R"(")" + ",\n"); - info.append(R"( "labelId": )" + std::to_string(def.labelId) + ",\n"); - info.append(R"( "description": ")" + def.description + R"(")" + ",\n"); - info.append(R"( "descriptionId": )" + std::to_string(def.descriptionId) + ",\n"); - info.append(R"( })"); -} - -void PermissionPolicySet::PermStateFullToString(const PermissionStateFull& state, std::string& info) const -{ - info.append(R"( {)"); - info.append("\n"); - info.append(R"( "permissionName": ")" + state.permissionName + R"(")" + ",\n"); - info.append(R"( "isGeneral": )" + std::to_string(state.isGeneral) + ",\n"); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - info.append(R"( "resDeviceIDList": [ )"); - for (auto iter = state.resDeviceID.begin(); iter != state.resDeviceID.end(); iter++) { - info.append("\n"); - info.append(R"( { "resDeviceID": ")" + *iter + R"(")" + " }"); - if (iter != (state.resDeviceID.end() - 1)) { - info.append(","); - } - } - info.append("\n ],\n"); -#endif - info.append(R"( "grantStatusList": [)"); - for (auto iter = state.grantStatus.begin(); iter != state.grantStatus.end(); iter++) { - info.append("\n"); - info.append(R"( { "grantStatus": )" + std::to_string(*iter) + " }"); - if (iter != (state.grantStatus.end() - 1)) { - info.append(","); - } - } - info.append("\n ],\n"); - - info.append(R"( "grantFlagsList": [)"); - for (auto iter = state.grantFlags.begin(); iter != state.grantFlags.end(); iter++) { - info.append("\n"); - info.append(R"( { "grantFlag": )" + std::to_string(*iter) + " }"); - if (iter != (state.grantFlags.end() - 1)) { - info.append(","); - } - } - info.append("\n ],\n"); - - info.append(R"( })"); -} - -void PermissionPolicySet::ToString(std::string& info) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - info.append(R"( "permDefList": [)"); - info.append("\n"); - std::vector permList; - PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenId_); - for (auto iter = permList.begin(); iter != permList.end(); iter++) { - PermDefToString(*iter, info); - if (iter != (permList.end() - 1)) { - info.append(",\n"); - } - } - info.append("\n ],\n"); - - info.append(R"( "permStateList": [)"); - info.append("\n"); - for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { - PermStateFullToString(*iter, info); - if (iter != (permStateList_.end() - 1)) { - info.append(",\n"); - } - } - info.append("\n ]\n"); -} - -bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, - const std::vector& nativeAcls) -{ - PermissionDef permissionDef; - int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( - permissionName, permissionDef); - if (ret != RET_SUCCESS) { - return false; - } - if (tokenApl >= permissionDef.availableLevel) { - return true; - } - - auto iter = std::find(nativeAcls.begin(), nativeAcls.end(), permissionName); - if (iter != nativeAcls.end()) { - return true; - } - return false; -} - -void PermissionPolicySet::PermStateToString(int32_t tokenApl, - const std::vector& nativeAcls, std::string& info) -{ - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - - std::vector invalidPermList = {}; - info.append(R"( "permStateList": [)"); - info.append("\n"); - for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) { - if (!IsPermissionReqValid(tokenApl, iter->permissionName, nativeAcls)) { - invalidPermList.emplace_back(iter->permissionName); - continue; - } - PermStateFullToString(*iter, info); - if (iter != (permStateList_.end() - 1)) { - info.append(",\n"); - } - } - info.append("\n ]\n"); - - if (invalidPermList.empty()) { - return; - } - - info.append(R"( "invalidPermList": [)"); - info.append("\n"); - for (auto iter = invalidPermList.begin(); iter != invalidPermList.end(); iter++) { - info.append(R"( "permissionName": ")" + *iter + R"(")" + ",\n"); - } - info.append("\n ]\n"); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp index ff5368af56982aa0566af3d253cc396430c23b32..9e21164a8d96e19d06dea45b79e9f31ff3e06897 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp @@ -17,16 +17,13 @@ #include #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "data_validator.h" #include "permission_definition_cache.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionValidator"}; -} bool PermissionValidator::IsGrantModeValid(int grantMode) { @@ -61,31 +58,31 @@ bool PermissionValidator::IsToggleStatusValid(const uint32_t status) bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef) { if (!DataValidator::IsLabelValid(permDef.label)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Label invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Label invalid."); return false; } if (!DataValidator::IsDescValid(permDef.description)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Desc invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Desc invalid."); return false; } if (!DataValidator::IsBundleNameValid(permDef.bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "BundleName invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "BundleName invalid."); return false; } if (!DataValidator::IsPermissionNameValid(permDef.permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermissionName invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName invalid."); return false; } if (!IsGrantModeValid(permDef.grantMode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantMode invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "GrantMode invalid."); return false; } if (!DataValidator::IsAvailableTypeValid(permDef.availableType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AvailableType invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "AvailableType invalid."); return false; } if (!DataValidator::IsAplNumValid(permDef.availableLevel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AvailableLevel invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "AvailableLevel invalid."); return false; } return true; @@ -93,10 +90,10 @@ bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef) bool PermissionValidator::IsPermissionAvailable(ATokenTypeEnum tokenType, const std::string& permissionName) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenType is %{public}d.", tokenType); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenType is %{public}d.", tokenType); if (tokenType == TOKEN_HAP) { if (!PermissionDefinitionCache::GetInstance().HasHapPermissionDefinitionForHap(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s is not defined for hap.", permissionName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s is not defined for hap.", permissionName.c_str()); return false; } } @@ -104,27 +101,15 @@ bool PermissionValidator::IsPermissionAvailable(ATokenTypeEnum tokenType, const return true; } -bool PermissionValidator::IsPermissionStateValid(const PermissionStateFull& permState) +bool PermissionValidator::IsPermissionStateValid(const PermissionStatus& permState) { if (!DataValidator::IsPermissionNameValid(permState.permissionName)) { return false; } - size_t resDevIdSize = permState.resDeviceID.size(); - size_t grantStatSize = permState.grantStatus.size(); - size_t grantFlagSize = permState.grantFlags.size(); - if ((grantStatSize != resDevIdSize) || (grantFlagSize != resDevIdSize)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "list size is invalid, grantStatSize %{public}zu, grantFlagSize %{public}zu, resDevIdSize %{public}zu.", - grantStatSize, grantFlagSize, resDevIdSize); + if (!IsGrantStatusValid(permState.grantStatus) || !IsPermissionFlagValid(permState.grantFlag)) { + LOGE(ATM_DOMAIN, ATM_TAG, "GrantStatus or grantFlag is invalid"); return false; } - for (uint32_t i = 0; i < resDevIdSize; i++) { - if (!IsGrantStatusValid(permState.grantStatus[i]) || - !IsPermissionFlagValid(permState.grantFlags[i])) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GrantStatus or grantFlags is invalid"); - return false; - } - } return true; } @@ -142,38 +127,19 @@ void PermissionValidator::FilterInvalidPermissionDef( } } -void PermissionValidator::DeduplicateResDevID(const PermissionStateFull& permState, PermissionStateFull& result) -{ - std::set resDevId; - auto stateIter = permState.grantStatus.begin(); - auto flagIter = permState.grantFlags.begin(); - for (auto it = permState.resDeviceID.begin(); it != permState.resDeviceID.end(); ++it, ++stateIter, ++flagIter) { - if (resDevId.count(*it) != 0) { - continue; - } - resDevId.insert(*it); - result.resDeviceID.emplace_back(*it); - result.grantStatus.emplace_back(*stateIter); - result.grantFlags.emplace_back(*flagIter); - } - result.permissionName = permState.permissionName; - result.isGeneral = permState.isGeneral; -} - void PermissionValidator::FilterInvalidPermissionState(ATokenTypeEnum tokenType, bool doPermAvailableCheck, - const std::vector& permList, std::vector& result) + const std::vector& permList, std::vector& result) { std::set permStateSet; for (auto it = permList.begin(); it != permList.end(); ++it) { std::string permName = it->permissionName; - PermissionStateFull res; - if (!IsPermissionStateValid(*it) || permStateSet.count(permName) != 0) { + PermissionStatus res = *it; + if (!IsPermissionStateValid(res) || permStateSet.count(permName) != 0) { continue; } if (doPermAvailableCheck && !IsPermissionAvailable(tokenType, permName)) { continue; } - DeduplicateResDevID(*it, res); permStateSet.insert(permName); result.emplace_back(res); } diff --git a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp new file mode 100644 index 0000000000000000000000000000000000000000..5f7f120ec059290c36cb3c1ea69a91e6115edc58 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp @@ -0,0 +1,322 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "short_grant_manager.h" + +#include +#include +#include + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "app_manager_access_client.h" +#include "permission_manager.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +std::recursive_mutex g_instanceMutex; +static constexpr int32_t DEFAULT_MAX_TIME_MILLISECONDS = 30 * 60; // 30 minutes +static constexpr int32_t DEFAULT_MAX_ONCE_TIME_MILLISECONDS = 5 * 60; // 5 minutes +static const std::string TASK_NAME_SHORT_GRANT_PERMISSION = "atm_permission_manager_short_grant"; +static const std::vector g_shortGrantPermission = { + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO" +}; + +ShortGrantManager& ShortGrantManager::GetInstance() +{ + static ShortGrantManager* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_instanceMutex); + if (instance == nullptr) { + ShortGrantManager* tmp = new ShortGrantManager(); + instance = std::move(tmp); + } + } + return *instance; +} + +void ShortPermAppManagerDeathCallback::NotifyAppManagerDeath() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "ShortGrantManager AppManagerDeath called"); + + ShortGrantManager::GetInstance().OnAppMgrRemoteDiedHandle(); +} + +void ShortPermAppStateObserver::OnAppStopped(const AppStateData &appStateData) +{ + if (appStateData.state == static_cast(ApplicationState::APP_STATE_TERMINATED)) { + uint32_t tokenID = appStateData.accessTokenId; + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d died.", tokenID); + + ShortGrantManager::GetInstance().ClearShortPermissionByTokenID(tokenID); + } +} + +void ShortGrantManager::OnAppMgrRemoteDiedHandle() +{ + std::unique_lock lck(shortGrantDataMutex_); + auto item = shortGrantData_.begin(); + while (item != shortGrantData_.end()) { + if (PermissionManager::GetInstance().UpdatePermission( + item->tokenID, item->permissionName, false, PERMISSION_USER_FIXED, false) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d revoke permission:%{public}s failed!", + item->tokenID, item->permissionName.c_str()); + } + std::string taskName = TASK_NAME_SHORT_GRANT_PERMISSION + std::to_string(item->tokenID) + item->permissionName; + ShortGrantManager::GetInstance().CancelTaskOfPermissionRevoking(taskName); + ++item; + } + shortGrantData_.clear(); + LOGI(ATM_DOMAIN, ATM_TAG, "shortGrantData_ clear!"); + appStopCallBack_ = nullptr; +} + +ShortGrantManager::~ShortGrantManager() +{ + UnRegisterAppStopListener(); +} + +#ifdef EVENTHANDLER_ENABLE +void ShortGrantManager::InitEventHandler() +{ + auto eventRunner = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!eventRunner) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create a shortGrantEventRunner."); + return; + } + eventHandler_ = std::make_shared(eventRunner); +} + +std::shared_ptr ShortGrantManager::GetEventHandler() +{ + std::lock_guard lock(eventHandlerLock_); + if (eventHandler_ == nullptr) { + InitEventHandler(); + } + return eventHandler_; +} +#endif + +bool ShortGrantManager::CancelTaskOfPermissionRevoking(const std::string& taskName) +{ +#ifdef EVENTHANDLER_ENABLE + auto eventHandler = GetEventHandler(); + if (eventHandler == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); + return false; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "Revoke permission task name:%{public}s", taskName.c_str()); + eventHandler->ProxyRemoveTask(taskName); + return true; +#else + LOGW(ATM_DOMAIN, ATM_TAG, "EventHandler is not existed"); + return false; +#endif +} + +int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::string& permission, uint32_t onceTime) +{ + if (tokenID == 0 || onceTime == 0 || onceTime > DEFAULT_MAX_ONCE_TIME_MILLISECONDS || onceTime > maxTime_) { + LOGE(ATM_DOMAIN, ATM_TAG, "Input invalid, tokenID: %{public}d, onceTime %{public}u!", tokenID, onceTime); + return AccessTokenError::ERR_PARAM_INVALID; + } + std::string taskName = TASK_NAME_SHORT_GRANT_PERMISSION + std::to_string(tokenID) + permission; + std::unique_lock lck(shortGrantDataMutex_); + + auto iter = std::find_if( + shortGrantData_.begin(), shortGrantData_.end(), [tokenID, permission](const PermTimerData& data) { + return data.tokenID == tokenID && data.permissionName == permission; + }); + + if (iter == shortGrantData_.end()) { + auto iterator = std::find(g_shortGrantPermission.begin(), g_shortGrantPermission.end(), permission); + if (iterator == g_shortGrantPermission.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission is not available to short grant: %{public}s!", permission.c_str()); + return AccessTokenError::ERR_PARAM_INVALID; + } + PermTimerData data; + data.tokenID = tokenID; + data.permissionName = permission; + data.firstGrantTimes = GetCurrentTime(); + data.revokeTimes = data.firstGrantTimes + onceTime; + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "GrantPermission failed result %{public}d", ret); + return ret; + } + shortGrantData_.emplace_back(data); + ShortGrantManager::GetInstance().ScheduleRevokeTask(tokenID, permission, taskName, onceTime); + RegisterAppStopListener(); + return RET_SUCCESS; + } + + uint32_t maxRemainedTime = maxTime_ - (GetCurrentTime() - iter->firstGrantTimes); + uint32_t currRemainedTime = iter->revokeTimes > GetCurrentTime() ? (iter->revokeTimes - GetCurrentTime()) : 0; + uint32_t cancelTimes = (maxRemainedTime > onceTime) ? onceTime : maxRemainedTime; + LOGI(ATM_DOMAIN, ATM_TAG, "currRemainedTime %{public}d", currRemainedTime); + if (cancelTimes > currRemainedTime) { + iter->revokeTimes = GetCurrentTime() + cancelTimes; + LOGI(ATM_DOMAIN, ATM_TAG, "iter->revokeTimes %{public}d", iter->revokeTimes); + ShortGrantManager::GetInstance().CancelTaskOfPermissionRevoking(taskName); + int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permission, PERMISSION_USER_FIXED); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "GrantPermission failed result %{public}d", ret); + return ret; + } + ShortGrantManager::GetInstance().ScheduleRevokeTask(iter->tokenID, iter->permissionName, taskName, cancelTimes); + } + RegisterAppStopListener(); + return RET_SUCCESS; +} + +void ShortGrantManager::ClearShortPermissionData(AccessTokenID tokenID, const std::string& permission) +{ + std::unique_lock lck(shortGrantDataMutex_); + auto item = shortGrantData_.begin(); + while (item != shortGrantData_.end()) { + if (item->tokenID == tokenID && item->permissionName == permission) { + // revoke without kill the app + if (PermissionManager::GetInstance().UpdatePermission( + tokenID, permission, false, PERMISSION_USER_FIXED, false) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d revoke permission:%{public}s failed!", + tokenID, permission.c_str()); + return; + } + // clear data + shortGrantData_.erase(item); + if (shortGrantData_.empty()) { + UnRegisterAppStopListener(); + } + break; + } else { + ++item; + } + } +} + +void ShortGrantManager::ClearShortPermissionByTokenID(AccessTokenID tokenID) +{ + std::unique_lock lck(shortGrantDataMutex_); + auto item = shortGrantData_.begin(); + while (item != shortGrantData_.end()) { + if (item->tokenID == tokenID) { + if (PermissionManager::GetInstance().UpdatePermission( + tokenID, item->permissionName, false, PERMISSION_USER_FIXED, false) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d revoke permission:%{public}s failed!", + tokenID, item->permissionName.c_str()); + return; + } + // clear task and data + std::string taskName = TASK_NAME_SHORT_GRANT_PERMISSION + std::to_string(tokenID) + item->permissionName; + ShortGrantManager::GetInstance().CancelTaskOfPermissionRevoking(taskName); + item = shortGrantData_.erase(item); + } else { + ++item; + } + } + if (shortGrantData_.empty()) { + UnRegisterAppStopListener(); + } +} + +void ShortGrantManager::ScheduleRevokeTask(AccessTokenID tokenID, const std::string& permission, + const std::string& taskName, uint32_t cancelTimes) +{ +#ifdef EVENTHANDLER_ENABLE + auto eventHandler = GetEventHandler(); + if (eventHandler == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); + return; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "Add permission task name:%{public}s", taskName.c_str()); + + std::function delayed = ([tokenID, permission]() { + ShortGrantManager::GetInstance().ClearShortPermissionData(tokenID, permission); + LOGI(ATM_DOMAIN, ATM_TAG, + "Token: %{public}d, permission: %{public}s, delay revoke permission end.", tokenID, permission.c_str()); + }); + LOGI(ATM_DOMAIN, ATM_TAG, "cancelTimes %{public}d", cancelTimes); + eventHandler->ProxyPostTask(delayed, taskName, cancelTimes * 1000); // 1000 means to ms + return; +#else + LOGW(ATM_DOMAIN, ATM_TAG, "eventHandler is not existed"); + return; +#endif +} + +uint32_t ShortGrantManager::GetCurrentTime() +{ + return static_cast(std::chrono::system_clock::now().time_since_epoch() / std::chrono::seconds(1)); +} + +bool ShortGrantManager::IsShortGrantPermission(const std::string& permissionName) +{ + auto it = find(g_shortGrantPermission.begin(), g_shortGrantPermission.end(), permissionName); + if (it == g_shortGrantPermission.end()) { + return false; + } + return true; +} + +void ShortGrantManager::RegisterAppStopListener() +{ + { + std::lock_guard lock(appManagerDeathMutex_); + if (appManagerDeathCallback_ == nullptr) { + appManagerDeathCallback_ = std::make_shared(); + if (appManagerDeathCallback_ == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Register appManagerDeathCallback failed."); + return; + } + AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_); + } + } + { + std::lock_guard lock(appStopCallbackMutex_); + if (appStopCallBack_ == nullptr) { + appStopCallBack_ = new (std::nothrow) ShortPermAppStateObserver(); + if (appStopCallBack_ == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Register appStopCallBack failed."); + return; + } + int ret = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStopCallBack_); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Register appStopCallBack %{public}d.", ret); + } + } + } +} + +void ShortGrantManager::UnRegisterAppStopListener() +{ + std::lock_guard lock(appStopCallbackMutex_); + if (appStopCallBack_ != nullptr) { + int32_t ret = AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStopCallBack_); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister appStopCallback %{public}d.", ret); + } + appStopCallBack_= nullptr; + } +} + +ShortGrantManager::ShortGrantManager() : maxTime_(DEFAULT_MAX_TIME_MILLISECONDS) +{} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index de45e2cae980c2534a80283ce451a55a442755df..ccb878ac6e04331fee9a7f2da4861c312c4f9720 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,9 +17,8 @@ #include "access_token.h" #include "access_token_error.h" -#include "config_policy_loader.h" #include "accesstoken_info_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "libraryloader.h" #include "app_manager_access_client.h" #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE @@ -27,13 +26,14 @@ #endif #include "form_manager_access_client.h" #include "hisysevent.h" +#include "hisysevent_adapter.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TempPermissionObserver"}; static const std::string TASK_NAME_TEMP_PERMISSION = "atm_permission_manager_temp_permission"; static const std::string FORM_INVISIBLE_NAME = "#0"; static const std::string FORM_VISIBLE_NAME = "#1"; @@ -41,9 +41,7 @@ static constexpr int32_t ROOT_UID = 0; static constexpr int32_t FOREGROUND_FLAG = 0; static constexpr int32_t FORMS_FLAG = 1; static constexpr int32_t CONTINUOUS_TASK_FLAG = 2; -#ifdef EVENTHANDLER_ENABLE static constexpr int32_t DEFAULT_CANCLE_MILLISECONDS = 10 * 1000; // 10s -#endif std::recursive_mutex g_instanceMutex; static const std::vector g_tempPermission = { "ohos.permission.READ_PASTEBOARD", @@ -59,44 +57,34 @@ TempPermissionObserver& TempPermissionObserver::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new TempPermissionObserver(); + TempPermissionObserver* tmp = new TempPermissionObserver(); + instance = std::move(tmp); } } return *instance; } -void PermissionAppStateObserver::OnProcessDied(const ProcessData &processData) -{ - uint32_t tokenID = processData.accessTokenId; - std::vector list; - if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID); - return; - } - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d died.", tokenID); - // cancle task when process die - std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); - TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); - TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID); -} - -void PermissionAppStateObserver::OnForegroundApplicationChanged(const AppStateData &appStateData) +void PermissionAppStateObserver::OnAppStateChanged(const AppStateData &appStateData) { uint32_t tokenID = appStateData.accessTokenId; std::vector list; if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not use temp permission", tokenID); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "OnChange(accessTokenId=%{public}d, state=%{public}d)", tokenID, appStateData.state); + LOGI(ATM_DOMAIN, ATM_TAG, "OnChange(accessTokenId=%{public}d, state=%{public}d)", tokenID, appStateData.state); if (appStateData.state == static_cast(ApplicationState::APP_STATE_FOREGROUND)) { TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, true); std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); } else if (appStateData.state == static_cast(ApplicationState::APP_STATE_BACKGROUND)) { TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FOREGROUND_FLAG, false); - if (list[FORMS_FLAG] || list[CONTINUOUS_TASK_FLAG]) { - ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or form don't delayRevokePermission!"); + if (list[FORMS_FLAG]) { + LOGW(ATM_DOMAIN, ATM_TAG, "%{public}d:tokenID has form, don't delayRevokePermission!", tokenID); + return; + } + if (list[CONTINUOUS_TASK_FLAG]) { + LOGW(ATM_DOMAIN, ATM_TAG, "%{public}d:tokenID has continuoustask, don't delayRevokePermission!", tokenID); return; } std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); @@ -104,11 +92,11 @@ void PermissionAppStateObserver::OnForegroundApplicationChanged(const AppStateDa } } -void PermissionAppStateObserver::OnApplicationStateChanged(const AppStateData &appStateData) +void PermissionAppStateObserver::OnAppStopped(const AppStateData &appStateData) { if (appStateData.state == static_cast(ApplicationState::APP_STATE_TERMINATED)) { uint32_t tokenID = appStateData.accessTokenId; - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d died.", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d died.", tokenID); // cancle task when process die std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); @@ -116,6 +104,21 @@ void PermissionAppStateObserver::OnApplicationStateChanged(const AppStateData &a } } +void PermissionAppStateObserver::OnAppCacheStateChanged(const AppStateData &appStateData) +{ + uint32_t tokenID = appStateData.accessTokenId; + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID is %{public}d, state is %{public}d.", tokenID, appStateData.state); + + /* + warm start application shut down application do not means kill process, + actually this operation means application turn background with OnAppCacheStateChanged callback, + so temporary authorization should be cancle as OnAppStopped when receive this callback + */ + std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); + TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); + TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID); +} + int32_t PermissionFormStateObserver::NotifyWhetherFormsVisible(const FormVisibilityType visibleType, const std::string &bundleName, std::vector &formInstances) { @@ -124,21 +127,27 @@ int32_t PermissionFormStateObserver::NotifyWhetherFormsVisible(const FormVisibil if (!TempPermissionObserver::GetInstance().GetTokenIDByBundle(formInstances[i].bundleName_, tokenID)) { continue; } - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s, tokenID: %{public}d, formVisiblity:%{public}d", - formInstances[i].bundleName_.c_str(), tokenID, formInstances[i].formVisiblity_); std::vector list; if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not use temp permission", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not use temp permission", tokenID); continue; } + + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s, tokenID: %{public}d, formVisiblity:%{public}d", + formInstances[i].bundleName_.c_str(), tokenID, formInstances[i].formVisiblity_); + if (formInstances[i].formVisiblity_ == FormVisibilityType::VISIBLE) { TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, true); std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); } else if (formInstances[i].formVisiblity_ == FormVisibilityType::INVISIBLE) { TempPermissionObserver::GetInstance().ModifyAppState(tokenID, FORMS_FLAG, false); - if (list[FOREGROUND_FLAG] || list[CONTINUOUS_TASK_FLAG]) { - ACCESSTOKEN_LOG_WARN(LABEL, "Has continuoustask or inForeground don't delayRevokePermission!"); + if (list[FOREGROUND_FLAG]) { + LOGW(ATM_DOMAIN, ATM_TAG, "%{public}d:tokenID in foreground don't delayRevokePermission!", tokenID); + continue; + } + if (list[CONTINUOUS_TASK_FLAG]) { + LOGW(ATM_DOMAIN, ATM_TAG, "%{public}d:tokenID has task, don't delayRevokePermission!", tokenID); continue; } std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); @@ -152,12 +161,18 @@ void PermissionBackgroundTaskObserver::OnContinuousTaskStart( const std::shared_ptr &continuousTaskCallbackInfo) { AccessTokenID tokenID = static_cast(continuousTaskCallbackInfo->GetFullTokenId()); + uint32_t typeId = continuousTaskCallbackInfo->GetTypeId(); + if (static_cast(typeId) != BackgroundMode::LOCATION) { + LOGD(ATM_DOMAIN, ATM_TAG, "TypeId:%{public}d can not use temp permission", typeId); + return; + } std::vector list; if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not use temp permission", tokenID); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}d", tokenID); + TempPermissionObserver::GetInstance().AddContinuousTask(tokenID); TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, true); std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); @@ -167,15 +182,25 @@ void PermissionBackgroundTaskObserver::OnContinuousTaskStop( const std::shared_ptr &continuousTaskCallbackInfo) { AccessTokenID tokenID = static_cast(continuousTaskCallbackInfo->GetFullTokenId()); + uint32_t typeId = continuousTaskCallbackInfo->GetTypeId(); + if (static_cast(typeId) != BackgroundMode::LOCATION) { + LOGD(ATM_DOMAIN, ATM_TAG, "TypeId:%{public}d can not use temp permission", typeId); + return; + } std::vector list; if (!TempPermissionObserver::GetInstance().GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID:%{public}d not use temp permission", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not use temp permission", tokenID); + return; + } + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}d", tokenID); + TempPermissionObserver::GetInstance().DelContinuousTask(tokenID); + if (TempPermissionObserver::GetInstance().FindContinuousTask(tokenID)) { + LOGW(ATM_DOMAIN, ATM_TAG, "Has continuous task don't delayRevokePermission!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", tokenID); TempPermissionObserver::GetInstance().ModifyAppState(tokenID, CONTINUOUS_TASK_FLAG, false); if (list[FOREGROUND_FLAG] || list[FORMS_FLAG]) { - ACCESSTOKEN_LOG_WARN(LABEL, "Has form or inForeground don't delayRevokePermission!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Has form or inForeground don't delayRevokePermission!"); return; } std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(tokenID); @@ -184,7 +209,7 @@ void PermissionBackgroundTaskObserver::OnContinuousTaskStop( #endif void PermissionAppManagerDeathCallback::NotifyAppManagerDeath() { - ACCESSTOKEN_LOG_INFO(LABEL, "TempPermissionObserver AppManagerDeath called"); + LOGI(ATM_DOMAIN, ATM_TAG, "TempPermissionObserver AppManagerDeath called"); TempPermissionObserver::GetInstance().OnAppMgrRemoteDiedHandle(); } @@ -205,11 +230,11 @@ void TempPermissionObserver::RegisterCallback() if (backgroundTaskCallback_ == nullptr) { backgroundTaskCallback_ = new (std::nothrow) PermissionBackgroundTaskObserver(); if (backgroundTaskCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register backgroundTaskCallback failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Register backgroundTaskCallback failed."); return; } int ret = BackgourndTaskManagerAccessClient::GetInstance().SubscribeBackgroundTask(backgroundTaskCallback_); - ACCESSTOKEN_LOG_INFO(LABEL, "Register backgroundTaskCallback %{public}d.", ret); + LOGI(ATM_DOMAIN, ATM_TAG, "Register backgroundTaskCallback %{public}d.", ret); } } #endif @@ -218,23 +243,27 @@ void TempPermissionObserver::RegisterCallback() if (formVisibleCallback_ == nullptr) { formVisibleCallback_ = new (std::nothrow) PermissionFormStateObserver(); if (formVisibleCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Register formStateCallback failed."); return; } int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver( FORM_VISIBLE_NAME, formVisibleCallback_->AsObject()); - ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Register observer %{public}d.", ret); + } } if (formInvisibleCallback_ == nullptr) { formInvisibleCallback_ = new (std::nothrow) PermissionFormStateObserver(); if (formInvisibleCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register formStateCallback failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Register formStateCallback failed."); formVisibleCallback_ = nullptr; return; } int ret = FormManagerAccessClient::GetInstance().RegisterAddObserver( FORM_INVISIBLE_NAME, formInvisibleCallback_->AsObject()); - ACCESSTOKEN_LOG_INFO(LABEL, "Register formStateCallback %{public}d.", ret); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Register observer %{public}d.", ret); + } } } RegisterAppStatusListener(); @@ -247,11 +276,13 @@ void TempPermissionObserver::RegisterAppStatusListener() if (appStateCallback_ == nullptr) { appStateCallback_ = new (std::nothrow) PermissionAppStateObserver(); if (appStateCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register appStateCallback failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Register appStateCallback failed."); return; } int ret = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_); - ACCESSTOKEN_LOG_INFO(LABEL, "Register appStateCallback %{public}d.", ret); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Register appStateCallback %{public}d.", ret); + } } } // app manager death callback register @@ -260,7 +291,7 @@ void TempPermissionObserver::RegisterAppStatusListener() if (appManagerDeathCallback_ == nullptr) { appManagerDeathCallback_ = std::make_shared(); if (appManagerDeathCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register appManagerDeathCallback failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Register appManagerDeathCallback failed."); return; } AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_); @@ -273,7 +304,10 @@ void TempPermissionObserver::UnRegisterCallback() { std::lock_guard lock(appStateCallbackMutex_); if (appStateCallback_ != nullptr) { - AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_); + int32_t ret = AppManagerAccessClient::GetInstance().UnregisterApplicationStateObserver(appStateCallback_); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister appStateCallback %{public}d.", ret); + } appStateCallback_= nullptr; } } @@ -281,7 +315,11 @@ void TempPermissionObserver::UnRegisterCallback() { std::lock_guard lock(backgroundTaskCallbackMutex_); if (backgroundTaskCallback_ != nullptr) { - BackgourndTaskManagerAccessClient::GetInstance().UnsubscribeBackgroundTask(backgroundTaskCallback_); + int32_t ret = BackgourndTaskManagerAccessClient::GetInstance().UnsubscribeBackgroundTask( + backgroundTaskCallback_); + if (ret != ERR_NONE) { + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister appStateCallback %{public}d.", ret); + } backgroundTaskCallback_= nullptr; } } @@ -289,11 +327,20 @@ void TempPermissionObserver::UnRegisterCallback() { std::lock_guard lock(formStateCallbackMutex_); if (formVisibleCallback_ != nullptr) { - FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_VISIBLE_NAME, formVisibleCallback_); + int32_t ret = FormManagerAccessClient::GetInstance().RegisterRemoveObserver( + FORM_VISIBLE_NAME, + formVisibleCallback_); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister appStateCallback %{public}d.", ret); + } formVisibleCallback_ = nullptr; } if (formInvisibleCallback_ != nullptr) { - FormManagerAccessClient::GetInstance().RegisterRemoveObserver(FORM_INVISIBLE_NAME, formInvisibleCallback_); + int32_t ret = FormManagerAccessClient::GetInstance().RegisterRemoveObserver( + FORM_INVISIBLE_NAME, formInvisibleCallback_); + if (ret != ERR_OK) { + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister appStateCallback %{public}d.", ret); + } formInvisibleCallback_ = nullptr; } } @@ -315,7 +362,7 @@ void TempPermissionObserver::ModifyAppState(AccessTokenID tokenID, int32_t index std::unique_lock lck(tempPermissionMutex_); auto iter = tempPermTokenMap_.find(tokenID); if (iter == tempPermTokenMap_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in map", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not exist in map", tokenID); return; } iter->second[index] = flag; @@ -326,44 +373,95 @@ bool TempPermissionObserver::GetTokenIDByBundle(const std::string &bundleName, A std::unique_lock lck(formTokenMutex_); auto iter = formTokenMap_.find(bundleName); if (iter == formTokenMap_.end()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "BundleName:%{public}s not exist in map", bundleName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "BundleName:%{public}s not exist in map", bundleName.c_str()); return false; } tokenID = iter->second; return true; } +void TempPermissionObserver::AddContinuousTask(AccessTokenID tokenID) +{ + std::unique_lock lck(continuousTaskMutex_); + auto iter = continuousTaskMap_.find(tokenID); + if (iter == continuousTaskMap_.end()) { + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not exist in map", tokenID); + continuousTaskMap_[tokenID] = 1; + return; + } + continuousTaskMap_[tokenID]++; +} + +void TempPermissionObserver::DelContinuousTask(AccessTokenID tokenID) +{ + std::unique_lock lck(continuousTaskMutex_); + auto iter = continuousTaskMap_.find(tokenID); + if (iter == continuousTaskMap_.end()) { + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not exist in map", tokenID); + return; + } + continuousTaskMap_[tokenID]--; + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d has %{public}d tasks in map", + tokenID, continuousTaskMap_[tokenID]); + if (continuousTaskMap_[tokenID] == 0) { + continuousTaskMap_.erase(tokenID); + } +} + +bool TempPermissionObserver::FindContinuousTask(AccessTokenID tokenID) +{ + std::unique_lock lck(continuousTaskMutex_); + auto iter = continuousTaskMap_.find(tokenID); + if (iter == continuousTaskMap_.end()) { + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not exist in map", tokenID); + return false; + } + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d has %{public}d tasks in map", + tokenID, continuousTaskMap_[tokenID]); + return true; +} + bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, const std::string& permissionName) { HapTokenInfo tokenInfo; if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenId(%{public}d)", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); return false; } auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName); if (iterator == g_tempPermission.end()) { - ACCESSTOKEN_LOG_WARN(LABEL, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); return false; } + return CheckPermissionState(tokenID, permissionName, tokenInfo.bundleName); +} +bool TempPermissionObserver::CheckPermissionState(AccessTokenID tokenID, + const std::string& permissionName, const std::string& bundleName) +{ bool isForeground = false; std::vector foreGroundAppList; AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList); if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(), - [=](const auto& foreGroundApp) { return foreGroundApp.bundleName == tokenInfo.bundleName; })) { + [tokenID](const auto& foreGroundApp) { return foreGroundApp.accessTokenId == tokenID; })) { isForeground = true; } bool isContinuousTaskExist = false; #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE std::vector> continuousTaskList; BackgourndTaskManagerAccessClient::GetInstance().GetContinuousTaskApps(continuousTaskList); - if (std::any_of(continuousTaskList.begin(), continuousTaskList.end(), - [=](const auto& callbackInfo) { return static_cast(callbackInfo->tokenId_) == tokenID; })) { - isContinuousTaskExist = true; + for (auto iter = continuousTaskList.begin(); iter != continuousTaskList.end(); iter++) { + if (static_cast((*iter)->tokenId_) == tokenID) { + if (std::any_of((*iter)->typeIds_.begin(), (*iter)->typeIds_.end(), + [](const auto& typeId) { return static_cast(typeId) == BackgroundMode::LOCATION; })) { + TempPermissionObserver::GetInstance().AddContinuousTask(tokenID); + isContinuousTaskExist = true; + } + } } #endif bool isFormVisible = FormManagerAccessClient::GetInstance().HasFormVisible(tokenID); - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, isForeground:%{public}d, isFormVisible:%{public}d," + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d, isForeground:%{public}d, isFormVisible:%{public}d," "isContinuousTaskExist:%{public}d", tokenID, isForeground, isFormVisible, isContinuousTaskExist); bool userEnable = true; @@ -378,9 +476,12 @@ bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, c list.emplace_back(isForeground); list.emplace_back(isFormVisible); list.emplace_back(isContinuousTaskExist); - AddTempPermTokenToList(tokenID, tokenInfo.bundleName, permissionName, list); + AddTempPermTokenToList(tokenID, bundleName, permissionName, list); return true; } + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", GRANT_TEMP_PERMISSION_FAILED, + "TOKENID", tokenID, "PERM", permissionName, "BUNDLE_NAME", bundleName); return false; } @@ -392,36 +493,32 @@ void TempPermissionObserver::AddTempPermTokenToList(AccessTokenID tokenID, std::unique_lock lck(tempPermissionMutex_); tempPermTokenMap_[tokenID] = list; } - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID:%{public}d, bundleName:%{public}s, permissionName:%{public}s", - tokenID, bundleName.c_str(), permissionName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d, permissionName:%{public}s", tokenID, permissionName.c_str()); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "GRANT_TEMP_PERMISSION", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, - "BUNDLENAME", bundleName, "PERMISSION_NAME", permissionName); + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, + "TOKENID", tokenID, "PERMISSION_NAME", permissionName); { std::unique_lock lck(formTokenMutex_); formTokenMap_[bundleName] = tokenID; } } -bool TempPermissionObserver::GetPermissionStateFull(AccessTokenID tokenID, - std::vector& permissionStateFullList) +bool TempPermissionObserver::GetPermissionState(AccessTokenID tokenID, + std::vector& permissionStateList) { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); return false; } if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "It is a remote hap token %{public}u!", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap token %{public}u!", tokenID); return false; } - std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params!"); + if (infoPtr->GetPermissionStateList(permissionStateList) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetPermissionStateList failed, token %{public}u!", tokenID); return false; } - - permPolicySet->GetPermissionStateFulls(permissionStateFullList); return true; } @@ -429,7 +526,7 @@ void TempPermissionObserver::RevokeAllTempPermission(AccessTokenID tokenID) { std::vector list; if (!GetAppStateListByTokenID(tokenID, list)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d not exist in permList", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d not exist in permList", tokenID); return; } std::unique_lock lck(tempPermissionMutex_); @@ -438,16 +535,36 @@ void TempPermissionObserver::RevokeAllTempPermission(AccessTokenID tokenID) UnRegisterCallback(); } - std::vector tmpList; - if (!GetPermissionStateFull(tokenID, tmpList)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d get permission state full fail!", tokenID); + std::vector tmpList; + if (!GetPermissionState(tokenID, tmpList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d get permission state full fail!", tokenID); return; } for (const auto& permissionState : tmpList) { - if (permissionState.grantFlags[0] == PERMISSION_ALLOW_THIS_TIME) { - if (PermissionManager::GetInstance().RevokePermission( - tokenID, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME) != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID:%{public}d revoke permission:%{public}s failed!", + if (permissionState.grantFlag & PERMISSION_ALLOW_THIS_TIME) { + if (PermissionManager::GetInstance().UpdatePermission( + tokenID, permissionState.permissionName, false, PERMISSION_ALLOW_THIS_TIME, false) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d revoke permission:%{public}s failed!", + tokenID, permissionState.permissionName.c_str()); + return; + } + } + } +} + +void TempPermissionObserver::RevokeTempPermission(AccessTokenID tokenID, const std::string& permissionName) +{ + std::vector tmpList; + if (!GetPermissionState(tokenID, tmpList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d get permission state full fail!", tokenID); + return; + } + for (const auto& permissionState : tmpList) { + if ((permissionState.grantFlag & PERMISSION_ALLOW_THIS_TIME) && + permissionState.permissionName == permissionName) { + if (PermissionManager::GetInstance().UpdatePermission( + tokenID, permissionState.permissionName, false, PERMISSION_ALLOW_THIS_TIME, false) != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID:%{public}d revoke permission:%{public}s failed!", tokenID, permissionState.permissionName.c_str()); return; } @@ -459,47 +576,67 @@ void TempPermissionObserver::OnAppMgrRemoteDiedHandle() { std::unique_lock lck(tempPermissionMutex_); for (auto iter = tempPermTokenMap_.begin(); iter != tempPermTokenMap_.end(); ++iter) { - std::vector tmpList; - GetPermissionStateFull(iter->first, tmpList); + std::vector tmpList; + GetPermissionState(iter->first, tmpList); for (const auto& permissionState : tmpList) { - if (permissionState.grantFlags[0] == PERMISSION_ALLOW_THIS_TIME) { - PermissionManager::GetInstance().RevokePermission( - iter->first, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME); + if (!(permissionState.grantFlag & PERMISSION_ALLOW_THIS_TIME)) { + continue; + } + int32_t ret = PermissionManager::GetInstance().RevokePermission( + iter->first, permissionState.permissionName, PERMISSION_ALLOW_THIS_TIME); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "revoke permission failed, TokenId=%{public}d, permission \ + name is %{public}s", iter->first, permissionState.permissionName.c_str()); } } std::string taskName = TASK_NAME_TEMP_PERMISSION + std::to_string(iter->first); TempPermissionObserver::GetInstance().CancleTaskOfPermissionRevoking(taskName); } tempPermTokenMap_.clear(); - ACCESSTOKEN_LOG_INFO(LABEL, "TempPermTokenMap_ clear!"); + LOGI(ATM_DOMAIN, ATM_TAG, "TempPermTokenMap_ clear!"); appStateCallback_= nullptr; } #ifdef EVENTHANDLER_ENABLE -void TempPermissionObserver::InitEventHandler(const std::shared_ptr& eventHandler) +void TempPermissionObserver::InitEventHandler() { - eventHandler_ = eventHandler; + auto eventRunner = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!eventRunner) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create a recvRunner."); + return; + } + eventHandler_ = std::make_shared(eventRunner); +} + +std::shared_ptr TempPermissionObserver::GetEventHandler() +{ + std::lock_guard lock(eventHandlerLock_); + if (eventHandler_ == nullptr) { + InitEventHandler(); + } + return eventHandler_; } #endif bool TempPermissionObserver::DelayRevokePermission(AccessToken::AccessTokenID tokenID, const std::string& taskName) { #ifdef EVENTHANDLER_ENABLE - if (eventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + auto eventHandler = GetEventHandler(); + if (eventHandler == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "Add permission task name:%{public}s", taskName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Add permission task name:%{public}s", taskName.c_str()); std::function delayed = ([tokenID]() { TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID); - ACCESSTOKEN_LOG_INFO(LABEL, "Token: %{public}d, delay revoke permission end", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "Token: %{public}d, delay revoke permission end", tokenID); }); - eventHandler_->ProxyPostTask(delayed, taskName, cancleTimes_); + eventHandler->ProxyPostTask(delayed, taskName, cancleTimes_); return true; #else - ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed"); + LOGW(ATM_DOMAIN, ATM_TAG, "Eventhandler is not existed"); return false; #endif } @@ -507,36 +644,28 @@ bool TempPermissionObserver::DelayRevokePermission(AccessToken::AccessTokenID to bool TempPermissionObserver::CancleTaskOfPermissionRevoking(const std::string& taskName) { #ifdef EVENTHANDLER_ENABLE - if (eventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + auto eventHandler = GetEventHandler(); + if (eventHandler == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "Revoke permission task name:%{public}s", taskName.c_str()); - eventHandler_->ProxyRemoveTask(taskName); + LOGI(ATM_DOMAIN, ATM_TAG, "Revoke permission task name:%{public}s", taskName.c_str()); + eventHandler->ProxyRemoveTask(taskName); return true; #else - ACCESSTOKEN_LOG_WARN(LABEL, "Eventhandler is not existed"); + LOGW(ATM_DOMAIN, ATM_TAG, "Eventhandler is not existed"); return false; #endif } -void TempPermissionObserver::GetConfigValue() +void TempPermissionObserver::SetCancelTime(int32_t cancleTime) { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); - ConfigPolicyLoaderInterface* policy = loader.GetObject(); - if (policy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed."); - return; - } - AccessTokenConfigValue value; - if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) { - cancleTimes_ = value.atConfig.cancleTime == 0 ? DEFAULT_CANCLE_MILLISECONDS : value.atConfig.cancleTime; - } else { - cancleTimes_ = DEFAULT_CANCLE_MILLISECONDS; + if (cancleTime != 0) { + cancleTimes_ = cancleTime; } - ACCESSTOKEN_LOG_INFO(LABEL, "CancleTimes_ is %{public}d.", cancleTimes_); + LOGI(ATM_DOMAIN, ATM_TAG, "CancleTimes_ is %{public}d.", cancleTimes_); } } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 2c2e7354c3d1dd620f735a4bc3e7e66aa78ea56c..d8e6d31c03eac4b88d4a067535c3bb42177ca1f2 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -22,32 +22,23 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "accesstoken_log.h" -#include "config_policy_loader.h" +#include "accesstoken_common_log.h" #include "constant_common.h" -#ifdef SUPPORT_SANDBOX_APP -#include "dlp_permission_set_parser.h" -#endif #include "hap_token_info.h" #include "hap_token_info_inner.h" -#include "hisysevent.h" +#include "hisysevent_adapter.h" #ifdef HITRACE_NATIVE_ENABLE #include "hitrace_meter.h" #endif #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "libraryloader.h" -#include "native_token_info_inner.h" -#include "native_token_receptor.h" #include "parameter.h" #include "permission_list_state.h" #include "permission_manager.h" -#ifndef COMMON_EVENT_SERVICE_ENABLE -#include "privacy_kit.h" -#endif // COMMON_EVENT_SERVICE_ENABLE +#include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" -#include "permission_definition_parser.h" -#include "time_util.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE @@ -56,17 +47,14 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMServ" -}; static const char* ACCESS_TOKEN_SERVICE_INIT_KEY = "accesstoken.permission.init"; +constexpr int32_t ERROR = -1; constexpr int TWO_ARGS = 2; -const std::string GRANT_ABILITY_BUNDLE_NAME = "com.ohos.permissionmanager"; -const std::string GRANT_ABILITY_ABILITY_NAME = "com.ohos.permissionmanager.GrantAbility"; -const std::string PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.PermissionStateSheetAbility"; -const std::string GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility"; -static const std::string ACCESSTOKEN_PROCESS_NAME = "accesstoken_service"; -static constexpr char ADD_DOMAIN[] = "PERFORMANCE"; +const char* GRANT_ABILITY_BUNDLE_NAME = "com.ohos.permissionmanager"; +const char* GRANT_ABILITY_ABILITY_NAME = "com.ohos.permissionmanager.GrantAbility"; +const char* PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.PermissionStateSheetAbility"; +const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility"; +const char* APPLICATION_SETTING_ABILITY_NAME = "com.ohos.permissionmanager.MainAbility"; } const bool REGISTER_RESULT = @@ -75,56 +63,68 @@ const bool REGISTER_RESULT = AccessTokenManagerService::AccessTokenManagerService() : SystemAbility(SA_ID_ACCESSTOKEN_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START) { - ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService()"); + LOGI(ATM_DOMAIN, ATM_TAG, "AccessTokenManagerService()"); } AccessTokenManagerService::~AccessTokenManagerService() { - ACCESSTOKEN_LOG_INFO(LABEL, "~AccessTokenManagerService()"); + LOGI(ATM_DOMAIN, ATM_TAG, "~AccessTokenManagerService()"); } void AccessTokenManagerService::OnStart() { if (state_ == ServiceRunningState::STATE_RUNNING) { - ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService has already started!"); + LOGI(ATM_DOMAIN, ATM_TAG, "AccessTokenManagerService has already started!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "AccessTokenManagerService is starting"); + LOGI(ATM_DOMAIN, ATM_TAG, "AccessTokenManagerService is starting."); if (!Initialize()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to initialize."); return; } state_ = ServiceRunningState::STATE_RUNNING; bool ret = Publish(DelayedSingleton::GetInstance().get()); if (!ret) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to publish service!"); + ReportSysEventServiceStartError(SA_PUBLISH_FAILED, "Publish accesstoken_service fail.", ERROR); return; } + AccessTokenServiceParamSet(); (void)AddSystemAbilityListener(SECURITY_COMPONENT_SERVICE_ID); - ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, AccessTokenManagerService start successfully!"); +#ifdef TOKEN_SYNC_ENABLE + (void)AddSystemAbilityListener(DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID); +#endif + LOGI(ATM_DOMAIN, ATM_TAG, "Congratulations, AccessTokenManagerService start successfully!"); } void AccessTokenManagerService::OnStop() { - ACCESSTOKEN_LOG_INFO(LABEL, "Stop service."); + LOGI(ATM_DOMAIN, ATM_TAG, "Stop service."); state_ = ServiceRunningState::STATE_NOT_START; } +void AccessTokenManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) +{ +#ifdef TOKEN_SYNC_ENABLE + if (systemAbilityId == DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID) { + AccessTokenInfoManager::GetInstance().InitDmCallback(); + } +#endif +} + void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string& deviceId) { if (systemAbilityId == SECURITY_COMPONENT_SERVICE_ID) { - std::vector tokenIdList; - AccessTokenIDManager::GetInstance().GetHapTokenIdList(tokenIdList); - PermissionManager::GetInstance().ClearAllSecCompGrantedPerm(tokenIdList); + HapTokenInfoInner::ClearAllSecCompGrantedPerm(); return; } } -PermUsedTypeEnum AccessTokenManagerService::GetUserGrantedPermissionUsedType( +PermUsedTypeEnum AccessTokenManagerService::GetPermissionUsedType( AccessTokenID tokenID, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); - return PermissionManager::GetInstance().GetUserGrantedPermissionUsedType(tokenID, permissionName); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d, permission=%{public}s", tokenID, permissionName.c_str()); + return PermissionManager::GetInstance().GetPermissionUsedType(tokenID, permissionName); } int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) @@ -132,46 +132,60 @@ int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const st #ifdef HITRACE_NATIVE_ENABLE StartTrace(HITRACE_TAG_ACCESS_CONTROL, "AccessTokenVerifyPermission"); #endif - int32_t res = PermissionManager::GetInstance().VerifyAccessToken(tokenID, permissionName); - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d, permission: %{public}s, res %{public}d", + int32_t res = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, permissionName); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, permission: %{public}s, res %{public}d", tokenID, permissionName.c_str(), res); + if ((res == PERMISSION_GRANTED) && + (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) == TOKEN_HAP)) { + res = AccessTokenInfoManager::GetInstance().IsPermissionRestrictedByUserPolicy(tokenID, permissionName) ? + PERMISSION_DENIED : PERMISSION_GRANTED; + } #ifdef HITRACE_NATIVE_ENABLE FinishTrace(HITRACE_TAG_ACCESS_CONTROL); #endif return res; } +int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, + const std::vector& permissionList, std::vector& permStateList) +{ + permStateList.clear(); + permStateList.resize(permissionList.size(), PERMISSION_DENIED); + for (size_t i = 0; i < permissionList.size(); i++) { + permStateList[i] = VerifyAccessToken(tokenID, permissionList[i]); + } + return RET_SUCCESS; +} + int AccessTokenManagerService::GetDefPermission( const std::string& permissionName, PermissionDefParcel& permissionDefResult) { - ACCESSTOKEN_LOG_INFO(LABEL, "Permission: %{public}s", permissionName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Permission: %{public}s", permissionName.c_str()); return PermissionManager::GetInstance().GetDefPermission(permissionName, permissionDefResult.permissionDef); } int AccessTokenManagerService::GetDefPermissions(AccessTokenID tokenID, std::vector& permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); std::vector permVec; - int ret = PermissionManager::GetInstance().GetDefPermissions(tokenID, permVec); + PermissionManager::GetInstance().GetDefPermissions(tokenID, permVec); for (const auto& perm : permVec) { PermissionDefParcel permParcel; permParcel.permissionDef = perm; permList.emplace_back(permParcel); } - return ret; + return RET_SUCCESS; } int AccessTokenManagerService::GetReqPermissions( - AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) + AccessTokenID tokenID, std::vector& reqPermList, bool isSystemGrant) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d, isSystemGrant: %{public}d", tokenID, isSystemGrant); - - std::vector permList; + std::vector permList; int ret = PermissionManager::GetInstance().GetReqPermissions(tokenID, permList, isSystemGrant); for (const auto& perm : permList) { - PermissionStateFullParcel permParcel; - permParcel.permStatFull = perm; + PermissionStatusParcel permParcel; + permParcel.permState = perm; reqPermList.emplace_back(permParcel); } return ret; @@ -182,6 +196,7 @@ PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector& reqPermList) { if (!AccessTokenInfoManager::GetInstance().IsTokenIdExist(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID=%{public}d does not exist", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d does not exist", tokenID); return ERR_TOKENID_NOT_EXIST; } PermissionOper ret = GetPermissionsState(tokenID, reqPermList); @@ -202,17 +217,17 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke { int32_t apiVersion = 0; if (!PermissionManager::GetInstance().GetApiVersionByTokenId(tokenID, apiVersion)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get api version error"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get api version error"); return INVALID_OPER; } - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, apiVersion: %{public}d", tokenID, apiVersion); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, apiVersion: %{public}d", tokenID, apiVersion); bool needRes = false; - std::vector permsList; + std::vector permsList; int retUserGrant = PermissionManager::GetInstance().GetReqPermissions(tokenID, permsList, false); int retSysGrant = PermissionManager::GetInstance().GetReqPermissions(tokenID, permsList, true); if ((retSysGrant != RET_SUCCESS) || (retUserGrant != RET_SUCCESS)) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "GetReqPermissions failed, retUserGrant:%{public}d, retSysGrant:%{public}d", retUserGrant, retSysGrant); return INVALID_OPER; @@ -238,15 +253,16 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke if (static_cast(reqPermList[i].permsState.state) == DYNAMIC_OPER) { needRes = true; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Perm: 0x%{public}s, state: 0x%{public}d", + LOGD(ATM_DOMAIN, ATM_TAG, "Perm: %{public}s, state: %{public}d", reqPermList[i].permsState.permissionName.c_str(), reqPermList[i].permsState.state); } if (GetTokenType(tokenID) == TOKEN_HAP && AccessTokenInfoManager::GetInstance().GetPermDialogCap(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID=%{public}d is under control", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID=%{public}d is under control", tokenID); uint32_t size = reqPermList.size(); for (uint32_t i = 0; i < size; i++) { if (reqPermList[i].permsState.state != INVALID_OPER) { reqPermList[i].permsState.state = FORBIDDEN_OPER; + reqPermList[i].permsState.errorReason = PRIVACY_STATEMENT_NOT_AGREED; } } return FORBIDDEN_OPER; @@ -266,35 +282,50 @@ int AccessTokenManagerService::GetPermissionFlag( int32_t AccessTokenManagerService::SetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t status, int32_t userID = 0) { - return PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); + return AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, status, userID); } int32_t AccessTokenManagerService::GetPermissionRequestToggleStatus( const std::string& permissionName, uint32_t& status, int32_t userID = 0) { - return PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); + return AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, userID); +} + +int32_t AccessTokenManagerService::RequestAppPermOnSetting(AccessTokenID tokenID) +{ + HapTokenInfo hapInfo; + int32_t ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + if (ret != ERR_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetHapTokenInfo failed, err=%{public}d.", ret); + return ret; + } + return PermissionManager::GetInstance().RequestAppPermOnSetting(hapInfo, + grantBundleName_, applicationSettingAbilityName_); } int AccessTokenManagerService::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { int32_t ret = PermissionManager::GetInstance().GrantPermission(tokenID, permissionName, flag); - DumpTokenIfNeeded(); return ret; } int AccessTokenManagerService::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { - int32_t ret = PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); - DumpTokenIfNeeded(); + return PermissionManager::GetInstance().RevokePermission(tokenID, permissionName, flag); +} + +int AccessTokenManagerService::GrantPermissionForSpecifiedTime( + AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) +{ + int32_t ret = PermissionManager::GetInstance().GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); return ret; } int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); - PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenID, false); - DumpTokenIfNeeded(); return RET_SUCCESS; } @@ -309,29 +340,39 @@ int32_t AccessTokenManagerService::UnRegisterPermStateChangeCallback(const sptr< return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); } +int32_t AccessTokenManagerService::RegisterSelfPermStateChangeCallback( + const PermStateChangeScopeParcel& scope, const sptr& callback) +{ + return PermissionManager::GetInstance().AddPermStateChangeCallback(scope.scope, callback); +} + +int32_t AccessTokenManagerService::UnRegisterSelfPermStateChangeCallback(const sptr& callback) +{ + return PermissionManager::GetInstance().RemovePermStateChangeCallback(callback); +} + AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& info, const HapPolicyParcel& policy) { - ACCESSTOKEN_LOG_INFO(LABEL, "BundleName: %{public}s", info.hapInfoParameter.bundleName.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "BundleName: %{public}s", info.hapInfoParameter.bundleName.c_str()); AccessTokenIDEx tokenIdEx; tokenIdEx.tokenIDEx = 0LL; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicyParameter, tokenIdEx); + info.hapInfoParameter, policy.hapPolicy, tokenIdEx); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token info create failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token info create failed"); } - DumpTokenIfNeeded(); return tokenIdEx; } -int32_t AccessTokenManagerService::InitHapToken( - const HapInfoParcel& info, HapPolicyParcel& policy, AccessTokenIDEx& fullTokenId) +int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy, + AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { - ACCESSTOKEN_LOG_INFO(LABEL, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); - std::vector initializedList; + LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str()); + std::vector initializedList; if (info.hapInfoParameter.dlpType == DLP_COMMON) { if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType, - policy.hapPolicyParameter, initializedList)) { + policy.hapPolicy, initializedList, result)) { return ERR_PERM_REQUEST_CFG_FAILED; } } else { @@ -340,48 +381,34 @@ int32_t AccessTokenManagerService::InitHapToken( return ERR_PERM_REQUEST_CFG_FAILED; } } - policy.hapPolicyParameter.permStateList = initializedList; + policy.hapPolicy.permStateList = initializedList; int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - info.hapInfoParameter, policy.hapPolicyParameter, fullTokenId); + info.hapInfoParameter, policy.hapPolicy, fullTokenId); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token info create failed."); return ret; } - DumpTokenIfNeeded(); return ret; } int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); -#ifndef COMMON_EVENT_SERVICE_ENABLE - PrivacyKit::RemovePermissionUsedRecords(tokenID, ""); -#endif // COMMON_EVENT_SERVICE_ENABLE + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); // only support hap token deletion - int ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); return AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID); } -int AccessTokenManagerService::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d, dcap: %{public}s", - tokenID, dcap.c_str()); - return AccessTokenInfoManager::GetInstance().CheckNativeDCap(tokenID, dcap); -} - AccessTokenIDEx AccessTokenManagerService::GetHapTokenID( int32_t userID, const std::string& bundleName, int32_t instIndex) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "UserID: %{public}d, bundle: %{public}s, instIndex: %{public}d", + LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundle: %{public}s, instIndex: %{public}d", userID, bundleName.c_str(), instIndex); return AccessTokenInfoManager::GetInstance().GetHapTokenID(userID, bundleName, instIndex); } @@ -389,48 +416,80 @@ AccessTokenIDEx AccessTokenManagerService::GetHapTokenID( AccessTokenID AccessTokenManagerService::AllocLocalTokenID( const std::string& remoteDeviceID, AccessTokenID remoteTokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteDeviceID: %{public}s, remoteTokenID: %{public}d", ConstantCommon::EncryptDevId(remoteDeviceID).c_str(), remoteTokenID); AccessTokenID tokenID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(remoteDeviceID, remoteTokenID); - DumpTokenIfNeeded(); return tokenID; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, - const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel) +int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); - std::vector InitializedList; + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); + std::vector InitializedList; if (!PermissionManager::GetInstance().InitPermissionList( - info.appDistributionType, policyParcel.hapPolicyParameter, InitializedList)) { + info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { return ERR_PERM_REQUEST_CFG_FAILED; } int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, - InitializedList, policyParcel.hapPolicyParameter.apl, policyParcel.hapPolicyParameter.permList); - DumpTokenIfNeeded(); + InitializedList, policyParcel.hapPolicy.apl, policyParcel.hapPolicy.permList); return ret; } +int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); + + return AccessTokenInfoManager::GetInstance().GetTokenIDByUserID(userID, tokenIdList); +} int AccessTokenManagerService::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfoParcel& infoParcel) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); return AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, infoParcel.hapTokenInfoParams); } -int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) +int AccessTokenManagerService::GetHapTokenInfoExtension(AccessTokenID tokenID, + HapTokenInfoParcel& hapTokenInfoRes, std::string& appID) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}d", tokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d.", tokenID); + int ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapTokenInfoRes.hapTokenInfoParams); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get hap token info extenstion failed, ret is %{public}d.", ret); + return ret; + } - return AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, infoParcel.nativeTokenInfoParams); + return AccessTokenInfoManager::GetInstance().GetHapAppIdByTokenId(tokenID, appID); +} + +int AccessTokenManagerService::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoParcel& infoParcel) +{ + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + NativeTokenInfoBase baseInfo; + int32_t ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenID, baseInfo); + infoParcel.nativeTokenInfoParams.apl = baseInfo.apl; + infoParcel.nativeTokenInfoParams.processName = baseInfo.processName; + return ret; } #ifndef ATM_BUILD_VARIANT_USER_ENABLE int32_t AccessTokenManagerService::ReloadNativeTokenInfo() { - int32_t ret = NativeTokenReceptor::GetInstance().Init(); - DumpTokenIfNeeded(); - return ret; + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return RET_FAILED; + } + + std::vector tokenInfos; + int32_t res = policy->GetAllNativeTokenInfo(tokenInfos); + if (res != RET_SUCCESS) { + return res; + } + + AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(tokenInfos); + return RET_SUCCESS; } #endif @@ -443,64 +502,32 @@ AccessTokenID AccessTokenManagerService::GetNativeTokenId(const std::string& pro int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID: %{public}d", tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); return AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSyncParcel.hapTokenInfoForSyncParams); } -int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector& nativeTokenInfosRes) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - - std::vector nativeVec; - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - for (const auto& native : nativeVec) { - NativeTokenInfoForSyncParcel nativeParcel; - nativeParcel.nativeTokenInfoForSyncParams = native; - nativeTokenInfosRes.emplace_back(nativeParcel); - } - - return RET_SUCCESS; -} - int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) { - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); int ret = AccessTokenInfoManager::GetInstance().SetRemoteHapTokenInfo(deviceID, hapSyncParcel.hapTokenInfoForSyncParams); - DumpTokenIfNeeded(); - return ret; -} - -int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoForSyncParcel) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); - - std::vector nativeList; - std::transform(nativeTokenInfoForSyncParcel.begin(), - nativeTokenInfoForSyncParcel.end(), std::back_inserter(nativeList), - [](const auto& nativeParcel) { return nativeParcel.nativeTokenInfoForSyncParams; }); - int ret = AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList); - DumpTokenIfNeeded(); return ret; } int AccessTokenManagerService::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s, token id %{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); - int ret = AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); - DumpTokenIfNeeded(); - return ret; + return AccessTokenInfoManager::GetInstance().DeleteRemoteToken(deviceID, tokenID); } AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s, token id %{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s, token id %{public}d", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); return AccessTokenInfoManager::GetInstance().GetRemoteNativeTokenID(deviceID, tokenID); @@ -508,69 +535,75 @@ AccessTokenID AccessTokenManagerService::GetRemoteNativeTokenID(const std::strin int AccessTokenManagerService::DeleteRemoteDeviceTokens(const std::string& deviceID) { - ACCESSTOKEN_LOG_INFO(LABEL, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); - int ret = AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); - DumpTokenIfNeeded(); - return ret; + LOGI(ATM_DOMAIN, ATM_TAG, "DeviceID: %{public}s", ConstantCommon::EncryptDevId(deviceID).c_str()); + return AccessTokenInfoManager::GetInstance().DeleteRemoteDeviceTokens(deviceID); } int32_t AccessTokenManagerService::RegisterTokenSyncCallback(const sptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Call token sync callback registed."); + LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback registed."); return TokenModifyNotifier::GetInstance().RegisterTokenSyncCallback(callback); } int32_t AccessTokenManagerService::UnRegisterTokenSyncCallback() { - ACCESSTOKEN_LOG_INFO(LABEL, "Call token sync callback unregisted."); + LOGI(ATM_DOMAIN, ATM_TAG, "Call token sync callback unregisted."); return TokenModifyNotifier::GetInstance().UnRegisterTokenSyncCallback(); } #endif void AccessTokenManagerService::DumpTokenInfo(const AtmToolsParamInfoParcel& infoParcel, std::string& dumpInfo) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called"); AccessTokenInfoManager::GetInstance().DumpTokenInfo(infoParcel.info, dumpInfo); } int32_t AccessTokenManagerService::GetVersion(uint32_t& version) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called"); version = DEFAULT_TOKEN_VERSION; return RET_SUCCESS; } -int32_t AccessTokenManagerService::DumpPermDefInfo(std::string& dumpInfo) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); - - return PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo); -} - int32_t AccessTokenManagerService::SetPermDialogCap(const HapBaseInfoParcel& hapBaseInfoParcel, bool enable) { AccessTokenIDEx tokenIdEx = AccessTokenInfoManager::GetInstance().GetHapTokenID( hapBaseInfoParcel.hapBaseInfo.userID, hapBaseInfoParcel.hapBaseInfo.bundleName, hapBaseInfoParcel.hapBaseInfo.instIndex); - - return AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenIdEx.tokenIdExStruct.tokenID, enable); + int32_t ret = AccessTokenInfoManager::GetInstance().SetPermDialogCap(tokenIdEx.tokenIdExStruct.tokenID, enable); + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "SET_PERMISSION_DIALOG_CAP", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, + "USERID", hapBaseInfoParcel.hapBaseInfo.userID, "BUNDLENAME", hapBaseInfoParcel.hapBaseInfo.bundleName, + "INSTINDEX", hapBaseInfoParcel.hapBaseInfo.instIndex, "ENABLE", enable); + return ret; } void AccessTokenManagerService::GetPermissionManagerInfo(PermissionGrantInfoParcel& infoParcel) { infoParcel.info.grantBundleName = grantBundleName_; infoParcel.info.grantAbilityName = grantAbilityName_; + infoParcel.info.grantServiceAbilityName = grantServiceAbilityName_; infoParcel.info.permStateAbilityName = permStateAbilityName_; infoParcel.info.globalSwitchAbilityName = globalSwitchAbilityName_; } -int32_t AccessTokenManagerService::GetNativeTokenName(AccessTokenID tokenId, std::string& name) +int32_t AccessTokenManagerService::InitUserPolicy( + const std::vector& userList, const std::vector& permList) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenID is %{public}u.", tokenId); + return AccessTokenInfoManager::GetInstance().InitUserPolicy(userList, permList); +} - return AccessTokenInfoManager::GetInstance().GetNativeTokenName(tokenId, name); +int32_t AccessTokenManagerService::UpdateUserPolicy(const std::vector& userList) +{ + return AccessTokenInfoManager::GetInstance().UpdateUserPolicy(userList); +} + +int32_t AccessTokenManagerService::ClearUserPolicy() +{ + return AccessTokenInfoManager::GetInstance().ClearUserPolicy(); } int AccessTokenManagerService::Dump(int fd, const std::vector& args) @@ -608,112 +641,73 @@ int AccessTokenManagerService::Dump(int fd, const std::vector& a return ERR_OK; } -void AccessTokenManagerService::DumpTokenIfNeeded() -{ -#ifdef EVENTHANDLER_ENABLE - if (AccessTokenInfoManager::GetInstance().GetCurDumpTaskNum() > 1) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Has refresh task!"); - return; - } - AccessTokenInfoManager::GetInstance().AddDumpTaskNum(); - if (dumpEventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler."); - AccessTokenInfoManager::GetInstance().ReduceDumpTaskNum(); - return; - } - - std::function delayed = ([]() { - AccessTokenInfoManager::GetInstance().DumpToken(); - ACCESSTOKEN_LOG_INFO(LABEL, "Dump token end."); - // Sleep for one minute to avoid frequent refresh of the file. - std::this_thread::sleep_for(std::chrono::minutes(1)); - AccessTokenInfoManager::GetInstance().ReduceDumpTaskNum(); - }); - - dumpEventHandler_->ProxyPostTask(delayed); -#endif -} - void AccessTokenManagerService::AccessTokenServiceParamSet() const { int32_t res = SetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, std::to_string(1).c_str()); if (res != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY failed %{public}d", res); + LOGE(ATM_DOMAIN, ATM_TAG, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY 1 failed %{public}d", res); + return; + } + // 2 is to tell others sa that at service is loaded. + res = SetParameter(ACCESS_TOKEN_SERVICE_INIT_KEY, std::to_string(2).c_str()); + if (res != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY 2 failed %{public}d", res); + return; } - ACCESSTOKEN_LOG_INFO(LABEL, "SetParameter ACCESS_TOKEN_SERVICE_INIT_KEY success"); } void AccessTokenManagerService::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) { // set value from config - grantBundleName_ = value.atConfig.grantBundleName.empty() - ? GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName; - grantAbilityName_ = value.atConfig.grantAbilityName.empty() - ? GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName; - permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() - ? PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName; - globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() - ? GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; + grantBundleName_ = value.atConfig.grantBundleName.empty() ? + GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName; + grantAbilityName_ = value.atConfig.grantAbilityName.empty() ? + GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName; + grantServiceAbilityName_ = value.atConfig.grantServiceAbilityName.empty() ? + GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantServiceAbilityName; + permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() ? + PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName; + globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() ? + GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName; + applicationSettingAbilityName_ = value.atConfig.applicationSettingAbilityName.empty() ? + APPLICATION_SETTING_ABILITY_NAME : value.atConfig.applicationSettingAbilityName; + TempPermissionObserver::GetInstance().SetCancelTime(value.atConfig.cancleTime); } else { - ACCESSTOKEN_LOG_INFO(LABEL, "No config file or config file is not valid, use default values"); + LOGI(ATM_DOMAIN, ATM_TAG, "No config file or config file is not valid, use default values"); grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME; grantAbilityName_ = GRANT_ABILITY_ABILITY_NAME; + grantServiceAbilityName_ = GRANT_ABILITY_ABILITY_NAME; permStateAbilityName_ = PERMISSION_STATE_SHEET_ABILITY_NAME; globalSwitchAbilityName_ = GLOBAL_SWITCH_SHEET_ABILITY_NAME; + applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME; } - ACCESSTOKEN_LOG_INFO(LABEL, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, \ - permStateAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s", - grantBundleName_.c_str(), grantAbilityName_.c_str(), - permStateAbilityName_.c_str(), permStateAbilityName_.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, " + "grantServiceAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s, " + "globalSwitchAbilityName_ is %{public}s, applicationSettingAbilityName_ is %{public}s.", + grantBundleName_.c_str(), grantAbilityName_.c_str(), grantServiceAbilityName_.c_str(), + permStateAbilityName_.c_str(), globalSwitchAbilityName_.c_str(), applicationSettingAbilityName_.c_str()); } bool AccessTokenManagerService::Initialize() { - // accesstoken_service add CPU_SCENE_ENTRY system event in OnStart, avoid CPU statistics - long id = 1 << 0; // first scene - int64_t time = AccessToken::TimeUtil::GetCurrentTimestamp(); - - HiSysEventWrite(ADD_DOMAIN, "CPU_SCENE_ENTRY", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "PACKAGE_NAME", ACCESSTOKEN_PROCESS_NAME, "SCENE_ID", std::to_string(id).c_str(), "HAPPEN_TIME", time); + ReportSysEventPerformance(); AccessTokenInfoManager::GetInstance().Init(); - NativeTokenReceptor::GetInstance().Init(); #ifdef EVENTHANDLER_ENABLE - eventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (!eventRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); - return false; - } - dumpEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (!dumpEventRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); - return false; - } - eventHandler_ = std::make_shared(eventRunner_); - dumpEventHandler_ = std::make_shared(dumpEventRunner_); - TempPermissionObserver::GetInstance().InitEventHandler(eventHandler_); + TempPermissionObserver::GetInstance().InitEventHandler(); + ShortGrantManager::GetInstance().InitEventHandler(); #endif - -#ifdef SUPPORT_SANDBOX_APP - DlpPermissionSetParser::GetInstance().Init(); -#endif - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", ACCESS_TOKEN_SERVICE_INIT_EVENT, - "PID_INFO", getpid()); - PermissionDefinitionParser::GetInstance().Init(); - AccessTokenServiceParamSet(); GetConfigValue(); - TempPermissionObserver::GetInstance().GetConfigValue(); - ACCESSTOKEN_LOG_INFO(LABEL, "Initialize success"); + LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success"); return true; } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c2ff855cee44ff2d89ba20e73434af9b85726cf4..f9cd095b5c5edbe97cc8888d1d07d44e52784d30 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -17,7 +17,7 @@ #include #include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "ipc_skeleton.h" #include "memory_guard.h" @@ -31,17 +31,16 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ATMStub"}; const std::string MANAGE_HAP_TOKENID_PERMISSION = "ohos.permission.MANAGE_HAP_TOKENID"; static const int32_t DUMP_CAPACITY_SIZE = 2 * 1024 * 1000; static const int MAX_PERMISSION_SIZE = 1000; -#ifdef TOKEN_SYNC_ENABLE -static const int MAX_NATIVE_TOKEN_INFO_SIZE = 20480; -#endif +static const int32_t MAX_USER_POLICY_SIZE = 1024; const std::string GRANT_SENSITIVE_PERMISSIONS = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS"; const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS"; const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; +const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; + #ifdef HICOLLIE_ENABLE constexpr uint32_t TIMEOUT = 40; // 40s #endif // HICOLLIE_ENABLE @@ -53,10 +52,10 @@ int32_t AccessTokenManagerStub::OnRemoteRequest( MemoryGuard guard; uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Code %{public}u token %{public}u", code, callingTokenID); + LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != IAccessTokenManager::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -92,39 +91,43 @@ void AccessTokenManagerStub::DeleteTokenInfoInner(MessageParcel& data, MessagePa AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); int result = this->DeleteToken(tokenID); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } -void AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) +void AccessTokenManagerStub::GetPermissionUsedTypeInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), + "WriteInt32 failed."); return; } uint32_t tokenID; if (!data.ReadUint32(tokenID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenID."); - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read tokenID."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), + "WriteInt32 failed."); return; } std::string permissionName; if (!data.ReadString(permissionName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read permissionName."); - reply.WriteInt32(static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permissionName."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32( + static_cast(PermUsedTypeEnum::INVALID_USED_TYPE)), "WriteInt32 failed."); return; } - PermUsedTypeEnum result = this->GetUserGrantedPermissionUsedType(tokenID, permissionName); + PermUsedTypeEnum result = this->GetPermissionUsedType(tokenID, permissionName); int32_t type = static_cast(result); - if (!reply.WriteInt32(type)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail."); - } + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(type), "WriteInt32 failed."); } void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, MessageParcel& reply) @@ -132,7 +135,21 @@ void AccessTokenManagerStub::VerifyAccessTokenInner(MessageParcel& data, Message AccessTokenID tokenID = data.ReadUint32(); std::string permissionName = data.ReadString(); int result = this->VerifyAccessToken(tokenID, permissionName); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); +} + +void AccessTokenManagerStub::VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply) +{ + AccessTokenID tokenID; + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); + + std::vector permissionList; + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadStringVector(&permissionList), "ReadStringVector failed."); + + std::vector permStateList; + this->VerifyAccessToken(tokenID, permissionList, permStateList); + + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32Vector(permStateList), "WriteInt32Vector failed."); } void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageParcel& reply) @@ -140,11 +157,12 @@ void AccessTokenManagerStub::GetDefPermissionInner(MessageParcel& data, MessageP std::string permissionName = data.ReadString(); PermissionDefParcel permissionDefParcel; int result = this->GetDefPermission(permissionName, permissionDefParcel); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteParcelable(&permissionDefParcel); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteParcelable(&permissionDefParcel), "Write PermissionDefParcel fail."); } void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, MessageParcel& reply) @@ -152,33 +170,45 @@ void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, Message AccessTokenID tokenID = data.ReadUint32(); std::vector permList; - int result = this->GetDefPermissions(tokenID, permList); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - return; - } - ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s called, permList size: %{public}zu", __func__, permList.size()); - reply.WriteUint32(permList.size()); + this->GetDefPermissions(tokenID, permList); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(RET_SUCCESS), "WriteInt32 failed."); + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s called, permList size: %{public}zu", __func__, permList.size()); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); + for (const auto& permDef : permList) { - reply.WriteParcelable(&permDef); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&permDef), "WriteParcelable fail."); } } void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply) { + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); + return; + } + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + AccessTokenID tokenID = data.ReadUint32(); int isSystemGrant = data.ReadInt32(); - std::vector permList; + std::vector permList; int result = this->GetReqPermissions(tokenID, permList, isSystemGrant); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size: %{public}zu", permList.size()); - reply.WriteUint32(permList.size()); + LOGD(ATM_DOMAIN, ATM_TAG, "PermList size: %{public}zu", permList.size()); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(permList.size()), "WriteInt32 failed."); for (const auto& permDef : permList) { - reply.WriteParcelable(&permDef); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&permDef), "WriteParcelable fail."); } } @@ -187,13 +217,13 @@ void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, M std::vector permList; uint32_t size = 0; if (!data.ReadUint32(size)) { - reply.WriteInt32(INVALID_OPER); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size); + LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); if (size > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size); - reply.WriteInt32(INVALID_OPER); + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is invalid", size); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); return; } for (uint32_t i = 0; i < size; i++) { @@ -204,27 +234,28 @@ void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, M } PermissionGrantInfoParcel infoParcel; PermissionOper result = this->GetSelfPermissionsState(permList, infoParcel); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); - reply.WriteInt32(result); - - reply.WriteUint32(permList.size()); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); for (const auto& perm : permList) { - reply.WriteParcelable(&perm); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); } - reply.WriteParcelable(&infoParcel); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); } void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply) { unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } if (!IsPrivilegedCalling() && VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } @@ -232,13 +263,13 @@ void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, Mess std::vector permList; uint32_t size = 0; if (!data.ReadUint32(size)) { - reply.WriteInt32(INVALID_OPER); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "PermList size read from client data is %{public}d.", size); + LOGD(ATM_DOMAIN, ATM_TAG, "PermList size read from client data is %{public}d.", size); if (size > MAX_PERMISSION_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PermList size %{public}d is invalid", size); - reply.WriteInt32(INVALID_OPER); + LOGE(ATM_DOMAIN, ATM_TAG, "PermList size %{public}d is oversize", size); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_OPER), "WriteInt32 failed."); return; } for (uint32_t i = 0; i < size; i++) { @@ -249,13 +280,13 @@ void AccessTokenManagerStub::GetPermissionsStatusInner(MessageParcel& data, Mess } int32_t result = this->GetPermissionsStatus(tokenID, permList); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteUint32(permList.size()); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(permList.size()), "WriteUint32 failed."); for (const auto& perm : permList) { - reply.WriteParcelable(&perm); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&perm), "WriteParcelable failed."); } } @@ -263,7 +294,8 @@ void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, Message { unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); @@ -272,24 +304,27 @@ void AccessTokenManagerStub::GetPermissionFlagInner(MessageParcel& data, Message VerifyAccessToken(callingTokenID, GRANT_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && VerifyAccessToken(callingTokenID, REVOKE_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED && VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } uint32_t flag; int result = this->GetPermissionFlag(tokenID, permissionName, flag); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteUint32(flag); + + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(flag), "WriteUint32 failed."); } void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } @@ -300,19 +335,21 @@ void AccessTokenManagerStub::SetPermissionRequestToggleStatusInner(MessageParcel HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "SetToggleStatus"); - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } int32_t result = this->SetPermissionRequestToggleStatus(permissionName, status, userID); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } @@ -323,24 +360,41 @@ void AccessTokenManagerStub::GetPermissionRequestToggleStatusInner(MessageParcel HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName, "INTERFACE", "GetToggleStatus"); - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d).", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } uint32_t status; int32_t result = this->GetPermissionRequestToggleStatus(permissionName, status, userID); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteUint32(status); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(status), "WriteInt32 failed."); +} + +void AccessTokenManagerStub::RequestAppPermOnSettingInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsSystemAppCalling()) { + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); + return; + } + + AccessTokenID tokenID; + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); + + int result = this->RequestAppPermOnSetting(tokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessageParcel& reply) { unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); @@ -351,19 +405,21 @@ void AccessTokenManagerStub::GrantPermissionInner(MessageParcel& data, MessagePa HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } int result = this->GrantPermission(tokenID, permissionName, flag); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageParcel& reply) { unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); @@ -374,12 +430,38 @@ void AccessTokenManagerStub::RevokePermissionInner(MessageParcel& data, MessageP HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } int result = this->RevokePermission(tokenID, permissionName, flag); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); +} + +void AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner(MessageParcel& data, MessageParcel& reply) +{ + unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); + return; + } + AccessTokenID tokenID = data.ReadUint32(); + std::string permissionName = data.ReadString(); + uint32_t onceTime = data.ReadUint32(); + if (!IsPrivilegedCalling() && + VerifyAccessToken(callingTokenID, GRANT_SHORT_TERM_WRITE_MEDIAVIDEO) == PERMISSION_DENIED) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", + HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, + "CALLER_TOKENID", callingTokenID, "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + int result = this->GrantPermissionForSpecifiedTime(tokenID, permissionName, onceTime); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& data, MessageParcel& reply) @@ -390,13 +472,14 @@ void AccessTokenManagerStub::ClearUserGrantedPermissionStateInner(MessageParcel& HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_VERIFY_REPORT", HiviewDFX::HiSysEvent::EventType::SECURITY, "CODE", VERIFY_PERMISSION_ERROR, "CALLER_TOKENID", callingTokenID); - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); int result = this->ClearUserGrantedPermissionState(tokenID); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParcel& reply) @@ -405,16 +488,18 @@ void AccessTokenManagerStub::AllocHapTokenInner(MessageParcel& data, MessageParc AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr hapInfoParcel = data.ReadParcelable(); sptr hapPolicyParcel = data.ReadParcelable(); if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } res = this->AllocHapToken(*hapInfoParcel, *hapPolicyParcel); @@ -426,77 +511,73 @@ void AccessTokenManagerStub::InitHapTokenInner(MessageParcel& data, MessageParce AccessTokenID tokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(tokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", tokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", tokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr hapInfoParcel = data.ReadParcelable(); sptr hapPolicyParcel = data.ReadParcelable(); if (hapInfoParcel == nullptr || hapPolicyParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapPolicyParcel or hapInfoParcel fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read hapPolicyParcel or hapInfoParcel fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } int32_t res; AccessTokenIDEx fullTokenId = { 0 }; - res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId); + HapInfoCheckResult result; + res = this->InitHapToken(*hapInfoParcel, *hapPolicyParcel, fullTokenId, result); if (!reply.WriteInt32(res)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 fail"); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 fail"); } if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Res error %{public}d", res); + if (!result.permCheckResult.permissionName.empty()) { + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteString(result.permCheckResult.permissionName), "WriteString failed."); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(result.permCheckResult.rule), "WriteInt32 failed."); + } + LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d.", res); return; } - reply.WriteUint64(fullTokenId.tokenIDEx); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(fullTokenId.tokenIDEx), "WriteUint64 failed."); } void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParcel& reply) { AccessTokenID tokenID = data.ReadUint32(); int result = this->GetTokenType(tokenID); - reply.WriteInt32(result); -} - -void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - AccessTokenID tokenID = data.ReadUint32(); - std::string dCap = data.ReadString(); - int result = this->CheckNativeDCap(tokenID, dCap); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(INVALID_TOKENID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); return; } int userID = data.ReadInt32(); std::string bundleName = data.ReadString(); int instIndex = data.ReadInt32(); AccessTokenIDEx tokenIdEx = this->GetHapTokenID(userID, bundleName, instIndex); - reply.WriteUint64(tokenIdEx.tokenIDEx); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint64(tokenIdEx.tokenIDEx), "WriteUint64 failed."); } void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply) { if ((!IsNativeProcessCalling()) && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(INVALID_TOKENID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); return; } std::string remoteDeviceID = data.ReadString(); AccessTokenID remoteTokenID = data.ReadUint32(); AccessTokenID result = this->AllocLocalTokenID(remoteDeviceID, remoteTokenID); - reply.WriteUint32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(result), "WriteUint32 failed."); } void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessageParcel& reply) @@ -504,8 +585,9 @@ void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessagePar AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); if (!IsPrivilegedCalling() && (VerifyAccessToken(callingTokenID, MANAGE_HAP_TOKENID_PERMISSION) == PERMISSION_DENIED)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } UpdateHapInfoParams info; @@ -518,283 +600,359 @@ void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessagePar tokenIdEx.tokenIdExStruct.tokenID = tokenID; sptr policyParcel = data.ReadParcelable(); if (policyParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "PolicyParcel read faild"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "PolicyParcel read faild"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + HapInfoCheckResult resultInfo; + int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel, resultInfo); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr), "WriteUint32 failed."); + if (result != RET_SUCCESS) { + if (!resultInfo.permCheckResult.permissionName.empty()) { + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteString(resultInfo.permCheckResult.permissionName), "WriteString failed."); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(resultInfo.permCheckResult.rule), "WriteInt32 failed."); + } + LOGE(ATM_DOMAIN, ATM_TAG, "Res error %{public}d", result); return; } - int32_t result = this->UpdateHapToken(tokenIdEx, info, *policyParcel); - reply.WriteInt32(result); - reply.WriteUint32(tokenIdEx.tokenIdExStruct.tokenAttr); +} + +void AccessTokenManagerStub::GetTokenIDByUserIDInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsNativeProcessCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + std::unordered_set tokenIdList; + int32_t userID = 0; + if (!data.ReadInt32(userID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + int32_t result = this->GetTokenIDByUserID(userID, tokenIdList); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); + if (result != RET_SUCCESS) { + return; + } + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenIdList.size()), "WriteUint32 failed."); + for (const auto& tokenId : tokenIdList) { + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(tokenId), "WriteUint32 failed."); + } } void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } HapTokenInfoParcel hapTokenInfoParcel; AccessTokenID tokenID = data.ReadUint32(); int result = this->GetHapTokenInfo(tokenID, hapTokenInfoParcel); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteParcelable(&hapTokenInfoParcel); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); +} + +void AccessTokenManagerStub::GetHapTokenInfoExtensionInner(MessageParcel& data, MessageParcel& reply) +{ + if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + HapTokenInfoParcel hapTokenInfoParcel; + std::string appID; + AccessTokenID tokenID = data.ReadUint32(); + int result = this->GetHapTokenInfoExtension(tokenID, hapTokenInfoParcel, appID); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); + if (result != RET_SUCCESS) { + return; + } + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenInfoParcel), "Write parcel failed."); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteString(appID), "Write string failed."); } void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d).", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); NativeTokenInfoParcel nativeTokenInfoParcel; int result = this->GetNativeTokenInfo(tokenID, nativeTokenInfoParcel); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteParcelable(&nativeTokenInfoParcel); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&nativeTokenInfoParcel), "WriteInt32 failed."); } void AccessTokenManagerStub::RegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } if (VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr scopeParcel = data.ReadParcelable(); if (scopeParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } int32_t result = this->RegisterPermStateChangeCallback(*scopeParcel, callback); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read callback fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } int32_t result = this->UnRegisterPermStateChangeCallback(callback); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); +} + +void AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingTokenID) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); + return; + } + sptr scopeParcel = data.ReadParcelable(); + if (scopeParcel == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read scopeParcel fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + sptr callback = data.ReadRemoteObject(); + if (callback == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + int32_t result = this->RegisterSelfPermStateChangeCallback(*scopeParcel, callback); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); +} + +void AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (this->GetTokenType(callingToken) != TOKEN_HAP) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is not hap."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PARAM_INVALID), "WriteInt32 failed."); + return; + } + sptr callback = data.ReadRemoteObject(); + if (callback == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Read callback fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + int32_t result = this->UnRegisterSelfPermStateChangeCallback(callback); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } #ifndef ATM_BUILD_VARIANT_USER_ENABLE void AccessTokenManagerStub::ReloadNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } int32_t result = this->ReloadNativeTokenInfo(); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } #endif void AccessTokenManagerStub::GetNativeTokenIdInner(MessageParcel& data, MessageParcel& reply) { if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteUint32(INVALID_TOKENID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(INVALID_TOKENID), "WriteUint32 failed."); return; } std::string processName; if (!data.ReadString(processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString fail, processName=%{public}s", processName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail, processName=%{public}s", processName.c_str()); return; } AccessTokenID result = this->GetNativeTokenId(processName); - reply.WriteUint32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } #ifdef TOKEN_SYNC_ENABLE void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } AccessTokenID tokenID = data.ReadUint32(); HapTokenInfoForSyncParcel hapTokenParcel; int result = this->GetHapTokenInfoFromRemote(tokenID, hapTokenParcel); - reply.WriteInt32(result); + IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - reply.WriteParcelable(&hapTokenParcel); -} - -void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::vector nativeTokenInfosRes; - int result = this->GetAllNativeTokenInfo(nativeTokenInfosRes); - reply.WriteInt32(result); - if (result != RET_SUCCESS) { - return; - } - reply.WriteUint32(nativeTokenInfosRes.size()); - for (const auto& native : nativeTokenInfosRes) { - reply.WriteParcelable(&native); - } + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&hapTokenParcel), "WriteParcelable failed."); } void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } std::string deviceID = data.ReadString(); sptr hapTokenParcel = data.ReadParcelable(); if (hapTokenParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenParcel read faild"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenParcel read faild"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } int result = this->SetRemoteHapTokenInfo(deviceID, *hapTokenParcel); - reply.WriteInt32(result); -} - -void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::string deviceID = data.ReadString(); - - std::vector nativeParcelList; - uint32_t size = data.ReadUint32(); - if (size > MAX_NATIVE_TOKEN_INFO_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Size %{public}u is invalid", size); - reply.WriteInt32(AccessTokenError::ERR_OVERSIZE); - return; - } - for (uint32_t i = 0; i < size; i++) { - sptr nativeParcel = data.ReadParcelable(); - if (nativeParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "NativeParcel read faild"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); - return; - } - nativeParcelList.emplace_back(*nativeParcel); - } - - int result = this->SetRemoteNativeTokenInfo(deviceID, nativeParcelList); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } std::string deviceID = data.ReadString(); AccessTokenID tokenID = data.ReadUint32(); int result = this->DeleteRemoteToken(deviceID, tokenID); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(INVALID_TOKENID); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(INVALID_TOKENID), "WriteInt32 failed."); return; } std::string deviceID = data.ReadString(); AccessTokenID tokenID = data.ReadUint32(); AccessTokenID result = this->GetRemoteNativeTokenID(deviceID, tokenID); - reply.WriteUint32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } std::string deviceID = data.ReadString(); int result = this->DeleteRemoteDeviceTokens(deviceID); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::RegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback read failed."); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback read failed."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } int32_t result = this->RegisterTokenSyncCallback(callback); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } void AccessTokenManagerStub::UnRegisterTokenSyncCallbackInner(MessageParcel& data, MessageParcel& reply) { if (!IsAccessTokenCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied, tokenID=%{public}d", IPCSkeleton::GetCallingTokenID()); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } int32_t result = this->UnRegisterTokenSyncCallback(); - reply.WriteInt32(result); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); } #endif @@ -802,66 +960,39 @@ void AccessTokenManagerStub::GetVersionInner(MessageParcel& data, MessageParcel& { uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); if ((this->GetTokenType(callingToken) == TOKEN_HAP) && (!IsSystemAppCalling())) { - reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP), "WriteInt32 failed."); return; } uint32_t version; int32_t result = this->GetVersion(version); - if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); - } + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed."); if (result != RET_SUCCESS) { return; } - if (!reply.WriteUint32(version)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write Uint32 failed."); - } -} - -void AccessTokenManagerStub::DumpPermDefInfoInner(MessageParcel& data, MessageParcel& reply) -{ - if (!IsShellProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; - } - std::string dumpInfo = ""; - int32_t result = this->DumpPermDefInfo(dumpInfo); - if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); - } - if (result != RET_SUCCESS) { - return; - } - - if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - ACCESSTOKEN_LOG_WARN(LABEL, "Set DataCapacity failed."); - } - if (!reply.WriteString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write String failed."); - } + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteUint32(version), "WriteUint32 failed."); } void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsShellProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); reply.WriteString(""); return; } sptr infoParcel = data.ReadParcelable(); if (infoParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read infoParcel fail"); + LOGE(ATM_DOMAIN, ATM_TAG, "Read infoParcel fail"); reply.WriteString("read infoParcel fail"); return; } std::string dumpInfo = ""; this->DumpTokenInfo(*infoParcel, dumpInfo); if (!reply.SetDataCapacity(DUMP_CAPACITY_SIZE)) { - ACCESSTOKEN_LOG_WARN(LABEL, "SetDataCapacity failed"); + LOGW(ATM_DOMAIN, ATM_TAG, "SetDataCapacity failed"); } if (!reply.WriteString(dumpInfo)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed"); } } @@ -869,48 +1000,128 @@ void AccessTokenManagerStub::SetPermDialogCapInner(MessageParcel& data, MessageP { uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); if (VerifyAccessToken(callingToken, DISABLE_PERMISSION_DIALOG) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingToken); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); return; } sptr hapBaseInfoParcel = data.ReadParcelable(); if (hapBaseInfoParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read hapBaseInfoParcel fail"); - reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED); + LOGE(ATM_DOMAIN, ATM_TAG, "Read hapBaseInfoParcel fail"); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); return; } bool enable = data.ReadBool(); int32_t res = this->SetPermDialogCap(*hapBaseInfoParcel, enable); - reply.WriteInt32(res); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); } void AccessTokenManagerStub::GetPermissionManagerInfoInner(MessageParcel& data, MessageParcel& reply) { PermissionGrantInfoParcel infoParcel; this->GetPermissionManagerInfo(infoParcel); - reply.WriteParcelable(&infoParcel); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteParcelable(&infoParcel), "WriteParcelable failed."); } -void AccessTokenManagerStub::GetNativeTokenNameInner(MessageParcel& data, MessageParcel& reply) +void AccessTokenManagerStub::InitUserPolicyInner(MessageParcel& data, MessageParcel& reply) { - if (!IsNativeProcessCalling() && !IsPrivilegedCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", IPCSkeleton::GetCallingTokenID()); - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED); - return; + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + std::vector userList; + std::vector permList; + uint32_t userSize = data.ReadUint32(); + uint32_t permSize = data.ReadUint32(); + if ((userSize > MAX_USER_POLICY_SIZE) || (permSize > MAX_USER_POLICY_SIZE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteParcelable failed."); + return; + } + for (uint32_t i = 0; i < userSize; i++) { + UserState userInfo; + if (!data.ReadInt32(userInfo.userId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + if (!data.ReadBool(userInfo.isActive)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + userList.emplace_back(userInfo); + } + for (uint32_t i = 0; i < permSize; i++) { + std::string permission; + if (!data.ReadString(permission)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read permission."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + permList.emplace_back(permission); } + int32_t res = this->InitUserPolicy(userList, permList); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); +} - AccessTokenID tokenId = data.ReadUint32(); - std::string name; - - int32_t result = this->GetNativeTokenName(tokenId, name); - if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write result failed."); +void AccessTokenManagerStub::UpdateUserPolicyInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; + } + std::vector userList; + uint32_t userSize = data.ReadUint32(); + if (userSize > MAX_USER_POLICY_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Size %{public}u is invalid", userSize); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(AccessTokenError::ERR_OVERSIZE), "WriteInt32 failed."); + return; + } + for (uint32_t i = 0; i < userSize; i++) { + UserState userInfo; + if (!data.ReadInt32(userInfo.userId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read userId."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + if (!data.ReadBool(userInfo.isActive)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read isActive."); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED), "WriteInt32 failed."); + return; + } + userList.emplace_back(userInfo); } + int32_t res = this->UpdateUserPolicy(userList); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); +} - if (result == RET_SUCCESS) { - reply.WriteString(name); +void AccessTokenManagerStub::ClearUserPolicyInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingToken = IPCSkeleton::GetCallingTokenID(); + if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, + reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); + return; } + + int32_t res = this->ClearUserPolicy(); + IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(res), "WriteInt32 failed."); } bool AccessTokenManagerStub::IsPrivilegedCalling() const @@ -956,14 +1167,8 @@ void AccessTokenManagerStub::SetTokenSyncFuncInMap() { requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_FROM_REMOTE)] = &AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE)] = - &AccessTokenManagerStub::GetAllNativeTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_REMOTE_HAP_TOKEN_INFO)] = &AccessTokenManagerStub::SetRemoteHapTokenInfoInner; - requestFuncMap_[ - static_cast(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO)] = - &AccessTokenManagerStub::SetRemoteNativeTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_TOKEN_INFO)] = &AccessTokenManagerStub::DeleteRemoteTokenInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DELETE_REMOTE_DEVICE_TOKEN)] = @@ -987,14 +1192,14 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() &AccessTokenManagerStub::DeleteTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_TYPE)] = &AccessTokenManagerStub::GetTokenTypeInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::CHECK_NATIVE_DCAP)] = - &AccessTokenManagerStub::CheckNativeDCapInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKEN_ID)] = &AccessTokenManagerStub::GetHapTokenIDInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::ALLOC_LOCAL_TOKEN_ID)] = &AccessTokenManagerStub::AllocLocalTokenIDInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKENINFO)] = &AccessTokenManagerStub::GetNativeTokenInfoInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_TOKEN_ID_BY_USER_ID)] = + &AccessTokenManagerStub::GetTokenIDByUserIDInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO)] = &AccessTokenManagerStub::GetHapTokenInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN)] = @@ -1009,16 +1214,24 @@ void AccessTokenManagerStub::SetLocalTokenOpFuncInMap() &AccessTokenManagerStub::SetPermDialogCapInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_MANAGER_INFO)] = &AccessTokenManagerStub::GetPermissionManagerInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_NATIVE_TOKEN_NAME)] = - &AccessTokenManagerStub::GetNativeTokenNameInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::INIT_USER_POLICY)] = + &AccessTokenManagerStub::InitUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::UPDATE_USER_POLICY)] = + &AccessTokenManagerStub::UpdateUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_POLICY)] = + &AccessTokenManagerStub::ClearUserPolicyInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT)] = + &AccessTokenManagerStub::GetHapTokenInfoExtensionInner; } void AccessTokenManagerStub::SetPermissionOpFuncInMap() { requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_USER_GRANTED_PERMISSION_USED_TYPE)] = - &AccessTokenManagerStub::GetUserGrantedPermissionUsedTypeInner; + &AccessTokenManagerStub::GetPermissionUsedTypeInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN)] = &AccessTokenManagerStub::VerifyAccessTokenInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST)] = + &AccessTokenManagerStub::VerifyAccessTokenWithListInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSION)] = &AccessTokenManagerStub::GetDefPermissionInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_DEF_PERMISSIONS)] = @@ -1031,6 +1244,8 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap() &AccessTokenManagerStub::GrantPermissionInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::REVOKE_PERMISSION)] = &AccessTokenManagerStub::RevokePermissionInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::GRANT_PERMISSION_FOR_SPECIFIEDTIME)] = + &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] = &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] = @@ -1045,14 +1260,20 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap() &AccessTokenManagerStub::UnRegisterPermStateChangeCallbackInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_TOKENINFO)] = &AccessTokenManagerStub::DumpTokenInfoInner; - requestFuncMap_[static_cast(AccessTokenInterfaceCode::DUMP_PERM_DEFINITION_INFO)] = - &AccessTokenManagerStub::DumpPermDefInfoInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_VERSION)] = &AccessTokenManagerStub::GetVersionInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::SET_PERMISSION_REQUEST_TOGGLE_STATUS)] = &AccessTokenManagerStub::SetPermissionRequestToggleStatusInner; requestFuncMap_[static_cast(AccessTokenInterfaceCode::GET_PERMISSION_REQUEST_TOGGLE_STATUS)] = &AccessTokenManagerStub::GetPermissionRequestToggleStatusInner; + requestFuncMap_[ + static_cast(AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = + &AccessTokenManagerStub::RegisterSelfPermStateChangeCallbackInner; + requestFuncMap_[ + static_cast(AccessTokenInterfaceCode::UNREGISTER_SELF_PERM_STATE_CHANGE_CALLBACK)] = + &AccessTokenManagerStub::UnRegisterSelfPermStateChangeCallbackInner; + requestFuncMap_[static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING)] = + &AccessTokenManagerStub::RequestAppPermOnSettingInner; } AccessTokenManagerStub::AccessTokenManagerStub() diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp index 2e3b7203ffb3622647f696d06ed690d00ed372fb..fb784db9ac5832fab0a1e29af43ac03963854d0c 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp @@ -15,7 +15,7 @@ #include "accesstoken_id_manager.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "data_validator.h" #include "random.h" @@ -25,7 +25,6 @@ namespace Security { namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenIDManager"}; } ATokenTypeEnum AccessTokenIDManager::GetTokenIdTypeEnum(AccessTokenID id) @@ -77,23 +76,11 @@ int AccessTokenIDManager::RegisterTokenId(AccessTokenID id, ATokenTypeEnum type) return RET_SUCCESS; } -void AccessTokenIDManager::GetHapTokenIdList(std::vector& idList) -{ - Utils::UniqueReadGuard idGuard(this->tokenIdLock_); - - for (std::set::iterator it = tokenIdSet_.begin(); it != tokenIdSet_.end(); ++it) { - AccessTokenID tokenId = *it; - if (TOKEN_HAP == GetTokenIdTypeEnum(tokenId)) { - idList.emplace_back(*it); - } - } -} - AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type, int32_t dlpFlag, int32_t cloneFlag) const { unsigned int rand = GetRandomUint32(); if (rand == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get random failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Get random failed"); return 0; } @@ -116,7 +103,7 @@ AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type for (int i = 0; i < MAX_CREATE_TOKEN_ID_RETRY; i++) { tokenId = CreateTokenId(type, dlpFlag, cloneFlag); if (tokenId == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create tokenId failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Create tokenId failed"); return INVALID_TOKENID; } @@ -124,9 +111,9 @@ AccessTokenID AccessTokenIDManager::CreateAndRegisterTokenId(ATokenTypeEnum type if (ret == RET_SUCCESS) { break; } else if (i < MAX_CREATE_TOKEN_ID_RETRY - 1) { - ACCESSTOKEN_LOG_WARN(LABEL, "Reigster tokenId failed, maybe repeat, retry"); + LOGW(ATM_DOMAIN, ATM_TAG, "Reigster tokenId failed(error=%{public}d), maybe repeat, retry.", ret); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Reigster tokenId finally failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "Reigster tokenId finally failed(error=%{public}d).", ret); tokenId = INVALID_TOKENID; } } @@ -137,7 +124,7 @@ void AccessTokenIDManager::ReleaseTokenId(AccessTokenID id) { Utils::UniqueWriteGuard idGuard(this->tokenIdLock_); if (tokenIdSet_.count(id) == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id %{public}x is not exist", id); + LOGI(ATM_DOMAIN, ATM_TAG, "Id %{public}x is not exist", id); return; } tokenIdSet_.erase(id); @@ -149,7 +136,8 @@ AccessTokenIDManager& AccessTokenIDManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenIDManager(); + AccessTokenIDManager* tmp = new AccessTokenIDManager(); + instance = std::move(tmp); } } return *instance; diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index bbbf2bbaa5602599f4ffeba185ff6a3d170b73a5..25621e1ec94231b19438844b3d8d4a4ea5c5bebd 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -21,9 +21,10 @@ #include #include #include "access_token.h" +#include "access_token_db.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "accesstoken_remote_token_manager.h" #include "access_token_error.h" #include "atm_tools_param_info_parcel.h" @@ -34,15 +35,16 @@ #ifdef SUPPORT_SANDBOX_APP #include "dlp_permission_set_manager.h" #endif -#ifdef RESOURCESCHEDULE_FFRT_ENABLE -#include "ffrt.h" -#endif #include "generic_values.h" #include "hap_token_info_inner.h" +#include "hisysevent_adapter.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "permission_definition_cache.h" #include "permission_manager.h" -#include "access_token_db.h" +#include "permission_map.h" +#include "permission_validator.h" +#include "perm_setproc.h" #include "token_field_const.h" #include "token_setproc.h" #ifdef TOKEN_SYNC_ENABLE @@ -54,20 +56,17 @@ namespace Security { namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenInfoManager"}; static const unsigned int SYSTEM_APP_FLAG = 0x0001; +static constexpr int32_t BASE_USER_RANGE = 200000; #ifdef TOKEN_SYNC_ENABLE static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length -static const std::string ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; +static const char* ACCESS_TOKEN_PACKAGE_NAME = "ohos.security.distributed_token_sync"; #endif -static const std::string DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; +static const char* DUMP_JSON_PATH = "/data/service/el1/public/access_token/nativetoken.log"; +static const int32_t EXTENSION_PERMISSION_ID = 0; } -#ifdef RESOURCESCHEDULE_FFRT_ENABLE -AccessTokenInfoManager::AccessTokenInfoManager() : curTaskNum_(0), hasInited_(false) {} -#else -AccessTokenInfoManager::AccessTokenInfoManager() : tokenDataWorker_("TokenStore"), hasInited_(false) {} -#endif +AccessTokenInfoManager::AccessTokenInfoManager() : hasInited_(false) {} AccessTokenInfoManager::~AccessTokenInfoManager() { @@ -78,13 +77,10 @@ AccessTokenInfoManager::~AccessTokenInfoManager() #ifdef TOKEN_SYNC_ENABLE int32_t ret = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(ACCESS_TOKEN_PACKAGE_NAME); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnInitDeviceManager failed, code: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "UnInitDeviceManager failed, code: %{public}d", ret); } #endif -#ifndef RESOURCESCHEDULE_FFRT_ENABLE - this->tokenDataWorker_.Stop(); -#endif this->hasInited_ = false; } @@ -95,76 +91,114 @@ void AccessTokenInfoManager::Init() return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Init begin!"); - InitHapTokenInfos(); - InitNativeTokenInfos(); -#ifndef RESOURCESCHEDULE_FFRT_ENABLE - this->tokenDataWorker_.Start(1); + LOGI(ATM_DOMAIN, ATM_TAG, "Init begin!"); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return; + } + std::vector tokenInfos; + int ret = policy->GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS) { + ReportSysEventServiceStartError( + INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret); + } + uint32_t hapSize = 0; + uint32_t nativeSize = tokenInfos.size(); + InitHapTokenInfos(hapSize); + InitNativeTokenInfos(tokenInfos); + uint32_t pefDefSize = PermissionDefinitionCache::GetInstance().GetDefPermissionsSize(); + ReportSysEventServiceStart(getpid(), hapSize, nativeSize, pefDefSize); + LOGI(ATM_DOMAIN, ATM_TAG, "InitTokenInfo end, hapSize %{public}d, nativeSize %{public}d, pefDefSize %{public}d.", + hapSize, nativeSize, pefDefSize); + +#ifdef SUPPORT_SANDBOX_APP + std::vector dlpPerms; + ret = policy->GetDlpPermissions(dlpPerms); + if (ret == RET_SUCCESS) { + LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpPerms.size()); + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); + } #endif + std::vector permDefList; + ret = policy->GetAllPermissionDef(permDefList); + if (ret != RET_SUCCESS) { + ReportSysEventServiceStartError(INIT_PERM_DEF_JSON_ERROR, "GetAllPermissionDef from json fail.", ret); + } + for (const auto& perm : permDefList) { + PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + } hasInited_ = true; + LOGI(ATM_DOMAIN, ATM_TAG, "Init success"); +} #ifdef TOKEN_SYNC_ENABLE +void AccessTokenInfoManager::InitDmCallback(void) +{ std::function runner = []() { std::string name = "AtmInfoMgrInit"; pthread_setname_np(pthread_self(), name.substr(0, MAX_PTHREAD_NAME_LEN).c_str()); - auto sleepTime = std::chrono::milliseconds(1000); std::shared_ptr ptrDmInitCallback = std::make_shared(); - while (1) { - int32_t ret = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(ACCESS_TOKEN_PACKAGE_NAME, - ptrDmInitCallback); - if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: InitDeviceManager error, result: %{public}d", ret); - std::this_thread::sleep_for(sleepTime); - continue; - } - return; + int32_t ret = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(ACCESS_TOKEN_PACKAGE_NAME, + ptrDmInitCallback); + if (ret != ERR_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Initialize: InitDeviceManager error, result: %{public}d", ret); } + LOGI(ATM_DOMAIN, ATM_TAG, "device manager part init end"); + return; }; std::thread initThread(runner); initThread.detach(); -#endif - - ACCESSTOKEN_LOG_INFO(LABEL, "Init success"); } +#endif -void AccessTokenInfoManager::InitHapTokenInfos() +void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize) { + GenericValues conditionValue; std::vector hapTokenRes; std::vector permDefRes; std::vector permStateRes; - - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapTokenRes); - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, permDefRes); - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateRes); - + int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenRes); + if (ret != RET_SUCCESS || hapTokenRes.empty()) { + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load hap from db fail.", ret); + } + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, permDefRes); + if (ret != RET_SUCCESS || permDefRes.empty()) { + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load perm def from db fail.", ret); + } + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); + if (ret != RET_SUCCESS || permStateRes.empty()) { + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load perm state from db fail.", ret); + } for (const GenericValues& tokenValue : hapTokenRes) { AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u add id failed.", tokenId); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "hap tokenID error"); + std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); + int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + if (result != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add id failed, error=%{public}d.", tokenId, result); + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, + "RegisterTokenId fail, " + bundle + std::to_string(tokenId), result); continue; } std::shared_ptr hap = std::make_shared(); - ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes); - if (ret != RET_SUCCESS) { + result = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes); + if (result != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u restore failed.", tokenId); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u restore failed.", tokenId); continue; } - ret = AddHapTokenInfo(hap); - if (ret != RET_SUCCESS) { + result = AddHapTokenInfo(hap); + if (result != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u add failed.", tokenId); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "hap token has exist"); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add failed.", tokenId); + ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, + "AddHapTokenInfo fail, " + bundle + std::to_string(tokenId), result); continue; } - ACCESSTOKEN_LOG_INFO(LABEL, + hapSize++; + LOGI(ATM_DOMAIN, ATM_TAG, " Restore hap token %{public}u bundle name %{public}s user %{public}d," " permSize %{public}d, inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetReqPermissionSize(), hap->GetInstIndex()); @@ -172,48 +206,6 @@ void AccessTokenInfoManager::InitHapTokenInfos() PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); } -void AccessTokenInfoManager::InitNativeTokenInfos() -{ - std::vector nativeTokenResults; - std::vector permStateRes; - - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateRes); - for (const GenericValues& nativeTokenValue : nativeTokenResults) { - AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); - if (ret != RET_SUCCESS) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native tokenID error"); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u add failed.", tokenId); - continue; - } - std::shared_ptr native = std::make_shared(); - - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); - if (ret != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u restore failed.", tokenId); - continue; - } - - ret = AddNativeTokenInfo(native); - if (ret != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u add failed.", tokenId); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native tokenID error"); - continue; - } - ACCESSTOKEN_LOG_INFO(LABEL, - "restore native token %{public}u process name %{public}s, permSize %{public}d ok!", - tokenId, native->GetProcessName().c_str(), native->GetReqPermissionSize()); - } -} - std::string AccessTokenInfoManager::GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const { @@ -231,7 +223,7 @@ std::string AccessTokenInfoManager::GetHapUniqueStr(const std::shared_ptr& info) { if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token info is null."); + LOGE(ATM_DOMAIN, ATM_TAG, "Token info is null."); return AccessTokenError::ERR_PARAM_INVALID; } AccessTokenID id = info->GetTokenID(); @@ -239,78 +231,95 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) > 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u info has exist.", id); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u info has exist.", id); + return AccessTokenError::ERR_TOKENID_HAS_EXISTED; } if (!info->IsRemote()) { - std::string HapUniqueKey = GetHapUniqueStr(info); - auto iter = hapTokenIdMap_.find(HapUniqueKey); + std::string hapUniqueKey = GetHapUniqueStr(info); + auto iter = hapTokenIdMap_.find(hapUniqueKey); if (iter != hapTokenIdMap_.end()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u Unique info has exist, update.", id); + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u Unique info has exist, update.", id); idRemoved = iter->second; } - hapTokenIdMap_[HapUniqueKey] = id; + hapTokenIdMap_[hapUniqueKey] = id; } hapTokenInfoMap_[id] = info; } if (idRemoved != INVALID_TOKENID) { RemoveHapTokenInfo(idRemoved); } - // add hap to kernel - std::shared_ptr policySet = info->GetHapInfoPermissionPolicySet(); - PermissionManager::GetInstance().AddPermToKernel(id, policySet); - - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC, + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), "INSTINDEX", info->GetInstIndex()); + // add hap to kernel + int32_t userId = info->GetUserID(); + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + LOGI(ATM_DOMAIN, ATM_TAG, "Execute user policy."); + PermissionManager::GetInstance().AddHapPermToKernel(id, permPolicyList_); + return RET_SUCCESS; + } + } + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); return RET_SUCCESS; } -int AccessTokenInfoManager::AddNativeTokenInfo(const std::shared_ptr& info) +std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner(AccessTokenID id) { - if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token info is null."); - return AccessTokenError::ERR_PARAM_INVALID; + { + Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); + auto iter = hapTokenInfoMap_.find(id); + if (iter != hapTokenInfoMap_.end()) { + return iter->second; + } } - AccessTokenID id = info->GetTokenID(); - std::string processName = info->GetProcessName(); - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - if (nativeTokenInfoMap_.count(id) > 0) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u has exist.", id); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + GenericValues conditionValue; + if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { + std::vector permDefRes; + AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, permDefRes); + PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); // restore all permission definition + LOGI(ATM_DOMAIN, ATM_TAG, "Restore perm def size: %{public}zu, mapSize: %{public}zu.", + permDefRes.size(), hapTokenInfoMap_.size()); + } + + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); + std::vector hapTokenResults; + int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); + if (ret != RET_SUCCESS || hapTokenResults.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); + return nullptr; } - if (!info->IsRemote()) { - if (nativeTokenIdMap_.count(processName) > 0) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u process name %{public}s has exist.", id, processName.c_str()); - return AccessTokenError::ERR_PROCESS_NOT_EXIST; - } - nativeTokenIdMap_[processName] = id; + std::vector permStateRes; + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " + "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); + return nullptr; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Token info is added %{public}u.", id); - nativeTokenInfoMap_[id] = info; - - // add native to kernel - std::shared_ptr policySet = info->GetNativeInfoPermissionPolicySet(); - PermissionManager::GetInstance().AddPermToKernel(id, policySet); - - return RET_SUCCESS; -} - -std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner(AccessTokenID id) -{ - Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); - auto iter = hapTokenInfoMap_.find(id); - if (iter != hapTokenInfoMap_.end()) { - return iter->second; + std::shared_ptr hap = std::make_shared(); + ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", + id, ret, hapTokenInfoMap_.size()); + return nullptr; } - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); - return nullptr; + AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_HAP); + hapTokenIdMap_[GetHapUniqueStr(hap)] = id; + hapTokenInfoMap_[id] = hap; + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); + LOGI(ATM_DOMAIN, ATM_TAG, " Token %{public}u is not found in map(mapSize: %{public}zu), begin load from DB," + " restore bundle %{public}s user %{public}d, idx %{public}d, permSize %{public}d.", id, hapTokenInfoMap_.size(), + hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex(), hap->GetReqPermissionSize()); + return hap; } int32_t AccessTokenInfoManager::GetHapTokenDlpType(AccessTokenID id) @@ -320,7 +329,7 @@ int32_t AccessTokenInfoManager::GetHapTokenDlpType(AccessTokenID id) if ((iter != hapTokenInfoMap_.end()) && (iter->second != nullptr)) { return iter->second->GetDlpType(); } - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, mapSize: %{public}zu.", id, hapTokenInfoMap_.size()); return BUTT_DLP_TYPE; } @@ -341,71 +350,58 @@ bool AccessTokenInfoManager::IsTokenIdExist(AccessTokenID id) return false; } -int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& info) +int32_t AccessTokenInfoManager::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) { - std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", tokenID); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; + GenericValues conditionValue; + std::vector tokenIDResults; + conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); + int32_t ret = AccessTokenDb::GetInstance().Find( + AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, tokenIDResults); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserID(%{public}d) find tokenID failed, ret: %{public}d.", userID, ret); + return ret; } - infoPtr->TranslateToHapTokenInfo(info); - return RET_SUCCESS; -} - -std::shared_ptr AccessTokenInfoManager::GetHapPermissionPolicySet(AccessTokenID id) -{ - std::shared_ptr infoPtr = GetHapTokenInfoInner(id); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", id); - return nullptr; + if (tokenIDResults.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserID(%{public}d) find tokenID empty.", userID); + return RET_SUCCESS; } - return infoPtr->GetHapInfoPermissionPolicySet(); -} -std::shared_ptr AccessTokenInfoManager::GetNativeTokenInfoInner(AccessTokenID id) -{ - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - auto iter = nativeTokenInfoMap_.find(id); - if (iter != nativeTokenInfoMap_.end()) { - return iter->second; + for (const GenericValues& tokenIDResult : tokenIDResults) { + AccessTokenID tokenId = (AccessTokenID)tokenIDResult.GetInt(TokenFiledConst::FIELD_TOKEN_ID); + tokenIdList.emplace(tokenId); } - - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); - return nullptr; + return RET_SUCCESS; } -int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& infoParcel) +int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& info) { - std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); + std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - - infoPtr->TranslateToNativeTokenInfo(infoParcel); + infoPtr->TranslateToHapTokenInfo(info); return RET_SUCCESS; } -std::shared_ptr AccessTokenInfoManager::GetNativePermissionPolicySet(AccessTokenID id) +int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfoBase& info) { - std::shared_ptr infoPtr = GetNativeTokenInfoInner(id); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", id); - return nullptr; + Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); + auto iter = nativeTokenInfoMap_.find(tokenID); + if (iter == nativeTokenInfoMap_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u is not exist.", tokenID); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - return infoPtr->GetNativeInfoPermissionPolicySet(); + info.apl = iter->second.apl; + info.processName = iter->second.processName; + return RET_SUCCESS; } int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is not hap.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); return ERR_PARAM_INVALID; } std::shared_ptr info; @@ -413,18 +409,23 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) PermissionManager::GetInstance().RemoveDefPermissions(id); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + RemoveHapTokenInfoFromDb(id); + // remove hap to kernel + PermissionManager::GetInstance().RemovePermFromKernel(id); + AccessTokenIDManager::GetInstance().ReleaseTokenId(id); + if (hapTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token %{public}u no exist.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); return ERR_TOKENID_NOT_EXIST; } info = hapTokenInfoMap_[id]; if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token %{public}u is null.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); return ERR_TOKEN_INVALID; } if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote hap token %{public}u can not delete.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); return ERR_IDENTITY_CHECK_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -435,11 +436,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) hapTokenInfoMap_.erase(id); } - AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "Remove hap token %{public}u ok!", id); - RemoveHapTokenInfoFromDb(id); - // remove hap to kernel - PermissionManager::GetInstance().RemovePermFromKernel(id); + LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); @@ -456,32 +453,21 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is not hap.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not native or shell.", id); return ERR_PARAM_INVALID; } { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Native token %{public}u is null.", id); + LOGE(ATM_DOMAIN, ATM_TAG, "Native token %{public}u is null.", id); return ERR_TOKENID_NOT_EXIST; } - std::shared_ptr info = nativeTokenInfoMap_[id]; - if (info->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote native token %{public}u can not delete.", id); - return ERR_TOKEN_INVALID; - } - std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); - if (nativeTokenIdMap_.count(processName) != 0) { - nativeTokenIdMap_.erase(processName); - } nativeTokenInfoMap_.erase(id); } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_INFO(LABEL, "Remove native token %{public}u ok!", id); - RefreshTokenInfoIfNeeded(); + LOGI(ATM_DOMAIN, ATM_TAG, "Remove native token %{public}u ok!", id); // remove native to kernel PermissionManager::GetInstance().RemovePermFromKernel(id); @@ -489,7 +475,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) } #ifdef SUPPORT_SANDBOX_APP -static void GetPolicyCopied(const HapPolicyParams& policy, HapPolicyParams& policyNew) +static void GetPolicyCopied(const HapPolicy& policy, HapPolicy& policyNew) { policyNew.apl = policy.apl; policyNew.domain = policy.domain; @@ -503,47 +489,65 @@ static void GetPolicyCopied(const HapPolicyParams& policy, HapPolicyParams& poli } #endif -int AccessTokenInfoManager::CreateHapTokenInfo( - const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx) +int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy) { if ((!DataValidator::IsUserIdValid(info.userID)) || (!DataValidator::IsBundleNameValid(info.bundleName)) || (!DataValidator::IsAppIDDescValid(info.appIDDesc)) || (!DataValidator::IsDomainValid(policy.domain)) || - (!DataValidator::IsDlpTypeValid(info.dlpType))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token param failed"); + (!DataValidator::IsDlpTypeValid(info.dlpType)) || (info.isRestore && info.tokenID == INVALID_TOKENID)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param failed"); + return AccessTokenError::ERR_PARAM_INVALID; + } + return ERR_OK; +} + +int AccessTokenInfoManager::CreateHapTokenInfo( + const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx) +{ + if (CheckHapInfoParam(info, policy) != ERR_OK) { return AccessTokenError::ERR_PARAM_INVALID; } - int32_t dlpFlag = (info.dlpType > DLP_COMMON) ? 1 : 0; - int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0; - AccessTokenID tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, dlpFlag, cloneFlag); - if (tokenId == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token Id create failed"); - return ERR_TOKENID_CREATE_FAILED; + AccessTokenID tokenId = info.tokenID; + if (info.isRestore) { + LOGI(ATM_DOMAIN, ATM_TAG, "isRestore is true, tokenId is %{public}u", tokenId); + int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + if (res != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token Id register failed, res is %{public}d", res); + return res; + } + } else { + int32_t dlpFlag = (info.dlpType > DLP_COMMON) ? 1 : 0; + int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0; + tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, dlpFlag, cloneFlag); + if (tokenId == 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token Id create failed"); + return ERR_TOKENID_CREATE_FAILED; + } } PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); #ifdef SUPPORT_SANDBOX_APP std::shared_ptr tokenInfo; + HapPolicy policyNew = policy; if (info.dlpType != DLP_COMMON) { - HapPolicyParams policyNew; GetPolicyCopied(policy, policyNew); DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(info.dlpType, policyNew.permStateList); - tokenInfo = std::make_shared(tokenId, info, policyNew); - } else { - tokenInfo = std::make_shared(tokenId, info, policy); } + tokenInfo = std::make_shared(tokenId, info, policyNew); #else std::shared_ptr tokenInfo = std::make_shared(tokenId, info, policy); #endif + AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy.apl, false); int ret = AddHapTokenInfo(tokenInfo); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s add token info failed", info.bundleName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); PermissionManager::GetInstance().RemoveDefPermissions(tokenId); + RemoveHapTokenInfoFromDb(tokenId); return ret; } - ACCESSTOKEN_LOG_INFO(LABEL, "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d ok", - tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); + LOGI(ATM_DOMAIN, ATM_TAG, + "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d isRestore %{public}d ok", + tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex(), info.isRestore); AllocAccessTokenIDEx(info, tokenId, tokenIdEx); - AddHapTokenInfoToDb(tokenId); return RET_SUCCESS; } @@ -557,24 +561,6 @@ int AccessTokenInfoManager::AllocAccessTokenIDEx( return RET_SUCCESS; } -int AccessTokenInfoManager::CheckNativeDCap(AccessTokenID tokenID, const std::string& dcap) -{ - std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenID); - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", tokenID); - return ERR_TOKENID_NOT_EXIST; - } - - std::vector dcaps = infoPtr->GetDcap(); - for (auto iter = dcaps.begin(); iter != dcaps.end(); iter++) { - if (*iter == dcap) { - return RET_SUCCESS; - } - } - return ERR_CHECK_DCAP_FAIL; -} - AccessTokenIDEx AccessTokenInfoManager::GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex) { Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); @@ -586,7 +572,7 @@ AccessTokenIDEx AccessTokenInfoManager::GetHapTokenID(int32_t userID, const std: auto infoIter = hapTokenInfoMap_.find(tokenId); if (infoIter != hapTokenInfoMap_.end()) { if (infoIter->second == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenInfoInner is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenInfoInner is nullptr"); return tokenIdEx; } HapTokenInfo info = infoIter->second->GetHapInfoBasic(); @@ -597,97 +583,70 @@ AccessTokenIDEx AccessTokenInfoManager::GetHapTokenID(int32_t userID, const std: return tokenIdEx; } -bool AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr& infoPtr) +void AccessTokenInfoManager::GetNativePermissionList(const NativeTokenInfoBase& native, + std::vector& opCodeList, std::vector& statusList) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return false; - } - - Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); - AccessTokenID id = infoPtr->GetTokenID(); - std::string processName = infoPtr->GetProcessName(); - bool idExist = (nativeTokenInfoMap_.count(id) > 0); - bool processExist = (nativeTokenIdMap_.count(processName) > 0); - // id is exist, but it is not this process, so neither update nor add. - if (idExist && !processExist) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token Id is exist, but process name is not exist, can not update."); - return true; - } - - // this process is exist, but id is not same, perhaps libat lose his data, we need delete old, add new later. - if (!idExist && processExist) { - AccessTokenID idRemove = nativeTokenIdMap_[processName]; - nativeTokenIdMap_.erase(processName); - if (nativeTokenInfoMap_.count(idRemove) > 0) { - nativeTokenInfoMap_.erase(idRemove); + // need to process aclList + for (const auto& state : native.permStateList) { + uint32_t code; + // add IsPermissionReqValid to filter invalid permission + if (TransferPermissionToOpcode(state.permissionName, code)) { + opCodeList.emplace_back(code); + statusList.emplace_back(state.grantStatus == PERMISSION_GRANTED); } - AccessTokenIDManager::GetInstance().ReleaseTokenId(idRemove); - return false; - } - - if (!idExist && !processExist) { - return false; } - - nativeTokenInfoMap_[id] = infoPtr; - - // add native to kernel - std::shared_ptr policySet = infoPtr->GetNativeInfoPermissionPolicySet(); - PermissionManager::GetInstance().AddPermToKernel(id, policySet); - return true; } -void AccessTokenInfoManager::ProcessNativeTokenInfos( - const std::vector>& tokenInfos) +void AccessTokenInfoManager::InitNativeTokenInfos(const std::vector& tokenInfos) { - for (const auto& infoPtr: tokenInfos) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Token info from libat is null"); + for (const auto& info: tokenInfos) { + AccessTokenID tokenId = info.tokenID; + std::string process = info.processName; + // add tokenId to cache + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); + int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); + if (res != RET_SUCCESS && res != ERR_TOKENID_HAS_EXISTED) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token id register fail, res is %{public}d.", res); + ReportSysEventServiceStartError(INIT_NATIVE_TOKENINFO_ERROR, + "RegisterTokenId fail, " + process + std::to_string(tokenId), res); continue; } - bool isUpdated = TryUpdateExistNativeToken(infoPtr); - if (!isUpdated) { - ACCESSTOKEN_LOG_INFO(LABEL, - "Token %{public}u process name %{public}s is new, add to manager!", - infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); - AccessTokenID id = infoPtr->GetTokenID(); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(id); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, type); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token Id register fail"); - continue; - } - ret = AddNativeTokenInfo(infoPtr); - if (ret != RET_SUCCESS) { - AccessTokenIDManager::GetInstance().ReleaseTokenId(id); - ACCESSTOKEN_LOG_ERROR(LABEL, - "Token %{public}u process name %{public}s add to manager failed!", - infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); - } - } + std::vector opCodeList; + std::vector statusList; + GetNativePermissionList(info, opCodeList, statusList); + // add native token info to cache + Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); + NativeTokenInfoCache cache; + cache.processName = process; + cache.apl = static_cast(info.apl); + cache.opCodeList = opCodeList; + cache.statusList = statusList; + + nativeTokenInfoMap_[tokenId] = cache; + PermissionManager::GetInstance().AddNativePermToKernel(tokenId, cache.opCodeList, cache.statusList); + LOGI(ATM_DOMAIN, ATM_TAG, + "Init native token %{public}u process name %{public}s, permSize %{public}zu ok!", + tokenId, process.c_str(), info.permStateList.size()); } - AddAllNativeTokenInfoToDb(); } int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, - const std::vector& permStateList, ATokenAplEnum apl, + const std::vector& permStateList, ATokenAplEnum apl, const std::vector& permList) { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u parm format error!", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u is null, can not update!", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote hap token %{public}u can not update!", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); return ERR_IDENTITY_CHECK_FAILED; } if (info.isSystemApp) { @@ -695,43 +654,56 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const } else { tokenIdEx.tokenIdExStruct.tokenAttr &= ~SYSTEM_APP_FLAG; } + PermissionManager::GetInstance().AddDefPermissions(permList, tokenID, true); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - infoPtr->Update(info, permStateList, apl); - ACCESSTOKEN_LOG_INFO(LABEL, - "Token %{public}u bundle name %{public}s user %{public}d inst %{public}d tokenAttr %{public}d update ok!", - tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex(), - infoPtr->GetHapInfoBasic().tokenAttr); + infoPtr->Update(info, permStateList); } - PermissionManager::GetInstance().AddDefPermissions(permList, tokenID, true); + + int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, apl, true); + if (ret != RET_SUCCESS) { + return ret; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u bundle name %{public}s user %{public}d \ + inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), + infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", tokenID, "USERID", + infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); + #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); #endif // update hap to kernel - std::shared_ptr policySet = infoPtr->GetHapInfoPermissionPolicySet(); - PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet); - ModifyHapTokenInfoFromDb(tokenID); + UpdateHapToKernel(tokenID, infoPtr->GetUserID()); return RET_SUCCESS; } +void AccessTokenInfoManager::UpdateHapToKernel(AccessTokenID tokenID, int32_t userId) +{ + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + LOGI(ATM_DOMAIN, ATM_TAG, "Execute user policy."); + PermissionManager::GetInstance().AddHapPermToKernel(tokenID, permPolicyList_); + return; + } + } + PermissionManager::GetInstance().AddHapPermToKernel(tokenID, std::vector()); +} + #ifdef TOKEN_SYNC_ENABLE int AccessTokenInfoManager::GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync) { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr || infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u is invalid.", tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", tokenID); return ERR_IDENTITY_CHECK_FAILED; } hapSync.baseInfo = infoPtr->GetHapInfoBasic(); - std::shared_ptr permSetPtr = infoPtr->GetHapInfoPermissionPolicySet(); - if (permSetPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u permSet is invalid.", tokenID); - return ERR_TOKEN_INVALID; - } - permSetPtr->GetPermissionStateList(hapSync.permStateList); - return RET_SUCCESS; + return infoPtr->GetPermissionStateList(hapSync.permStateList); } int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID, @@ -742,51 +714,17 @@ int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID, return ret; } -void AccessTokenInfoManager::GetAllNativeTokenInfo( - std::vector& nativeTokenInfosRes) -{ - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (const auto& nativeTokenInner : nativeTokenInfoMap_) { - std::shared_ptr nativeTokenInnerPtr = nativeTokenInner.second; - if (nativeTokenInnerPtr == nullptr || nativeTokenInnerPtr->IsRemote() - || nativeTokenInnerPtr->GetDcap().empty()) { - continue; - } - NativeTokenInfoForSync token; - nativeTokenInnerPtr->TranslateToNativeTokenInfo(token.baseInfo); - - std::shared_ptr permSetPtr = - nativeTokenInnerPtr->GetNativeInfoPermissionPolicySet(); - if (permSetPtr == nullptr) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}u permSet is invalid.", token.baseInfo.tokenID); - return; - } - permSetPtr->GetPermissionStateList(token.permStateList); - - nativeTokenInfosRes.emplace_back(token); - } - return; -} - int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync) { std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); if (infoPtr == nullptr || !infoPtr->IsRemote()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u is null or not remote, can not update!", mapID); + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is null or not remote, can not update!", mapID); return ERR_IDENTITY_CHECK_FAILED; } - - std::shared_ptr newPermPolicySet = - PermissionPolicySet::BuildPolicySetWithoutDefCheck(mapID, hapSync.permStateList); - - { - Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); - infoPtr->SetTokenBaseInfo(hapSync.baseInfo); - infoPtr->SetPermissionPolicySet(newPermPolicySet); - } + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + infoPtr->UpdateRemoteHapTokenInfo(mapID, hapSync.baseInfo, hapSync.permStateList); // update remote hap to kernel - PermissionManager::GetInstance().AddPermToKernel(mapID, newPermPolicySet); + PermissionManager::GetInstance().AddHapPermToKernel(mapID, std::vector()); return RET_SUCCESS; } @@ -797,7 +735,7 @@ int AccessTokenInfoManager::CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTok int ret = AddHapTokenInfo(hap); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Add local token failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Add local token failed."); return ret; } @@ -807,18 +745,14 @@ int AccessTokenInfoManager::CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTok bool AccessTokenInfoManager::IsRemoteHapTokenValid(const std::string& deviceID, const HapTokenInfoForSync& hapSync) { std::string errReason; - if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsDeviceIdValid(hapSync.baseInfo.deviceID)) { + if (!DataValidator::IsDeviceIdValid(deviceID)) { errReason = "respond deviceID error"; } else if (!DataValidator::IsUserIdValid(hapSync.baseInfo.userID)) { errReason = "respond userID error"; } else if (!DataValidator::IsBundleNameValid(hapSync.baseInfo.bundleName)) { errReason = "respond bundleName error"; - } else if (!DataValidator::IsAplNumValid(hapSync.baseInfo.apl)) { - errReason = "respond apl error"; } else if (!DataValidator::IsTokenIDValid(hapSync.baseInfo.tokenID)) { errReason = "respond tokenID error"; - } else if (!DataValidator::IsAppIDDescValid(hapSync.baseInfo.appID)) { - errReason = "respond appID error"; } else if (!DataValidator::IsDlpTypeValid(hapSync.baseInfo.dlpType)) { errReason = "respond dlpType error"; } else if (hapSync.baseInfo.ver != DEFAULT_TOKEN_VERSION) { @@ -838,110 +772,54 @@ bool AccessTokenInfoManager::IsRemoteHapTokenValid(const std::string& deviceID, int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync) { if (!IsRemoteHapTokenValid(deviceID, hapSync)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); return ERR_IDENTITY_CHECK_FAILED; } AccessTokenID remoteID = hapSync.baseInfo.tokenID; AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); if (mapID != 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u update exist remote hap token %{public}u.", + LOGI(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}u update exist remote hap token %{public}u.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID, mapID); // update remote token mapping id hapSync.baseInfo.tokenID = mapID; - hapSync.baseInfo.deviceID = deviceID; return UpdateRemoteHapTokenInfo(mapID, hapSync); } mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u map failed.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}u map failed.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID); return ERR_TOKEN_MAP_FAILED; } // update remote token mapping id hapSync.baseInfo.tokenID = mapID; - hapSync.baseInfo.deviceID = deviceID; int ret = CreateRemoteHapTokenInfo(mapID, hapSync); if (ret != RET_SUCCESS) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map to local token %{public}u failed.", + int result = AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); + if (result != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "remove device map token id failed"); + } + LOGI(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}u map to local token %{public}u failed.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID, mapID); return ret; } - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map to local token %{public}u success.", + LOGI(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}u map to local token %{public}u success.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID, mapID); return RET_SUCCESS; } -int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID, - std::vector& nativeTokenInfoList) -{ - if (!DataValidator::IsDeviceIdValid(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); - return AccessTokenError::ERR_PARAM_INVALID; - } - - for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) { - AccessTokenID remoteID = nativeToken.baseInfo.tokenID; - auto encryptDevId = ConstantCommon::EncryptDevId(deviceID); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(remoteID); - if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) || - nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || - !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || - nativeToken.baseInfo.dcap.empty() || - (type != TOKEN_NATIVE && type != TOKEN_SHELL)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u is invalid.", - encryptDevId.c_str(), remoteID); - continue; - } - - AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID); - if (mapID != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u has maped, no need update it.", - encryptDevId.c_str(), remoteID); - continue; - } - - mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); - if (mapID == 0) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u map failed.", - encryptDevId.c_str(), remoteID); - continue; - } - nativeToken.baseInfo.tokenID = mapID; - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map to local token %{public}u.", - encryptDevId.c_str(), remoteID, mapID); - - std::shared_ptr nativePtr = - std::make_shared(nativeToken.baseInfo, nativeToken.permStateList); - nativePtr->SetRemote(true); - int ret = AddNativeTokenInfo(nativePtr); - if (ret != RET_SUCCESS) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s tokenId %{public}u add local token failed.", - encryptDevId.c_str(), remoteID); - continue; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s token %{public}u map token %{public}u add success.", - encryptDevId.c_str(), remoteID, mapID); - } - - return RET_SUCCESS; -} - int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) { if (!DataValidator::IsDeviceIdValid(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s parms invalid.", ConstantCommon::EncryptDevId(deviceID).c_str()); return AccessTokenError::ERR_PARAM_INVALID; } AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, tokenID); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s tokenId %{public}u is not mapped.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s tokenId %{public}u is not mapped.", ConstantCommon::EncryptDevId(deviceID).c_str(), tokenID); return ERR_TOKEN_MAP_FAILED; } @@ -950,20 +828,19 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces if (type == TOKEN_HAP) { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(mapID) == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token %{public}u no exist.", mapID); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", mapID); return ERR_TOKEN_INVALID; } hapTokenInfoMap_.erase(mapID); } else if ((type == TOKEN_NATIVE) || (type == TOKEN_SHELL)) { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(mapID) == 0) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Native token %{public}u is null.", mapID); + LOGE(ATM_DOMAIN, ATM_TAG, "Native token %{public}u is null.", mapID); return ERR_TOKEN_INVALID; } nativeTokenInfoMap_.erase(mapID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Mapping tokenId %{public}u type is unknown.", mapID); + LOGE(ATM_DOMAIN, ATM_TAG, "Mapping tokenId %{public}u type is unknown.", mapID); } return AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, tokenID); @@ -974,7 +851,7 @@ AccessTokenID AccessTokenInfoManager::GetRemoteNativeTokenID(const std::string& if ((!DataValidator::IsDeviceIdValid(deviceID)) || (tokenID == 0) || ((AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_NATIVE) && (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_SHELL))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s parms invalid.", ConstantCommon::EncryptDevId(deviceID).c_str()); return 0; } @@ -984,28 +861,32 @@ AccessTokenID AccessTokenInfoManager::GetRemoteNativeTokenID(const std::string& int AccessTokenInfoManager::DeleteRemoteDeviceTokens(const std::string& deviceID) { if (!DataValidator::IsDeviceIdValid(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s parms invalid.", ConstantCommon::EncryptDevId(deviceID).c_str()); return AccessTokenError::ERR_PARAM_INVALID; } std::vector remoteTokens; int ret = AccessTokenRemoteTokenManager::GetInstance().GetDeviceAllRemoteTokenID(deviceID, remoteTokens); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s have no remote token.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s have no remote token.", ConstantCommon::EncryptDevId(deviceID).c_str()); return ret; } for (AccessTokenID remoteID : remoteTokens) { - DeleteRemoteToken(deviceID, remoteID); + ret = DeleteRemoteToken(deviceID, remoteID); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "delete remote token failed! deviceId=%{public}s, remoteId=%{public}d.", \ + deviceID.c_str(), remoteID); + } } - return RET_SUCCESS; + return ret; } AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) { if (!DataValidator::IsDeviceIdValid(remoteDeviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s parms invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s parms invalid.", ConstantCommon::EncryptDevId(remoteDeviceID).c_str()); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_SYNC", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", TOKEN_SYNC_CALL_ERROR, @@ -1013,13 +894,13 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot return 0; } uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - SetFirstCallerTokenID(fullTokenId); - ACCESSTOKEN_LOG_INFO(LABEL, "Set first caller %{public}" PRIu64 ".", fullTokenId); + int result = SetFirstCallerTokenID(fullTokenId); // for debug + LOGI(ATM_DOMAIN, ATM_TAG, "Set first caller %{public}" PRIu64 "., ret is %{public}d", fullTokenId, result); std::string remoteUdid; DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(ACCESS_TOKEN_PACKAGE_NAME, remoteDeviceID, remoteUdid); - ACCESSTOKEN_LOG_INFO(LABEL, "Device %{public}s remoteUdid.", ConstantCommon::EncryptDevId(remoteUdid).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Device %{public}s remoteUdid.", ConstantCommon::EncryptDevId(remoteUdid).c_str()); AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(remoteUdid, remoteTokenID); if (mapID != 0) { @@ -1027,7 +908,7 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot } int ret = TokenModifyNotifier::GetInstance().GetRemoteHapTokenInfo(remoteUdid, remoteTokenID); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s token %{public}u sync failed", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}u sync failed", ConstantCommon::EncryptDevId(remoteUdid).c_str(), remoteTokenID); std::string errorReason = "token sync call error, error number is " + std::to_string(ret); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_SYNC", @@ -1042,7 +923,7 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Tokensync is disable, check dependent components"); + LOGE(ATM_DOMAIN, ATM_TAG, "Tokensync is disable, check dependent components"); return 0; } #endif @@ -1053,207 +934,147 @@ AccessTokenInfoManager& AccessTokenInfoManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenInfoManager(); + AccessTokenInfoManager* tmp = new AccessTokenInfoManager(); + instance = std::move(tmp); } } return *instance; } -void AccessTokenInfoManager::StoreAllTokenInfo() +int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr& hapInfo, + const std::string& appId, ATokenAplEnum apl, bool isUpdate) { + if (hapInfo == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token info is null!"); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; + } + if (hapInfo->IsRemote()) { + LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; + } + AccessTokenID tokenID = hapInfo->GetTokenID(); + + // get new hap token info from cache std::vector hapInfoValues; + hapInfo->StoreHapInfo(hapInfoValues, appId, apl); + + // get new permission def from cache if exist std::vector permDefValues; + PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); + + // get new permission status from cache if exist std::vector permStateValues; - std::vector nativeTokenValues; - uint64_t lastestUpdateStamp = 0; - { - Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); - for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { - if (iter->second != nullptr) { - std::shared_ptr& hapInfo = iter->second; - hapInfo->StoreHapInfo(hapInfoValues); - hapInfo->StorePermissionPolicy(permStateValues); - if (hapInfo->permUpdateTimestamp_ > lastestUpdateStamp) { - lastestUpdateStamp = hapInfo->permUpdateTimestamp_; - } - } - } - } + hapInfo->StorePermissionPolicy(permStateValues); - { - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { - if (iter->second != nullptr) { - iter->second->StoreNativeInfo(nativeTokenValues); - iter->second->StorePermissionPolicy(permStateValues); - } - } + std::vector addDataTypes; + std::vector delDataTypes; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + + std::vector deleteValues; + if (isUpdate) { // udapte: delete and add; otherwise add only + delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + deleteValues.emplace_back(conditionValue); + deleteValues.emplace_back(conditionValue); + deleteValues.emplace_back(conditionValue); } - PermissionDefinitionCache::GetInstance().StorePermissionDef(permDefValues); + std::vector> addValues; + addValues.emplace_back(hapInfoValues); + addValues.emplace_back(permDefValues); + addValues.emplace_back(permStateValues); - AccessTokenDb::GetInstance().RefreshAll(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapInfoValues); - AccessTokenDb::GetInstance().RefreshAll(AccessTokenDb::ACCESSTOKEN_NATIVE_INFO, nativeTokenValues); - AccessTokenDb::GetInstance().RefreshAll(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, permDefValues); - int res = AccessTokenDb::GetInstance().RefreshAll(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateValues); - PermissionManager::GetInstance().NotifyPermGrantStoreResult((res == 0), lastestUpdateStamp); + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues( + delDataTypes, deleteValues, addDataTypes, addValues); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); + return ret; + } + return RET_SUCCESS; } -int AccessTokenInfoManager::AddAllNativeTokenInfoToDb(void) +int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(AccessTokenID tokenID) { - std::vector permStateValues; - std::vector nativeTokenValues; - - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { - if (iter->second != nullptr) { - iter->second->StoreNativeInfo(nativeTokenValues); - iter->second->StorePermissionPolicy(permStateValues); - } + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + std::vector deleteDataTypes; + std::vector deleteValues; + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_DEF); + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + deleteValues.emplace_back(condition); + deleteValues.emplace_back(condition); + deleteValues.emplace_back(condition); + + std::vector addDataTypes; + std::vector> addValues; + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, + addValues); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); + return ret; } - ACCESSTOKEN_LOG_INFO(LABEL, "permStateValues %{public}zu, nativeTokenValues %{public}zu.", - permStateValues.size(), nativeTokenValues.size()); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateValues); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_NATIVE_INFO, nativeTokenValues); return RET_SUCCESS; } -int AccessTokenInfoManager::ModifyHapTokenInfoFromDb(AccessTokenID tokenID) -{ - Utils::UniqueWriteGuard infoGuard(this->modifyLock_); - RemoveHapTokenInfoFromDb(tokenID); - return AddHapTokenInfoToDb(tokenID); -} - -int32_t AccessTokenInfoManager::ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission) +void AccessTokenInfoManager::PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id) { - std::vector permStateValues; - Utils::UniqueWriteGuard infoGuard(this->modifyLock_); - std::shared_ptr hapInfo = GetHapTokenInfoInner(tokenID); - if (hapInfo == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u info is null!", tokenID); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; - } - hapInfo->StorePermissionPolicy(permStateValues); - - for (size_t i = 0; i < permStateValues.size(); i++) { - if (permStateValues[i].GetString(TokenFiledConst::FIELD_PERMISSION_NAME) != permission) { - continue; + std::vector permissionList; + int32_t userId = info->GetUserID(); + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + LOGI(ATM_DOMAIN, ATM_TAG, "Execute user policy."); + HapTokenInfoInner::GetGrantedPermByTokenId(id, permPolicyList_, permissionList); + } else { + std::vector emptyList; + HapTokenInfoInner::GetGrantedPermByTokenId(id, emptyList, permissionList); } - GenericValues conditions; - conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permission); - AccessTokenDb::GetInstance().Modify( - AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions); } - return RET_SUCCESS; -} - -int AccessTokenInfoManager::AddHapTokenInfoToDb(AccessTokenID tokenID) -{ - std::vector hapInfoValues; - std::vector permDefValues; - std::vector permStateValues; - - std::shared_ptr hapInfo = GetHapTokenInfoInner(tokenID); - if (hapInfo == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u info is null!", tokenID); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; - } - hapInfo->StoreHapInfo(hapInfoValues); - hapInfo->StorePermissionPolicy(permStateValues); - - PermissionDefinitionCache::GetInstance().StorePermissionDef(tokenID, permDefValues); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapInfoValues); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateValues); - AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, permDefValues); - return RET_SUCCESS; -} - -int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(AccessTokenID tokenID) -{ - GenericValues values; - values.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - - AccessTokenDb::GetInstance().Remove(AccessTokenDb::ACCESSTOKEN_HAP_INFO, values); - AccessTokenDb::GetInstance().Remove(AccessTokenDb::ACCESSTOKEN_PERMISSION_DEF, values); - AccessTokenDb::GetInstance().Remove(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, values); - return RET_SUCCESS; -} - -#ifdef RESOURCESCHEDULE_FFRT_ENABLE -int32_t AccessTokenInfoManager::GetCurTaskNum() -{ - return curTaskNum_.load(); -} - -void AccessTokenInfoManager::AddCurTaskNum() -{ - curTaskNum_++; -} - -void AccessTokenInfoManager::ReduceCurTaskNum() -{ - curTaskNum_--; -} -#endif - -void AccessTokenInfoManager::RefreshTokenInfoIfNeeded() -{ -#ifdef RESOURCESCHEDULE_FFRT_ENABLE - if (GetCurTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, "Has refresh task!"); - return; + if (permissionList.size() != 0) { + PermissionManager::GetInstance().ParamUpdate(permissionList[0], 0, true); } - - auto tokenStore = []() { - AccessTokenInfoManager::GetInstance().StoreAllTokenInfo(); - - // Sleep for one second to avoid frequent refresh of the database. - ffrt::this_task::sleep_for(std::chrono::seconds(1)); - AccessTokenInfoManager::GetInstance().ReduceCurTaskNum(); - }; - AddCurTaskNum(); - ffrtTaskQueue_->submit(tokenStore, ffrt::task_attr().qos(ffrt::qos_default)); -#else - if (tokenDataWorker_.GetCurTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, "Has refresh task!"); - return; + for (const auto& permissionName : permissionList) { + CallbackManager::GetInstance().ExecuteCallbackAsync( + id, permissionName, PermStateChangeType::STATE_CHANGE_REVOKED); } - - tokenDataWorker_.AddTask([]() { - AccessTokenInfoManager::GetInstance().StoreAllTokenInfo(); - - // Sleep for one second to avoid frequent refresh of the database. - std::this_thread::sleep_for(std::chrono::seconds(1)); - }); -#endif } -void AccessTokenInfoManager::PermissionStateNotify(const std::shared_ptr& info, AccessTokenID id) +int32_t AccessTokenInfoManager::GetHapAppIdByTokenId(AccessTokenID tokenID, std::string& appId) { - std::shared_ptr policy = info->GetHapInfoPermissionPolicySet(); - if (policy == nullptr) { - return; + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + std::vector hapTokenResults; + int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d.", tokenID, ret); + return ret; } - std::vector permissionList; - policy->GetDeletedPermissionListToNotify(permissionList); - if (permissionList.size() != 0) { - PermissionManager::GetInstance().ParamUpdate(permissionList[0], 0, true); + if (hapTokenResults.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id(%{public}u) is not in hap_token_table.", tokenID); + return AccessTokenError::ERR_TOKENID_NOT_EXIST; } - for (const auto& permissionName : permissionList) { - CallbackManager::GetInstance().ExecuteCallbackAsync( - id, permissionName, PermStateChangeType::STATE_CHANGE_REVOKED); + std::string result = hapTokenResults[0].GetString(TokenFiledConst::FIELD_APP_ID); + if (!DataValidator::IsAppIDDescValid(result)) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x appID is error.", tokenID); + return AccessTokenError::ERR_PARAM_INVALID; } + appId = result; + return RET_SUCCESS; } AccessTokenID AccessTokenInfoManager::GetNativeTokenId(const std::string& processName) { AccessTokenID tokenID = INVALID_TOKENID; Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { - if (iter->second != nullptr && iter->second->GetProcessName() == processName) { + for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); ++iter) { + if (iter->second.processName == processName) { tokenID = iter->first; break; } @@ -1263,8 +1084,6 @@ AccessTokenID AccessTokenInfoManager::GetNativeTokenId(const std::string& proces void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID tokenId, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Dump by tokenId[%{public}u].", tokenId); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); if (type == TOKEN_HAP) { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenId); @@ -1272,10 +1091,7 @@ void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID token infoPtr->ToString(dumpInfo); } } else if (type == TOKEN_NATIVE || type == TOKEN_SHELL) { - std::shared_ptr infoPtr = GetNativeTokenInfoInner(tokenId); - if (infoPtr != nullptr) { - infoPtr->ToString(dumpInfo); - } + NativeTokenToString(tokenId, dumpInfo); } else { dumpInfo.append("invalid tokenId"); } @@ -1283,8 +1099,6 @@ void AccessTokenInfoManager::DumpHapTokenInfoByTokenId(const AccessTokenID token void AccessTokenInfoManager::DumpHapTokenInfoByBundleName(const std::string& bundleName, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get hap token info by bundleName[%{public}s].", bundleName.c_str()); - Utils::UniqueReadGuard hapInfoGuard(this->hapTokenInfoLock_); for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { @@ -1298,14 +1112,14 @@ void AccessTokenInfoManager::DumpHapTokenInfoByBundleName(const std::string& bun } } -void AccessTokenInfoManager::DumpAllHapTokenInfo(std::string& dumpInfo) +void AccessTokenInfoManager::DumpAllHapTokenname(std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get all hap token info."); + LOGD(ATM_DOMAIN, ATM_TAG, "Get all hap token name."); Utils::UniqueReadGuard hapInfoGuard(this->hapTokenInfoLock_); for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { - iter->second->ToString(dumpInfo); + dumpInfo += std::to_string(iter->second->GetTokenID()) + ": " + iter->second->GetBundleName(); dumpInfo.append("\n"); } } @@ -1313,28 +1127,17 @@ void AccessTokenInfoManager::DumpAllHapTokenInfo(std::string& dumpInfo) void AccessTokenInfoManager::DumpNativeTokenInfoByProcessName(const std::string& processName, std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get native token info by processName[%{public}s].", processName.c_str()); - - Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); - for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { - if ((iter->second != nullptr) && (processName == iter->second->GetProcessName())) { - iter->second->ToString(dumpInfo); - dumpInfo.append("\n"); - break; - } - } + NativeTokenToString(GetNativeTokenId(processName), dumpInfo); } -void AccessTokenInfoManager::DumpAllNativeTokenInfo(std::string& dumpInfo) +void AccessTokenInfoManager::DumpAllNativeTokenName(std::string& dumpInfo) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Get all native token info."); + LOGD(ATM_DOMAIN, ATM_TAG, "Get all native token name."); Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) { - if (iter->second != nullptr) { - iter->second->ToString(dumpInfo); - dumpInfo.append("\n"); - } + dumpInfo += std::to_string(iter->first) + ": " + iter->second.processName; + dumpInfo.append("\n"); } } @@ -1355,10 +1158,10 @@ void AccessTokenInfoManager::ReduceDumpTaskNum() void AccessTokenInfoManager::DumpToken() { - ACCESSTOKEN_LOG_INFO(LABEL, "AccessToken Dump"); - int32_t fd = open(DUMP_JSON_PATH.c_str(), O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); + LOGI(ATM_DOMAIN, ATM_TAG, "AccessToken Dump"); + int32_t fd = open(DUMP_JSON_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Open failed errno %{public}d.", errno); + LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); return; } std::string dumpStr; @@ -1385,8 +1188,81 @@ void AccessTokenInfoManager::DumpTokenInfo(const AtmToolsParamInfo& info, std::s return; } - DumpAllHapTokenInfo(dumpInfo); - DumpAllNativeTokenInfo(dumpInfo); + DumpAllHapTokenname(dumpInfo); + DumpAllNativeTokenName(dumpInfo); +} + + +void AccessTokenInfoManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) +{ + if (ClearUserGrantedPermission(tokenID) != RET_SUCCESS) { + return; + } + std::vector tokenIdList; + GetRelatedSandBoxHapList(tokenID, tokenIdList); + for (const auto& id : tokenIdList) { + (void)ClearUserGrantedPermission(id); + } + // DFX + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "CLEAR_USER_PERMISSION_STATE", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, + "TOKENID_LEN", static_cast(tokenIdList.size())); +} + +int32_t AccessTokenInfoManager::ClearUserGrantedPermission(AccessTokenID id) +{ + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", id); + return ERR_PARAM_INVALID; + } + if (infoPtr->IsRemote()) { + LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap token %{public}u!", id); + return ERR_IDENTITY_CHECK_FAILED; + } + std::vector grantedPermListBefore; + std::vector emptyList; + HapTokenInfoInner::GetGrantedPermByTokenId(id, emptyList, grantedPermListBefore); + + // reset permission. + infoPtr->ResetUserGrantPermissionStatus(); + + std::vector grantedPermListAfter; + HapTokenInfoInner::GetGrantedPermByTokenId(id, emptyList, grantedPermListAfter); + + { + int32_t userId = infoPtr->GetUserID(); + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if (!permPolicyList_.empty() && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + PermissionManager::GetInstance().AddHapPermToKernel(id, permPolicyList_); + PermissionManager::GetInstance().NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, id); + return RET_SUCCESS; + } + } + PermissionManager::GetInstance().AddHapPermToKernel(id, std::vector()); + LOGI(ATM_DOMAIN, ATM_TAG, + "grantedPermListBefore size %{public}zu, grantedPermListAfter size %{public}zu!", + grantedPermListBefore.size(), grantedPermListAfter.size()); + PermissionManager::GetInstance().NotifyUpdatedPermList(grantedPermListBefore, grantedPermListAfter, id); + return RET_SUCCESS; +} + +bool AccessTokenInfoManager::IsPermissionRestrictedByUserPolicy(AccessTokenID id, const std::string& permissionName) +{ + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid.", id); + return ERR_PARAM_INVALID; + } + int32_t userId = infoPtr->GetUserID(); + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + if ((std::find(permPolicyList_.begin(), permPolicyList_.end(), permissionName) != permPolicyList_.end()) && + (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { + LOGI(ATM_DOMAIN, ATM_TAG, "id %{public}u perm %{public}s.", id, permissionName.c_str()); + return true; + } + return false; } void AccessTokenInfoManager::GetRelatedSandBoxHapList(AccessTokenID tokenId, std::vector& tokenIdList) @@ -1398,7 +1274,7 @@ void AccessTokenInfoManager::GetRelatedSandBoxHapList(AccessTokenID tokenId, std return; } if (infoIter->second == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenInfoInner is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenInfoInner is nullptr."); return; } std::string bundleName = infoIter->second->GetBundleName(); @@ -1429,7 +1305,7 @@ int32_t AccessTokenInfoManager::SetPermDialogCap(AccessTokenID tokenID, bool ena Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); auto infoIter = hapTokenInfoMap_.find(tokenID); if ((infoIter == hapTokenInfoMap_.end()) || (infoIter->second == nullptr)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "HapTokenInfoInner is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "HapTokenInfoInner is nullptr."); return ERR_TOKENID_NOT_EXIST; } infoIter->second->SetPermDialogForbidden(enable); @@ -1441,43 +1317,210 @@ int32_t AccessTokenInfoManager::SetPermDialogCap(AccessTokenID tokenID, bool ena return RET_SUCCESS; } -bool AccessTokenInfoManager::GetPermDialogCap(AccessTokenID tokenID) +int32_t AccessTokenInfoManager::ParseUserPolicyInfo(const std::vector& userList, + const std::vector& permList, std::map& changedUserList) { - if (tokenID == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenId."); - return true; + if (!permPolicyList_.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserPolicy has been initialized."); + return ERR_USER_POLICY_INITIALIZED; + } + for (const auto &permission : permList) { + if (std::find(permPolicyList_.begin(), permPolicyList_.end(), permission) == permPolicyList_.end()) { + permPolicyList_.emplace_back(permission); + } + } + + if (permPolicyList_.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "permList is invalid."); + return ERR_PARAM_INVALID; } + for (const auto &userInfo : userList) { + if (userInfo.userId < 0) { + LOGW(ATM_DOMAIN, ATM_TAG, "userId %{public}d is invalid.", userInfo.userId); + continue; + } + if (userInfo.isActive) { + LOGI(ATM_DOMAIN, ATM_TAG, "userid %{public}d is active.", userInfo.userId); + continue; + } + inactiveUserList_.emplace_back(userInfo.userId); + changedUserList[userInfo.userId] = false; + } + + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::ParseUserPolicyInfo(const std::vector& userList, + std::map& changedUserList) +{ + if (permPolicyList_.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserPolicy has been initialized."); + return ERR_USER_POLICY_NOT_INITIALIZED; + } + for (const auto &userInfo : userList) { + if (userInfo.userId < 0) { + LOGW(ATM_DOMAIN, ATM_TAG, "UserId %{public}d is invalid.", userInfo.userId); + continue; + } + auto iter = std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userInfo.userId); + // the userid is changed to foreground + if ((iter != inactiveUserList_.end() && userInfo.isActive)) { + inactiveUserList_.erase(iter); + changedUserList[userInfo.userId] = userInfo.isActive; + } + // the userid is changed to background + if ((iter == inactiveUserList_.end() && !userInfo.isActive)) { + changedUserList[userInfo.userId] = userInfo.isActive; + inactiveUserList_.emplace_back(userInfo.userId); + } + } + return RET_SUCCESS; +} + +void AccessTokenInfoManager::GetGoalHapList(std::map& tokenIdList, + std::map& changedUserList) +{ Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); - auto infoIter = hapTokenInfoMap_.find(tokenID); - if ((infoIter == hapTokenInfoMap_.end()) || (infoIter->second == nullptr)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId is not exist in map."); - return true; + for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); ++iter) { + AccessTokenID tokenId = iter->first; + std::shared_ptr infoPtr = iter->second; + if (infoPtr == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId infoPtr is null."); + continue; + } + auto userInfo = changedUserList.find(infoPtr->GetUserID()); + if (userInfo != changedUserList.end()) { + // Record the policy status of hap (active or not). + tokenIdList[tokenId] = userInfo->second; + } } - return infoIter->second->IsPermDialogForbidden(); + return; } -bool AccessTokenInfoManager::UpdateStatesToDatabase(AccessTokenID tokenID, - std::vector& stateChangeList) +int32_t AccessTokenInfoManager::UpdatePermissionStateToKernel(const std::map& tokenIdList) { - for (const auto& state : stateChangeList) { - GenericValues modifyValue; - modifyValue.Put(TokenFiledConst::FIELD_GRANT_STATE, state.grantStatus[0]); - modifyValue.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast(state.grantFlags[0])); + for (auto iter = tokenIdList.begin(); iter != tokenIdList.end(); ++iter) { + AccessTokenID tokenId = iter->first; + bool isActive = iter->second; + // refresh under userPolicyLock_ + { + Utils::UniqueReadGuard infoGuard(this->userPolicyLock_); + std::map refreshedPermList; + HapTokenInfoInner::RefreshPermStateToKernel(permPolicyList_, isActive, tokenId, refreshedPermList); - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, state.permissionName); - - int32_t res = AccessTokenDb::GetInstance().Modify(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, modifyValue, - conditionValue); - if (res != AccessTokenDb::ExecuteResult::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Update tokenID %{public}u permission %{public}s to database failed", - tokenID, state.permissionName.c_str()); - return false; + if (refreshedPermList.size() != 0) { + PermissionManager::GetInstance().ParamUpdate(std::string(), 0, true); + } + for (auto perm = refreshedPermList.begin(); perm != refreshedPermList.end(); ++perm) { + PermStateChangeType change = perm->second ? + PermStateChangeType::STATE_CHANGE_GRANTED : PermStateChangeType::STATE_CHANGE_REVOKED; + CallbackManager::GetInstance().ExecuteCallbackAsync(tokenId, perm->first, change); + } } } + return RET_SUCCESS; +} - return true; +int32_t AccessTokenInfoManager::UpdatePermissionStateToKernel(const std::vector& permCodeList, + const std::map& tokenIdList) +{ + for (auto iter = tokenIdList.begin(); iter != tokenIdList.end(); ++iter) { + AccessTokenID tokenId = iter->first; + bool isActive = iter->second; + std::map refreshedPermList; + HapTokenInfoInner::RefreshPermStateToKernel(permCodeList, isActive, tokenId, refreshedPermList); + + if (refreshedPermList.size() != 0) { + PermissionManager::GetInstance().ParamUpdate(std::string(), 0, true); + } + for (auto perm = refreshedPermList.begin(); perm != refreshedPermList.end(); ++perm) { + LOGI(ATM_DOMAIN, ATM_TAG, "Perm %{public}s refreshed by user policy, isActive %{public}d.", + perm->first.c_str(), perm->second); + PermStateChangeType change = perm->second ? + PermStateChangeType::STATE_CHANGE_GRANTED : PermStateChangeType::STATE_CHANGE_REVOKED; + CallbackManager::GetInstance().ExecuteCallbackAsync(tokenId, perm->first, change); + } + } + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::InitUserPolicy( + const std::vector& userList, const std::vector& permList) +{ + std::map tokenIdList; + { + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + std::map changedUserList; + int32_t ret = ParseUserPolicyInfo(userList, permList, changedUserList); + if (ret != RET_SUCCESS) { + return ret; + } + if (changedUserList.empty()) { + LOGI(ATM_DOMAIN, ATM_TAG, "changedUserList is empty."); + return ret; + } + GetGoalHapList(tokenIdList, changedUserList); + } + return UpdatePermissionStateToKernel(tokenIdList); +} + +int32_t AccessTokenInfoManager::UpdateUserPolicy(const std::vector& userList) +{ + std::map tokenIdList; + { + std::map changedUserList; + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + int32_t ret = ParseUserPolicyInfo(userList, changedUserList); + if (ret != RET_SUCCESS) { + return ret; + } + if (changedUserList.empty()) { + LOGI(ATM_DOMAIN, ATM_TAG, "changedUserList is empty."); + return ret; + } + GetGoalHapList(tokenIdList, changedUserList); + } + return UpdatePermissionStateToKernel(tokenIdList); +} + +int32_t AccessTokenInfoManager::ClearUserPolicy() +{ + std::map tokenIdList; + std::vector permList; + Utils::UniqueWriteGuard infoGuard(this->userPolicyLock_); + if (permPolicyList_.empty()) { + LOGW(ATM_DOMAIN, ATM_TAG, "UserPolicy has been cleared."); + return RET_SUCCESS; + } + permList.assign(permPolicyList_.begin(), permPolicyList_.end()); + std::map changedUserList; + for (const auto &userId : inactiveUserList_) { + // All user comes to be active for permission manager. + changedUserList[userId] = true; + } + GetGoalHapList(tokenIdList, changedUserList); + int32_t ret = UpdatePermissionStateToKernel(permList, tokenIdList); + // Lock range is large. While The number of ClearUserPolicy function calls is very small. + if (ret == RET_SUCCESS) { + permPolicyList_.clear(); + inactiveUserList_.clear(); + } + return ret; +} + +bool AccessTokenInfoManager::GetPermDialogCap(AccessTokenID tokenID) +{ + if (tokenID == INVALID_TOKENID) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId."); + return true; + } + Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); + auto infoIter = hapTokenInfoMap_.find(tokenID); + if ((infoIter == hapTokenInfoMap_.end()) || (infoIter->second == nullptr)) { + LOGE(ATM_DOMAIN, ATM_TAG, "TokenId is not exist in map."); + return true; + } + return infoIter->second->IsPermDialogForbidden(); } bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, bool enable) @@ -1488,9 +1531,9 @@ bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, boo GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - int32_t res = AccessTokenDb::GetInstance().Modify(AccessTokenDb::ACCESSTOKEN_HAP_INFO, modifyValue, conditionValue); - if (res != AccessTokenDb::ExecuteResult::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, + int32_t res = AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_HAP_INFO, modifyValue, conditionValue); + if (res != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Update tokenID %{public}u permissionDialogForbidden %{public}d to database failed", tokenID, enable); return false; } @@ -1498,28 +1541,270 @@ bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, boo return true; } -int32_t AccessTokenInfoManager::GetNativeTokenName(AccessTokenID tokenId, std::string& name) +int AccessTokenInfoManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { + LOGI(ATM_DOMAIN, ATM_TAG, "Permission definition set has not been installed!"); + if (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) == TOKEN_NATIVE) { + return PERMISSION_GRANTED; + } + LOGE(ATM_DOMAIN, ATM_TAG, "Token: %{public}d type error!", tokenID); + return PERMISSION_DENIED; + } + LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); + return PERMISSION_DENIED; + } + uint32_t code; + if (!TransferPermissionToOpcode(permissionName, code)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm(%{public}s)", permissionName.c_str()); + return PERMISSION_DENIED; + } + + Utils::UniqueReadGuard infoGuard(this->nativeTokenInfoLock_); + auto iter = nativeTokenInfoMap_.find(tokenID); + if (iter == nativeTokenInfoMap_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u is not exist.", tokenID); + return PERMISSION_DENIED; + } + + NativeTokenInfoCache cache = iter->second; + for (size_t i = 0; i < cache.opCodeList.size(); ++i) { + if (code == cache.opCodeList[i]) { + return cache.statusList[i] ? PERMISSION_GRANTED : PERMISSION_DENIED; + } + } + + return PERMISSION_DENIED; +} + +int32_t AccessTokenInfoManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName) +{ + if (tokenID == INVALID_TOKENID) { + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", + HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", VERIFY_TOKEN_ID_ERROR, "CALLER_TOKENID", + static_cast(IPCSkeleton::GetCallingTokenID()), "PERMISSION_NAME", permissionName); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID is invalid"); + return PERMISSION_DENIED; + } + + if (!PermissionValidator::IsPermissionNameValid(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "PermissionName: %{public}s, invalid params!", permissionName.c_str()); + return PERMISSION_DENIED; + } + + ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); + if ((tokenType == TOKEN_NATIVE) || (tokenType == TOKEN_SHELL)) { + return VerifyNativeAccessToken(tokenID, permissionName); + } + if (tokenType == TOKEN_HAP) { + return PermissionManager::GetInstance().VerifyHapAccessToken(tokenID, permissionName); + } + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, invalid tokenType!", tokenID); + return PERMISSION_DENIED; +} + +int32_t AccessTokenInfoManager::AddPermRequestToggleStatusToDb( + int32_t userID, const std::string& permissionName, int32_t status) +{ + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_USER_ID, userID); + condition.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + + std::vector dataTypes; + dataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS); + + // delete + std::vector deleteValues; + deleteValues.emplace_back(condition); + + // add + std::vector> addValues; + std::vector value; + condition.Put(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS, status); + value.emplace_back(condition); + addValues.emplace_back(value); + int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(dataTypes, deleteValues, dataTypes, addValues); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "DeleteAndInsertHap failed, ret %{public}d.", ret); + return ret; + } + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, + int32_t userID) { - if (tokenId == INVALID_TOKENID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u is invalid.", tokenId); + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "UserID=%{public}u, permission=%{public}s, status=%{public}d", userID, + permissionName.c_str(), status); + if (!PermissionValidator::IsUserIdValid(userID) || + !PermissionValidator::IsPermissionNameValid(permissionName) || + !PermissionValidator::IsToggleStatusValid(status)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid parameter(userId=%{public}d, perm=%{public}s, status=%{public}d).", + userID, permissionName.c_str(), status); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission=%{public}s is not defined.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Only support permissions of user_grant to set."); return AccessTokenError::ERR_PARAM_INVALID; } - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); - if ((type != ATokenTypeEnum::TOKEN_NATIVE) && (type != ATokenTypeEnum::TOKEN_SHELL)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token type %{public}u is invalid.", type); + int32_t ret = AddPermRequestToggleStatusToDb(userID, permissionName, status); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Status is invalid."); + return ret; + } + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERM_DIALOG_STATUS_INFO", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "USERID", userID, "PERMISSION_NAME", permissionName, + "TOGGLE_STATUS", status); + + return RET_SUCCESS; +} + +int32_t AccessTokenInfoManager::FindPermRequestToggleStatusFromDb(int32_t userID, const std::string& permissionName) +{ + std::vector result; + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); + conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + + AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, + conditionValue, result); + if (result.empty()) { + // never set, return default status: CLOSED if APP_TRACKING_CONSENT + return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? + PermissionRequestToggleStatus::CLOSED : PermissionRequestToggleStatus::OPEN; + } + return result[0].GetInt(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS); +} + +int32_t AccessTokenInfoManager::GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, + int32_t userID) +{ + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "UserID=%{public}u, permissionName=%{public}s", userID, permissionName.c_str()); + if (!PermissionValidator::IsUserIdValid(userID) || + !PermissionValidator::IsPermissionNameValid(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid parameter(userId=%{public}d, perm=%{public}s.", + userID, permissionName.c_str()); + return AccessTokenError::ERR_PARAM_INVALID; + } + if (!PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission=%{public}s is not defined.", permissionName.c_str()); + return AccessTokenError::ERR_PERMISSION_NOT_EXIST; + } + if (PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission(permissionName)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Only support permissions of user_grant to get."); return AccessTokenError::ERR_PARAM_INVALID; } - std::shared_ptr native = GetNativeTokenInfoInner(tokenId); - if (native == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenId %{public}u is not exist.", tokenId); - return AccessTokenError::ERR_TOKENID_NOT_EXIST; + status = static_cast(FindPermRequestToggleStatusFromDb(userID, permissionName)); + + return 0; +} + +bool AccessTokenInfoManager::IsPermissionReqValid(int32_t tokenApl, const std::string& permissionName, + const std::vector& nativeAcls) +{ + PermissionDef permissionDef; + int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName( + permissionName, permissionDef); + if (ret != RET_SUCCESS) { + return false; + } + if (tokenApl >= permissionDef.availableLevel) { + return true; + } + + auto iter = std::find(nativeAcls.begin(), nativeAcls.end(), permissionName); + if (iter != nativeAcls.end()) { + return true; + } + return false; +} + +int32_t AccessTokenInfoManager::GetNativeCfgInfo(std::vector& tokenInfos) +{ + LibraryLoader loader(CONFIG_PARSE_LIBPATH); + ConfigPolicyLoaderInterface* policy = loader.GetObject(); + if (policy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); + return RET_FAILED; + } + int ret = policy->GetAllNativeTokenInfo(tokenInfos); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to load native from native json, err=%{public}d.", ret); + return ret; } - name = native->GetProcessName(); return RET_SUCCESS; } + +void AccessTokenInfoManager::NativeTokenToString(AccessTokenID tokenID, std::string& info) +{ + std::vector tokenInfos; + int ret = GetNativeCfgInfo(tokenInfos); + if (ret != RET_SUCCESS || tokenInfos.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to load native from native json, err=%{public}d.", ret); + return; + } + auto iter = tokenInfos.begin(); + while (iter != tokenInfos.end()) { + if (iter->tokenID == tokenID) { + break; + } + ++iter; + } + if (iter == tokenInfos.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u is not exist.", tokenID); + return; + } + NativeTokenInfoBase native = *iter; + std::string invalidPermString = ""; + info.append(R"({\n)"); + info.append(R"( "tokenID": )" + std::to_string(native.tokenID) + ",\n"); + info.append(R"( "processName": ")" + native.processName + R"(")" + ",\n"); + info.append(R"( "apl": )" + std::to_string(native.apl) + ",\n"); + info.append(R"( "permStateList": [)"); + info.append("\n"); + for (auto iter = native.permStateList.begin(); iter != native.permStateList.end(); iter++) { + if (!IsPermissionReqValid(native.apl, iter->permissionName, native.nativeAcls)) { + invalidPermString.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + continue; + } + info.append(R"( {)"); + info.append("\n"); + info.append(R"( "permissionName": ")" + iter->permissionName + R"(")" + ",\n"); + info.append(R"( "grantStatus": )" + std::to_string(iter->grantStatus) + ",\n"); + info.append(R"( "grantFlag": )" + std::to_string(iter->grantFlag) + ",\n"); + info.append(R"( })"); + if (iter != (native.permStateList.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ]\n"); + + if (invalidPermString.empty()) { + info.append("}"); + return; + } + + info.append(R"( "invalidPermList": [\n)"); + info.append(invalidPermString); + info.append("\n ]\n}"); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp index cda69410a23fdfe89742efccccab81d55c5b07d4..9f80281e046528af43c6d3223535dba8ca538249 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp @@ -16,7 +16,7 @@ #include "accesstoken_remote_token_manager.h" #include "accesstoken_id_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "data_validator.h" #include "constant_common.h" @@ -25,8 +25,6 @@ namespace Security { namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenRemoteTokenManager"}; } AccessTokenRemoteTokenManager::AccessTokenRemoteTokenManager() {} @@ -41,7 +39,8 @@ AccessTokenRemoteTokenManager& AccessTokenRemoteTokenManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AccessTokenRemoteTokenManager(); + AccessTokenRemoteTokenManager* tmp = new AccessTokenRemoteTokenManager(); + instance = std::move(tmp); } } return *instance; @@ -51,14 +50,13 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s AccessTokenID remoteID) { if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s or token %{public}x is invalid.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID); return 0; } ATokenTypeEnum tokeType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(remoteID); if ((tokeType <= TOKEN_INVALID) || (tokeType >= TOKEN_TYPE_BUTT)) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Token %{public}x type is invalid.", remoteID); + LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}x type is invalid.", remoteID); return 0; } int32_t dlpFlag = AccessTokenIDManager::GetInstance().GetTokenIdDlpFlag(remoteID); @@ -71,23 +69,22 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s AccessTokenRemoteDevice& device = remoteDeviceMap_[deviceID]; if (device.MappingTokenIDPairMap_.count(remoteID) > 0) { mapID = device.MappingTokenIDPairMap_[remoteID]; - ACCESSTOKEN_LOG_ERROR( - LABEL, "Device %{public}s token %{public}x has already mapped, map tokenID is %{public}x.", + LOGE(ATM_DOMAIN, ATM_TAG, + "Device %{public}s token %{public}x has already mapped, map tokenID is %{public}x.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID, mapID); return mapID; } mapPtr = &device.MappingTokenIDPairMap_; } else { AccessTokenRemoteDevice device; - device.DeviceID_ = deviceID; + device.deviceID_ = deviceID; remoteDeviceMap_[deviceID] = device; mapPtr = &remoteDeviceMap_[deviceID].MappingTokenIDPairMap_; } mapID = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(tokeType, dlpFlag, cloneFlag); if (mapID == 0) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "Device %{public}s token %{public}x map local Token failed.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s token %{public}x map local Token failed.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID); return 0; } @@ -99,12 +96,12 @@ int AccessTokenRemoteTokenManager::GetDeviceAllRemoteTokenID(const std::string& std::vector& remoteIDs) { if (!DataValidator::IsDeviceIdValid(deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s is valid.", ConstantCommon::EncryptDevId(deviceID).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s is valid.", ConstantCommon::EncryptDevId(deviceID).c_str()); return AccessTokenError::ERR_PARAM_INVALID; } Utils::UniqueReadGuard infoGuard(this->remoteDeviceLock_); if (remoteDeviceMap_.count(deviceID) < 1) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s has not mapping.", ConstantCommon::EncryptDevId(deviceID).c_str()); return AccessTokenError::ERR_DEVICE_NOT_EXIST; } @@ -121,7 +118,7 @@ AccessTokenID AccessTokenRemoteTokenManager::GetDeviceMappingTokenID(const std:: AccessTokenID remoteID) { if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s or token %{public}x is invalid.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID); return 0; } @@ -129,7 +126,7 @@ AccessTokenID AccessTokenRemoteTokenManager::GetDeviceMappingTokenID(const std:: Utils::UniqueReadGuard infoGuard(this->remoteDeviceLock_); if (remoteDeviceMap_.count(deviceID) < 1 || remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.count(remoteID) < 1) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s has not mapping.", ConstantCommon::EncryptDevId(deviceID).c_str()); return 0; } @@ -141,7 +138,7 @@ int AccessTokenRemoteTokenManager::RemoveDeviceMappingTokenID(const std::string& AccessTokenID remoteID) { if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsTokenIDValid(remoteID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s or token %{public}x is invalid.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s or token %{public}x is invalid.", ConstantCommon::EncryptDevId(deviceID).c_str(), remoteID); return ERR_PARAM_INVALID; } @@ -149,7 +146,7 @@ int AccessTokenRemoteTokenManager::RemoveDeviceMappingTokenID(const std::string& Utils::UniqueWriteGuard infoGuard(this->remoteDeviceLock_); if (remoteDeviceMap_.count(deviceID) < 1 || remoteDeviceMap_[deviceID].MappingTokenIDPairMap_.count(remoteID) < 1) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Device %{public}s has not mapping.", + LOGE(ATM_DOMAIN, ATM_TAG, "Device %{public}s has not mapping.", ConstantCommon::EncryptDevId(deviceID).c_str()); return ERR_TOKEN_MAP_FAILED; } diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 9797df0c3faba871a1a2b26dfaba118f8e80fbd3..70211011a34a7cef377377446c7d08a4e37cace2 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -17,22 +17,29 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" +#include "access_token_db.h" #include "access_token_error.h" #include "data_translator.h" #include "data_validator.h" +#include "short_grant_manager.h" #include "token_field_const.h" +#include "permission_definition_cache.h" +#include "permission_map.h" +#include "permission_data_brief.h" +#ifdef SUPPORT_SANDBOX_APP +#include "dlp_permission_set_manager.h" +#endif namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "HapTokenInfoInner"}; static const std::string DEFAULT_DEVICEID = "0"; static const unsigned int SYSTEM_APP_FLAG = 0x0001; } -HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false) +HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(false) { tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION; tokenInfoBasic_.tokenID = 0; @@ -41,11 +48,10 @@ HapTokenInfoInner::HapTokenInfoInner() : permUpdateTimestamp_(0), isRemote_(fal tokenInfoBasic_.apiVersion = 0; tokenInfoBasic_.instIndex = 0; tokenInfoBasic_.dlpType = 0; - tokenInfoBasic_.apl = APL_NORMAL; } HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, - const HapInfoParams &info, const HapPolicyParams &policy) : permUpdateTimestamp_(0), isRemote_(false) + const HapInfoParams &info, const HapPolicy &policy) : permUpdateTimestamp_(0), isRemote_(false) { tokenInfoBasic_.tokenID = id; tokenInfoBasic_.userID = info.userID; @@ -58,18 +64,15 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion); tokenInfoBasic_.instIndex = info.instIndex; tokenInfoBasic_.dlpType = info.dlpType; - tokenInfoBasic_.appID = info.appIDDesc; - tokenInfoBasic_.deviceID = DEFAULT_DEVICEID; - tokenInfoBasic_.apl = policy.apl; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, policy.permStateList, true); } HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, - const HapTokenInfo &info, const std::vector& permStateList) : isRemote_(false) + const HapTokenInfo &info, const std::vector& permStateList) : isRemote_(false) { permUpdateTimestamp_ = 0; tokenInfoBasic_ = info; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, permStateList, true); } HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, @@ -77,34 +80,25 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, { permUpdateTimestamp_ = 0; tokenInfoBasic_ = info.baseInfo; - permPolicySet_ = PermissionPolicySet::BuildPolicySetWithoutDefCheck(id, info.permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(id, info.permStateList, false); } HapTokenInfoInner::~HapTokenInfoInner() { - ACCESSTOKEN_LOG_DEBUG(LABEL, - "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d destruction", tokenInfoBasic_.tokenID); + PermissionDataBrief::GetInstance().DeleteBriefPermDataByTokenId(tokenInfoBasic_.tokenID); } -void HapTokenInfoInner::Update(const UpdateHapInfoParams& info, - const std::vector& permStateList, ATokenAplEnum apl) +void HapTokenInfoInner::Update(const UpdateHapInfoParams& info, const std::vector& permStateList) { - tokenInfoBasic_.appID = info.appIDDesc; tokenInfoBasic_.apiVersion = GetApiVersion(info.apiVersion); - tokenInfoBasic_.apl = apl; if (info.isSystemApp) { tokenInfoBasic_.tokenAttr |= SYSTEM_APP_FLAG; } else { tokenInfoBasic_.tokenAttr &= ~SYSTEM_APP_FLAG; } - if (permPolicySet_ == nullptr) { - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID, - permStateList); - return; - } - - permPolicySet_->Update(permStateList); - return; + Utils::UniqueWriteGuard infoGuard(this->policySetLock_); + PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permStateList); } void HapTokenInfoInner::TranslateToHapTokenInfo(HapTokenInfo& infoParcel) const @@ -120,9 +114,6 @@ void HapTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericVa outGenericValues.Put(TokenFiledConst::FIELD_API_VERSION, tokenInfoBasic_.apiVersion); outGenericValues.Put(TokenFiledConst::FIELD_INST_INDEX, tokenInfoBasic_.instIndex); outGenericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, tokenInfoBasic_.dlpType); - outGenericValues.Put(TokenFiledConst::FIELD_APP_ID, tokenInfoBasic_.appID); - outGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, tokenInfoBasic_.deviceID); - outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl); outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver); outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast(tokenInfoBasic_.tokenAttr)); outGenericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, isPermDialogForbidden_); @@ -133,7 +124,7 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa tokenInfoBasic_.userID = inGenericValues.GetInt(TokenFiledConst::FIELD_USER_ID); tokenInfoBasic_.bundleName = inGenericValues.GetString(TokenFiledConst::FIELD_BUNDLE_NAME); if (!DataValidator::IsBundleNameValid(tokenInfoBasic_.bundleName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID); + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x bundle name is error", tokenInfoBasic_.tokenID); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "bundleName error"); return AccessTokenError::ERR_PARAM_INVALID; @@ -142,35 +133,10 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa tokenInfoBasic_.apiVersion = GetApiVersion(inGenericValues.GetInt(TokenFiledConst::FIELD_API_VERSION)); tokenInfoBasic_.instIndex = inGenericValues.GetInt(TokenFiledConst::FIELD_INST_INDEX); tokenInfoBasic_.dlpType = inGenericValues.GetInt(TokenFiledConst::FIELD_DLP_TYPE); - tokenInfoBasic_.appID = inGenericValues.GetString(TokenFiledConst::FIELD_APP_ID); - if (!DataValidator::IsAppIDDescValid(tokenInfoBasic_.appID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x appID is error", tokenInfoBasic_.tokenID); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "appID error"); - return AccessTokenError::ERR_PARAM_INVALID; - } - tokenInfoBasic_.deviceID = inGenericValues.GetString(TokenFiledConst::FIELD_DEVICE_ID); - if (!DataValidator::IsDeviceIdValid(tokenInfoBasic_.deviceID)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: 0x%{public}x devId is error", tokenInfoBasic_.tokenID); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "deviceID error"); - return AccessTokenError::ERR_PARAM_INVALID; - } - int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL); - if (DataValidator::IsAplNumValid(aplNum)) { - tokenInfoBasic_.apl = static_cast(aplNum); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x apl is error, value %{public}d", - tokenInfoBasic_.tokenID, aplNum); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "apl error"); - return AccessTokenError::ERR_PARAM_INVALID; - } tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION); if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TokenID: 0x%{public}x version is error, version %{public}d", + LOGE(ATM_DOMAIN, ATM_TAG, "TokenID: 0x%{public}x version is error, version %{public}d", tokenInfoBasic_.tokenID, tokenInfoBasic_.ver); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, "ERROR_REASON", "version error"); @@ -190,45 +156,45 @@ int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, if (ret != RET_SUCCESS) { return ret; } - permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes); + Utils::UniqueWriteGuard infoGuard(this->policySetLock_); + PermissionDataBrief::GetInstance().RestorePermissionBriefData(tokenId, permStateRes); return RET_SUCCESS; } -void HapTokenInfoInner::StoreHapInfo(std::vector& valueList) const +void HapTokenInfoInner::StoreHapInfo(std::vector& valueList, + const std::string& appId, ATokenAplEnum apl) const { if (isRemote_) { - ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store", tokenInfoBasic_.tokenID); return; } GenericValues genericValues; TranslationIntoGenericValues(genericValues); + genericValues.Put(TokenFiledConst::FIELD_APP_ID, appId); + genericValues.Put(TokenFiledConst::FIELD_APL, static_cast(apl)); + genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "0"); valueList.emplace_back(genericValues); } -void HapTokenInfoInner::StorePermissionPolicy(std::vector& permStateValues) const +void HapTokenInfoInner::StorePermissionPolicy(std::vector& permStateValues) { if (isRemote_) { - ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID); + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID); return; } - if (permPolicySet_ != nullptr) { - permPolicySet_->StorePermissionPolicySet(permStateValues); - } -} - -std::shared_ptr HapTokenInfoInner::GetHapInfoPermissionPolicySet() const -{ - return permPolicySet_; + Utils::UniqueReadGuard infoGuard(this->policySetLock_); + PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues); } -uint32_t HapTokenInfoInner::GetReqPermissionSize() const +uint32_t HapTokenInfoInner::GetReqPermissionSize() { - if (permPolicySet_ == nullptr) { - return static_cast(0); + std::vector briefPermDataList; + int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId( + tokenInfoBasic_.tokenID, briefPermDataList); + if (ret != RET_SUCCESS) { + return 0; } - return permPolicySet_->GetReqPermissionSize(); + return static_cast(briefPermDataList.size()); } int HapTokenInfoInner::GetUserID() const @@ -266,11 +232,6 @@ void HapTokenInfoInner::SetTokenBaseInfo(const HapTokenInfo& baseInfo) tokenInfoBasic_ = baseInfo; } -void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr& policySet) -{ - permPolicySet_ = policySet; -} - bool HapTokenInfoInner::IsRemote() const { return isRemote_; @@ -283,7 +244,7 @@ void HapTokenInfoInner::SetRemote(bool isRemote) bool HapTokenInfoInner::IsPermDialogForbidden() const { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}d", isPermDialogForbidden_); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}d", isPermDialogForbidden_); return isPermDialogForbidden_; } @@ -301,10 +262,222 @@ int32_t HapTokenInfoInner::GetApiVersion(int32_t apiVersion) return apiVersion; } std::string api = apiStr.substr(inputSize - apiSize); - return std::stoi(api); + return std::atoi(api.c_str()); +} + +void HapTokenInfoInner::UpdateRemoteHapTokenInfo(AccessTokenID mapID, + const HapTokenInfo& baseInfo, std::vector& permStateList) +{ + SetTokenBaseInfo(baseInfo); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(baseInfo.tokenID, permStateList, false); +} + +int32_t HapTokenInfoInner::UpdatePermissionStatus( + const std::string& permissionName, bool isGranted, uint32_t flag, bool& statusChanged) +{ + Utils::UniqueWriteGuard infoGuard(this->policySetLock_); + int32_t ret = PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenInfoBasic_.tokenID, + permissionName, isGranted, flag, statusChanged); + if (ret != RET_SUCCESS) { + return ret; + } + if (ShortGrantManager::GetInstance().IsShortGrantPermission(permissionName)) { + LOGI(ATM_DOMAIN, ATM_TAG, + "Short grant permission %{public}s should not be notified to db.", permissionName.c_str()); + return RET_SUCCESS; + } + if (isRemote_) { + LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u is remote hap token, will not store.", tokenInfoBasic_.tokenID); + return RET_SUCCESS; + } + std::vector permStateValues; + PermissionDataBrief::GetInstance().StorePermissionBriefData(tokenInfoBasic_.tokenID, permStateValues); + + for (size_t i = 0; i < permStateValues.size(); i++) { + if (permStateValues[i].GetString(TokenFiledConst::FIELD_PERMISSION_NAME) != permissionName) { + continue; + } + GenericValues conditions; + conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenInfoBasic_.tokenID)); + conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); + AccessTokenDb::GetInstance().Modify( + AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions); + } + return RET_SUCCESS; } -void HapTokenInfoInner::ToString(std::string& info) const +int32_t HapTokenInfoInner::GetPermissionStateList(std::vector& permList) +{ + std::vector briefPermDataList; + int32_t ret = PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId( + tokenInfoBasic_.tokenID, briefPermDataList); + if (ret != RET_SUCCESS) { + return ret; + } + for (const auto& perm : briefPermDataList) { + PermissionStatus fullData; + (void)TransferOpcodeToPermission(perm.permCode, fullData.permissionName); + fullData.grantStatus = static_cast(perm.status); + fullData.grantFlag = perm.flag; + permList.emplace_back(fullData); + } + return RET_SUCCESS; +} + +bool HapTokenInfoInner::UpdateStatesToDB(AccessTokenID tokenID, std::vector& stateChangeList) +{ + for (const auto& state : stateChangeList) { + GenericValues modifyValue; + modifyValue.Put(TokenFiledConst::FIELD_GRANT_STATE, state.grantStatus); + modifyValue.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast(state.grantFlag)); + + GenericValues conditionValue; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); + conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, state.permissionName); + + int32_t res = AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, modifyValue, + conditionValue); + if (res != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Update tokenID %{public}u permission %{public}s to database failed, err %{public}d ", + tokenID, state.permissionName.c_str(), res); + return false; + } + } + + return true; +} + +int32_t HapTokenInfoInner::ResetUserGrantPermissionStatus(void) +{ + Utils::UniqueWriteGuard infoGuard(this->policySetLock_); + + int32_t ret = PermissionDataBrief::GetInstance().ResetUserGrantPermissionStatus(tokenInfoBasic_.tokenID); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to reset user permission status."); + return ret; + } + + std::vector permListOfHap; + ret = GetPermissionStateList(permListOfHap); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get permission state list."); + return ret; + } + +#ifdef SUPPORT_SANDBOX_APP + // update permission status with dlp permission rule. + DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(tokenInfoBasic_.dlpType, permListOfHap); + PermissionDataBrief::GetInstance().Update(tokenInfoBasic_.tokenID, permListOfHap); +#endif + if (!UpdateStatesToDB(tokenInfoBasic_.tokenID, permListOfHap)) { + return ERR_DATABASE_OPERATE_FAILED; + } + return RET_SUCCESS; +} + +void HapTokenInfoInner::RefreshPermStateToKernel(const std::vector& constrainedList, + bool hapUserIsActive, AccessTokenID tokenId, std::map& refreshedPermList) +{ + PermissionDataBrief::GetInstance().RefreshPermStateToKernel( + constrainedList, hapUserIsActive, tokenId, refreshedPermList); +} + +int32_t HapTokenInfoInner::VerifyPermissionStatus(AccessTokenID tokenID, const std::string& permissionName) +{ + return PermissionDataBrief::GetInstance().VerifyPermissionStatus(tokenID, permissionName); +} + +PermUsedTypeEnum HapTokenInfoInner::GetPermissionUsedType(AccessTokenID tokenID, const std::string& permissionName) +{ + uint32_t code; + if (!TransferPermissionToOpcode(permissionName, code)) { + LOGE(ATM_DOMAIN, ATM_TAG, "permissionName is invalid %{public}s.", permissionName.c_str()); + return PermUsedTypeEnum::INVALID_USED_TYPE; + } + return PermissionDataBrief::GetInstance().GetPermissionUsedType(tokenID, code); +} + +int32_t HapTokenInfoInner::QueryPermissionFlag(AccessTokenID tokenID, const std::string& permissionName, uint32_t& flag) +{ + return PermissionDataBrief::GetInstance().QueryPermissionFlag(tokenID, permissionName, flag); +} + +void HapTokenInfoInner::GetPermStatusListByTokenId(AccessTokenID tokenID, + const std::vector constrainedList, std::vector& opCodeList, std::vector& statusList) +{ + return PermissionDataBrief::GetInstance().GetPermStatusListByTokenId( + tokenID, constrainedList, opCodeList, statusList); +} + +void HapTokenInfoInner::GetGrantedPermByTokenId(AccessTokenID tokenID, + const std::vector& constrainedList, std::vector& permissionList) +{ + return PermissionDataBrief::GetInstance().GetGrantedPermByTokenId(tokenID, constrainedList, permissionList); +} + +void HapTokenInfoInner::ClearAllSecCompGrantedPerm() +{ + PermissionDataBrief::GetInstance().ClearAllSecCompGrantedPerm(); +} + +bool HapTokenInfoInner::IsPermissionGrantedWithSecComp(AccessTokenID tokenID, const std::string& permissionName) +{ + return PermissionDataBrief::GetInstance().IsPermissionGrantedWithSecComp(tokenID, permissionName); +} + +void PermDefToString(const PermissionDef& def, std::string& info) +{ + info.append(R"( {)"); + info.append("\n"); + info.append(R"( "permissionName": ")" + def.permissionName + R"(")" + ",\n"); + info.append(R"( "bundleName": ")" + def.bundleName + R"(")" + ",\n"); + info.append(R"( "grantMode": )" + std::to_string(def.grantMode) + ",\n"); + info.append(R"( "availableLevel": )" + std::to_string(def.availableLevel) + ",\n"); + info.append(R"( "provisionEnable": )" + std::to_string(def.provisionEnable) + ",\n"); + info.append(R"( "distributedSceneEnable": )" + std::to_string(def.distributedSceneEnable) + ",\n"); + info.append(R"( "label": ")" + def.label + R"(")" + ",\n"); + info.append(R"( "labelId": )" + std::to_string(def.labelId) + ",\n"); + info.append(R"( "description": ")" + def.description + R"(")" + ",\n"); + info.append(R"( "descriptionId": )" + std::to_string(def.descriptionId) + ",\n"); + info.append(R"( })"); +} + +void PermStateFullToString(const PermissionStatus& state, std::string& info) +{ + info.append(R"( {)"); + info.append("\n"); + info.append(R"( "permissionName": ")" + state.permissionName + R"(")" + ",\n"); + info.append(R"( "grantStatus": ")" + std::to_string(state.grantStatus) + R"(")" + ",\n"); + info.append(R"( "grantFlag": ")" + std::to_string(state.grantFlag) + R"(")" + ",\n"); + info.append(R"( })"); +} + +void HapTokenInfoInner::PermToString(const std::vector& permList, + const std::vector& permStateList, std::string& info) +{ + info.append(R"( "permDefList": [)"); + info.append("\n"); + for (auto iter = permList.begin(); iter != permList.end(); iter++) { + PermDefToString(*iter, info); + if (iter != (permList.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ],\n"); + + info.append(R"( "permStateList": [)"); + info.append("\n"); + for (auto iter = permStateList.begin(); iter != permStateList.end(); iter++) { + PermStateFullToString(*iter, info); + if (iter != (permStateList.end() - 1)) { + info.append(",\n"); + } + } + info.append("\n ]\n"); +} + +void HapTokenInfoInner::ToString(std::string& info) { info.append(R"({)"); info.append("\n"); @@ -315,17 +488,14 @@ void HapTokenInfoInner::ToString(std::string& info) const info.append(R"( "bundleName": ")" + tokenInfoBasic_.bundleName + R"(")" + ",\n"); info.append(R"( "instIndex": )" + std::to_string(tokenInfoBasic_.instIndex) + ",\n"); info.append(R"( "dlpType": )" + std::to_string(tokenInfoBasic_.dlpType) + ",\n"); - info.append(R"( "appID": ")" + tokenInfoBasic_.appID + R"(")" + ",\n"); -#ifndef ATM_BUILD_VARIANT_USER_ENABLE - info.append(R"( "deviceID": ")" + tokenInfoBasic_.deviceID + R"(")" + ",\n"); -#endif - info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); info.append(R"( "isRemote": )" + std::to_string(isRemote_) + ",\n"); info.append(R"( "isPermDialogForbidden": )" + std::to_string(isPermDialogForbidden_) + ",\n"); - if (permPolicySet_ != nullptr) { - permPolicySet_->ToString(info); - } + std::vector permList; + PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenInfoBasic_.tokenID); + std::vector permStateList; + (void)GetPermissionStateList(permStateList); + PermToString(permList, permStateList, info); info.append("}"); } } // namespace AccessToken diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp deleted file mode 100644 index 3420f223838992735d1b7be1f2dfa50764576115..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "native_token_info_inner.h" - -#include "access_token_error.h" -#include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" -#include "data_translator.h" -#include "data_validator.h" -#include "nlohmann/json.hpp" -#include "token_field_const.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenInfoInner"}; -} - -NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false) -{ - tokenInfoBasic_.ver = DEFAULT_TOKEN_VERSION; - tokenInfoBasic_.tokenID = 0; - tokenInfoBasic_.tokenAttr = 0; - tokenInfoBasic_.apl = APL_NORMAL; -} - -NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native, - const std::vector& permStateList) : isRemote_(false) -{ - tokenInfoBasic_ = native; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, - permStateList); -} - -NativeTokenInfoInner::~NativeTokenInfoInner() -{ - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenID: %{public}u destruction", tokenInfoBasic_.tokenID); -} - -int NativeTokenInfoInner::Init(const TokenInfo& tokenInfo, const std::vector& dcap, - const std::vector& nativeAcls, - const std::vector& permStateList) -{ - tokenInfoBasic_.tokenID = tokenInfo.id; - if (!DataValidator::IsProcessNameValid(tokenInfo.processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); - return ERR_PARAM_INVALID; - } - tokenInfoBasic_.processName = tokenInfo.processName; - if (!DataValidator::IsAplNumValid(tokenInfo.apl)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u init failed, apl %{public}d is invalid", - tokenInfoBasic_.tokenID, tokenInfo.apl); - return ERR_PARAM_INVALID; - } - tokenInfoBasic_.apl = static_cast(tokenInfo.apl); - tokenInfoBasic_.dcap = dcap; - tokenInfoBasic_.nativeAcls = nativeAcls; - - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfo.id, - permStateList); - return RET_SUCCESS; -} - -std::string NativeTokenInfoInner::DcapToString(const std::vector& dcap) const -{ - std::string dcapStr; - for (auto iter = dcap.begin(); iter != dcap.end(); iter++) { - dcapStr.append(*iter); - if (iter != (dcap.end() - 1)) { - dcapStr.append(","); - } - } - return dcapStr; -} - -std::string NativeTokenInfoInner::NativeAclsToString(const std::vector& nativeAcls) const -{ - std::string nativeAclsStr; - for (auto iter = nativeAcls.begin(); iter != nativeAcls.end(); iter++) { - nativeAclsStr.append(*iter); - if (iter != (nativeAcls.end() - 1)) { - nativeAclsStr.append(","); - } - } - return nativeAclsStr; -} - -int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGenericValues) const -{ - outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenInfoBasic_.tokenID)); - outGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, tokenInfoBasic_.processName); - outGenericValues.Put(TokenFiledConst::FIELD_APL, tokenInfoBasic_.apl); - outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, tokenInfoBasic_.ver); - outGenericValues.Put(TokenFiledConst::FIELD_DCAP, DcapToString(tokenInfoBasic_.dcap)); - outGenericValues.Put(TokenFiledConst::FIELD_NATIVE_ACLS, NativeAclsToString(tokenInfoBasic_.nativeAcls)); - outGenericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, static_cast(tokenInfoBasic_.tokenAttr)); - - return RET_SUCCESS; -} - -int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues, - const std::vector& permStateRes) -{ - tokenInfoBasic_.tokenID = tokenId; - tokenInfoBasic_.processName = inGenericValues.GetString(TokenFiledConst::FIELD_PROCESS_NAME); - if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token processName error"); - return ERR_PARAM_INVALID; - } - int aplNum = inGenericValues.GetInt(TokenFiledConst::FIELD_APL); - if (!DataValidator::IsAplNumValid(aplNum)) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u apl is error, value %{public}d", - tokenInfoBasic_.tokenID, aplNum); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token apl error"); - return ERR_PARAM_INVALID; - } - tokenInfoBasic_.apl = static_cast(aplNum); - tokenInfoBasic_.ver = (char)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_VERSION); - if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) { - ACCESSTOKEN_LOG_ERROR(LABEL, - "tokenID: %{public}u version is error, version %{public}d", - tokenInfoBasic_.tokenID, tokenInfoBasic_.ver); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK", - HiviewDFX::HiSysEvent::EventType::FAULT, "CODE", LOAD_DATABASE_ERROR, - "ERROR_REASON", "native token version error"); - return ERR_PARAM_INVALID; - } - - SetDcaps(inGenericValues.GetString(TokenFiledConst::FIELD_DCAP)); - SetNativeAcls(inGenericValues.GetString(TokenFiledConst::FIELD_NATIVE_ACLS)); - tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(TokenFiledConst::FIELD_TOKEN_ATTR); - - permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes); - return RET_SUCCESS; -} - -void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& infoParcel) const -{ - infoParcel.apl = tokenInfoBasic_.apl; - infoParcel.ver = tokenInfoBasic_.ver; - infoParcel.processName = tokenInfoBasic_.processName; - infoParcel.dcap = tokenInfoBasic_.dcap; - infoParcel.nativeAcls = tokenInfoBasic_.nativeAcls; - infoParcel.tokenID = tokenInfoBasic_.tokenID; - infoParcel.tokenAttr = tokenInfoBasic_.tokenAttr; -} - -void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList) const -{ - if (isRemote_) { - ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID); - return; - } - GenericValues genericValues; - TranslationIntoGenericValues(genericValues); - valueList.emplace_back(genericValues); -} - -void NativeTokenInfoInner::StorePermissionPolicy(std::vector& permStateValues) const -{ - if (isRemote_) { - ACCESSTOKEN_LOG_INFO(LABEL, - "token %{public}x is remote hap token, will not store", tokenInfoBasic_.tokenID); - return; - } - if (permPolicySet_ != nullptr) { - permPolicySet_->StorePermissionPolicySet(permStateValues); - } -} - -AccessTokenID NativeTokenInfoInner::GetTokenID() const -{ - return tokenInfoBasic_.tokenID; -} - -std::vector NativeTokenInfoInner::GetDcap() const -{ - return tokenInfoBasic_.dcap; -} - -std::vector NativeTokenInfoInner::GetNativeAcls() const -{ - return tokenInfoBasic_.nativeAcls; -} - -std::string NativeTokenInfoInner::GetProcessName() const -{ - return tokenInfoBasic_.processName; -} - -std::shared_ptr NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const -{ - return permPolicySet_; -} - -uint32_t NativeTokenInfoInner::GetReqPermissionSize() const -{ - if (permPolicySet_ != nullptr) { - return permPolicySet_->GetReqPermissionSize(); - } - return static_cast(0); -} - -bool NativeTokenInfoInner::IsRemote() const -{ - return isRemote_; -} - -void NativeTokenInfoInner::SetRemote(bool isRemote) -{ - isRemote_ = isRemote; -} - -void NativeTokenInfoInner::SetDcaps(const std::string& dcapStr) -{ - std::string::size_type start = 0; - while (true) { - std::string::size_type offset = dcapStr.find(',', start); - if (offset == std::string::npos) { - tokenInfoBasic_.dcap.push_back(dcapStr.substr(start)); - break; - } - tokenInfoBasic_.dcap.push_back(dcapStr.substr(start, offset)); - start = offset + 1; - } -} - -void NativeTokenInfoInner::SetNativeAcls(const std::string& AclsStr) -{ - std::string::size_type start = 0; - while (true) { - std::string::size_type offset = AclsStr.find(',', start); - if (offset == std::string::npos) { - tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start)); - break; - } - tokenInfoBasic_.nativeAcls.push_back(AclsStr.substr(start, offset)); - start = offset + 1; - } -} - -void NativeTokenInfoInner::ToString(std::string& info) const -{ - info.append(R"({)"); - info.append("\n"); - info.append(R"( "tokenID": )" + std::to_string(tokenInfoBasic_.tokenID) + ",\n"); - info.append(R"( "tokenAttr": )" + std::to_string(tokenInfoBasic_.tokenAttr) + ",\n"); - info.append(R"( "ver": )" + std::to_string(tokenInfoBasic_.ver) + ",\n"); - info.append(R"( "processName": ")" + tokenInfoBasic_.processName + R"(")" + ",\n"); - info.append(R"( "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n"); - info.append(R"( "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n"); - info.append(R"( "nativeAcls": ")" + NativeAclsToString(tokenInfoBasic_.nativeAcls) + R"(")" + ",\n"); - info.append(R"( "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n"); - if (permPolicySet_ != nullptr) { - permPolicySet_->PermStateToString(tokenInfoBasic_.apl, tokenInfoBasic_.nativeAcls, info); - } - info.append("}"); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp deleted file mode 100644 index fe73d358f486fa419e7fe7fa3f9ea4ff20ab1b94..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include -#include -#include - -#include "access_token_error.h" -#include "accesstoken_id_manager.h" -#include "accesstoken_info_manager.h" -#include "accesstoken_log.h" -#include "data_validator.h" -#include "json_parser.h" -#include "native_token_receptor.h" -#include "securec.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"}; -static const std::string DEFAULT_DEVICEID = "0"; -static const std::string JSON_PROCESS_NAME = "processName"; -static const std::string JSON_APL = "APL"; -static const std::string JSON_VERSION = "version"; -static const std::string JSON_TOKEN_ID = "tokenId"; -static const std::string JSON_TOKEN_ATTR = "tokenAttr"; -static const std::string JSON_DCAPS = "dcaps"; -static const std::string JSON_PERMS = "permissions"; -static const std::string JSON_ACLS = "nativeAcls"; -} - -int32_t NativeReqPermsGet( - const nlohmann::json& j, std::vector& permStateList) -{ - std::vector permReqList; - if (j.find(JSON_PERMS) == j.end() || (!j.at(JSON_PERMS).is_array())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JSON_PERMS is invalid."); - return ERR_PARAM_INVALID; - } - permReqList = j.at(JSON_PERMS).get>(); - if (permReqList.size() > MAX_REQ_PERM_NUM) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission num oversize."); - return ERR_OVERSIZE; - } - std::set permRes; - for (const auto& permReq : permReqList) { - PermissionStateFull permState; - if (permRes.count(permReq) != 0) { - continue; - } - permState.permissionName = permReq; - permState.isGeneral = true; - permState.resDeviceID.push_back(DEFAULT_DEVICEID); - permState.grantStatus.push_back(PERMISSION_GRANTED); - permState.grantFlags.push_back(PERMISSION_SYSTEM_FIXED); - permStateList.push_back(permState); - permRes.insert(permReq); - } - return RET_SUCCESS; -} - -// nlohmann json need the function named from_json to parse NativeTokenInfo -void from_json(const nlohmann::json& j, std::shared_ptr& p) -{ - NativeTokenInfo native; - - if (!JsonParser::GetStringFromJson(j, JSON_PROCESS_NAME, native.processName) || - !DataValidator::IsProcessNameValid(native.processName)) { - return; - } - - int aplNum = 0; - if (!JsonParser::GetIntFromJson(j, JSON_APL, aplNum) || !DataValidator::IsAplNumValid(aplNum)) { - return; - } - - native.apl = static_cast(aplNum); - - if (j.find(JSON_VERSION) == j.end() || (!j.at(JSON_VERSION).is_number())) { - return; - } - native.ver = (uint8_t)j.at(JSON_VERSION).get(); - if (native.ver != DEFAULT_TOKEN_VERSION) { - return; - } - - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ID, native.tokenID) || (native.tokenID == 0)) { - return; - } - - ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID); - if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { - return; - } - - if (!JsonParser::GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, native.tokenAttr)) { - return; - } - - if (j.find(JSON_DCAPS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { - return; - } - native.dcap = j.at(JSON_DCAPS).get>(); - if (native.dcap.size() > MAX_DCAPS_NUM) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Native dcap oversize."); - return; - } - - if (j.find(JSON_ACLS) == j.end() || (!j.at(JSON_DCAPS).is_array())) { - return; - } - native.nativeAcls = j.at(JSON_ACLS).get>(); - if (native.nativeAcls.size() > MAX_REQ_PERM_NUM) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission num oversize."); - return; - } - - std::vector permStateList; - if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) { - return; - } - - p = std::make_shared(native, permStateList); -} - -int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData, - std::vector>& tokenInfos) -{ - nlohmann::json jsonRes = nlohmann::json::parse(nativeRawData, nullptr, false); - if (jsonRes.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonRes is invalid."); - return ERR_PARAM_INVALID; - } - for (auto it = jsonRes.begin(); it != jsonRes.end(); it++) { - auto token = it->get>(); - if (token != nullptr) { - tokenInfos.emplace_back(token); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Token is invalid."); - } - } - return RET_SUCCESS; -} - -int NativeTokenReceptor::Init() -{ - std::string nativeRawData; - int ret = JsonParser::ReadCfgFile(NATIVE_TOKEN_CONFIG_FILE, nativeRawData); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadCfgFile failed."); - return ret; - } - std::vector> tokenInfos; - ret = ParserNativeRawData(nativeRawData, tokenInfos); - if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ParserNativeRawData failed."); - return ret; - } - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - ACCESSTOKEN_LOG_INFO(LABEL, "Init ok."); - return RET_SUCCESS; -} - -NativeTokenReceptor& NativeTokenReceptor::GetInstance() -{ - static NativeTokenReceptor* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new NativeTokenReceptor(); - } - } - return *instance; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/token/token_modify_notifier.cpp b/services/accesstokenmanager/main/cpp/src/token/token_modify_notifier.cpp index 0990114cc1cb1f59af7fc35d682eda4943376969..d40f3f28b6e4a293521b3fb25d31b01f44bd0d98 100644 --- a/services/accesstokenmanager/main/cpp/src/token/token_modify_notifier.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/token_modify_notifier.cpp @@ -18,8 +18,11 @@ #include "accesstoken_callback_proxys.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" +#ifdef RESOURCESCHEDULE_FFRT_ENABLE +#include "ffrt.h" +#endif #include "hap_token_info.h" #include "hap_token_info_inner.h" #include "libraryloader.h" @@ -30,7 +33,6 @@ namespace Security { namespace AccessToken { namespace { std::recursive_mutex g_instanceMutex; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenModifyNotifier"}; } #ifdef RESOURCESCHEDULE_FFRT_ENABLE @@ -53,7 +55,7 @@ TokenModifyNotifier::~TokenModifyNotifier() void TokenModifyNotifier::AddHapTokenObservation(AccessTokenID tokenID) { if (AccessTokenIDManager::GetInstance().GetTokenIdType(tokenID) != TOKEN_HAP) { - ACCESSTOKEN_LOG_INFO(LABEL, "Observation token is not hap token"); + LOGI(ATM_DOMAIN, ATM_TAG, "Observation token is not hap token"); return; } Utils::UniqueWriteGuard infoGuard(this->Notifylock_); @@ -66,7 +68,7 @@ void TokenModifyNotifier::NotifyTokenDelete(AccessTokenID tokenID) { Utils::UniqueWriteGuard infoGuard(this->Notifylock_); if (observationSet_.count(tokenID) <= 0) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Hap token is not observed"); + LOGD(ATM_DOMAIN, ATM_TAG, "Hap token is not observed"); return; } observationSet_.erase(tokenID); @@ -78,7 +80,7 @@ void TokenModifyNotifier::NotifyTokenModify(AccessTokenID tokenID) { Utils::UniqueWriteGuard infoGuard(this->Notifylock_); if (observationSet_.count(tokenID) <= 0) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Hap token is not observed"); + LOGD(ATM_DOMAIN, ATM_TAG, "Hap token is not observed"); return; } modifiedTokenList_.emplace_back(tokenID); @@ -91,7 +93,8 @@ TokenModifyNotifier& TokenModifyNotifier::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new TokenModifyNotifier(); + TokenModifyNotifier* tmp = new TokenModifyNotifier(); + instance = std::move(tmp); } } @@ -110,38 +113,45 @@ TokenModifyNotifier& TokenModifyNotifier::GetInstance() void TokenModifyNotifier::NotifyTokenSyncTask() { - ACCESSTOKEN_LOG_INFO(LABEL, "Called!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); Utils::UniqueWriteGuard infoGuard(this->Notifylock_); LibraryLoader loader(TOKEN_SYNC_LIBPATH); TokenSyncKitInterface* tokenSyncKit = loader.GetObject(); if (tokenSyncKit == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libtokensync_sdk failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libtokensync_sdk failed."); return; } for (AccessTokenID deleteToken : deleteTokenList_) { + int ret = TOKEN_SYNC_SUCCESS; if (tokenSyncCallbackObject_ != nullptr) { - tokenSyncCallbackObject_->DeleteRemoteHapTokenInfo(deleteToken); + ret = tokenSyncCallbackObject_->DeleteRemoteHapTokenInfo(deleteToken); + } + ret = tokenSyncKit->DeleteRemoteHapTokenInfo(deleteToken); + if (ret != TOKEN_SYNC_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to delete remote haptoken info, ret is %{public}d", ret); } - tokenSyncKit->DeleteRemoteHapTokenInfo(deleteToken); } for (AccessTokenID modifyToken : modifiedTokenList_) { HapTokenInfoForSync hapSync; int ret = AccessTokenInfoManager::GetInstance().GetHapTokenSync(modifyToken, hapSync); if (ret != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "The hap token 0x%{public}x need to sync is not found!", modifyToken); + LOGE(ATM_DOMAIN, ATM_TAG, "The hap token 0x%{public}x need to sync is not found!", modifyToken); continue; } if (tokenSyncCallbackObject_ != nullptr) { - tokenSyncCallbackObject_->UpdateRemoteHapTokenInfo(hapSync); + ret = tokenSyncCallbackObject_->UpdateRemoteHapTokenInfo(hapSync); + } + ret = tokenSyncKit->UpdateRemoteHapTokenInfo(hapSync); + if (ret != TOKEN_SYNC_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to update remote haptoken info, ret is %{public}d", ret); } - tokenSyncKit->UpdateRemoteHapTokenInfo(hapSync); } deleteTokenList_.clear(); modifiedTokenList_.clear(); - ACCESSTOKEN_LOG_INFO(LABEL, "Over!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Over!"); } int32_t TokenModifyNotifier::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) @@ -157,7 +167,7 @@ int32_t TokenModifyNotifier::GetRemoteHapTokenInfo(const std::string& deviceID, LibraryLoader loader(TOKEN_SYNC_LIBPATH); TokenSyncKitInterface* tokenSyncKit = loader.GetObject(); if (tokenSyncKit == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libtokensync_sdk failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libtokensync_sdk failed."); return ERR_LOAD_SO_FAILED; } return tokenSyncKit->GetRemoteHapTokenInfo(deviceID, tokenID); @@ -166,10 +176,10 @@ int32_t TokenModifyNotifier::GetRemoteHapTokenInfo(const std::string& deviceID, int32_t TokenModifyNotifier::RegisterTokenSyncCallback(const sptr& callback) { Utils::UniqueWriteGuard infoGuard(this->Notifylock_); - tokenSyncCallbackObject_ = iface_cast(callback); + tokenSyncCallbackObject_ = new TokenSyncCallbackProxy(callback); tokenSyncCallbackDeathRecipient_ = sptr::MakeSptr(); callback->AddDeathRecipient(tokenSyncCallbackDeathRecipient_); - ACCESSTOKEN_LOG_INFO(LABEL, "Register token sync callback successful."); + LOGI(ATM_DOMAIN, ATM_TAG, "Register token sync callback successful."); return ERR_OK; } @@ -181,7 +191,7 @@ int32_t TokenModifyNotifier::UnRegisterTokenSyncCallback() } tokenSyncCallbackObject_ = nullptr; tokenSyncCallbackDeathRecipient_ = nullptr; - ACCESSTOKEN_LOG_INFO(LABEL, "Unregister token sync callback successful."); + LOGI(ATM_DOMAIN, ATM_TAG, "Unregister token sync callback successful."); return ERR_OK; } @@ -193,13 +203,13 @@ int32_t TokenModifyNotifier::GetCurTaskNum() void TokenModifyNotifier::AddCurTaskNum() { - ACCESSTOKEN_LOG_INFO(LABEL, "Add task!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Add task!"); curTaskNum_++; } void TokenModifyNotifier::ReduceCurTaskNum() { - ACCESSTOKEN_LOG_INFO(LABEL, "Reduce task!"); + LOGI(ATM_DOMAIN, ATM_TAG, "Reduce task!"); curTaskNum_--; } #endif @@ -208,7 +218,7 @@ void TokenModifyNotifier::NotifyTokenChangedIfNeed() { #ifdef RESOURCESCHEDULE_FFRT_ENABLE if (GetCurTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, "Has notify task! taskNum is %{public}d.", GetCurTaskNum()); + LOGI(ATM_DOMAIN, ATM_TAG, "Has notify task! taskNum is %{public}d.", GetCurTaskNum()); return; } @@ -221,7 +231,7 @@ void TokenModifyNotifier::NotifyTokenChangedIfNeed() AddCurTaskNum(); #else if (notifyTokenWorker_.GetCurTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, " has notify task! taskNum is %{public}zu.", notifyTokenWorker_.GetCurTaskNum()); + LOGI(ATM_DOMAIN, ATM_TAG, " has notify task! taskNum is %{public}zu.", notifyTokenWorker_.GetCurTaskNum()); return; } diff --git a/services/accesstokenmanager/permission_definitions.json b/services/accesstokenmanager/permission_definitions.json index 316fe1f571afafd539453137be05c63e38c77739..16a9b0b9de96cd2a8a483212b2251dac97ce8f97 100644 --- a/services/accesstokenmanager/permission_definitions.json +++ b/services/accesstokenmanager/permission_definitions.json @@ -10,6 +10,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_BBOX_DIR", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.SUBSCRIBE_SWING_ABILITY", "grantMode": "system_grant", @@ -64,7 +74,7 @@ "name": "ohos.permission.GET_RUNNING_INFO", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 7, "deprecated": "", "provisionEnable": true, @@ -84,7 +94,7 @@ "name": "ohos.permission.RUNNING_STATE_OBSERVER", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 7, "deprecated": "", "provisionEnable": true, @@ -290,6 +300,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.START_DESKTOP_UI_COMPONENT", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.REMOVE_CACHE_FILES", "grantMode": "system_grant", @@ -424,7 +444,7 @@ "name": "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 7, "deprecated": "", "provisionEnable": true, @@ -660,6 +680,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.PLUGIN_UPDATE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.RECEIVE_UPDATE_MESSAGE", "grantMode": "system_grant", @@ -793,8 +823,8 @@ { "name": "ohos.permission.GET_WIFI_PEERS_MAC", "grantMode": "system_grant", - "availableLevel": "system_core", - "availableType": "SYSTEM", + "availableLevel": "system_basic", + "availableType": "NORMAL", "since": 8, "deprecated": "", "provisionEnable": true, @@ -804,7 +834,7 @@ "name": "ohos.permission.GET_WIFI_LOCAL_MAC", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 8, "deprecated": "", "provisionEnable": true, @@ -814,7 +844,7 @@ "name": "ohos.permission.GET_WIFI_CONFIG", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 8, "deprecated": "", "provisionEnable": true, @@ -824,12 +854,22 @@ "name": "ohos.permission.SET_WIFI_CONFIG", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 8, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.MANAGE_ENTERPRISE_WIFI_CONNECTION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.MANAGE_WIFI_CONNECTION", "grantMode": "system_grant", @@ -860,6 +900,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.READ_DFX_XPOWER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.NFC_CARD_EMULATION", "grantMode": "system_grant", @@ -880,6 +930,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.PERMISSION_RECORD_TOGGLE", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.NOTIFICATION_AGENT_CONTROLLER", "grantMode": "system_grant", @@ -1893,8 +1953,8 @@ { "name": "ohos.permission.FILE_GUARD_MANAGER", "grantMode": "system_grant", - "availableLevel": "system_core", - "availableType": "MDM", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", "since": 10, "deprecated": "", "provisionEnable": true, @@ -1903,9 +1963,49 @@ { "name": "ohos.permission.SET_FILE_GUARD_POLICY", "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 10, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ENTERPRISE_RECOVERY_KEY", + "grantMode": "system_grant", "availableLevel": "system_core", "availableType": "MDM", - "since": 10, + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_RECOVERY_KEY", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.UTILIZE_RECOVERY_KEY", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_RECOVERY_KEY_BRIEF_INFORMATION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 14, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false @@ -2034,7 +2134,7 @@ "name": "ohos.permission.GET_DOMAIN_ACCOUNTS", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 10, "deprecated": "", "provisionEnable": true, @@ -2050,6 +2150,26 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_USB_SERIAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DDK_SCSI_PERIPHERAL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_EXTENSIONAL_DEVICE_DRIVER", "grantMode": "system_grant", @@ -2060,6 +2180,16 @@ "provisionEnable": false, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_DDK_DRIVERS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.AGENT_REQUIRE_FORM", "grantMode": "system_grant", @@ -2190,6 +2320,56 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ENTERPRISE_MANAGE_DELEGATED_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "MDM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.PUBLISH_ENTERPRISE_POLICY_EVENT", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.RECEIVE_ENTERPRISE_POLICY_EVENT", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.PERSONAL_MANAGE_RESTRICTIONS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.START_PROVISIONING_MESSAGE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.SET_UNREMOVABLE_NOTIFICATION", "grantMode": "system_grant", @@ -2561,9 +2741,9 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.GET_PRIVACY_INDICATOR", + "name": "ohos.permission.EXEMPT_PRIVACY_INDICATOR", "grantMode": "system_grant", - "availableLevel": "system_basic", + "availableLevel": "system_core", "availableType": "SYSTEM", "since": 12, "deprecated": "", @@ -2571,7 +2751,7 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.SET_PRIVACY_INDICATOR", + "name": "ohos.permission.EXEMPT_CAMERA_PRIVACY_INDICATOR", "grantMode": "system_grant", "availableLevel": "system_core", "availableType": "SYSTEM", @@ -2581,21 +2761,21 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.EXEMPT_PRIVACY_INDICATOR", + "name": "ohos.permission.ACCESS_CONFIDENTIAL_COMPUTING_ZONE", "grantMode": "system_grant", - "availableLevel": "system_core", + "availableLevel": "system_basic", "availableType": "SYSTEM", - "since": 12, + "since": 16, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false }, { - "name": "ohos.permission.EXEMPT_CAMERA_PRIVACY_INDICATOR", + "name": "ohos.permission.SYNC_ASSET_BETWEEN_TRUSTED_ACCOUNT", "grantMode": "system_grant", - "availableLevel": "system_core", + "availableLevel": "system_basic", "availableType": "SYSTEM", - "since": 12, + "since": 16, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false @@ -2790,6 +2970,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.CHECK_SANDBOX_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_ACCOUNT_KIT_SERVICE", "grantMode": "system_grant", @@ -3130,6 +3320,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_CMAP_SERVICE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.MANAGE_RGM", "grantMode": "system_grant", @@ -3244,7 +3444,7 @@ "name": "ohos.permission.STORAGE_MANAGER_CRYPT", "grantMode": "system_grant", "availableLevel": "system_core", - "availableType": "SERVICE", + "availableType": "SYSTEM", "since": 12, "deprecated": "", "provisionEnable": true, @@ -3421,21 +3621,81 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.SET_SUPER_PRIVACY", + "name": "ohos.permission.EXEMPT_PRIVACY_SECURITY_CENTER", "grantMode": "system_grant", "availableLevel": "system_core", "availableType": "SYSTEM", - "since": 12, + "since": 13, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false }, { - "name": "ohos.permission.GET_SUPER_PRIVACY", + "name": "ohos.permission.ACCESS_LEARN_MORE_DIALOG", "grantMode": "system_grant", "availableLevel": "system_basic", "availableType": "SYSTEM", - "since": 12, + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WRITE_PROTECTION_ADVICE_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.READ_PROTECTION_ADVICE_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.USE_FRAUD_MESSAGES_PICKER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.USE_FRAUD_CALL_LOG_PICKER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.USE_FRAUD_APP_PICKER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.PROXY_MESSAGE_AUTH", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false @@ -3451,7 +3711,7 @@ "distributedSceneEnable": false }, { - "name":"ohos.permission.WRITE_GTOKEN_POLICY", + "name": "ohos.permission.WRITE_GTOKEN_POLICY", "grantMode":"system_grant", "availableLevel":"system_core", "availableType": "SYSTEM", @@ -3461,7 +3721,7 @@ "distributedSceneEnable":false }, { - "name":"ohos.permission.READ_GTOKEN_POLICY", + "name": "ohos.permission.READ_GTOKEN_POLICY", "grantMode":"system_grant", "availableLevel":"system_basic", "availableType": "SYSTEM", @@ -3871,7 +4131,7 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.PUBLISH_LOCATION_EVENT", + "name": "ohos.permission.ACCESS_FUSION_MANAGER", "grantMode": "system_grant", "availableLevel": "system_basic", "availableType": "SYSTEM", @@ -3881,27 +4141,289 @@ "distributedSceneEnable": false }, { - "name": "ohos.permission.ACCESS_MULTICORE_HYBRID_ABILITY", + "name": "ohos.permission.ACCESS_AMS_FROM_FUSION", "grantMode": "system_grant", - "availableLevel": "system_basic", - "availableType": "SYSTEM", - "since": 12, + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 15, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false }, { - "name": "ohos.permission.INSTALL_INTERNALTESTING_BUNDLE", + "name": "ohos.permission.PUBLISH_LOCATION_EVENT", "grantMode": "system_grant", - "availableLevel": "system_core", + "availableLevel": "system_basic", "availableType": "SYSTEM", "since": 12, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false - } + }, + { + "name": "ohos.permission.ACCESS_MULTICORE_HYBRID_ABILITY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.START_RESTORE_NOTIFICATION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.INSTALL_INTERNALTESTING_BUNDLE", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_ANALYTICS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_TELEPHONY_ESIM_STATE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_TELEPHONY_ESIM_STATE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_TELEPHONY_ESIM_STATE_OPEN", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CAMERA_BACKGROUND", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_VIRTUAL_KEYBOARD", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_APP_INSTALL_DIR", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_UDMF_APP_SHARE_OPTION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_PASTEBOARD_APP_SHARE_OPTION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.EXEMPT_CAPTURE_SCREEN_AUTHORIZE", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WATCH_READ_EMERGENCY_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WATCH_WRITE_EMERGENCY_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WATCH_START_SOS_SERVICE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.PRELOAD_FILE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.INPUT_KEYBOARD_CONTROLLER", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_ABILITY_INSTANCE_INFO", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.VIRTUAL_KEYBOARD_WINDOW", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CONNECT_ASSET_ACCELERATION_EXTENSION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SERVICE", + "since": 16, + "deprecated": "", + "provisionEnable": false, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_FAMILY_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_PAGE_INFO", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_VIRTUAL_SCREEN", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_ACCOUNT_RECOMMENDATION_DATA", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + } ], "userGrantPermissions": [ + { + "name": "ohos.permission.CUSTOM_SCREEN_CAPTURE", + "grantMode": "user_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false, + "label": "$string:ohos_lab_custom_screen_capture", + "description": "$string:ohos_desc_custom_screen_capture" + }, { "name": "ohos.permission.READ_HEALTH_DATA", "grantMode": "user_grant", @@ -4408,14 +4930,14 @@ "name": "ohos.permission.MANAGE_INPUT_INFRARED_EMITTER", "grantMode": "system_grant", "availableLevel": "normal", - "availableType": "SYSTEM", + "availableType": "NORMAL", "since": 12, "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false }, { - "name":"ohos.permission.PRELOAD_UI_EXTENSION_ABILITY", + "name": "ohos.permission.PRELOAD_UI_EXTENSION_ABILITY", "grantMode":"system_grant", "availableLevel":"system_basic", "availableType": "SYSTEM", @@ -4425,7 +4947,7 @@ "distributedSceneEnable":false }, { - "name":"ohos.permission.ACCESS_LOCAL_BACKUP", + "name": "ohos.permission.ACCESS_LOCAL_BACKUP", "grantMode":"system_grant", "availableLevel":"system_basic", "availableType": "SYSTEM", @@ -4478,7 +5000,7 @@ "name": "ohos.permission.KILL_APP_PROCESSES", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "SYSTEM", + "availableType": "ENTERPRISE_NORMAL", "since": 12, "deprecated": "", "provisionEnable": true, @@ -4518,7 +5040,7 @@ "name": "ohos.permission.CHECK_QUICKFIX_RESULT", "grantMode": "system_grant", "availableLevel": "system_core", - "availableType": "SERVICE", + "availableType": "SYSTEM", "since": 12, "deprecated": "", "provisionEnable": true, @@ -4584,6 +5106,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.ACCESS_FUSION_AWARENESS_DATA", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.ACCESS_RINGTONE_RESOURCE", "grantMode": "system_grant", @@ -4634,6 +5166,26 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.REGISTER_FINDNETWORK_ACCESSORY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_SHUTDOWN_FINDNETWORK", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.MANAGE_SOFTBUS_NETWORK", "grantMode": "system_grant", @@ -4748,7 +5300,7 @@ "name": "ohos.permission.QUERY_AUDIT_EVENT", "grantMode": "system_grant", "availableLevel": "system_basic", - "availableType": "MDM", + "availableType": "ENTERPRISE_NORMAL", "since": 12, "deprecated": "", "provisionEnable": true, @@ -4804,6 +5356,16 @@ "provisionEnable": true, "distributedSceneEnable": false }, + { + "name": "ohos.permission.INPUT_DEVICE_CONTROLLER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, { "name": "ohos.permission.INPUT_PANEL_STATUS_PUBLISHER", "grantMode": "system_grant", @@ -4903,6 +5465,618 @@ "deprecated": "", "provisionEnable": true, "distributedSceneEnable": false + }, + { + "name": "ohos.permission.NETWORK_DHCP", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_CAR_DISTRIBUTED_ENGINE", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ALLOW_CONNECT_CAR", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_NET_FIREWALL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_NET_FIREWALL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_IDM_WIDGET", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": true + }, + { + "name": "ohos.permission.MANAGE_ACCESSORY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.COLLECT_ACCESSORY_LOG", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DISTRIBUTED_MODEM", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_ETHERNET_LOCAL_MAC", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ALLOW_SHOW_NON_SECURE_WINDOWS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", + "grantMode": "user_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false, + "label": "$string:ohos_lab_short_term_write_imagevideo", + "description": "$string:ohos_desc_short_term_write_imagevideo" + }, + { + "name": "ohos.permission.CONNECT_PUSH_EXTENSION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SERVICE", + "since": 13, + "deprecated": "", + "provisionEnable": false, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CONNECT_VOIP_EXTENSION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SERVICE", + "since": 13, + "deprecated": "", + "provisionEnable": false, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CALLED_TRANSITION_ON_LOCK_SCREEN", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": true + }, + { + "name": "ohos.permission.CALLED_BELOW_LOCK_SCREEN", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": true + }, + { + "name": "ohos.permission.SUPERVISE_KIA_SERVICE", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WINDOW_TOPMOST", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.BLOCK_ALL_APP_START", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.START_UIABILITY_TO_HIDDEN", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_SUPER_HUB", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 12, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.READ_WRITE_USB_DEV", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.READ_WRITE_USER_FILE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.USER_AUTH_FROM_BACKGROUND", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.READ_WEATHER_DATA", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_APP_KEEP_ALIVE", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_APP_KEEP_ALIVE_INTERNAL", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CALLED_UIEXTENSION_ON_LOCK_SCREEN", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.READ_APP_LOCK", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.WRITE_APP_LOCK", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_APP_LOCK", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_APP_SINGLE_PERMISSION_MANAGEMENT", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.CAPTURE_PLAYBACK", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MICROPHONE_BACKGROUND", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ENABLE_EXPERIENCE_HBM", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 13, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.USE_USER_ACCESS_MANAGER", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 14, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_ACCOUNT_SERVICE_EXTENSION_ABILITY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.NDK_START_SELF_UI_ABILITY", + "grantMode": "system_grant", + "availableLevel": "normal", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_LAUNCH_REASON_MESSAGE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_DOMAIN_ACCOUNT_SERVER_CONFIGS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_DOMAIN_ACCOUNTS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ANTI_FRAUD", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.LOCATION_SWITCH_IGNORED", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_MUTE_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_ANIM_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DLP_HIDE_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.DLP_GET_HIDE_STATUS", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.GET_SIGNATURE_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "ENTERPRISE_NORMAL", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.SET_PAC_URL", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_DISK_PHY_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "NORMAL", + "since": 15, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.MANAGE_EDM_POLICY", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_USER_ACCOUNT_INFO", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_CUSTOM_RINGTONE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.PERFORM_LOCAL_DEBUG", + "grantMode": "system_grant", + "availableLevel": "system_core", + "availableType": "SERVICE", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false + }, + { + "name": "ohos.permission.ACCESS_STARTUPGUIDE", + "grantMode": "system_grant", + "availableLevel": "system_basic", + "availableType": "SYSTEM", + "since": 16, + "deprecated": "", + "provisionEnable": true, + "distributedSceneEnable": false } ] } diff --git a/services/accesstokenmanager/test/BUILD.gn b/services/accesstokenmanager/test/BUILD.gn index 96fd498b2c4a610b3bf3e0d23407a3df0c409668..289493c0cfea80b333d601da122fcee6579b1fd7 100644 --- a/services/accesstokenmanager/test/BUILD.gn +++ b/services/accesstokenmanager/test/BUILD.gn @@ -15,6 +15,7 @@ group("unittest") { testonly = true deps = [ "coverage:libaccesstoken_manager_service_coverage_test", + "mock:libpermission_manager_mock_test", "unittest:libaccesstoken_manager_service_standard_test", ] } diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index a7e483818d30d8ca49f192d72964eb55899776fe..931d3fc59f0d44e3f755d9b4cbb48acb23ad81e3 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -18,29 +18,29 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/running_form_info.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] ohos_unittest("libaccesstoken_manager_service_coverage_test") { @@ -64,8 +64,9 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/interfaces/innerkits/accesstoken/main/cpp/include", "${access_token_path}/interfaces/innerkits/accesstoken/src", "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -73,13 +74,17 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] - sources = [ "permission_manager_coverage_test.cpp" ] + sources = [ + "accesstoken_database_coverage_test.cpp", + "permission_manager_coverage_test.cpp", + ] sources += accesstoken_manager_service_source cflags_cc = [ "-DHILOG_ENABLE" ] @@ -105,11 +110,10 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "hilog:libhilog", "hisysevent:libhisysevent", "init:libbegetutil", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", + "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", - "sqlite:sqlite", ] if (token_sync_enable == true) { @@ -120,7 +124,7 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { ] include_dirs += [ "${access_token_path}/interfaces/innerkits/tokensync/include", - "${access_token_path}/interfaces/innerkits/tokensync/src", + "${access_token_path}/frameworks/ineer_api/tokensync/src", ] external_deps += [ "device_manager:devicemanagersdk" ] } diff --git a/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..74a4a86caf0bfa20f237930d1eff63707a695bbc --- /dev/null +++ b/services/accesstokenmanager/test/coverage/accesstoken_database_coverage_test.cpp @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "access_token_error.h" +#include "access_token.h" +#define private public +#include "access_token_db.h" +#include "access_token_open_callback.h" +#undef private +#include "data_translator.h" +#include "token_field_const.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr uint32_t NOT_EXSIT_ATM_TYPE = 9; +} +class AccessTokenDatabaseCoverageTest : public testing::Test { +public: + static void SetUpTestCase(); + + static void TearDownTestCase(); + + void SetUp(); + + void TearDown(); +}; + +void AccessTokenDatabaseCoverageTest::SetUpTestCase() {} + +void AccessTokenDatabaseCoverageTest::TearDownTestCase() {} + +void AccessTokenDatabaseCoverageTest::SetUp() {} + +void AccessTokenDatabaseCoverageTest::TearDown() {} + +/* + * @tc.name: ToRdbValueBuckets001 + * @tc.desc: AccessTokenDbUtil::ToRdbValueBuckets + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDatabaseCoverageTest, ToRdbValueBuckets001, TestSize.Level1) +{ + std::vector values; + GenericValues value; + values.emplace_back(value); + std::vector buckets; + AccessTokenDbUtil::ToRdbValueBuckets(values, buckets); + ASSERT_EQ(true, buckets.empty()); +} + +/* + * @tc.name: TranslationIntoPermissionStatus001 + * @tc.desc: DataTranslator::TranslationIntoPermissionStatus + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDatabaseCoverageTest, TranslationIntoPermissionStatus001, TestSize.Level1) +{ + GenericValues value; + value.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); + value.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.READ_MEDIA"); + value.Put(TokenFiledConst::FIELD_DEVICE_ID, "local"); + value.Put(TokenFiledConst::FIELD_GRANT_FLAG, static_cast(PermissionFlag::PERMISSION_ALLOW_THIS_TIME)); + value.Put(TokenFiledConst::FIELD_GRANT_STATE, static_cast(PermissionState::PERMISSION_GRANTED)); + ASSERT_EQ(static_cast(PermissionState::PERMISSION_GRANTED), + value.GetInt(TokenFiledConst::FIELD_GRANT_STATE)); + + PermissionStatus permissionState; + DataTranslator::TranslationIntoPermissionStatus(value, permissionState); + ASSERT_EQ(static_cast(PermissionState::PERMISSION_DENIED), permissionState.grantStatus); +} + +/* + * @tc.name: OnUpgrade001 + * @tc.desc: AccessTokenOpenCallback::OnUpgrade + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDatabaseCoverageTest, OnUpgrade001, TestSize.Level1) +{ + std::shared_ptr db = AccessTokenDb::GetInstance().GetRdb(); + AccessTokenOpenCallback callback; + + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_2)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_3)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_1, 0)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_3)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_2, 0)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_3, DATABASE_VERSION_4)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), DATABASE_VERSION_3, 0)); + ASSERT_EQ(NativeRdb::E_OK, callback.OnUpgrade(*(db.get()), 0, 0)); +} + +/* + * @tc.name: Modify001 + * @tc.desc: AccessTokenDb::Modify + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDatabaseCoverageTest, Modify001, TestSize.Level1) +{ + AtmDataType type = static_cast(NOT_EXSIT_ATM_TYPE); + GenericValues modifyValue; + GenericValues conditionValue; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenDb::GetInstance().Modify(type, modifyValue, conditionValue)); + + type = AtmDataType::ACCESSTOKEN_HAP_INFO; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenDb::GetInstance().Modify(type, modifyValue, conditionValue)); + + modifyValue.Put(TokenFiledConst::FIELD_PROCESS_NAME, "hdcd"); + ASSERT_EQ(NativeRdb::E_SQLITE_ERROR, AccessTokenDb::GetInstance().Modify(type, modifyValue, conditionValue)); + + conditionValue.Put(TokenFiledConst::FIELD_PROCESS_NAME, "hdcd"); + ASSERT_NE(NativeRdb::E_OK, AccessTokenDb::GetInstance().Modify(type, modifyValue, conditionValue)); + + int32_t resultCode = NativeRdb::E_SQLITE_ERROR; + int32_t changedRows = 0; + NativeRdb::ValuesBucket bucket; + AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket); + NativeRdb::RdbPredicates predicates("hap_token_info_table"); + AccessTokenDbUtil::ToRdbPredicates(conditionValue, predicates); + std::shared_ptr db = AccessTokenDb::GetInstance().GetRdb(); + ASSERT_EQ(NativeRdb::E_SQLITE_ERROR, + AccessTokenDb::GetInstance().RestoreAndUpdateIfCorrupt(resultCode, changedRows, bucket, predicates, db)); + + resultCode = NativeRdb::E_SQLITE_CORRUPT; + ASSERT_NE(NativeRdb::E_OK, + AccessTokenDb::GetInstance().RestoreAndUpdateIfCorrupt(resultCode, changedRows, bucket, predicates, db)); +} + +/* + * @tc.name: Find001 + * @tc.desc: AccessTokenDb::Find + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenDatabaseCoverageTest, Find001, TestSize.Level1) +{ + AtmDataType type = static_cast(NOT_EXSIT_ATM_TYPE); + GenericValues conditionValue; + std::vector results; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, + AccessTokenDb::GetInstance().Find(type, conditionValue, results)); + + type = AtmDataType::ACCESSTOKEN_HAP_INFO; + ASSERT_EQ(NativeRdb::E_OK, AccessTokenDb::GetInstance().Find(type, conditionValue, results)); + + conditionValue.Put(TokenFiledConst::FIELD_PROCESS_NAME, "hdcd"); + ASSERT_EQ(AccessTokenError::ERR_DATABASE_OPERATE_FAILED, + AccessTokenDb::GetInstance().Find(type, conditionValue, results)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index 4ae28619d8cbf536788b4d6dcb380b3f0e93c130..8071c3248200fcbc06924b95c9d054ec89622b92 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -27,8 +27,9 @@ #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" -#include "running_form_info.h" +#include "token_field_const.h" #include "token_setproc.h" +#include "permission_data_brief.h" using namespace testing::ext; @@ -39,13 +40,12 @@ namespace { static const std::string FORM_VISIBLE_NAME = "#1"; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; +static constexpr int INVALID_IPC_CODE = 0; -static PermissionStateFull g_permState = { +static PermissionStatus g_permState = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG }; static HapInfoParams g_info = { @@ -55,7 +55,7 @@ static HapInfoParams g_info = { .appIDDesc = "testtesttesttest" }; -static HapPolicyParams g_policy = { +static HapPolicy g_policy = { .apl = APL_NORMAL, .domain = "test.domain", .permStateList = {g_permState} @@ -154,40 +154,26 @@ HWTEST_F(PermissionRecordManagerCoverageTest, OnRemoteRequest001, TestSize.Level EXPECT_EQ(RET_SUCCESS, callback.OnRemoteRequest(static_cast( IJsFormStateObserver::Message::FORM_STATE_OBSERVER_NOTIFY_WHETHER_FORMS_VISIBLE), data1, reply, option)); - MessageParcel data2; - data2.WriteInterfaceToken(IJsFormStateObserver::GetDescriptor()); - ASSERT_EQ(true, data2.WriteString(FORM_VISIBLE_NAME)); + OHOS::MessageParcel data2; + ASSERT_EQ(true, data2.WriteInterfaceToken(IJsFormStateObserver::GetDescriptor())); + EXPECT_NE(RET_SUCCESS, callback.OnRemoteRequest(static_cast(INVALID_IPC_CODE), data2, reply, option)); + + MessageParcel data3; + data3.WriteInterfaceToken(IJsFormStateObserver::GetDescriptor()); + data3.WriteInt32(0); + ASSERT_EQ(true, data3.WriteString(FORM_VISIBLE_NAME)); std::vector formInstances; FormInstance formInstance; formInstances.emplace_back(formInstance); - ASSERT_EQ(true, data2.WriteInt32(formInstances.size())); + ASSERT_EQ(true, data3.WriteInt32(formInstances.size())); for (auto &parcelable: formInstances) { - ASSERT_EQ(true, data2.WriteParcelable(&parcelable)); + ASSERT_EQ(true, data3.WriteParcelable(&parcelable)); } EXPECT_EQ(RET_SUCCESS, callback.OnRemoteRequest(static_cast( - IJsFormStateObserver::Message::FORM_STATE_OBSERVER_NOTIFY_WHETHER_FORMS_VISIBLE), data2, reply, option)); + IJsFormStateObserver::Message::FORM_STATE_OBSERVER_NOTIFY_WHETHER_FORMS_VISIBLE), data3, reply, option)); uint32_t code = -1; - EXPECT_NE(RET_SUCCESS, callback.OnRemoteRequest(code, data2, reply, option)); -} - -/** - * @tc.name: UpdateStatesToDatabase001 - * @tc.desc: Test AccessTokenInfoManager::UpdateStatesToDatabase - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerCoverageTest, UpdateStatesToDatabase001, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_info, g_policy, tokenIdEx)); - - AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenId); - std::vector stateChangeList = {g_permState}; - ASSERT_EQ(true, AccessTokenInfoManager::GetInstance().UpdateStatesToDatabase(tokenId, stateChangeList)); - - AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId); + EXPECT_NE(RET_SUCCESS, callback.OnRemoteRequest(code, data3, reply, option)); } /** @@ -209,33 +195,46 @@ HWTEST_F(PermissionRecordManagerCoverageTest, UpdateCapStateToDatabase001, TestS } /** - * @tc.name: GetNativeTokenName001 - * @tc.desc: Test AccessTokenInfoManager::GetNativeTokenName + * @tc.name: RestorePermissionPolicy001 + * @tc.desc: PermissionPolicySet::RestorePermissionPolicy function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerCoverageTest, GetNativeTokenName001, TestSize.Level1) +HWTEST_F(PermissionRecordManagerCoverageTest, RestorePermissionPolicy001, TestSize.Level1) { - std::string name; - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetNativeTokenName( - INVALID_TOKENID, name)); - - AccessTokenIDEx tokenIdEx = {0}; - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_info, g_policy, tokenIdEx)); - AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ATokenTypeEnum::TOKEN_HAP, AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum( - static_cast(tokenId))); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetNativeTokenName( - tokenId, name)); - - std::string processName = "hdcd"; - tokenId = AccessTokenInfoManager::GetInstance().GetNativeTokenId(processName); - ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(0, AccessTokenInfoManager::GetInstance().GetNativeTokenName(tokenId, name)); - ASSERT_EQ(processName, name); - - AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId); + GenericValues value1; + value1.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value1.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); + value1.Put(TokenFiledConst::FIELD_GRANT_STATE, static_cast(3)); + value1.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); + + AccessTokenID tokenId = 123; // 123 is random input + std::vector permStateRes1; + permStateRes1.emplace_back(value1); + PermissionDataBrief::GetInstance().RestorePermissionBriefData(tokenId, permStateRes1); // ret != RET_SUCCESS + std::vector briefPermDataList; + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(tokenId, briefPermDataList)); + + + GenericValues value2; + value2.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value2.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); + value2.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); + value2.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); + GenericValues value3; + value3.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input + value3.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.MICROPHONE"); + value3.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); + value3.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); + + std::vector permStateRes2; + permStateRes2.emplace_back(value2); + permStateRes2.emplace_back(value3); + briefPermDataList.clear(); + PermissionDataBrief::GetInstance().RestorePermissionBriefData(tokenId, + permStateRes2); // state.permissionName == iter->permissionName + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(tokenId, briefPermDataList)); + ASSERT_EQ(static_cast(2), briefPermDataList.size()); } } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..57814bd33cf6a770167b299ac0cf81dbfc0a3f04 --- /dev/null +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -0,0 +1,124 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../access_token.gni") + +accesstoken_manager_service_source = [ + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", +] + +ohos_unittest("libpermission_manager_mock_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + blocklist = "${access_token_path}/cfi_blocklist.txt" + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/tokensync/include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/token_setproc/include", + "${access_token_path}/interfaces/innerkits/accesstoken/main/cpp/include", + "${access_token_path}/interfaces/innerkits/accesstoken/src", + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/services/common/ability_manager/include", + "${access_token_path}/services/common/app_manager/include", + "${access_token_path}/services/common/json_parse/include", + "${access_token_path}/services/common/database/include", + "${access_token_path}/services/common/handler/include", + "${access_token_path}/services/common/libraryloader/include", + "${access_token_path}/services/common/utils/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + ] + + sources = [ + "library_loader_mock.cpp", + "permission_manager_mock_test.cpp", + ] + + sources += accesstoken_manager_service_source + + cflags_cc = [ "-DHILOG_ENABLE" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + deps = [ + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", + "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/common:accesstoken_service_common", + ] + + external_deps = [ + "c_utils:utils", + "googletest:gmock", + "googletest:gtest_main", + "hilog:libhilog", + "hisysevent:libhisysevent", + "init:libbegetutil", + "ipc:ipc_single", + "relational_store:native_rdb", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + + if (eventhandler_enable == true) { + cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] + external_deps += [ "eventhandler:libeventhandler" ] + } +} diff --git a/services/accesstokenmanager/test/mock/library_loader_mock.cpp b/services/accesstokenmanager/test/mock/library_loader_mock.cpp new file mode 100644 index 0000000000000000000000000000000000000000..5d5275cd51bea9d56d9e53b40c1525b7d64f8e1c --- /dev/null +++ b/services/accesstokenmanager/test/mock/library_loader_mock.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "libraryloader.h" +#include +#include "access_token_error.h" +#include "ability_manager_access_loader.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr uint32_t INVALID_INDEX = 0; +} + +class AbilityManagerAccessLoaderMock final: public AbilityManagerAccessLoaderInterface { + int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; + int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; +}; + +int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, + const sptr &callerToken) +{ + if (innerWant.hapAppIndex.value_or(INVALID_INDEX) == INVALID_INDEX) { + return AccessTokenError::ERR_SERVICE_ABNORMAL; + } + return ERR_OK; +} + +int32_t AbilityManagerAccessLoaderMock::KillProcessForPermissionUpdate(uint32_t accessTokenId) +{ + return ERR_OK; +} + +LibraryLoader::LibraryLoader(const std::string& path) +{ + instance_ = new AbilityManagerAccessLoaderMock(); + handle_ = nullptr; +} + +LibraryLoader::~LibraryLoader() +{} + +bool LibraryLoader::PrintErrorLog(const std::string& targetName) +{ + return true; +} + +void LibraryLoader::Create() +{} + +void LibraryLoader::Destroy() +{} +} // AccessToken +} // Security +} // OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/test/mock/permission_manager_mock_test.cpp b/services/accesstokenmanager/test/mock/permission_manager_mock_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..4d927aa8eaca903ebef26cb49b0975ab2a7398ae --- /dev/null +++ b/services/accesstokenmanager/test/mock/permission_manager_mock_test.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_manager_mock_test.h" + +#include "access_token.h" +#include "access_token_error.h" + +using namespace testing::ext; +using namespace OHOS; + +namespace OHOS { +namespace Security { +namespace AccessToken { + +void PermissionManagerMockTest::SetUpTestCase() +{} + +void PermissionManagerMockTest::TearDownTestCase() +{} + +void PermissionManagerMockTest::SetUp() +{} + +void PermissionManagerMockTest::TearDown() +{} + +/** + * @tc.name: RequestAppPermOnSettingTest001 + * @tc.desc: Test RequestAppPermOnSetting. + * @tc.type: FUNC + * @tc.require: Issue + */ +HWTEST_F(PermissionManagerMockTest, RequestAppPermOnSettingTest001, TestSize.Level1) +{ + HapTokenInfo hapInfo; + hapInfo.bundleName = "aaa"; + hapInfo.instIndex = 0; + hapInfo.tokenID = 123; + hapInfo.userID = 100; + std::string bundleName = "bundleName"; + std::string abilityName = "abilityName"; + + EXPECT_EQ(ERR_SERVICE_ABNORMAL, + PermissionManager::GetInstance().RequestAppPermOnSetting(hapInfo, bundleName, abilityName)); + + hapInfo.instIndex = 1; + EXPECT_EQ(ERR_OK, + PermissionManager::GetInstance().RequestAppPermOnSetting(hapInfo, bundleName, abilityName)); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/test/mock/permission_manager_mock_test.h b/services/accesstokenmanager/test/mock/permission_manager_mock_test.h new file mode 100644 index 0000000000000000000000000000000000000000..9491229f88a8bfce919aefc5ca473c95e7e6c607 --- /dev/null +++ b/services/accesstokenmanager/test/mock/permission_manager_mock_test.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PERMISSION_MANAGER_MOCK_TEST_H +#define PERMISSION_MANAGER_MOCK_TEST_H + +#include +#include "permission_manager.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PermissionManagerMockTest : public testing::Test { +public: + static void SetUpTestCase(); + + static void TearDownTestCase(); + + void SetUp(); + + void TearDown(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PERMISSION_MANAGER_MOCK_TEST_H diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 3d3057d91c2812b0ec685e53011327a8c98b6cae..b83852af6b23a63267e35ad934c5effc385392e8 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Copyright (c) 2021-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,29 +18,29 @@ accesstoken_manager_service_source = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/running_form_info.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_definition_parser.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp", ] ohos_unittest("libaccesstoken_manager_service_standard_test") { @@ -64,8 +64,9 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/interfaces/innerkits/accesstoken/main/cpp/include", "${access_token_path}/interfaces/innerkits/accesstoken/src", "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", @@ -73,6 +74,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", @@ -82,21 +84,19 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { sources = [ "accesstoken_database_test.cpp", "accesstoken_info_manager_test.cpp", - "native_token_receptor_test.cpp", - "permission_definition_parser_test.cpp", + "multi_thread_test.cpp", "permission_grant_event_test.cpp", "permission_manager_test.cpp", + "short_grant_manager_test.cpp", ] + sources += accesstoken_manager_service_source cflags_cc = [ "-DHILOG_ENABLE" ] if (dlp_permission_enable == true) { cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] - sources += [ - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp", - "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_parser.cpp", - ] + sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] } configs = [ "${access_token_path}/config:coverage_flags" ] @@ -120,11 +120,10 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "hilog:libhilog", "hisysevent:libhisysevent", "init:libbegetutil", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", + "relational_store:native_rdb", "safwk:system_ability_fwk", "samgr:samgr_proxy", - "sqlite:sqlite", ] if (token_sync_enable == true) { diff --git a/services/accesstokenmanager/test/unittest/accesstoken_database_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_database_test.cpp index 43d4c4ad0825d1f33d6bb351dd4fb860d685cffc..7403a1a56c4b6ceb346b3da7bfc524a9e4eb0592 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_database_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_database_test.cpp @@ -42,27 +42,9 @@ void AccessTokenDatabaseTest::TearDown() { } -/** - * @tc.name: DatabaseTranslationTest001 - * @tc.desc: test TranslationIntoGenericValues - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenDatabaseTest, DatabaseTranslationTest001, TestSize.Level1) -{ - DataTranslator trans; - PermissionStateFull inPermissionDef; - inPermissionDef.resDeviceID.resize(0); // 0 is the size - - unsigned int grantIndex = 1; // 1 is a test input - GenericValues outGenericValues; - - EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoGenericValues(inPermissionDef, grantIndex, outGenericValues)); -} - /** * @tc.name: DatabaseTranslationTest002 - * @tc.desc: test TranslationIntoPermissionStateFull + * @tc.desc: test TranslationIntoPermissionStatus * @tc.type: FUNC * @tc.require: */ @@ -70,18 +52,18 @@ HWTEST_F(AccessTokenDatabaseTest, DatabaseConverage002, TestSize.Level1) { DataTranslator trans; GenericValues inGenericValues; - PermissionStateFull outPermissionState; + PermissionStatus outPermissionState; outPermissionState.permissionName = ""; // empty name - EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); + EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); outPermissionState.permissionName = "test name"; // test name inGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); // empty device id - EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); + EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); inGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "test dev id"); inGenericValues.Put(TokenFiledConst::FIELD_GRANT_FLAG, 0xffff); // 0xffff is test input - EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); + EXPECT_EQ(ERR_PARAM_INVALID, trans.TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); } } // namespace AccessToken diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp index 5e000228fbcf2b19573575bcf79bf3f47873bb9a..147a6e5f7c63c0db0a7180492a4a477fd6527ed6 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp @@ -43,9 +43,8 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenInfoManagerTest" -}; +static std::map g_permissionDefinitionMap; +static bool g_hasHapPermissionDefinition; static constexpr int32_t DEFAULT_API_VERSION = 8; static constexpr int USER_ID = 100; static constexpr int INST_INDEX = 0; @@ -75,20 +74,16 @@ static PermissionDef g_infoManagerTestPermDef2 = { .descriptionId = 1 }; -static PermissionStateFull g_infoManagerTestState1 = { +static PermissionStatus g_infoManagerTestState1 = { .permissionName = "open the door", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {1}, - .grantFlags = {1} + .grantStatus = 1, + .grantFlag = 1 }; -static PermissionStateFull g_infoManagerTestState2 = { +static PermissionStatus g_infoManagerTestState2 = { .permissionName = "break the door", - .isGeneral = false, - .resDeviceID = {"device 1", "device 2"}, - .grantStatus = {1, 3}, - .grantFlags = {1, 2} + .grantStatus = 1, + .grantFlag = 1 }; static HapInfoParams g_infoManagerTestInfoParms = { @@ -98,19 +93,17 @@ static HapInfoParams g_infoManagerTestInfoParms = { .appIDDesc = "testtesttesttest" }; -static HapPolicyParams g_infoManagerTestPolicyPrams1 = { +static HapPolicy g_infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain", .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} }; -static PermissionStateFull g_permState = { +static PermissionStatus g_permState = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG }; #ifdef TOKEN_SYNC_ENABLE @@ -159,10 +152,14 @@ void AccessTokenInfoManagerTest::SetUp() .distributedSceneEnable = false, }; PermissionDefinitionCache::GetInstance().Insert(infoManagerPermDefB, 1); + g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; + g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; } void AccessTokenInfoManagerTest::TearDown() { + PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; atManagerService_ = nullptr; } @@ -176,22 +173,19 @@ HWTEST_F(AccessTokenInfoManagerTest, HapTokenInfoInner001, TestSize.Level1) { AccessTokenID id = 0x20240112; HapTokenInfo info = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, .bundleName = "com.ohos.access_token", .instIndex = 1, - .appID = "testtesttesttest", - .deviceID = "deviceId", .tokenID = id, .tokenAttr = 0 }; - std::vector permStateList; + std::vector permStateList; std::shared_ptr hap = std::make_shared(id, info, permStateList); ASSERT_EQ(hap->IsRemote(), false); hap->SetRemote(true); std::vector valueList; - hap->StoreHapInfo(valueList); + hap->StoreHapInfo(valueList, "test", APL_NORMAL); hap->StorePermissionPolicy(valueList); ASSERT_EQ(hap->IsRemote(), true); @@ -237,8 +231,6 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "AddHapToken001 fill data"); - AccessTokenIDEx tokenIdEx = {0}; int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); @@ -251,6 +243,10 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo002, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); ASSERT_NE(tokenIdEx.tokenIdExStruct.tokenID, tokenIdEx1.tokenIdExStruct.tokenID); GTEST_LOG_(INFO) << "add same hap token"; + PermissionDef permDef; + ASSERT_EQ(RET_SUCCESS, + PermissionManager::GetInstance().GetDefPermission(g_infoManagerTestPermDef1.permissionName, permDef)); + ASSERT_EQ(permDef.permissionName, g_infoManagerTestPermDef1.permissionName); std::shared_ptr tokenInfo; tokenInfo = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenIdEx1.tokenIdExStruct.tokenID); @@ -276,7 +272,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo003, TestSize.Level1) HapInfoParams info = { .userID = -1 }; - HapPolicyParams policy; + HapPolicy policy; AccessTokenIDEx tokenIdEx; ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); @@ -294,7 +290,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo004, TestSize.Level1) .userID = USER_ID, .bundleName = "" }; - HapPolicyParams policy; + HapPolicy policy; AccessTokenIDEx tokenIdEx; ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); @@ -313,7 +309,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo005, TestSize.Level1) .bundleName = "ohos.com.testtesttest", .appIDDesc = "" }; - HapPolicyParams policy; + HapPolicy policy; AccessTokenIDEx tokenIdEx; ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); @@ -332,7 +328,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo006, TestSize.Level1) .bundleName = "ohos.com.testtesttest", .appIDDesc = "who cares" }; - HapPolicyParams policy = { + HapPolicy policy = { .domain = "" }; AccessTokenIDEx tokenIdEx; @@ -354,7 +350,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo007, TestSize.Level1) .dlpType = -1, .appIDDesc = "who cares" }; - HapPolicyParams policy = { + HapPolicy policy = { .domain = "who cares" }; AccessTokenIDEx tokenIdEx; @@ -387,7 +383,7 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateHapTokenInfo008, TestSize.Level1) .bundleName = "ohos.com.testtesttest", .appIDDesc = "" }; - HapPolicyParams policy = { + HapPolicy policy = { .apl = APL_NORMAL, .domain = "test.domain", .permList = {permDef} @@ -415,10 +411,11 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken001, TestSize.Level1) .isSystemApp = false, }; HapPolicyParcel hapPolicyParcel; - hapPolicyParcel.hapPolicyParameter.apl = ATokenAplEnum::APL_NORMAL; - hapPolicyParcel.hapPolicyParameter.domain = "test.domain"; + hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; + hapPolicyParcel.hapPolicy.domain = "test.domain"; AccessTokenIDEx tokenIdEx; - ASSERT_EQ(ERR_PARAM_INVALID, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx)); + HapInfoCheckResult result; + ASSERT_EQ(ERR_PARAM_INVALID, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); } /** @@ -440,10 +437,12 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken002, TestSize.Level1) .isSystemApp = false, }; HapPolicyParcel hapPolicyParcel; - hapPolicyParcel.hapPolicyParameter.apl = ATokenAplEnum::APL_NORMAL; - hapPolicyParcel.hapPolicyParameter.domain = "test.domain"; + hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; + hapPolicyParcel.hapPolicy.domain = "test.domain"; AccessTokenIDEx tokenIdEx; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx)); + HapInfoCheckResult result; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, + atManagerService_->InitHapToken(hapinfoParcel, hapPolicyParcel, tokenIdEx, result)); } /** @@ -465,39 +464,34 @@ HWTEST_F(AccessTokenInfoManagerTest, InitHapToken003, TestSize.Level1) .isSystemApp = false, }; HapPolicyParcel policy; - PermissionStateFull permissionStateA = { + PermissionStatus permissionStateA = { .permissionName = "ohos.permission.GET_ALL_APP_ACCOUNTS", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {1}, - .grantFlags = {1} + .grantStatus = 1, + .grantFlag = 1 }; - PermissionStateFull permissionStateB = { - .permissionName = "ohos.permission.PRELOAD_APPLICATION", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {1}, - .grantFlags = {1} - }; - PermissionStateFull permissionStateC = { + PermissionStatus permissionStateB = { .permissionName = "ohos.permission.test", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {1}, - .grantFlags = {1} + .grantStatus = 1, + .grantFlag = 1 }; - policy.hapPolicyParameter = { + policy.hapPolicy = { .apl = APL_NORMAL, .domain = "test", .permList = {}, - .permStateList = { permissionStateA } + .permStateList = { permissionStateA, permissionStateB } }; AccessTokenIDEx fullTokenId = {0}; - ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId)); + HapInfoCheckResult result; - policy.hapPolicyParameter.permStateList = { permissionStateB, permissionStateC }; - policy.hapPolicyParameter.aclRequestedList = { "ohos.permission.PRELOAD_APPLICATION" }; - ASSERT_EQ(RET_SUCCESS, atManagerService_->InitHapToken(info, policy, fullTokenId)); + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.GET_ALL_APP_ACCOUNTS"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_ACL_RULE); + permissionStateA.permissionName = "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"; + policy.hapPolicy.aclRequestedList = { "ohos.permission.ENTERPRISE_MANAGE_SETTINGS" }; + policy.hapPolicy.permStateList = { permissionStateA, permissionStateB }; + ASSERT_EQ(ERR_PERM_REQUEST_CFG_FAILED, atManagerService_->InitHapToken(info, policy, fullTokenId, result)); + ASSERT_EQ(result.permCheckResult.permissionName, "ohos.permission.ENTERPRISE_MANAGE_SETTINGS"); + ASSERT_EQ(result.permCheckResult.rule, PERMISSION_EDM_RULE); } /** @@ -537,44 +531,6 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenInfo001, TestSize.Level1) GTEST_LOG_(INFO) << "remove the token info"; } -/** - * @tc.name: GetHapPermissionPolicySet001 - * @tc.desc: Verify the GetHapPermissionPolicySet abnormal and normal branch. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, GetHapPermissionPolicySet001, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(permPolicySet, nullptr); - - int ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo( - g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams1, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - permPolicySet = AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(permPolicySet != nullptr, true); - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: GetNativePermissionPolicySet001 - * @tc.desc: Verify the GetNativePermissionPolicySet abnormal branch tokenID is invalid. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, GetNativePermissionPolicySet001, TestSize.Level1) -{ - AccessTokenIDEx tokenIdEx = {0}; - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(permPolicySet, nullptr); -} - /** * @tc.name: RemoveHapTokenInfo001 * @tc.desc: Verify the RemoveHapTokenInfo abnormal branch tokenID type is not true. @@ -584,14 +540,18 @@ HWTEST_F(AccessTokenInfoManagerTest, GetNativePermissionPolicySet001, TestSize.L HWTEST_F(AccessTokenInfoManagerTest, RemoveHapTokenInfo001, TestSize.Level1) { AccessTokenIDEx tokenIdEx = {0}; - ASSERT_NE(AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID), RET_SUCCESS); + // type != TOKEN_HAP + ASSERT_EQ( + ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID)); AccessTokenID tokenId = 537919487; // 537919487 is max hap tokenId: 001 00 0 000000 11111111111111111111 ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP)); - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); // count(id) == 0 + // hapTokenInfoMap_.count(id) == 0 + ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); + ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP)); AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = nullptr; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); // info is null + ASSERT_EQ(ERR_TOKEN_INVALID, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); // info == nullptr AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); std::shared_ptr info = std::make_shared(); @@ -599,6 +559,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RemoveHapTokenInfo001, TestSize.Level1) info->tokenInfoBasic_.bundleName = "com.ohos.TEST"; info->tokenInfoBasic_.instIndex = INST_INDEX; AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = info; + ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP)); // count(HapUniqueKey) == 0 ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); @@ -610,8 +571,6 @@ HWTEST_F(AccessTokenInfoManagerTest, RemoveHapTokenInfo001, TestSize.Level1) // hapTokenIdMap_[HapUniqueKey] != id ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); AccessTokenInfoManager::GetInstance().hapTokenIdMap_.erase(hapUniqueKey); - - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); } /** @@ -658,7 +617,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken001, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, ret); GTEST_LOG_(INFO) << "add a hap token"; - HapPolicyParams policy = g_infoManagerTestPolicyPrams1; + HapPolicy policy = g_infoManagerTestPolicyPrams1; policy.apl = APL_SYSTEM_BASIC; UpdateHapInfoParams info; info.appIDDesc = std::string("updateAppId"); @@ -690,7 +649,7 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken001, TestSize.Level1) HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken002, TestSize.Level1) { AccessTokenIDEx tokenIdEx = {0}; - HapPolicyParams policy = g_infoManagerTestPolicyPrams1; + HapPolicy policy = g_infoManagerTestPolicyPrams1; policy.apl = APL_SYSTEM_BASIC; UpdateHapInfoParams info; info.appIDDesc = std::string(""); @@ -720,12 +679,12 @@ HWTEST_F(AccessTokenInfoManagerTest, UpdateHapToken003, TestSize.Level1) std::shared_ptr info = std::make_shared(); info->isRemote_ = true; AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = info; - HapPolicyParams policy; + HapPolicy policy; UpdateHapInfoParams hapInfoParams; hapInfoParams.appIDDesc = "who cares"; hapInfoParams.apiVersion = DEFAULT_API_VERSION; hapInfoParams.isSystemApp = false; - ASSERT_NE(0, AccessTokenInfoManager::GetInstance().UpdateHapToken( + ASSERT_EQ(ERR_IDENTITY_CHECK_FAILED, AccessTokenInfoManager::GetInstance().UpdateHapToken( tokenIdEx, hapInfoParams, policy.permStateList, policy.apl, policy.permList)); AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); } @@ -768,7 +727,6 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenSync002, TestSize.Level1) { AccessTokenID tokenId = 537919487; // 537919487 is max hap tokenId: 001 00 0 000000 11111111111111111111 std::shared_ptr info = std::make_shared(); - info->permPolicySet_ = nullptr; AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = info; HapTokenInfoForSync hapSync; ASSERT_NE(0, AccessTokenInfoManager::GetInstance().GetHapTokenSync(tokenId, hapSync)); @@ -816,7 +774,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RemoteHapTest001, TestSize.Level1) std::string deviceId2 = "device_2"; AccessTokenID mapID = AccessTokenInfoManager::GetInstance().AllocLocalTokenID(deviceId, tokenIdEx.tokenIdExStruct.tokenID); - ASSERT_EQ(mapID == 0, true); + ASSERT_EQ(mapID, 0); HapTokenInfoForSync hapSync; ret = AccessTokenInfoManager::GetInstance().GetHapTokenInfoFromRemote(tokenIdEx.tokenIdExStruct.tokenID, hapSync); ASSERT_EQ(RET_SUCCESS, ret); @@ -868,7 +826,7 @@ HWTEST_F(AccessTokenInfoManagerTest, DeleteRemoteToken001, TestSize.Level1) static bool SetRemoteHapTokenInfoTest(const std::string& deviceID, const HapTokenInfo& baseInfo) { - std::vector permStateList; + std::vector permStateList; permStateList.emplace_back(g_infoManagerTestState1); HapTokenInfoForSync remoteTokenInfo = { .baseInfo = baseInfo, @@ -888,13 +846,10 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) { std::string deviceID = "deviceId"; HapTokenInfo rightBaseInfo = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, .bundleName = "com.ohos.access_token", .instIndex = 1, - .appID = "testtesttesttest", - .deviceID = "deviceId", .tokenID = 0x20100000, .tokenAttr = 0 }; @@ -903,13 +858,6 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) EXPECT_EQ(false, SetRemoteHapTokenInfoTest("", wrongBaseInfo)); - wrongBaseInfo.apl = (ATokenAplEnum)11; // wrong apl - EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.deviceID = wrongStr; // wrong deviceID - EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); - wrongBaseInfo = rightBaseInfo; wrongBaseInfo.userID = -1; // wrong userID EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); @@ -923,11 +871,7 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.appID = wrongStr; // wrong appID - EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); - - wrongBaseInfo = rightBaseInfo; - wrongBaseInfo.dlpType = (HapDlpType)11;; // wrong dlpType + wrongBaseInfo.dlpType = (HapDlpType)11; // wrong dlpType EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); wrongBaseInfo = rightBaseInfo; @@ -939,6 +883,25 @@ HWTEST_F(AccessTokenInfoManagerTest, SetRemoteHapTokenInfo001, TestSize.Level1) EXPECT_EQ(false, SetRemoteHapTokenInfoTest(deviceID, wrongBaseInfo)); } +/** + * @tc.name: ClearUserGrantedPermissionState001 + * @tc.desc: AccessTokenInfoManagerTest::ClearUserGrantedPermissionState function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, ClearUserGrantedPermissionState001, TestSize.Level1) +{ + AccessTokenID tokenId = 123; // 123 is random input + + std::shared_ptr hap = std::make_shared(); + ASSERT_NE(nullptr, hap); + AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = hap; + + AccessTokenInfoManager::GetInstance().ClearUserGrantedPermissionState(tokenId); // permPolicySet is null + + AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); +} + /** * @tc.name: NotifyTokenSyncTask001 * @tc.desc: TokenModifyNotifier::NotifyTokenSyncTask function test @@ -967,6 +930,7 @@ HWTEST_F(AccessTokenInfoManagerTest, NotifyTokenSyncTask001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -988,6 +952,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve atManagerService_->UnRegisterTokenSyncCallback()); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackObject_); EXPECT_EQ(nullptr, TokenModifyNotifier::GetInstance().tokenSyncCallbackDeathRecipient_); + setuid(0); } /** @@ -998,6 +963,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback001, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, @@ -1040,6 +1006,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve TokenModifyNotifier::GetInstance().deleteTokenList_ = deleteTokenList; EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); + setuid(0); } /** @@ -1050,6 +1017,7 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenSyncCallback002, TestSize.Leve */ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) { + setuid(3020); sptr callback = new (std::nothrow) TokenSyncCallbackMock(); ASSERT_NE(nullptr, callback); EXPECT_EQ(RET_SUCCESS, atManagerService_->RegisterTokenSyncCallback(callback->AsObject())); @@ -1064,6 +1032,7 @@ HWTEST_F(AccessTokenInfoManagerTest, GetRemoteHapTokenInfo001, TestSize.Level1) .GetRemoteHapTokenInfo("invalid_id", 0)); // this is a test input EXPECT_EQ(RET_SUCCESS, atManagerService_->UnRegisterTokenSyncCallback()); + setuid(0); } /** @@ -1112,42 +1081,6 @@ HWTEST_F(AccessTokenInfoManagerTest, CreateRemoteHapTokenInfo001, TestSize.Level AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(123); } -/** - * @tc.name: SetRemoteNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::SetRemoteNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, SetRemoteNativeTokenInfo001, TestSize.Level1) -{ - std::string deviceID; - std::vector nativeTokenInfoList; - - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, - nativeTokenInfoList)); // deviceID invalid - - deviceID = "dev-001"; - NativeTokenInfo info; - info.apl = ATokenAplEnum::APL_NORMAL; - info.ver = DEFAULT_TOKEN_VERSION; - info.processName = "what's this"; - info.dcap = {"what's this"}; - info.tokenID = 672137215; // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - NativeTokenInfoForSync sync; - sync.baseInfo = info; - nativeTokenInfoList.emplace_back(sync); - - AccessTokenRemoteDevice device; - device.DeviceID_ = deviceID; - // 672137215 is remoteID 123 is mapID - device.MappingTokenIDPairMap_.insert(std::pair(672137215, 123)); - AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_[deviceID] = device; - - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, - nativeTokenInfoList)); // has maped - AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_.erase(deviceID); -} - /** * @tc.name: DeleteRemoteToken002 * @tc.desc: AccessTokenInfoManager::DeleteRemoteToken function test @@ -1163,7 +1096,7 @@ HWTEST_F(AccessTokenInfoManagerTest, DeleteRemoteToken002, TestSize.Level1) AccessTokenInfoManager::GetInstance().DeleteRemoteToken("", tokenID)); AccessTokenRemoteDevice device; - device.DeviceID_ = deviceID; + device.deviceID_ = deviceID; // 537919487 is max hap tokenId: 001 00 0 000000 11111111111111111111 device.MappingTokenIDPairMap_.insert(std::pair(tokenID, 537919487)); AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_[deviceID] = device; @@ -1440,7 +1373,7 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo002, TestSize.Level1) .instIndex = INST_INDEX, .appIDDesc = "accesstoken_info_manager_test" }; - HapPolicyParams policy = { + HapPolicy policy = { .apl = APL_NORMAL, .domain = "domain" }; @@ -1468,94 +1401,6 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapTokenID002, TestSize.Level1) ASSERT_EQ(static_cast(0), tokenIdEx.tokenIDEx); } -/** - * @tc.name: AddNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::AddNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: issueI62M6G - */ -HWTEST_F(AccessTokenInfoManagerTest, AddNativeTokenInfo001, TestSize.Level1) -{ - std::shared_ptr info = nullptr; - ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(info)); // info is null - - AccessTokenID tokenId = AccessTokenInfoManager::GetInstance().GetNativeTokenId("accesstoken_service"); - info = std::make_shared(); - info->tokenInfoBasic_.tokenID = tokenId; - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(info)); // count(id) > 0 - - // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - info->tokenInfoBasic_.tokenID = 672137215; - info->tokenInfoBasic_.processName = "accesstoken_service"; - // 672137214 is max-1 native tokenId: 001 01 0 000000 11111111111111111110 - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[672137214] = info; - // count(processName) > 0 - ASSERT_EQ(ERR_PROCESS_NOT_EXIST, AccessTokenInfoManager::GetInstance().AddNativeTokenInfo(info)); - - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_.erase(672137214); -} - -/** - * @tc.name: RemoveNativeTokenInfo001 - * @tc.desc: AccessTokenInfoManager::RemoveNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: issueI62M6G - */ -HWTEST_F(AccessTokenInfoManagerTest, RemoveNativeTokenInfo001, TestSize.Level1) -{ - AccessTokenID tokenId = 672137215; // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); // count(id) == 0 - - std::shared_ptr info = std::make_shared(); - info->isRemote_ = true; - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[tokenId] = info; - ASSERT_NE(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); // remote is true - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_.erase(tokenId); - - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE)); - info->isRemote_ = false; - info->tokenInfoBasic_.processName = "testtesttest"; - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[tokenId] = info; - // count(processName) == 0 - ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId)); // erase in function - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); -} - -/** - * @tc.name: TryUpdateExistNativeToken001 - * @tc.desc: AccessTokenInfoManager::TryUpdateExistNativeToken function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, TryUpdateExistNativeToken001, TestSize.Level1) -{ - std::shared_ptr infoPtr = nullptr; - ASSERT_EQ(false, AccessTokenInfoManager::GetInstance().TryUpdateExistNativeToken(infoPtr)); // infoPtr is null -} - -/** - * @tc.name: ProcessNativeTokenInfos001 - * @tc.desc: AccessTokenInfoManager::ProcessNativeTokenInfos function test AddNativeTokenInfo fail - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, ProcessNativeTokenInfos001, TestSize.Level1) -{ - AccessTokenID tokenId = 672137215; // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - AccessTokenID tokenId2 = 672137214; // 672137214: 001 01 0 000000 11111111111111111110 - std::vector> tokenInfos; - std::shared_ptr info = std::make_shared(); - info->tokenInfoBasic_.tokenID = tokenId2; - info->tokenInfoBasic_.processName = "testtesttest"; - ASSERT_NE("", info->tokenInfoBasic_.processName); - tokenInfos.emplace_back(info); - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[tokenId] = info; - AccessTokenInfoManager::GetInstance().nativeTokenIdMap_["testtesttest"] = tokenId; - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_.erase(tokenId); - AccessTokenInfoManager::GetInstance().nativeTokenIdMap_.erase("testtesttest"); -} - /** * @tc.name: Insert001 * @tc.desc: PermissionDefinitionCache::Insert function test @@ -1659,35 +1504,23 @@ HWTEST_F(AccessTokenInfoManagerTest, IsPermissionStateValid001, TestSize.Level1) std::string deviceID = "dev-001"; int grantState = PermissionState::PERMISSION_DENIED; uint32_t grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG; - - std::vector resDeviceID; - std::vector grantStates; - std::vector grantFlags; - - resDeviceID.emplace_back(deviceID); - grantStates.emplace_back(grantState); - grantFlags.emplace_back(grantFlag); - - PermissionStateFull permState = { + PermissionStatus permState = { .permissionName = permissionName, - .isGeneral = false, - .resDeviceID = resDeviceID, - .grantStatus = grantStates, - .grantFlags = grantFlags + .grantStatus = grantState, + .grantFlag = grantFlag }; ASSERT_EQ(false, PermissionValidator::IsPermissionStateValid(permState)); // permissionName empty permState.permissionName = "com.ohos.TEST"; - permState.resDeviceID.emplace_back("dev-002"); - // deviceID nums not equal status nums or flag nums + permState.grantStatus = 1; // 1: invalid status ASSERT_EQ(false, PermissionValidator::IsPermissionStateValid(permState)); - permState.grantStatus.emplace_back(PermissionState::PERMISSION_DENIED); - // deviceID nums not equal flag nums + permState.grantStatus = grantState; + permState.grantFlag = -1; // -1: invalid flag ASSERT_EQ(false, PermissionValidator::IsPermissionStateValid(permState)); - permState.grantFlags.emplace_back(PermissionFlag::PERMISSION_DEFAULT_FLAG); + permState.grantFlag = grantFlag; ASSERT_EQ(true, PermissionValidator::IsPermissionStateValid(permState)); } @@ -1723,158 +1556,6 @@ HWTEST_F(AccessTokenInfoManagerTest, FilterInvalidPermissionDef001, TestSize.Lev ASSERT_EQ(static_cast(1), result.size()); } -/** - * @tc.name: DeduplicateResDevID001 - * @tc.desc: PermissionValidator::DeduplicateResDevID function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, DeduplicateResDevID001, TestSize.Level1) -{ - GTEST_LOG_(INFO) << "DeduplicateResDevID001"; - PermissionStateFull permState = { - .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - GTEST_LOG_(INFO) << "DeduplicateResDevID001_1"; - ASSERT_EQ(static_cast(2), permState.resDeviceID.size()); - - std::vector permList; - permList.emplace_back(permState); - std::vector result; - GTEST_LOG_(INFO) << "DeduplicateResDevID001_2"; - PermissionValidator::FilterInvalidPermissionState(TOKEN_NATIVE, false, permList, result); // resDevId.count != 0 - GTEST_LOG_(INFO) << "DeduplicateResDevID001_3"; - ASSERT_EQ(static_cast(1), result[0].resDeviceID.size()); -} - -/** - * @tc.name: Update001 - * @tc.desc: PermissionPolicySet::Update function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, Update001, TestSize.Level1) -{ - PermissionStateFull perm1 = { - .permissionName = "ohos.permission.TEST1", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - PermissionStateFull perm2 = { - .permissionName = "ohos.permission.TEST2", - .isGeneral = true, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - PermissionStateFull perm3 = { - .permissionName = "ohos.permission.TEST1", - .isGeneral = true, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - ASSERT_EQ(false, perm1.permissionName == perm2.permissionName); - ASSERT_EQ(true, perm1.permissionName == perm3.permissionName); - ASSERT_EQ(false, perm1.isGeneral == perm3.isGeneral); - - AccessTokenID tokenId = 123; // 123 is random input - std::vector permStateList1; - permStateList1.emplace_back(perm1); - std::vector permStateList2; - permStateList1.emplace_back(perm2); - std::vector permStateList3; - permStateList1.emplace_back(perm3); - - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList1); - - policySet->Update(permStateList2); // iter reach end - policySet->Update(permStateList3); // permNew.isGeneral != permOld.isGeneral -} - -/** - * @tc.name: RestorePermissionPolicy001 - * @tc.desc: PermissionPolicySet::RestorePermissionPolicy function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, RestorePermissionPolicy001, TestSize.Level1) -{ - GenericValues value1; - value1.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input - value1.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, true); - value1.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); - value1.Put(TokenFiledConst::FIELD_DEVICE_ID, "dev-001"); - value1.Put(TokenFiledConst::FIELD_GRANT_STATE, static_cast(3)); - value1.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); - - AccessTokenID tokenId = 123; // 123 is random input - std::vector permStateRes1; - permStateRes1.emplace_back(value1); - - std::shared_ptr policySet = PermissionPolicySet::RestorePermissionPolicy(tokenId, - permStateRes1); // ret != RET_SUCCESS - - ASSERT_EQ(tokenId, policySet->tokenId_); - - GenericValues value2; - value2.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input - value2.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, true); - value2.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); - value2.Put(TokenFiledConst::FIELD_DEVICE_ID, "dev-002"); - value2.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); - value2.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); - GenericValues value3; - value3.Put(TokenFiledConst::FIELD_TOKEN_ID, 123); // 123 is random input - value3.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, true); - value3.Put(TokenFiledConst::FIELD_PERMISSION_NAME, "ohos.permission.CAMERA"); - value3.Put(TokenFiledConst::FIELD_DEVICE_ID, "dev-003"); - value3.Put(TokenFiledConst::FIELD_GRANT_STATE, PermissionState::PERMISSION_DENIED); - value3.Put(TokenFiledConst::FIELD_GRANT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG); - - std::vector permStateRes2; - permStateRes2.emplace_back(value2); - permStateRes2.emplace_back(value3); - - std::shared_ptr policySet2 = PermissionPolicySet::RestorePermissionPolicy(tokenId, - permStateRes2); // state.permissionName == iter->permissionName - ASSERT_EQ(static_cast(2), policySet2->permStateList_[0].resDeviceID.size()); -} - -/** - * @tc.name: VerifyPermissionStatus001 - * @tc.desc: PermissionPolicySet::VerifyPermissionStatus function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, VerifyPermissionStatus001, TestSize.Level1) -{ - PermissionStateFull perm = { - .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - - AccessTokenID tokenId = 123; // 123 is random input - std::vector permStateList; - permStateList.emplace_back(perm); - - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); - - // isGeneral is false - ASSERT_EQ(PermissionState::PERMISSION_DENIED, policySet->VerifyPermissionStatus("ohos.permission.TEST")); -} - /** * @tc.name: QueryPermissionFlag001 * @tc.desc: PermissionPolicySet::QueryPermissionFlag function test @@ -1895,33 +1576,23 @@ HWTEST_F(AccessTokenInfoManagerTest, QueryPermissionFlag001, TestSize.Level1) .description = "description", .descriptionId = 1 }; - PermissionStateFull perm = { + PermissionStatus perm = { .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG }; AccessTokenID tokenId = 0x280bc140; // 0x280bc140 is random native PermissionDefinitionCache::GetInstance().Insert(def, tokenId); - std::vector permStateList; + std::vector permStateList; permStateList.emplace_back(perm); - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(tokenId, permStateList, true); // perm.permissionName != permissionName - int flag = 0; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, policySet->QueryPermissionFlag("ohos.permission.TEST1", flag)); - // isGeneral is false - ASSERT_EQ(ERR_PARAM_INVALID, policySet->QueryPermissionFlag("ohos.permission.TEST", flag)); - - perm.isGeneral = true; - std::shared_ptr policySet1 = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); - // isGeneral is true - ASSERT_EQ(ERR_PARAM_INVALID, policySet1->QueryPermissionFlag("ohos.permission.TEST", flag)); + uint32_t flag = 0; + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, + PermissionDataBrief::GetInstance().QueryPermissionFlag(tokenId, "ohos.permission.TEST1", flag)); } /** @@ -1932,59 +1603,46 @@ HWTEST_F(AccessTokenInfoManagerTest, QueryPermissionFlag001, TestSize.Level1) */ HWTEST_F(AccessTokenInfoManagerTest, UpdatePermissionStatus001, TestSize.Level1) { - PermissionStateFull perm = { - .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} + PermissionStatus perm = { + .permissionName = "ohos.permission.CAMERA", + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG }; AccessTokenID tokenId = 789; // 789 is random input - std::vector permStateList; + std::vector permStateList; permStateList.emplace_back(perm); - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(tokenId, permStateList, true); // iter reach the end bool isGranted = false; uint32_t flag = PermissionFlag::PERMISSION_DEFAULT_FLAG; - ASSERT_EQ(ERR_PARAM_INVALID, policySet->UpdatePermissionStatus("ohos.permission.TEST1", - isGranted, flag)); - - // isGeneral is false - ASSERT_EQ(RET_SUCCESS, policySet->UpdatePermissionStatus("ohos.permission.TEST", - isGranted, flag)); -} - -/** - * @tc.name: ResetUserGrantPermissionStatus001 - * @tc.desc: PermissionPolicySet::ResetUserGrantPermissionStatus function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, ResetUserGrantPermissionStatus001, TestSize.Level1) -{ - PermissionStateFull perm = { - .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001", "dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG, PermissionFlag::PERMISSION_DEFAULT_FLAG} - }; - - AccessTokenID tokenId = 1011; // 1011 is random input - std::vector permStateList; - permStateList.emplace_back(perm); + bool changed = false; + + // permission is invalid + ASSERT_EQ(ERR_PARAM_INVALID, PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenId, + "ohos.permission.TEST1", isGranted, flag, changed)); + // flag != PERMISSION_COMPONENT_SET + flag = PermissionFlag::PERMISSION_DEFAULT_FLAG; + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenId, + "ohos.permission.CAMERA", isGranted, flag, changed)); + + // flag == PERMISSION_COMPONENT_SET + flag = PermissionFlag::PERMISSION_COMPONENT_SET; + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenId, + "ohos.permission.CAMERA", isGranted, flag, changed)); - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); - ASSERT_EQ(tokenId, policySet->tokenId_); + // flag == PERMISSION_SYSTEM_FIXED + flag = PermissionFlag::PERMISSION_SYSTEM_FIXED; + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenId, + "ohos.permission.CAMERA", isGranted, flag, changed)); - // isGeneral is false - policySet->ResetUserGrantPermissionStatus(); + // Permission fixed by system + flag = PermissionFlag::PERMISSION_DEFAULT_FLAG; + ASSERT_EQ(ERR_PARAM_INVALID, PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenId, + "ohos.permission.CAMERA", isGranted, flag, changed)); } /** @@ -1996,17 +1654,19 @@ HWTEST_F(AccessTokenInfoManagerTest, ResetUserGrantPermissionStatus001, TestSize HWTEST_F(AccessTokenInfoManagerTest, PermStateFullToString001, TestSize.Level1) { AccessTokenID tokenId = 123; // 123 is random input - std::vector permStateList; + std::vector permStateList; permStateList.emplace_back(g_permState); - std::shared_ptr policySet = PermissionPolicySet::BuildPermissionPolicySet(tokenId, - permStateList); + PermissionDataBrief::GetInstance().AddPermToBriefPermission(tokenId, permStateList, true); - ASSERT_EQ(tokenId, policySet->tokenId_); + std::vector briefPermDataList; + ASSERT_EQ(RET_SUCCESS, PermissionDataBrief::GetInstance().GetBriefPermDataByTokenId(tokenId, briefPermDataList)); std::string info; + std::vector permList; // iter != end - 1 - policySet->PermStateFullToString(g_permState, info); + HapTokenInfoInner::PermToString(permList, permStateList, info); + ASSERT_TRUE(!info.empty()); } #ifdef TOKEN_SYNC_ENABLE @@ -2040,7 +1700,7 @@ HWTEST_F(AccessTokenInfoManagerTest, MapRemoteDeviceTokenToLocal001, TestSize.Le std::map MappingTokenIDPairMap; MappingTokenIDPairMap[537919487] = 456; // 456 is random input AccessTokenRemoteDevice device = { - .DeviceID_ = "dev-001", + .deviceID_ = "dev-001", .MappingTokenIDPairMap_ = MappingTokenIDPairMap }; AccessTokenRemoteTokenManager::GetInstance().remoteDeviceMap_["dev-001"] = device; @@ -2121,90 +1781,6 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenObservation001, TestSize.Level1) } #endif -/** - * @tc.name: RestoreNativeTokenInfo001 - * @tc.desc: NativeTokenInfoInner::RestoreNativeTokenInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, RestoreNativeTokenInfo001, TestSize.Level1) -{ - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - - std::string info; - native->ToString(info); // permPolicySet_ is null - - AccessTokenID tokenId = 0; - std::string processName; - int apl = static_cast(ATokenAplEnum::APL_INVALID); - int version = 10; // 10 is random input which only need not equal 1 - std::vector dcap; - std::vector nativeAcls; - std::vector permStateList; - GenericValues inGenericValues; - std::vector permStateRes; - - // processName invalid - TokenInfo tokenInfo = { - .id = tokenId, - .processName = processName, - .apl = apl - }; - ASSERT_NE(RET_SUCCESS, native->Init(tokenInfo, dcap, nativeAcls, permStateList)); - - inGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, processName); - // processName invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); - inGenericValues.Remove(TokenFiledConst::FIELD_PROCESS_NAME); - - tokenInfo.processName = "token_sync"; - // apl invalid - ASSERT_NE(RET_SUCCESS, native->Init(tokenInfo, dcap, nativeAcls, permStateList)); - - inGenericValues.Put(TokenFiledConst::FIELD_PROCESS_NAME, processName); - inGenericValues.Put(TokenFiledConst::FIELD_APL, apl); - // apl invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); - inGenericValues.Remove(TokenFiledConst::FIELD_APL); - - apl = static_cast(ATokenAplEnum::APL_NORMAL); - inGenericValues.Put(TokenFiledConst::FIELD_APL, apl); - inGenericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, version); - // version invalid - ASSERT_NE(RET_SUCCESS, native->RestoreNativeTokenInfo(tokenId, inGenericValues, permStateRes)); -} - -/** - * @tc.name: Init001 - * @tc.desc: NativeTokenInfoInner::Init function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, Init001, TestSize.Level1) -{ - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - - AccessTokenID tokenId = 0; - std::string processName = "tdd_0112"; - int apl = static_cast(ATokenAplEnum::APL_NORMAL); - std::vector dcap; - std::vector nativeAcls; - std::vector permStateList; - - // processName invalid - TokenInfo tokenInfo = { - .id = tokenId, - .processName = processName, - .apl = apl - }; - ASSERT_EQ(RET_SUCCESS, native->Init(tokenInfo, dcap, nativeAcls, permStateList)); - native->GetNativeAcls(); - native->SetRemote(true); - ASSERT_EQ(true, native->IsRemote()); -} - /** * @tc.name: RestoreHapTokenInfo001 * @tc.desc: HapTokenInfoInner::RestoreHapTokenInfo function test @@ -2222,20 +1798,19 @@ HWTEST_F(AccessTokenInfoManagerTest, RestoreHapTokenInfo001, TestSize.Level1) std::string bundleName; std::string appIDDesc; std::string deviceID; - int aplNum = static_cast(ATokenAplEnum::APL_INVALID); int version = 10; // 10 is random input which only need not equal 1 - HapPolicyParams policy; + HapPolicy policy; UpdateHapInfoParams hapInfo; hapInfo.apiVersion = DEFAULT_API_VERSION; hapInfo.isSystemApp = false; - hap->Update(hapInfo, policy.permStateList, policy.apl); // permPolicySet_ is null + hap->Update(hapInfo, policy.permStateList); // permPolicySet_ is null std::string info; hap->ToString(info); // permPolicySet_ is null std::vector hapInfoValues; std::vector permStateValues; - hap->StoreHapInfo(hapInfoValues); + hap->StoreHapInfo(hapInfoValues, "test", APL_NORMAL); hap->StorePermissionPolicy(permStateValues); // permPolicySet_ is null @@ -2246,26 +1821,6 @@ HWTEST_F(AccessTokenInfoManagerTest, RestoreHapTokenInfo001, TestSize.Level1) bundleName = "com.ohos.permissionmanger"; tokenValue.Put(TokenFiledConst::FIELD_BUNDLE_NAME, bundleName); - tokenValue.Put(TokenFiledConst::FIELD_APP_ID, appIDDesc); - // appID invalid - ASSERT_EQ(ERR_PARAM_INVALID, hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes)); - tokenValue.Remove(TokenFiledConst::FIELD_APP_ID); - - appIDDesc = "what's this"; - tokenValue.Put(TokenFiledConst::FIELD_APP_ID, appIDDesc); - tokenValue.Put(TokenFiledConst::FIELD_DEVICE_ID, deviceID); - // deviceID invalid - ASSERT_EQ(ERR_PARAM_INVALID, hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes)); - tokenValue.Remove(TokenFiledConst::FIELD_DEVICE_ID); - - deviceID = "dev-001"; - tokenValue.Put(TokenFiledConst::FIELD_DEVICE_ID, deviceID); - tokenValue.Put(TokenFiledConst::FIELD_APL, aplNum); - // apl invalid - ASSERT_EQ(ERR_PARAM_INVALID, hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes)); - - aplNum = static_cast(ATokenAplEnum::APL_NORMAL); - tokenValue.Put(TokenFiledConst::FIELD_APL, aplNum); tokenValue.Put(TokenFiledConst::FIELD_TOKEN_VERSION, version); // version invalid ASSERT_EQ(ERR_PARAM_INVALID, hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes)); @@ -2296,42 +1851,6 @@ HWTEST_F(AccessTokenInfoManagerTest, RegisterTokenId001, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID)); } -/** - * @tc.name: DumpTokenInfo005 - * @tc.desc: AccessTokenInfoManager::DumpTokenInfo function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo005, TestSize.Level1) -{ - AccessTokenID tokenId = 537919487; // 537919487 is max hap tokenId: 001 00 0 000000 11111111111111111111 - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP)); - std::string dumpInfo; - AtmToolsParamInfo info; - info.tokenId = tokenId; - AccessTokenInfoManager::GetInstance().DumpTokenInfo(info, dumpInfo); // hap infoPtr is null - ASSERT_EQ("", dumpInfo); - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - - tokenId = 672137215; // 672137215 is max native tokenId: 001 01 0 000000 11111111111111111111 - ASSERT_EQ(RET_SUCCESS, AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE)); - info.tokenId = tokenId; - AccessTokenInfoManager::GetInstance().DumpTokenInfo(info, dumpInfo); // native infoPtr is null - ASSERT_EQ("", dumpInfo); - AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); - - std::shared_ptr hap = nullptr; - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[537919487] = hap; - info.tokenId = static_cast(0); - AccessTokenInfoManager::GetInstance().DumpTokenInfo(info, dumpInfo); // iter->second is null - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(537919487); - - std::shared_ptr native = nullptr; - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[672137215] = native; - AccessTokenInfoManager::GetInstance().DumpTokenInfo(info, dumpInfo); // iter->second is null - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_.erase(672137215); -} - /** * @tc.name: ClearAllSecCompGrantedPerm001 * @tc.desc: ClearAllSecCompGrantedPerm function test @@ -2346,37 +1865,21 @@ HWTEST_F(AccessTokenInfoManagerTest, ClearAllSecCompGrantedPerm001, TestSize.Lev ASSERT_EQ(RET_SUCCESS, ret); AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - ASSERT_EQ( - PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); + ASSERT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); PermissionManager::GetInstance().GrantPermission(tokenId, "ohos.permission.LOCATION", PERMISSION_COMPONENT_SET); - ASSERT_EQ( - PERMISSION_GRANTED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); std::string deviceId; atManagerService_->OnRemoveSystemAbility(SECURITY_COMPONENT_SERVICE_ID, deviceId); - ASSERT_EQ( - PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); + ASSERT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, "ohos.permission.LOCATION")); // delete test token ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } -/** - * @tc.name: ClearAllSecCompGrantedPerm002 - * @tc.desc: PermissionManager::ClearAllSecCompGrantedPerm function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(AccessTokenInfoManagerTest, ClearAllSecCompGrantedPerm002, TestSize.Level1) -{ - AccessTokenID tokenId = 123; // 123 is random input - std::vector idList; - idList.emplace_back(tokenId); - PermissionManager::GetInstance().ClearAllSecCompGrantedPerm(idList); // permPolicySet is null - auto tokenInfoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId); - ASSERT_EQ(tokenInfoPtr, nullptr); -} - /** * @tc.name: SetPermDialogCap001 * @tc.desc: SetPermDialogCap with HapUniqueKey not exist @@ -2478,8 +1981,8 @@ HWTEST_F(AccessTokenInfoManagerTest, AllocHapToken001, TestSize.Level1) .isSystemApp = false, }; HapPolicyParcel hapPolicyParcel; - hapPolicyParcel.hapPolicyParameter.apl = ATokenAplEnum::APL_NORMAL; - hapPolicyParcel.hapPolicyParameter.domain = "test.domain"; + hapPolicyParcel.hapPolicy.apl = ATokenAplEnum::APL_NORMAL; + hapPolicyParcel.hapPolicy.domain = "test.domain"; AccessTokenIDEx tokenIDEx = atManagerService_->AllocHapToken(hapinfoParcel, hapPolicyParcel); ASSERT_EQ(INVALID_TOKENID, tokenIDEx.tokenIDEx); @@ -2559,6 +2062,225 @@ HWTEST_F(AccessTokenInfoManagerTest, OnRemoteRequest001, TestSize.Level1) atManagerService_->requestFuncMap_ = oldMap; } + +/** + * @tc.name: VerifyNativeAccessToken001 + * @tc.desc: AccessTokenInfoManagerTest::VerifyNativeAccessToken function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, VerifyNativeAccessToken001, TestSize.Level1) +{ + AccessTokenID tokenId = 0x280bc142; // 0x280bc142 is random input + std::string permissionName = "ohos.permission.INVALID_AA"; + AccessTokenID tokenId1 = AccessTokenInfoManager::GetInstance().GetNativeTokenId("accesstoken_service"); + // tokenId is not exist + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); + + // permission is not defined and permissionHap is not installed + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); + + // permission is not defined and permissionHap is installed + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); + + permissionName = "ohos.permission.CAMERA"; + // permission is not request + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); + + // tokenId is native token, and permission is defined + PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery + PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = true; + ASSERT_EQ(PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty(), false); + ASSERT_EQ(PermissionState::PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); + + permissionName = "ohos.permission.KILL_APP_PROCESSES"; + ASSERT_EQ(PermissionState::PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyNativeAccessToken(tokenId1, permissionName)); +} + +/** + * @tc.name: VerifyAccessToken001 + * @tc.desc: AccessTokenInfoManagerTest::VerifyAccessToken function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, VerifyAccessToken001, TestSize.Level1) +{ + AccessTokenID tokenId = 0; + std::string permissionName; + // tokenID invalid + ASSERT_EQ(PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); + + tokenId = 940572671; // 940572671 is max butt tokenId: 001 11 0 000000 11111111111111111111 + // permissionName invalid + ASSERT_EQ(PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); + + // tokenID invalid + permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(PERMISSION_DENIED, AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); +} + +/** + * @tc.name: GetAppId001 + * @tc.desc: AccessTokenInfoManagerTest::VerifyAccessToken function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, GetAppId001, TestSize.Level1) +{ + HapInfoParams info = { + .userID = USER_ID, + .bundleName = "accesstoken_info_manager_test", + .instIndex = INST_INDEX, + .appIDDesc = "accesstoken_info_manager_test" + }; + HapPolicy policy = { + .apl = APL_NORMAL, + .domain = "domain" + }; + AccessTokenIDEx tokenIdEx = {0}; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + std::string appId; + int ret = AccessTokenInfoManager::GetInstance().GetHapAppIdByTokenId(tokenIdEx.tokenIdExStruct.tokenID, appId); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(appId, "accesstoken_info_manager_test"); + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID)); +} + + +/** + * @tc.name: SetPermissionRequestToggleStatus001 + * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with invalid permissionName, invalid + * status and invalid userID. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, SetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = -1; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + std::string permissionName = "ohos.permission.CAMERA"; + + // UserId is invalid. + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission name is invalid. + userID = 123; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "", status, userID)); + + // PermissionName is not defined. + permissionName = "ohos.permission.invalid"; + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission is system_grant. + permissionName = "ohos.permission.USE_BLUETOOTH"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Status is invalid. + status = -1; + permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: SetPermissionRequestToggleStatus002 + * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with normal process. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, SetPermissionRequestToggleStatus002, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t status = PermissionRequestToggleStatus::CLOSED; + std::string permissionName = "ohos.permission.CAMERA"; + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); + + status = PermissionRequestToggleStatus::OPEN; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus001 + * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with invalid userID, invalid permission + * name. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus001, TestSize.Level1) +{ + int32_t userID = -1; + uint32_t status; + std::string permissionName = "ohos.permission.CAMERA"; + + // UserId is invalid. + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // PermissionName is invalid. + userID = 123; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "", status, userID)); + + // PermissionName is not defined. + permissionName = "ohos.permission.invalid"; + ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); + + // Permission is system_grant. + permissionName = "ohos.permission.USE_BLUETOOTH"; + ASSERT_EQ(ERR_PARAM_INVALID, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + permissionName, status, userID)); +} + +/** + * @tc.name: GetPermissionRequestToggleStatus002 + * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with normal process. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(AccessTokenInfoManagerTest, GetPermissionRequestToggleStatus002, TestSize.Level1) +{ + int32_t userID = 123; + uint32_t setStatusClose = PermissionRequestToggleStatus::CLOSED; + uint32_t setStatusOpen = PermissionRequestToggleStatus::OPEN; + uint32_t getStatus; + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusOpen, getStatus); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", setStatusClose, userID)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusClose, getStatus); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", setStatusOpen, userID)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus( + "ohos.permission.CAMERA", getStatus, userID)); + + ASSERT_EQ(setStatusOpen, getStatus); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/multi_thread_test.cpp b/services/accesstokenmanager/test/unittest/multi_thread_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..40a2eccf9ebd0e7e09b533caa478d415851e14ac --- /dev/null +++ b/services/accesstokenmanager/test/unittest/multi_thread_test.cpp @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "multi_thread_test.h" + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#define private public +#include "accesstoken_id_manager.h" +#undef private +#include "permission_validator.h" +#include "string_ex.h" +#include "token_setproc.h" + + +using namespace testing::ext; +using namespace testing::mt; +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +bool g_register = false; +static std::set g_tokenIdSet; +static constexpr int32_t TEST_TOKEN_ID_1 = 537800000; +static constexpr int32_t TEST_TOKEN_ID_2 = 537900000; +static constexpr int32_t MULTI_CYCLE_TIMES = 1000; +} + +void AccessTokenMultiThreadTest::SetUpTestCase() +{ +} + +void AccessTokenMultiThreadTest::TearDownTestCase() +{ +} + +void AccessTokenMultiThreadTest::SetUp() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "SetUp ok."); + g_tokenIdSet = AccessTokenIDManager::GetInstance().tokenIdSet_; + AccessTokenIDManager::GetInstance().tokenIdSet_.clear(); +} + +void AccessTokenMultiThreadTest::TearDown() +{ + AccessTokenIDManager::GetInstance().tokenIdSet_ = g_tokenIdSet; // recovery +} + +void TestRegisterTokenId() +{ + AccessTokenID tokenId = TEST_TOKEN_ID_2; + int32_t i = MULTI_CYCLE_TIMES + 1; + while (i--) { + tokenId += i; + AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + } +} + +void TestReleaseTokenId() +{ + AccessTokenID releaseId = TEST_TOKEN_ID_2; + AccessTokenID tokenId = TEST_TOKEN_ID_1; + g_register = !g_register; + int32_t i = MULTI_CYCLE_TIMES + 1; + if (!g_register) { + while (i--) { + releaseId += i; + AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); + } + } else { + while (i--) { + tokenId += i; + AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); + } + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/multi_thread_test.h b/services/accesstokenmanager/test/unittest/multi_thread_test.h new file mode 100644 index 0000000000000000000000000000000000000000..ed672d6f011439c259a32e5ba8abb604d3e0de9a --- /dev/null +++ b/services/accesstokenmanager/test/unittest/multi_thread_test.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MULTI_THREAD_TEST_H +#define MULTI_THREAD_TEST_H + +#include +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenMultiThreadTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void TearDown(); + void SetUp(); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // MULTI_THREAD_TEST_H \ No newline at end of file diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp index bdd4787361740cf0212810b038c0180b2f67be76..aac2855c11e58b165004cd0545f169f9d99e11a4 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -31,10 +31,10 @@ #include "access_token_error.h" #include "permission_definition_cache.h" #include "permission_manager.h" -#include "permission_state_full.h" +#include "permission_status.h" #include "token_field_const.h" -#define private public #include "nativetoken_kit.h" +#define private public #include "native_token_receptor.h" #undef private #include "securec.h" @@ -42,10 +42,6 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptorTest"}; -} - void NativeTokenReceptorTest::SetUpTestCase() { // delete all test 0x28100000 - 0x28100007 @@ -81,7 +77,7 @@ void NativeTokenReceptorTest::SetUp() void NativeTokenReceptorTest::TearDown() { - ACCESSTOKEN_LOG_INFO(LABEL, "test down!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test down!"); } /** @@ -92,7 +88,7 @@ void NativeTokenReceptorTest::TearDown() */ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData001!"); std::string testStr = R"([)"\ R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]},)"\ @@ -100,23 +96,15 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])"; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); - std::vector> tokenInfos; + std::vector tokenInfos; receptor.ParserNativeRawData(testStr, tokenInfos); ASSERT_EQ(static_cast(2), tokenInfos.size()); - ASSERT_NE(nullptr, tokenInfos[0]); - ASSERT_NE(nullptr, tokenInfos[1]); - - ASSERT_EQ("process6", tokenInfos[0]->GetProcessName()); - ASSERT_EQ(static_cast(685266937), tokenInfos[0]->GetTokenID()); - ASSERT_EQ(static_cast(2), tokenInfos[0]->GetDcap().size()); - ASSERT_EQ("AT_CAP", (tokenInfos[0]->GetDcap())[0]); - ASSERT_EQ("ST_CAP", (tokenInfos[0]->GetDcap())[1]); - - ASSERT_EQ("process5", tokenInfos[1]->GetProcessName()); - ASSERT_EQ(static_cast(678065606), tokenInfos[1]->GetTokenID()); - ASSERT_EQ(static_cast(2), tokenInfos[1]->GetDcap().size()); - ASSERT_EQ("AT_CAP", (tokenInfos[1]->GetDcap())[0]); - ASSERT_EQ("ST_CAP", (tokenInfos[1]->GetDcap())[1]); + + ASSERT_EQ("process6", tokenInfos[0].processName); + ASSERT_EQ(static_cast(685266937), tokenInfos[0].tokenID); + + ASSERT_EQ("process5", tokenInfos[1].processName); + ASSERT_EQ(static_cast(678065606), tokenInfos[1].tokenID); } /** @@ -127,9 +115,9 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1) */ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData002!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); std::string testStr = R"([{"processName":""}])"; - std::vector> tokenInfos; + std::vector tokenInfos; NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance(); @@ -174,534 +162,90 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) ASSERT_EQ(static_cast(0), tokenInfos.size()); } -namespace OHOS { -namespace Security { -namespace AccessToken { - extern void from_json(const nlohmann::json& j, std::shared_ptr& p); -} -} -} - /** - * @tc.name: from_json001 + * @tc.name: ParserNativeRawData002 * @tc.desc: Verify from json right case. * @tc.type: FUNC * @tc.require: Issue Number */ -HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1) +HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "test from_json001!"); - nlohmann::json j = nlohmann::json{ - {"processName", "process6"}, - {"APL", APL_SYSTEM_CORE}, - {"version", 1}, - {"tokenId", 685266937}, - {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}, - {"permissions", {"ohos.permission.PLACE_CALL"}}, - {"nativeAcls", {"ohos.permission.PLACE_CALL"}}}; - std::shared_ptr p; - from_json(j, p); - ASSERT_NE((p == nullptr), true); + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"],)"\ + R"("permissions":["ohos.permission.PLACE_CALL"],)"\ + R"("nativeAcls":["ohos.permission.PLACE_CALL"]})"\ + R"(])"; + CJsonUnique j = CreateJsonFromString(testStr); + NativeTokenInfoBase native; + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 685266937); } /** - * @tc.name: from_json002 + * @tc.name: GetnNativeTokenInfoFromJson002 * @tc.desc: Verify from json wrong case. * @tc.type: FUNC * @tc.require: Issue Number */ -HWTEST_F(NativeTokenReceptorTest, from_json002, TestSize.Level1) +HWTEST_F(NativeTokenReceptorTest, GetnNativeTokenInfoFromJson002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "test from_json002!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test GetnNativeTokenInfoFromJson002!"); // version wrong - nlohmann::json j = nlohmann::json{ - {"processName", "process6"}, {"APL", APL_SYSTEM_CORE}, - {"version", 2}, {"tokenId", 685266937}, - {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - std::shared_ptr p; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":2,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + CJsonUnique j = CreateJsonFromString(testStr); + NativeTokenInfoBase native; + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); // APL wrong - j = nlohmann::json{ - {"processName", "process6"}, - {"APL", -1}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + testStr = R"([)"\ + R"({"processName":"process6","APL":-1,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); // tokenId wrong - j = nlohmann::json{ - {"processName", "process6"}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 0}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + testStr = R"([)"\ + R"({"processName":"","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); // process name empty - j = nlohmann::json{ - {"processName", ""}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); // process name too long - std::string name(512, 'c'); - j = nlohmann::json{ - {"processName", name}, - {"APL", APL_SYSTEM_BASIC}, {"version", 1}, - {"tokenId", 685266937}, {"tokenAttr", 0}, - {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); // lose process name - j = nlohmann::json{ - {"APL", APL_SYSTEM_BASIC}, - {"version", 1}, {"tokenId", 685266937}, - {"tokenAttr", 0}, {"dcaps", {"AT_CAP", "ST_CAP"}}}; - from_json(j, p); - ASSERT_EQ((p == nullptr), true); -} - -/** - * @tc.name: ProcessNativeTokenInfos001 - * @tc.desc: test add one native token - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos001!"); - std::vector> tokenInfos; - - // test process one - NativeTokenInfo info = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "ProcessNativeTokenInfos001", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100000, - .tokenAttr = 0 - }; - - std::vector permStateList = {}; - std::shared_ptr nativeToken = std::make_shared(info, permStateList); - tokenInfos.emplace_back(nativeToken); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info.apl); - ASSERT_EQ(findInfo.ver, info.ver); - ASSERT_EQ(findInfo.processName, info.processName); - ASSERT_EQ(findInfo.tokenID, info.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info.tokenAttr); - ASSERT_EQ(findInfo.dcap, info.dcap); - - // wait fresh tokens to sql. - sleep(3); - - // get sql data - std::vector nativeTokenResults; - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults); - std::vector permStateRes; - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_PERMISSION_STATE, permStateRes); - for (GenericValues nativeTokenValue : nativeTokenResults) { - AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - if (tokenId != info.tokenID) { - continue; - } - GTEST_LOG_(INFO) <<"apl " << nativeTokenValue.GetInt(TokenFiledConst::FIELD_APL); - std::shared_ptr native = std::make_shared(); - ASSERT_NE(native, nullptr); - ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(native->GetTokenID(), info.tokenID); - ASSERT_EQ(native->GetProcessName(), info.processName); - ASSERT_EQ(native->GetDcap(), info.dcap); - } - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: CheckNativeDCap001 - * @tc.desc: Verify CheckNativeDCap normal and abnormal branch - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, CheckNativeDCap001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test CheckNativeDCap001!"); - - // test tokenInfo = nullptr - std::vector> tokenInfos; - tokenInfos.emplace_back(nullptr); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - // test process one - NativeTokenInfo info = {.apl = APL_NORMAL, - .ver = 1, - .processName = "CheckNativeDCap001", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100000, - .tokenAttr = 0}; - - std::vector permStateList = {}; - std::shared_ptr nativeToken = std::make_shared(info, permStateList); - tokenInfos.emplace_back(nativeToken); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info.apl); - ASSERT_EQ(findInfo.ver, info.ver); - ASSERT_EQ(findInfo.processName, info.processName); - ASSERT_EQ(findInfo.tokenID, info.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info.tokenAttr); - ASSERT_EQ(findInfo.dcap, info.dcap); - - std::string dcap = "AT_CAP"; - ASSERT_EQ(AccessTokenInfoManager::GetInstance().CheckNativeDCap(findInfo.tokenID, dcap), RET_SUCCESS); - std::string ndcap = "AT"; - ASSERT_NE(AccessTokenInfoManager::GetInstance().CheckNativeDCap(findInfo.tokenID, ndcap), RET_SUCCESS); - AccessTokenID testId = 1; - ASSERT_NE(AccessTokenInfoManager::GetInstance().CheckNativeDCap(testId, dcap), RET_SUCCESS); - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -#ifdef TOKEN_SYNC_ENABLE -/** - * @tc.name: GetAllNativeTokenInfo001 - * @tc.desc: Verify GetAllNativeTokenInfo normal and abnormal branch - * @tc.type: FUNC - * @tc.require: Issue I5RJBB - */ -HWTEST_F(NativeTokenReceptorTest, GetAllNativeTokenInfo001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001!"); - - // test nativetokenInfo = nullptr - std::vector nativeVec; - std::vector> tokenInfos; - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - ASSERT_EQ(nativeVec.empty(), false); - - // test process one - NativeTokenInfo info = {.apl = APL_NORMAL, - .ver = 1, - .processName = "GetAllNativeTokenInfo001", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100000, - .tokenAttr = 0}; - - std::vector permStateList = {}; - std::shared_ptr nativeToken = std::make_shared(info, permStateList); - tokenInfos.emplace_back(nativeToken); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec); - ASSERT_EQ(!nativeVec.empty(), true); - AccessTokenID resultTokenId = AccessTokenInfoManager::GetInstance().GetNativeTokenId("GetAllNativeTokenInfo001"); - ASSERT_EQ(resultTokenId, info.tokenID); - - int32_t ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} -#endif - -static void PermStateListSet(std::vector &permStateList) -{ - PermissionStateFull infoManagerTestState1 = { - .permissionName = "ohos.permission.ACCELEROMETER", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {0}, - .grantFlags = {0} - }; - - PermissionStateFull infoManagerTestState2 = { - .permissionName = "ohos.permission.MANAGE_USER_IDM", - .isGeneral = true, - .resDeviceID = {"device 1", "device 2"}, - .grantStatus = {0, 0}, - .grantFlags = {0, 2} - }; - - PermissionStateFull infoManagerTestState3 = { - .permissionName = "ohos.permission.USER_TEAT", - .isGeneral = true, - .resDeviceID = {"device 1", "device 2"}, - .grantStatus = {0, 0}, - .grantFlags = {0, 2} - }; - permStateList.emplace_back(infoManagerTestState1); - permStateList.emplace_back(infoManagerTestState2); - permStateList.emplace_back(infoManagerTestState3); -} - -static void CompareGoalTokenInfo(NativeTokenInfo &info) -{ - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info.apl); - ASSERT_EQ(findInfo.ver, info.ver); - ASSERT_EQ(findInfo.processName, info.processName); - ASSERT_EQ(findInfo.tokenID, info.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info.tokenAttr); - ASSERT_EQ(findInfo.dcap, info.dcap); -} - -/** - * @tc.name: ProcessNativeTokenInfos002 - * @tc.desc: test add two native tokens. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos002!"); - std::vector> tokenInfos; - NativeTokenInfo info1; - info1.apl = APL_NORMAL; - info1.ver = 1; - info1.processName = "native_token_test1"; - info1.dcap = {"AT_CAP", "ST_CAP"}; - info1.tokenID = 0x28100001; - info1.tokenAttr = 0; - - NativeTokenInfo info2; - info2.apl = APL_SYSTEM_BASIC; - info2.ver = 1; - info2.processName = "native_token_test2"; - info2.dcap = {"AT_CAP", "ST_CAP"}; - info2.tokenID = 0x28100002; - info2.tokenAttr = 0; - - std::vector permStateList; - PermStateListSet(permStateList); - std::shared_ptr nativeToken1 = std::make_shared(info1, permStateList); - - std::shared_ptr permPolicySet = - nativeToken1->GetNativeInfoPermissionPolicySet(); - GTEST_LOG_(INFO) <<"permPolicySet: " << permPolicySet; - - std::vector permList; - permPolicySet->GetPermissionStateFulls(permList); - for (const auto& perm : permList) { - GTEST_LOG_(INFO) <<"perm.permissionName: " << perm.permissionName; - } - - tokenInfos.emplace_back(nativeToken1); - - std::shared_ptr nativeToken2 = std::make_shared(info2, permStateList); - tokenInfos.emplace_back(nativeToken2); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - CompareGoalTokenInfo(info1); - - int ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCELEROMETER"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH"); - ASSERT_EQ(ret, PERMISSION_DENIED); - - CompareGoalTokenInfo(info2); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); - - ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCELEROMETER"); - ASSERT_EQ(ret, PERMISSION_GRANTED); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos003 - * @tc.desc: test add nullptr tokenInfo. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos003!"); - std::vector> tokenInfos; - - std::shared_ptr nativeToken1 = std::make_shared(); - tokenInfos.emplace_back(nativeToken1); - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - ASSERT_EQ(RET_SUCCESS, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos004 - * @tc.desc: test add repeat id, but process doesn't - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos004!"); - std::vector> tokenInfos; - - NativeTokenInfo info3 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test3", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100003, - .tokenAttr = 0 - }; - - NativeTokenInfo info4 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test4", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100003, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken3 = std::make_shared(info3, permStateList); - tokenInfos.emplace_back(nativeToken3); - - std::shared_ptr nativeToken4 = std::make_shared(info4, permStateList); - tokenInfos.emplace_back(nativeToken4); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info3.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info3.apl); - ASSERT_EQ(findInfo.ver, info3.ver); - ASSERT_EQ(findInfo.processName, info3.processName); - ASSERT_EQ(findInfo.tokenID, info3.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info3.tokenAttr); - ASSERT_EQ(findInfo.dcap, info3.dcap); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info3.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos005 - * @tc.desc: test add repeat process, but id doesn't - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos005!"); - std::vector> tokenInfos; - - NativeTokenInfo info5 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test5", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100005, - .tokenAttr = 0 - }; - - NativeTokenInfo info6 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test5", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100006, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken5 = std::make_shared(info5, permStateList); - tokenInfos.emplace_back(nativeToken5); - - std::shared_ptr nativeToken6 = std::make_shared(info6, permStateList); - tokenInfos.emplace_back(nativeToken6); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info5.tokenID, findInfo); - ASSERT_EQ(ret, ERR_TOKENID_NOT_EXIST); - - ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info6.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info6.apl); - ASSERT_EQ(findInfo.ver, info6.ver); - ASSERT_EQ(findInfo.processName, info6.processName); - ASSERT_EQ(findInfo.tokenID, info6.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info6.tokenAttr); - ASSERT_EQ(findInfo.dcap, info6.dcap); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info6.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); -} - -/** - * @tc.name: ProcessNativeTokenInfos006 - * @tc.desc: test add repeat process and id - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "test ProcessNativeTokenInfos006!"); - std::vector> tokenInfos; - - NativeTokenInfo info7 = { - .apl = APL_NORMAL, - .ver = 1, - .processName = "native_token_test7", - .dcap = {"AT_CAP", "ST_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - - NativeTokenInfo info8 = { - .apl = APL_SYSTEM_BASIC, - .ver = 1, - .processName = "native_token_test7", - .dcap = {"AT_CAP"}, - .tokenID = 0x28100007, - .tokenAttr = 0 - }; - std::vector permStateList = {}; - std::shared_ptr nativeToken7 = std::make_shared(info7, permStateList); - tokenInfos.emplace_back(nativeToken7); - - std::shared_ptr nativeToken8 = std::make_shared(info8, permStateList); - tokenInfos.emplace_back(nativeToken8); - - AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos); - - NativeTokenInfo findInfo; - int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info7.tokenID, findInfo); - ASSERT_EQ(ret, RET_SUCCESS); - ASSERT_EQ(findInfo.apl, info8.apl); - ASSERT_EQ(findInfo.ver, info8.ver); - ASSERT_EQ(findInfo.processName, info8.processName); - ASSERT_EQ(findInfo.tokenID, info8.tokenID); - ASSERT_EQ(findInfo.tokenAttr, info8.tokenAttr); - ASSERT_EQ(findInfo.dcap, info8.dcap); - - ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info8.tokenID); - ASSERT_EQ(ret, RET_SUCCESS); + testStr = R"([)"\ + R"({"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + j = CreateJsonFromString(testStr); + NativeTokenReceptor::GetInstance().GetNativeTokenInfoFromJson(j.get(), native); + ASSERT_EQ(native.tokenID, 0); } /** @@ -712,7 +256,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1) */ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "test init001!"); + LOGI(ATM_DOMAIN, ATM_TAG, "test init001!"); const char *dcaps[1]; dcaps[0] = "AT_CAP_01"; @@ -733,8 +277,9 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1) uint64_t tokenId = ::GetAccessTokenId(&infoInstance); ASSERT_NE(tokenId, INVALID_TOKENID); - NativeTokenReceptor::GetInstance().Init(); - NativeTokenInfo findInfo; + uint32_t nativeSize = 0; + AccessTokenInfoManager::GetInstance().InitNativeTokenInfos(nativeSize); + NativeTokenInfoBase findInfo; int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); ASSERT_EQ(ret, RET_SUCCESS); ASSERT_EQ(findInfo.processName, infoInstance.processName); diff --git a/services/accesstokenmanager/test/unittest/native_token_receptor_test.h b/services/accesstokenmanager/test/unittest/native_token_receptor_test.h index f03f06442b5cfe201e4c301005a47b98675f0713..1d7bd453477923b77b69b16982ccaeef136b891f 100644 --- a/services/accesstokenmanager/test/unittest/native_token_receptor_test.h +++ b/services/accesstokenmanager/test/unittest/native_token_receptor_test.h @@ -17,7 +17,7 @@ #define NATIVE_TOKEN_RECEPTOR_TEST_H #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp b/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp deleted file mode 100644 index 775766c2b81049412f7efb22202a295e10ee90e7..0000000000000000000000000000000000000000 --- a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.cpp +++ /dev/null @@ -1,376 +0,0 @@ -/* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_definition_parser_test.h" - -#include "gtest/gtest.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "access_token.h" -#include "accesstoken_info_manager.h" -#include "accesstoken_kit.h" -#include "access_token_error.h" -#include "permission_manager.h" -#include "permission_state_full.h" -#define private public -#include "json_parser.h" -#include "permission_definition_cache.h" -#include "permission_definition_parser.h" -#undef private -#include "securec.h" -#include "access_token_db.h" -#include "token_field_const.h" - -using namespace testing::ext; -using namespace OHOS::Security::AccessToken; - -namespace { -static bool g_hasHapPermissionDefinition; -static std::map g_permissionDefinitionMap; -static const int32_t EXTENSION_PERMISSION_ID = 0; -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "PermissionDefinitionParserTest"}; -static const std::string SYSTEM_PERMISSION_A = "ohos.permission.PermDefParserTestA"; -static const std::string USER_PERMISSION_B = "ohos.permission.PermDefParserTestB"; -} - -void PermissionDefinitionParserTest::SetUpTestCase() -{ -} - -void PermissionDefinitionParserTest::TearDownTestCase() -{ -} - -void PermissionDefinitionParserTest::SetUp() -{ - g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_.clear(); - g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; -} - -void PermissionDefinitionParserTest::TearDown() -{ - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; - ACCESSTOKEN_LOG_INFO(LABEL, "test down!"); -} - -/** - * @tc.name: ParserPermsRawDataTest001 - * @tc.desc: Parse permission definition information. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest001, TestSize.Level1) -{ - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, RET_SUCCESS); - EXPECT_EQ(2, permDefList.size()); - - for (const auto& perm : permDefList) { - GTEST_LOG_(INFO) << perm.permissionName.c_str(); - PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); - } - - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDef permissionDefResult; - PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); - EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("", permissionDefResult.label); - EXPECT_EQ("", permissionDefResult.description); - - PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); - EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); - EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); - EXPECT_EQ(SERVICE, permissionDefResult.availableType); - EXPECT_EQ(true, permissionDefResult.provisionEnable); - EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); - EXPECT_EQ("$string:test_label_B", permissionDefResult.label); - EXPECT_EQ("$string:test_description_B", permissionDefResult.description); -} - -/** - * @tc.name: ParserPermsRawDataTest002 - * @tc.desc: Invalid file. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest002, TestSize.Level1) -{ - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ - R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PERM_REQUEST_CFG_FAILED); -} - -/** - * @tc.name: ParserPermsRawDataTest003 - * @tc.desc: Permission definition file missing. - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, ParserPermsRawDataTest003, TestSize.Level1) -{ - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - PermissionDefinitionParser& parser = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; - std::vector permDefList; - int32_t ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PARAM_INVALID); - - permsRawData = R"({"userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; - ret = parser.ParserPermsRawData(permsRawData, permDefList); - ASSERT_EQ(ret, ERR_PARAM_INVALID); -} - -/** - * @tc.name: FromJson001 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson001, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); -} - -/** - * @tc.name: FromJson002 - * @tc.desc: Test property value is missing - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson002, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("description":"$string:test_description_B"}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,})"\ - R"("label":"$string:test_label_B"]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); -} - -/** - * @tc.name: FromJson003 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson003, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":123,"grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":123,"availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":123,)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":SERVICE,"provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); -} - -/** - * @tc.name: FromJson004 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson004, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,"label":123,)"\ - R"("description":"$string:test_description_B"}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); - - permsRawData = R"({"systemGrantPermissions":[],)"\ - R"("userGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ - R"("label":"$string:test_label_B","description":123}]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - EXPECT_EQ(false, PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); -} - -/** - * @tc.name: FromJson005 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(PermissionDefinitionParserTest, FromJson005, TestSize.Level1) -{ - PermissionDefinitionParser& instance = PermissionDefinitionParser::GetInstance(); - std::string permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"","grantMode":"system_grant","availableLevel":"system_basic",)"\ - R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ - R"("userGrantPermissions":[]})"; - std::vector permDefList; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); - - permsRawData = R"({"systemGrantPermissions":[)"\ - R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"test",)"\ - R"("availableType":TEST,"provisionEnable":true,"distributedSceneEnable":"false"}],)"\ - R"("userGrantPermissions":[]})"; - instance.ParserPermsRawData(permsRawData, permDefList); - EXPECT_EQ(0, permDefList.size()); -} - -/** - * @tc.name: IsSystemGrantedPermission001 - * @tc.desc: Invalid param - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionDefinitionParserTest, IsSystemGrantedPermission001, TestSize.Level1) -{ - EXPECT_FALSE( - PermissionDefinitionCache::GetInstance().IsSystemGrantedPermission("ohos.permission.SYSTEM_GRANT_FASLE")); -} diff --git a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.h b/services/accesstokenmanager/test/unittest/permission_definition_parser_test.h index bc02e33ca102f937b2def447c3d63aa83422388a..17329eade5b07ad0028536a2b32ec7901afd0055 100644 --- a/services/accesstokenmanager/test/unittest/permission_definition_parser_test.h +++ b/services/accesstokenmanager/test/unittest/permission_definition_parser_test.h @@ -17,7 +17,7 @@ #define PERMISSION_DEFINITION_PARSER_TEST_H #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "permission_def.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/test/unittest/permission_grant_event_test.cpp b/services/accesstokenmanager/test/unittest/permission_grant_event_test.cpp index 8452b346a3795db921232c94e422c6f238890528..57eb3e48ecd32108b7d2efd3268a8c3ccd802c07 100644 --- a/services/accesstokenmanager/test/unittest/permission_grant_event_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_grant_event_test.cpp @@ -22,11 +22,6 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermissionGrantEventTest"}; -} - void PermissionGrantEventTest::SetUpTestCase() {} @@ -49,7 +44,7 @@ void PermissionGrantEventTest::TearDown() */ HWTEST_F(PermissionGrantEventTest, NotifyPermGrantStoreResult001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "NotifyPermGrantStoreResult001!"); + LOGI(ATM_DOMAIN, ATM_TAG, "NotifyPermGrantStoreResult001!"); AccessTokenID tokenID = 0x100000; std::string permissionName = "testpremission"; uint64_t time; @@ -71,7 +66,7 @@ HWTEST_F(PermissionGrantEventTest, NotifyPermGrantStoreResult001, TestSize.Level */ HWTEST_F(PermissionGrantEventTest, NotifyPermGrantStoreResult002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "NotifyPermGrantStoreResult002!"); + LOGI(ATM_DOMAIN, ATM_TAG, "NotifyPermGrantStoreResult002!"); AccessTokenID tokenID = 0x100000; std::string permissionName = "testpremission"; uint64_t time; @@ -93,7 +88,7 @@ HWTEST_F(PermissionGrantEventTest, NotifyPermGrantStoreResult002, TestSize.Level */ HWTEST_F(PermissionGrantEventTest, NotifyPermGrantStoreResult003, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "NotifyPermGrantStoreResult003!"); + LOGI(ATM_DOMAIN, ATM_TAG, "NotifyPermGrantStoreResult003!"); AccessTokenID tokenID = 0x100000; std::string permissionName = "testpremission"; uint64_t time; diff --git a/services/accesstokenmanager/test/unittest/permission_grant_event_test.h b/services/accesstokenmanager/test/unittest/permission_grant_event_test.h index 8b5b199e8dae1d577cb8bc15abca4e74ee5f8487..018e10744f8b68ce17f66c93e79e5f99ddb2e2bc 100644 --- a/services/accesstokenmanager/test/unittest/permission_grant_event_test.h +++ b/services/accesstokenmanager/test/unittest/permission_grant_event_test.h @@ -17,7 +17,7 @@ #define PERMISSION_GRANT_EVENT_TEST_H #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp index 17d8abd86e3c9f54e9a33388166a7e048fc72ffc..be9f5a49399b1b47fbb336b4eef3d61932e64fc3 100644 --- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp +++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp @@ -17,10 +17,10 @@ #include "access_token.h" #include "access_token_error.h" +#include "callback_manager.h" #ifdef SUPPORT_SANDBOX_APP #define private public #include "dlp_permission_set_manager.h" -#include "dlp_permission_set_parser.h" #undef private #endif #define private public @@ -29,8 +29,9 @@ #undef private #include "accesstoken_callback_stubs.h" #include "callback_death_recipients.h" +#ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE #include "continuous_task_callback_info.h" -#include "running_form_info.h" +#endif using namespace testing::ext; using namespace OHOS; @@ -42,10 +43,6 @@ namespace { static constexpr uint32_t MAX_CALLBACK_SIZE = 1024; static constexpr int32_t USER_ID = 100; static constexpr int32_t INST_INDEX = 0; -static constexpr int32_t RANDOM_INPUT_32 = 123; -static constexpr int64_t RANDOM_INPUT_64 = 123; -static std::map g_permissionDefinitionMap; -static bool g_hasHapPermissionDefinition; static PermissionDef g_infoManagerTestPermDef1 = { .permissionName = "open the door", .bundleName = "accesstoken_test", @@ -72,20 +69,16 @@ static PermissionDef g_infoManagerTestPermDef2 = { .descriptionId = 1 }; -static PermissionStateFull g_infoManagerTestState1 = { +static PermissionStatus g_infoManagerTestState1 = { .permissionName = "open the door", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {1}, - .grantFlags = {1} + .grantStatus = 1, + .grantFlag = 1 }; -static PermissionStateFull g_infoManagerTestState2 = { +static PermissionStatus g_infoManagerTestState2 = { .permissionName = "break the door", - .isGeneral = false, - .resDeviceID = {"device 1", "device 2"}, - .grantStatus = {1, 3}, - .grantFlags = {1, 2} + .grantStatus = 1, + .grantFlag = 1 }; static HapInfoParams g_infoManagerTestInfoParms = { @@ -95,87 +88,67 @@ static HapInfoParams g_infoManagerTestInfoParms = { .appIDDesc = "testtesttesttest" }; -static HapPolicyParams g_infoManagerTestPolicyPrams1 = { +static HapPolicy g_infoManagerTestPolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain", .permList = {g_infoManagerTestPermDef1, g_infoManagerTestPermDef2}, .permStateList = {g_infoManagerTestState1, g_infoManagerTestState2} }; -static PermissionStateFull g_infoManagerTestStateA = { - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1} +static PermissionStatus g_infoManagerTestStateA = { + .grantStatus = PERMISSION_GRANTED, + .grantFlag = 1 }; -static PermissionStateFull g_infoManagerTestStateB = { - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1} +static PermissionStatus g_infoManagerTestStateB = { + .grantStatus = PERMISSION_GRANTED, + .grantFlag = 1 }; -static PermissionStateFull g_infoManagerTestStateC = { - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1} +static PermissionStatus g_infoManagerTestStateC = { + .grantStatus = PERMISSION_GRANTED, + .grantFlag = 1 }; -static PermissionStateFull g_infoManagerTestStateD = { - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {1} +static PermissionStatus g_infoManagerTestStateD = { + .grantStatus = PERMISSION_GRANTED, + .grantFlag = 1 }; -static PermissionStateFull g_permState1 = { +static PermissionStatus g_permState1 = { .permissionName = "ohos.permission.TEST", - .isGeneral = false, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED }; -static PermissionStateFull g_permState2 = { +static PermissionStatus g_permState2 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = false, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED }; -static PermissionStateFull g_permState6 = { +static PermissionStatus g_permState6 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_POLICY_FIXED} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_POLICY_FIXED }; -static PermissionStateFull g_permState7 = { +static PermissionStatus g_permState7 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_POLICY_FIXED} + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_POLICY_FIXED }; -static PermissionStateFull g_permState8 = { +static PermissionStatus g_permState8 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_POLICY_FIXED | PermissionFlag::PERMISSION_USER_SET} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_POLICY_FIXED | PermissionFlag::PERMISSION_USER_SET }; -static PermissionStateFull g_permState9 = { +static PermissionStatus g_permState9 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_POLICY_FIXED | PermissionFlag::PERMISSION_USER_SET} + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_POLICY_FIXED | PermissionFlag::PERMISSION_USER_SET }; static PermissionDef g_infoManagerPermDef1 = { @@ -248,8 +221,6 @@ void PermissionManagerTest::SetUp() AccessTokenManagerService* ptr = new (std::nothrow) AccessTokenManagerService(); accessTokenService_ = sptr(ptr); ASSERT_NE(nullptr, accessTokenService_); - g_permissionDefinitionMap = PermissionDefinitionCache::GetInstance().permissionDefinitionMap_; - g_hasHapPermissionDefinition = PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_; if (appStateObserver_ != nullptr) { return; } @@ -294,8 +265,6 @@ void PermissionManagerTest::SetUp() void PermissionManagerTest::TearDown() { - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; accessTokenService_ = nullptr; appStateObserver_ = nullptr; } @@ -303,15 +272,17 @@ void PermissionManagerTest::TearDown() static AccessTokenID CreateTempHapTokenInfo() { g_infoManagerTestStateA.permissionName = "ohos.permission.APPROXIMATELY_LOCATION"; - g_infoManagerTestStateA.grantStatus[0] = PERMISSION_DENIED; - static HapPolicyParams infoManagerTestPolicyPrams = { + g_infoManagerTestStateA.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateB.permissionName = "ohos.permission.READ_PASTEBOARD"; + g_infoManagerTestStateB.grantStatus = PERMISSION_DENIED; + static HapPolicy infoManagerTestPolicyPrams = { .apl = APL_NORMAL, .domain = "test.domain", .permList = {}, - .permStateList = { g_infoManagerTestStateA } + .permStateList = { g_infoManagerTestStateA, g_infoManagerTestStateB} }; static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, + .userID = USER_ID, .bundleName = "GrantTempPermission", .instIndex = 0, .dlpType = DLP_COMMON, @@ -326,386 +297,6 @@ static AccessTokenID CreateTempHapTokenInfo() return tokenID; } -#ifdef SUPPORT_SANDBOX_APP -static void PrepareJsonData1() -{ - std::string testStr = R"({"dlpPermissions":[)"\ - R"({"name":"ohos.permission.CAPTURE_SCREEN","dlpGrantRange":"none"},)"\ - R"({"name":"ohos.permission.CHANGE_ABILITY_ENABLED_STATE","dlpGrantRange":"all"},)"\ - R"({"name":"ohos.permission.CLEAN_APPLICATION_DATA","dlpGrantRange":"full_control"}]})"; - - std::vector dlpPerms; - int32_t res = DlpPermissionSetParser::GetInstance().ParserDlpPermsRawData(testStr, dlpPerms); - if (res != RET_SUCCESS) { - GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed:"; - } - for (auto iter = dlpPerms.begin(); iter != dlpPerms.end(); iter++) { - GTEST_LOG_(INFO) << "iter:" << iter->permissionName.c_str(); - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); -} - -/** - * @tc.name: DlpPermissionConfig001 - * @tc.desc: test DLP_COMMON app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain1", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig001", - .instIndex = 0, - .dlpType = DLP_COMMON, - .appIDDesc = "DlpPermissionConfig001" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig002 - * @tc.desc: test DLP_READ app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain2", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig002", - .instIndex = 0, - .dlpType = DLP_READ, - .appIDDesc = "DlpPermissionConfig002" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_DENIED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig003 - * @tc.desc: test DLP_FULL_CONTROL app with system_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level1) -{ - PrepareJsonData1(); - - g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; - g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; - g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; - g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain3", - .permList = {}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig003", - .instIndex = 0, - .dlpType = DLP_FULL_CONTROL, - .appIDDesc = "DlpPermissionConfig003" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.COMMONEVENT_STICKY"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CAPTURE_SCREEN"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken( - tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -static void PrepareUserPermState() -{ - g_infoManagerTestStateA.permissionName = "ohos.permission.MEDIA_LOCATION"; - g_infoManagerTestStateA.grantStatus[0] = PERMISSION_DENIED; - g_infoManagerTestStateB.permissionName = "ohos.permission.MICROPHONE"; - g_infoManagerTestStateB.grantStatus[0] = PERMISSION_DENIED; - g_infoManagerTestStateC.permissionName = "ohos.permission.READ_CALENDAR"; - g_infoManagerTestStateC.grantStatus[0] = PERMISSION_DENIED; - g_infoManagerTestStateD.permissionName = "ohos.permission.READ_CALL_LOG"; - g_infoManagerTestStateD.grantStatus[0] = PERMISSION_DENIED; -} - -static void PrepareJsonData2() -{ - std::string testStr = R"({"dlpPermissions":[)"\ - R"({"name":"ohos.permission.MEDIA_LOCATION","dlpGrantRange":"none"},)"\ - R"({"name":"ohos.permission.MICROPHONE","dlpGrantRange":"all"},)"\ - R"({"name":"ohos.permission.READ_CALENDAR","dlpGrantRange":"full_control"}]})"; - - std::vector dlpPermissions; - int32_t res = DlpPermissionSetParser::GetInstance().ParserDlpPermsRawData(testStr, dlpPermissions); - if (res != RET_SUCCESS) { - GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed:"; - } - DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPermissions); -} - -/** - * @tc.name: DlpPermissionConfig004 - * @tc.desc: test DLP_COMMON app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain4", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig004", - .instIndex = 0, - .dlpType = DLP_COMMON, - .appIDDesc = "DlpPermissionConfig004" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - ASSERT_EQ(RET_SUCCESS, ret); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig005 - * @tc.desc: test DLP_READ app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: SR000GVIGR - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain5", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig005", - .instIndex = 0, - .dlpType = DLP_READ, - .appIDDesc = "DlpPermissionConfig005" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} - -/** - * @tc.name: DlpPermissionConfig006 - * @tc.desc: test DLP_FULL_CONTROL app with user_grant permissions. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level1) -{ - PrepareJsonData2(); - PrepareUserPermState(); - - static HapPolicyParams infoManagerTestPolicyPrams = { - .apl = APL_NORMAL, - .domain = "test.domain6", - .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, - g_infoManagerPermDef3, g_infoManagerPermDef4}, - .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, - g_infoManagerTestStateC, g_infoManagerTestStateD} - }; - static HapInfoParams infoManagerTestInfoParms = { - .userID = 1, - .bundleName = "DlpPermissionConfig006", - .instIndex = 0, - .dlpType = DLP_FULL_CONTROL, - .appIDDesc = "DlpPermissionConfig006" - }; - AccessTokenIDEx tokenIdEx = {0}; - int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, - infoManagerTestPolicyPrams, tokenIdEx); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "add a hap token"; - - AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; - - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); - PermissionManager::GetInstance().GrantPermission(tokenID, - "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); - - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); - ASSERT_EQ(PERMISSION_DENIED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - ret = PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); - ASSERT_EQ(PERMISSION_GRANTED, ret); - - ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); - ASSERT_EQ(RET_SUCCESS, ret); - GTEST_LOG_(INFO) << "remove the token info"; -} -#endif - /** * @tc.name: ScopeFilter001 * @tc.desc: Test filter scopes. @@ -794,12 +385,18 @@ public: virtual ~PermChangeCallback() = default; void PermStateChangeCallback(PermStateChangeInfo& result) override; + bool AddDeathRecipient(const sptr& deathRecipient) override; }; void PermChangeCallback::PermStateChangeCallback(PermStateChangeInfo& result) { } +bool PermChangeCallback::AddDeathRecipient(const sptr& deathRecipient) +{ + return true; +} + /** * @tc.name: AddPermStateChangeCallback002 * @tc.desc: Test AddPermStateChangeCallback with exceed limitation. @@ -870,74 +467,6 @@ HWTEST_F(PermissionManagerTest, RevokePermission001, TestSize.Level1) ASSERT_EQ(ERR_PARAM_INVALID, ret); } -/** - * @tc.name: VerifyNativeAccessToken001 - * @tc.desc: PermissionManager::VerifyNativeAccessToken function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, VerifyNativeAccessToken001, TestSize.Level1) -{ - AccessTokenID tokenId = 0x280bc142; // 0x280bc142 is random input - std::string permissionName = "ohos.permission.INVALID_AA"; - - PermissionManager::GetInstance().RemoveDefPermissions(tokenId); // tokenInfo is null - - // tokenInfoPtr is null - ASSERT_EQ(PermissionState::PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - - // backup - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_.clear(); - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = false; - - // apl default normal, remote default false - std::shared_ptr native = std::make_shared(); - ASSERT_NE(nullptr, native); - - ASSERT_EQ(PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty(), true); - native->tokenInfoBasic_.apl = ATokenAplEnum::APL_SYSTEM_BASIC; - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_[tokenId] = native; // basic apl - // permission definition set has not been installed + apl >= APL_SYSTEM_BASIC - ASSERT_EQ(PermissionState::PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - PermissionDefinitionCache::GetInstance().permissionDefinitionMap_ = g_permissionDefinitionMap; // recovery - PermissionDefinitionCache::GetInstance().hasHapPermissionDefinition_ = g_hasHapPermissionDefinition; - - // not remote + no definition - ASSERT_EQ(PermissionState::PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - - permissionName = "ohos.permission.CAMERA"; - // permPolicySet is null - ASSERT_EQ(PermissionState::PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyNativeAccessToken(tokenId, permissionName)); - - AccessTokenInfoManager::GetInstance().nativeTokenInfoMap_.erase(tokenId); -} - -/** - * @tc.name: VerifyAccessToken002 - * @tc.desc: PermissionManager::VerifyAccessToken function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, VerifyAccessToken002, TestSize.Level1) -{ - AccessTokenID tokenId = 0; - std::string permissionName; - // tokenID invalid - ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); - - tokenId = 940572671; // 940572671 is max butt tokenId: 001 11 0 000000 11111111111111111111 - // permissionName invalid - ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); - - // tokenID invalid - permissionName = "ohos.permission.CAMERA"; - ASSERT_EQ(PERMISSION_DENIED, PermissionManager::GetInstance().VerifyAccessToken(tokenId, permissionName)); -} - /** * @tc.name: GetDefPermission001 * @tc.desc: GetDefPermission with invalid permission @@ -984,8 +513,8 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions001, TestSize.Level1) { std::vector result; - // permissionName is empty - ASSERT_EQ(ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().GetDefPermissions(0, result)); + AccessTokenID tokenId = 123; + PermissionManager::GetInstance().GetDefPermissions(tokenId, result); ASSERT_TRUE(result.empty()); } @@ -1004,14 +533,28 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) std::vector result; AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; - // permissionName is empty - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetDefPermissions(tokenId, result)); + PermissionManager::GetInstance().GetDefPermissions(tokenId, result); ASSERT_TRUE(!result.empty()); ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, ret); } +/** + * @tc.name: GetDefPermissions003 + * @tc.desc: GetDefPermissions with extension tokenId + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, GetDefPermissions003, TestSize.Level1) +{ + std::vector result; + + AccessTokenID tokenId = 0; + PermissionManager::GetInstance().GetDefPermissions(tokenId, result); + ASSERT_TRUE(!result.empty()); +} + /** * @tc.name: GetReqPermissions001 * @tc.desc: GetReqPermissions with invalid tokenid @@ -1020,7 +563,7 @@ HWTEST_F(PermissionManagerTest, GetDefPermissions002, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetReqPermissions001, TestSize.Level1) { - std::vector result; + std::vector result; // permissionName is empty ASSERT_EQ(ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().GetReqPermissions(0, result, true)); @@ -1040,7 +583,7 @@ HWTEST_F(PermissionManagerTest, GetReqPermissions002, TestSize.Level1) g_infoManagerTestPolicyPrams1, tokenIdEx); ASSERT_EQ(RET_SUCCESS, ret); - std::vector result; + std::vector result; AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; // permissionName is empty ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetReqPermissions(tokenId, result, true)); @@ -1057,7 +600,7 @@ HWTEST_F(PermissionManagerTest, GetReqPermissions002, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetSelfPermissionState001, TestSize.Level1) { - std::vector permsList1; + std::vector permsList1; permsList1.emplace_back(g_permState1); PermissionListState permState1; permState1.permissionName = "ohos.permission.GetSelfPermissionStateTest"; @@ -1067,7 +610,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState001, TestSize.Level1) PermissionManager::GetInstance().GetSelfPermissionState(permsList1, permState1, apiVersion); ASSERT_EQ(PermissionOper::INVALID_OPER, permState1.state); - std::vector permsList2; + std::vector permsList2; permsList2.emplace_back(g_permState2); PermissionListState permState2; permState2.permissionName = "ohos.permission.CAMERA"; @@ -1085,7 +628,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState001, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetSelfPermissionState002, TestSize.Level1) { - std::vector permsList1; + std::vector permsList1; permsList1.emplace_back(g_permState6); PermissionListState permState1; permState1.permissionName = "ohos.permission.CAMERA"; @@ -1095,7 +638,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState002, TestSize.Level1) PermissionManager::GetInstance().GetSelfPermissionState(permsList1, permState1, apiVersion); ASSERT_EQ(PermissionOper::SETTING_OPER, permState1.state); - std::vector permsList2; + std::vector permsList2; permsList2.emplace_back(g_permState7); PermissionListState permState2; permState2.permissionName = "ohos.permission.CAMERA"; @@ -1104,7 +647,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState002, TestSize.Level1) PermissionManager::GetInstance().GetSelfPermissionState(permsList2, permState2, apiVersion); ASSERT_EQ(PermissionOper::PASS_OPER, permState2.state); - std::vector permsList3; + std::vector permsList3; permsList3.emplace_back(g_permState8); PermissionListState permState3; permState3.permissionName = "ohos.permission.CAMERA"; @@ -1113,7 +656,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState002, TestSize.Level1) PermissionManager::GetInstance().GetSelfPermissionState(permsList3, permState3, apiVersion); ASSERT_EQ(PermissionOper::SETTING_OPER, permState3.state); - std::vector permsList4; + std::vector permsList4; permsList4.emplace_back(g_permState9); PermissionListState permState4; permState4.permissionName = "ohos.permission.CAMERA"; @@ -1131,159 +674,19 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState002, TestSize.Level1) */ HWTEST_F(PermissionManagerTest, GetSelfPermissionState003, TestSize.Level1) { - std::vector permsList1; + std::vector permsList1; permsList1.emplace_back(g_permState2); std::string permissionName = "ohos.permission.CAMERA"; uint32_t oriStatus; - PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, oriStatus, 0); + AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, oriStatus, 0); - PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, + AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, PermissionRequestToggleStatus::CLOSED, 0); uint32_t status; - PermissionManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, 0); + AccessTokenInfoManager::GetInstance().GetPermissionRequestToggleStatus(permissionName, status, 0); ASSERT_EQ(PermissionRequestToggleStatus::CLOSED, status); - PermissionManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, oriStatus, 0); -} - -/** - * @tc.name: DumpPermDefInfo001 - * @tc.desc: PermissionManager::DumpPermDefInfo function test. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, DumpPermDefInfo001, TestSize.Level1) -{ - std::string dumpInfo = ""; - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().DumpPermDefInfo(dumpInfo)); - EXPECT_EQ(false, dumpInfo.empty()); -} - -/** - * @tc.name: SetPermissionRequestToggleStatus001 - * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with invalid permissionName, invalid - * status and invalid userID. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, SetPermissionRequestToggleStatus001, TestSize.Level1) -{ - int32_t userID = -1; - uint32_t status = PermissionRequestToggleStatus::CLOSED; - std::string permissionName = "ohos.permission.CAMERA"; - - // UserId is invalid. - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission name is invalid. - userID = 123; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "", status, userID)); - - // PermissionName is not defined. - permissionName = "ohos.permission.invalid"; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission is system_grant. - permissionName = "ohos.permission.USE_BLUETOOTH"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Status is invalid. - status = -1; - permissionName = "ohos.permission.CAMERA"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: SetPermissionRequestToggleStatus002 - * @tc.desc: PermissionManager::SetPermissionRequestToggleStatus function test with normal process. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, SetPermissionRequestToggleStatus002, TestSize.Level1) -{ - int32_t userID = 123; - uint32_t status = PermissionRequestToggleStatus::CLOSED; - std::string permissionName = "ohos.permission.CAMERA"; - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); - - status = PermissionRequestToggleStatus::OPEN; - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: GetPermissionRequestToggleStatus001 - * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with invalid userID, invalid permission - * name. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetPermissionRequestToggleStatus001, TestSize.Level1) -{ - int32_t userID = -1; - uint32_t status; - std::string permissionName = "ohos.permission.CAMERA"; - - // UserId is invalid. - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // PermissionName is invalid. - userID = 123; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "", status, userID)); - - // PermissionName is not defined. - permissionName = "ohos.permission.invalid"; - ASSERT_EQ(ERR_PERMISSION_NOT_EXIST, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); - - // Permission is system_grant. - permissionName = "ohos.permission.USE_BLUETOOTH"; - ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - permissionName, status, userID)); -} - -/** - * @tc.name: GetPermissionRequestToggleStatus002 - * @tc.desc: PermissionManager::GetPermissionRequestToggleStatus function test with normal process. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, GetPermissionRequestToggleStatus002, TestSize.Level1) -{ - int32_t userID = 123; - uint32_t setStatusClose = PermissionRequestToggleStatus::CLOSED; - uint32_t setStatusOpen = PermissionRequestToggleStatus::OPEN; - uint32_t getStatus; - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusOpen, getStatus); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", setStatusClose, userID)); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusClose, getStatus); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().SetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", setStatusOpen, userID)); - - ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GetPermissionRequestToggleStatus( - "ohos.permission.CAMERA", getStatus, userID)); - - ASSERT_EQ(setStatusOpen, getStatus); + AccessTokenInfoManager::GetInstance().SetPermissionRequestToggleStatus(permissionName, oriStatus, 0); } /** @@ -1297,7 +700,7 @@ HWTEST_F(PermissionManagerTest, GetPermissionFlag001, TestSize.Level1) AccessTokenID tokenID = 123; // 123 is random input std::string permissionName; uint32_t flag = 0; - + PermissionDataBrief::GetInstance().DeleteBriefPermDataByTokenId(tokenID); // permissionName invalid ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().GetPermissionFlag(tokenID, permissionName, flag)); @@ -1327,14 +730,12 @@ HWTEST_F(PermissionManagerTest, GetPermissionFlag002, TestSize.Level1) .instIndex = 0, .appIDDesc = "testtesttesttest" }; - PermissionStateFull permStat = { + PermissionStatus permStat = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"dev-001"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED }; - HapPolicyParams policyPrams = { + HapPolicy policyPrams = { .apl = APL_NORMAL, .domain = "test.domain", .permList = {}, @@ -1369,7 +770,7 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) uint32_t flag = 0; // tokenId invalid ASSERT_EQ(AccessTokenError::ERR_TOKENID_NOT_EXIST, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, isGranted, flag)); + tokenId, permissionName, isGranted, flag, true)); HapInfoParams info = { .userID = USER_ID, @@ -1377,7 +778,7 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) .instIndex = INST_INDEX, .appIDDesc = "permission_manager_test" }; - HapPolicyParams policy = { + HapPolicy policy = { .apl = APL_NORMAL, .domain = "domain" }; @@ -1390,12 +791,59 @@ HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState002, TestSize.Level1) infoPtr->SetRemote(true); // remote token is true ASSERT_EQ(AccessTokenError::ERR_IDENTITY_CHECK_FAILED, PermissionManager::GetInstance().UpdateTokenPermissionState( - tokenId, permissionName, isGranted, flag)); + tokenId, permissionName, isGranted, flag, true)); infoPtr->SetRemote(false); // permission not in list ASSERT_EQ(ERR_PARAM_INVALID, PermissionManager::GetInstance().UpdateTokenPermissionState(tokenId, - permissionName, isGranted, flag)); + permissionName, isGranted, flag, true)); + + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); +} + +/** + * @tc.name: UpdateTokenPermissionState003 + * @tc.desc: PermissionManager::UpdateTokenPermissionState function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, UpdateTokenPermissionState003, TestSize.Level1) +{ + std::string permissionName = "ohos.permission.DUMP"; + uint32_t flag = 0; + + HapInfoParams info = { + .userID = USER_ID, + .bundleName = "permission_manager_test", + .instIndex = INST_INDEX, + .appIDDesc = "permission_manager_test" + }; + PermissionStatus permStat = { + .permissionName = permissionName, + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = PermissionFlag::PERMISSION_DEFAULT_FLAG + }; + HapPolicy policy = { + .apl = APL_NORMAL, + .domain = "domain", + .permStateList = {permStat} + }; + AccessTokenIDEx tokenIdEx = {0}; + ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(info, policy, tokenIdEx)); + ASSERT_NE(static_cast(0), tokenIdEx.tokenIdExStruct.tokenID); + AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID; + + flag = PERMISSION_ALLOW_THIS_TIME; + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag, true)); + + flag = PERMISSION_COMPONENT_SET; + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag, true)); + + flag = PERMISSION_USER_FIXED; + ASSERT_EQ(RET_SUCCESS, PermissionManager::GetInstance().UpdateTokenPermissionState( + tokenId, permissionName, false, flag, true)); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); } @@ -1435,17 +883,17 @@ HWTEST_F(PermissionManagerTest, IsPermissionVaild001, TestSize.Level1) } /** - * @tc.name: GetPermissionStateFull001 - * @tc.desc: TempPermissionObserver::GetPermissionStateFull function test + * @tc.name: GetPermissionState001 + * @tc.desc: TempPermissionObserver::GetPermissionState function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GetPermissionStateFull001, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GetPermissionState001, TestSize.Level1) { AccessTokenID tokenId = 123; // random input - std::vector permissionStateFullList; + std::vector permissionStateList; // tokenId invalid - ASSERT_EQ(false, TempPermissionObserver::GetInstance().GetPermissionStateFull(tokenId, permissionStateFullList)); + ASSERT_EQ(false, TempPermissionObserver::GetInstance().GetPermissionState(tokenId, permissionStateList)); HapInfoParams info = { .userID = USER_ID, @@ -1453,7 +901,7 @@ HWTEST_F(PermissionManagerTest, GetPermissionStateFull001, TestSize.Level1) .instIndex = INST_INDEX, .appIDDesc = "permission_manager_test" }; - HapPolicyParams policy = { + HapPolicy policy = { .apl = APL_NORMAL, .domain = "domain" }; @@ -1465,7 +913,7 @@ HWTEST_F(PermissionManagerTest, GetPermissionStateFull001, TestSize.Level1) std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId); infoPtr->SetRemote(true); // remote token is true - ASSERT_EQ(false, TempPermissionObserver::GetInstance().GetPermissionStateFull(tokenId, permissionStateFullList)); + ASSERT_EQ(false, TempPermissionObserver::GetInstance().GetPermissionState(tokenId, permissionStateList)); infoPtr->SetRemote(false); ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId)); @@ -1511,25 +959,6 @@ HWTEST_F(PermissionManagerTest, VerifyHapAccessToken001, TestSize.Level1) AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); } -/** - * @tc.name: ClearUserGrantedPermissionState001 - * @tc.desc: PermissionManager::ClearUserGrantedPermissionState function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, ClearUserGrantedPermissionState001, TestSize.Level1) -{ - AccessTokenID tokenId = 123; // 123 is random input - - std::shared_ptr hap = std::make_shared(); - ASSERT_NE(nullptr, hap); - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_[tokenId] = hap; - - PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenId); // permPolicySet is null - - AccessTokenInfoManager::GetInstance().hapTokenInfoMap_.erase(tokenId); -} - /** * @tc.name: GrantTempPermission001 * @tc.desc: Test grant temp permission revoke permission after switching to background @@ -1546,18 +975,18 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission001, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_FOREGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); // grant temp permission EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to background appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); TempPermissionObserver::GetInstance().UnRegisterCallback(); // UnRegisterCallback twice TempPermissionObserver::GetInstance().UnRegisterCallback(); @@ -1581,20 +1010,20 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission002, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to foreground appStateData.state = static_cast(ApplicationState::APP_STATE_FOREGROUND); - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1615,11 +1044,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission003, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); @@ -1628,12 +1058,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission003, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1654,25 +1084,26 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission004, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::VISIBLE, "#1", formInstances); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1693,24 +1124,25 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission005, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::VISIBLE, "#1", formInstances); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // form invisible formInstances.clear(); formInstance.formVisiblity_ = FormVisibilityType::INVISIBLE; @@ -1718,7 +1150,7 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission005, TestSize.Level1) formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::INVISIBLE, "#1", formInstances); sleep(11); EXPECT_EQ(PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1739,22 +1171,23 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission006, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1775,22 +1208,23 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission007, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1811,24 +1245,25 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission008, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove background task backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); sleep(11); EXPECT_EQ(PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1849,16 +1284,18 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission009, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); @@ -1867,12 +1304,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission009, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1893,16 +1330,18 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission010, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); @@ -1911,9 +1350,9 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission010, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // form change to invisible formInstances.clear(); formInstance.formVisiblity_ = FormVisibilityType::INVISIBLE; @@ -1921,7 +1360,7 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission010, TestSize.Level1) formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::INVISIBLE, "#1", formInstances); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1942,16 +1381,18 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission011, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); @@ -1960,14 +1401,14 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission011, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove background tast backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -1988,16 +1429,18 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission012, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); // create a form - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::VISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); @@ -2006,9 +1449,9 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission012, TestSize.Level1) AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove form formInstances.clear(); formInstance.formVisiblity_ = FormVisibilityType::INVISIBLE; @@ -2016,12 +1459,114 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission012, TestSize.Level1) formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::INVISIBLE, "#1", formInstances); sleep(11); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // remove background tast + backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); + sleep(11); + EXPECT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // remove hap + int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: GrantTempPermission013 + * @tc.desc: Test grant temp permission, Create multiple continuous task + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, GrantTempPermission013, TestSize.Level1) +{ + accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; + accessTokenService_->Initialize(); + AccessTokenID tokenID = CreateTempHapTokenInfo(); + EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // create background task + std::shared_ptr continuousTaskCallbackInfo + = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::DATA_TRANSFER); + continuousTaskCallbackInfo->tokenId_ = tokenID; + backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); + + // create background task + std::shared_ptr continuousTaskCallbackInfo1 + = std::make_shared(); + continuousTaskCallbackInfo1->typeId_ = static_cast(BackgroundMode::LOCATION); + continuousTaskCallbackInfo1->tokenId_ = tokenID; + backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo1); + + // change to background + AppStateData appStateData; + appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); + appStateData.accessTokenId = tokenID; + appStateObserver_->OnAppStateChanged(appStateData); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // remove background tast backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); sleep(11); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // remove background tast + backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo1); + sleep(11); EXPECT_EQ(PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + // remove hap + int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: GrantTempPermission014 + * @tc.desc: Test grant temp permission, Create multiple continuous task + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, GrantTempPermission014, TestSize.Level1) +{ + accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; + accessTokenService_->Initialize(); + AccessTokenID tokenID = CreateTempHapTokenInfo(); + EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); + EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_PASTEBOARD", PERMISSION_ALLOW_THIS_TIME)); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_PASTEBOARD")); + // create background task + std::shared_ptr continuousTaskCallbackInfo + = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); + continuousTaskCallbackInfo->tokenId_ = tokenID; + backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); + + // change to background + AppStateData appStateData; + appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); + appStateData.accessTokenId = tokenID; + appStateObserver_->OnAppStateChanged(appStateData); + sleep(11); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + EXPECT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_PASTEBOARD")); + // remove background tast + backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); + sleep(11); + EXPECT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + EXPECT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_PASTEBOARD")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -2029,12 +1574,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission012, TestSize.Level1) } #endif /** - * @tc.name: GrantTempPermission0013 + * @tc.name: GrantTempPermission015 * @tc.desc: Test grant temp permission process died * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0013, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission015, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2042,12 +1587,13 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0013, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); - ProcessData processData; - processData.accessTokenId = tokenID; - appStateObserver_->OnProcessDied(processData); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AppStateData appStateData; + appStateData.state = static_cast(ApplicationState::APP_STATE_TERMINATED); + appStateData.accessTokenId = tokenID; + appStateObserver_->OnAppStopped(appStateData); EXPECT_EQ(PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -2055,12 +1601,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0013, TestSize.Level1) } /** - * @tc.name: GrantTempPermission0014 + * @tc.name: GrantTempPermission016 * @tc.desc: Test grant & revoke temp permission * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0014, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission016, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2068,11 +1614,11 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0014, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().RevokePermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_ALLOW_THIS_TIME)); EXPECT_EQ(PERMISSION_DENIED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -2080,12 +1626,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0014, TestSize.Level1) } /** - * @tc.name: GrantTempPermission0015 + * @tc.name: GrantTempPermission017 * @tc.desc: Test grant temp permission not root * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0015, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission017, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2100,12 +1646,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0015, TestSize.Level1) } /** - * @tc.name: GrantTempPermission0016 + * @tc.name: GrantTempPermission018 * @tc.desc: Test tokenID not in the list * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0016, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission018, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2113,35 +1659,29 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0016, TestSize.Level1) EXPECT_EQ(RET_SUCCESS, PermissionManager::GetInstance().GrantPermission(tokenID, "ohos.permission.APPROXIMATELY_LOCATION", PERMISSION_SYSTEM_FIXED)); - ProcessData processData; - processData.accessTokenId = tokenID; - appStateObserver_->OnProcessDied(processData); - EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); - // change to background AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); appStateData.accessTokenId = tokenID; - appStateObserver_->OnForegroundApplicationChanged(appStateData); + appStateObserver_->OnAppStateChanged(appStateData); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); - TempPermissionObserver::GetInstance().formTokenMap_.clear(); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); FormInstance formInstance; formInstance.bundleName_ = "GrantTempPermission"; + formInstance.appIndex_ = 0; + formInstance.userId_ = USER_ID; formInstance.formVisiblity_ = FormVisibilityType::INVISIBLE; std::vector formInstances; formInstances.emplace_back(formInstance); EXPECT_EQ(RET_SUCCESS, formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::INVISIBLE, "#1", formInstances)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); - TempPermissionObserver::GetInstance().formTokenMap_["GrantTempPermission"] = tokenID; EXPECT_EQ(RET_SUCCESS, formStateObserver_->NotifyWhetherFormsVisible(FormVisibilityType::INVISIBLE, "#1", formInstances)); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); @@ -2150,12 +1690,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0016, TestSize.Level1) } #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE /** - * @tc.name: GrantTempPermission0017 + * @tc.name: GrantTempPermission019 * @tc.desc: Test tokenID not in the list * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0017, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission019, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2167,19 +1707,20 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0017, TestSize.Level1) // create background task std::shared_ptr continuousTaskCallbackInfo = std::make_shared(); + continuousTaskCallbackInfo->typeId_ = static_cast(BackgroundMode::LOCATION); continuousTaskCallbackInfo->tokenId_ = tokenID; backgroundTaskObserver_->OnContinuousTaskStart(continuousTaskCallbackInfo); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove background tast backgroundTaskObserver_->OnContinuousTaskStop(continuousTaskCallbackInfo); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID); EXPECT_EQ(PERMISSION_GRANTED, - PermissionManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.APPROXIMATELY_LOCATION")); // remove hap int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); ASSERT_EQ(RET_SUCCESS, ret); @@ -2187,12 +1728,12 @@ HWTEST_F(PermissionManagerTest, GrantTempPermission0017, TestSize.Level1) } #endif /** - * @tc.name: GrantTempPermission0018 + * @tc.name: GrantTempPermission020 * @tc.desc: Test invalid permissionName * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionManagerTest, GrantTempPermission0018, TestSize.Level1) +HWTEST_F(PermissionManagerTest, GrantTempPermission020, TestSize.Level1) { accessTokenService_->state_ = ServiceRunningState::STATE_RUNNING; accessTokenService_->Initialize(); @@ -2218,41 +1759,7 @@ HWTEST_F(PermissionManagerTest, PermissionCallbackTest001, TestSize.Level1) EXPECT_EQ(AccessTokenError::ERR_PARAM_INVALID, CallbackManager::GetInstance().AddCallback(scope, nullptr)); } -/* - * @tc.name: RunningFormInfoParcel001 - * @tc.desc: RunningFormInfo::Marshalling | Unmarshalling - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionManagerTest, RunningFormInfoParcel001, TestSize.Level1) -{ - RunningFormInfo info; - info.formId_ = RANDOM_INPUT_64; - info.formName_ = "formName"; - info.bundleName_ = "bundleName"; - info.moduleName_ = "moduleName"; - info.abilityName_ = "abilityName"; - info.description_ = "description"; - info.dimension_ = RANDOM_INPUT_32; - info.hostBundleName_ = "hostBundleName"; - info.formLocation_ = FormLocation::DESKTOP; - - Parcel parcel; - EXPECT_EQ(true, info.Marshalling(parcel)); - - auto p = RunningFormInfo::Unmarshalling(parcel); - EXPECT_NE(nullptr, p); - EXPECT_EQ(info.formId_, p->formId_); - EXPECT_EQ(info.formName_, p->formName_); - EXPECT_EQ(info.bundleName_, p->bundleName_); - EXPECT_EQ(info.moduleName_, p->moduleName_); - EXPECT_EQ(info.abilityName_, p->abilityName_); - EXPECT_EQ(info.description_, p->description_); - EXPECT_EQ(info.dimension_, p->dimension_); - EXPECT_EQ(info.hostBundleName_, p->hostBundleName_); - EXPECT_EQ(info.formLocation_, p->formLocation_); -} - +#ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE /* * @tc.name: ContinuousTaskCallbackInfoParcel001 * @tc.desc: ContinuousTaskCallbackInfo::Marshalling | Unmarshalling @@ -2277,6 +1784,7 @@ HWTEST_F(PermissionManagerTest, ContinuousTaskCallbackInfoParcel001, TestSize.Le EXPECT_EQ(info.abilityId_, p->abilityId_); EXPECT_EQ(info.tokenId_, p->tokenId_); } +#endif } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d2e4b116505c43005af5d6812c78cf905d671803 --- /dev/null +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.cpp @@ -0,0 +1,257 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "short_grant_manager_test.h" + +#include "access_token.h" +#include "access_token_error.h" +#include "accesstoken_info_manager.h" +#include "permission_definition_cache.h" + +#define private public +#include "short_grant_manager.h" +#undef private + +using namespace testing::ext; +using namespace OHOS; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static std::string SHORT_TEMP_PERMISSION = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO"; +static PermissionStatus g_permiState = { + .permissionName = SHORT_TEMP_PERMISSION, + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = 1 +}; + +static HapPolicy g_policyParams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permStateList = {g_permiState} +}; + +static HapInfoParams g_infoParms = { + .userID = 1, + .bundleName = "AccessTokenShortTimePermTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = true +}; +} + +void ShortGrantManagerTest::SetUpTestCase() +{ +} + +void ShortGrantManagerTest::TearDownTestCase() +{ +} + +void ShortGrantManagerTest::SetUp() +{ +#ifdef EVENTHANDLER_ENABLE + ShortGrantManager::GetInstance().InitEventHandler(); +#endif + + PermissionDef permDefAlpha = { + .permissionName = "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_NORMAL, + .label = "label", + .labelId = 1, + .description = "annoying", + .descriptionId = 1 + }; + PermissionDefinitionCache::GetInstance().Insert(permDefAlpha, 537719865); // 537719865 means a tokenId. +} + +void ShortGrantManagerTest::TearDown() +{ +} + +/** + * @tc.name: RefreshPermission001 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after onceTime is reached. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission001, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; + + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(onceTime + 1); + EXPECT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RefreshPermission002 + * @tc.desc: 1. set onceTime is equal to maxTime; + * 2. set onceTime is over maxTime. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission002, TestSize.Level1) +{ + const uint32_t maxTime = 10; // 10s + ShortGrantManager::GetInstance().maxTime_ = maxTime; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + // onceTime = maxTime + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(maxTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + sleep(1 + 1); + ASSERT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // onceTime = maxTime + 1 + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, maxTime + 1); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + sleep(maxTime + 2); + ASSERT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RefreshPermission003 + * @tc.desc: 1. remaminTime is less + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission003, TestSize.Level1) +{ + const uint32_t maxTime = 10; // 10s + ShortGrantManager::GetInstance().maxTime_ = maxTime; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + + // first set 3s + uint32_t onceTime = 3; + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + // second set 3s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // thirdth set 3s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime - 1); + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + // fourth set 5s + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + sleep(onceTime + 1); + ASSERT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} + +/** + * @tc.name: RefreshPermission004 + * @tc.desc: 1. The permission is granted when onceTime is not reached; + * 2. The permission is revoked after app is stopped. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(ShortGrantManagerTest, RefreshPermission004, TestSize.Level1) +{ + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(g_infoParms, g_policyParams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ASSERT_NE(INVALID_TOKENID, tokenID); + uint32_t onceTime = 10; + + ret = ShortGrantManager::GetInstance().RefreshPermission(tokenID, SHORT_TEMP_PERMISSION, onceTime); + ASSERT_EQ(RET_SUCCESS, ret); + + ASSERT_EQ(PERMISSION_GRANTED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + if (appStateObserver_ != nullptr) { + return; + } + appStateObserver_ = sptr::MakeSptr(); + AppStateData appStateData; + appStateData.state = static_cast(ApplicationState::APP_STATE_TERMINATED); + appStateData.accessTokenId = tokenID; + appStateObserver_->OnAppStopped(appStateData); + + EXPECT_EQ(PERMISSION_DENIED, + AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, SHORT_TEMP_PERMISSION)); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/power_manager/include/power_manager_loader.h b/services/accesstokenmanager/test/unittest/short_grant_manager_test.h similarity index 53% rename from services/common/power_manager/include/power_manager_loader.h rename to services/accesstokenmanager/test/unittest/short_grant_manager_test.h index da1721a02d47ffd58e1c783bad88281746c3b824..27df9273d23b5ddef9bc26e29e5b6e6d515f4c69 100644 --- a/services/common/power_manager/include/power_manager_loader.h +++ b/services/accesstokenmanager/test/unittest/short_grant_manager_test.h @@ -13,36 +13,36 @@ * limitations under the License. */ -#ifndef POWER_MANAGER_ACCESS_LOADER_H -#define POWER_MANAGER_ACCESS_LOADER_H -#include +#ifndef SHORT_GRANT_MANAGER_TEST_H +#define SHORT_GRANT_MANAGER_TEST_H + +#include +#define private public +#include "short_grant_manager.h" +#include "accesstoken_manager_service.h" +#include "permission_manager.h" +#undef private +#ifdef EVENTHANDLER_ENABLE +#include "access_event_handler.h" +#endif + namespace OHOS { namespace Security { namespace AccessToken { -const static std::string POWER_MANAGER_LIBPATH = "libaccesstoken_power_manager.z.so"; - -class PowerManagerLoaderInterface { +class ShortGrantManagerTest : public testing::Test { public: - PowerManagerLoaderInterface() {} - virtual ~PowerManagerLoaderInterface() {} - virtual bool IsScreenOn(); - virtual void WakeupDevice(); -}; + static void SetUpTestCase(); -class PowerManagerLoader final: public PowerManagerLoaderInterface { - bool IsScreenOn() override; - void WakeupDevice() override; -}; + static void TearDownTestCase(); -#ifdef __cplusplus -extern "C" { -#endif - void* Create(); - void Destroy(void* loaderPtr); -#ifdef __cplusplus -} -#endif + void SetUp(); + + void TearDown(); + + sptr accessTokenService_ = nullptr; + sptr appStateObserver_ = nullptr; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // POWER_MANAGER_ACCESS_LOADER_H \ No newline at end of file +#endif // SHORT_GRANT_MANAGER_TEST_H diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index bb4b96478fdbad51d4edca3ed961b11aee3f7d64..3b4a6b43f158c6cf3be90dd43c8fe721dd7c43fb 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -21,7 +21,6 @@ config("accesstoken_service_common_public_config") { "database/include", "libraryloader/include", "random/include", - "utils/include", ] if (eventhandler_enable) { include_dirs += [ "handler/include" ] @@ -46,8 +45,6 @@ ohos_static_library("accesstoken_service_common") { sources = [ "app_manager/src/app_manager_access_client.cpp", - "app_manager/src/app_manager_access_proxy.cpp", - "app_manager/src/app_manager_death_recipient.cpp", "app_manager/src/app_state_data.cpp", "app_manager/src/app_status_change_callback.cpp", "app_manager/src/process_data.cpp", @@ -58,7 +55,6 @@ ohos_static_library("accesstoken_service_common") { "database/src/variant_value.cpp", "libraryloader/src/libraryloader.cpp", "random/src/random_openssl.cpp", - "utils/src/time_util.cpp", ] cflags_cc = [ @@ -73,8 +69,7 @@ ohos_static_library("accesstoken_service_common") { external_deps = [ "c_utils:utils", "hilog:libhilog", - "hisysevent:libhisysevent", - "ipc:ipc_core", + "ipc:ipc_single", "openssl:libcrypto_shared", "safwk:system_ability_fwk", "samgr:samgr_proxy", @@ -86,20 +81,8 @@ ohos_static_library("accesstoken_service_common") { external_deps += [ "eventhandler:libeventhandler" ] } - if (ability_base_enable == true) { - include_dirs += [ "ability_manager/include" ] - - sources += [ - "ability_manager/src/ability_manager_access_client.cpp", - "ability_manager/src/ability_manager_access_death_recipient.cpp", - "ability_manager/src/ability_manager_access_proxy.cpp", - ] - - external_deps += [ "ability_base:want" ] - } - if (use_musl) { - if (use_jemalloc && use_jemalloc_dfx_intf) { + if (musl_use_jemalloc && musl_use_jemalloc_dfx_intf) { cflags_cc += [ "-DCONFIG_USE_JEMALLOC_DFX_INTF" ] } } @@ -109,10 +92,10 @@ group("accesstoken_common") { if (is_standard_system) { deps = [ ":accesstoken_service_common", - "config_policy:accesstoken_config_policy", - "power_manager:accesstoken_power_manager", + "ability_manager:accesstoken_ability_manager_adapter", + "json_parse:accesstoken_cjson_utils", + "json_parse:accesstoken_json_parse", "screenlock_manager:accesstoken_screenlock_manager", - "window_manager:accesstoken_window_manager", ] } } diff --git a/services/common/ability_manager/BUILD.gn b/services/common/ability_manager/BUILD.gn index 8b2a702454a02be84198000f478bd2f85f377ce0..ba8f9d65f25f8a257f494093e242ea5776670ce8 100644 --- a/services/common/ability_manager/BUILD.gn +++ b/services/common/ability_manager/BUILD.gn @@ -31,11 +31,26 @@ ohos_shared_library("accesstoken_ability_manager_adapter") { } branch_protector_ret = "pac_ret" - include_dirs = [ "include" ] + include_dirs = [ + "include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + ] + + sources = [ + "src/ability_manager_access_loader.cpp", + "src/ability_manager_adapter.cpp", + ] - sources = [ "src/ability_manager_access_loader.cpp" ] + cflags_cc = [ + "-DHILOG_ENABLE", + "-fvisibility=hidden", + ] + + if (ability_runtime_enable) { + cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] + } - cflags_cc = [ "-fvisibility=hidden" ] configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", @@ -46,7 +61,10 @@ ohos_shared_library("accesstoken_ability_manager_adapter") { "ability_base:want", "ability_runtime:ability_manager", "c_utils:utils", + "hilog:libhilog", "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", ] } } diff --git a/services/common/ability_manager/include/ability_manager_access_loader.h b/services/common/ability_manager/include/ability_manager_access_loader.h index 631a70e5130e787940085aba74565dd353ada49c..da312b15eb88dbf35476cede7b2a49c44708793a 100644 --- a/services/common/ability_manager/include/ability_manager_access_loader.h +++ b/services/common/ability_manager/include/ability_manager_access_loader.h @@ -17,39 +17,46 @@ #define ABILITY_MANAGER_ACCESS_LOADER_H #include - -#include "want.h" +#include +#include "access_token.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { - const int32_t DEFAULT_VALUE = -1; -} const static std::string ABILITY_MANAGER_LIBPATH = "libaccesstoken_ability_manager_adapter.z.so"; +struct InnerWant { + std::optional bundleName; + std::optional abilityName; + std::optional hapBundleName; + std::optional resource; + std::optional hapAppIndex; + std::optional hapUserID; + std::optional callerTokenId; +}; + class AbilityManagerAccessLoaderInterface { public: AbilityManagerAccessLoaderInterface() {} virtual ~AbilityManagerAccessLoaderInterface() {} - virtual int32_t StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int32_t requestCode = DEFAULT_VALUE, int32_t userId = DEFAULT_VALUE); + virtual int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); + virtual int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); }; class AbilityManagerAccessLoader final: public AbilityManagerAccessLoaderInterface { - int32_t StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int32_t requestCode = DEFAULT_VALUE, int32_t userId = DEFAULT_VALUE) override; + int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; + int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; #ifdef __cplusplus extern "C" { #endif - void* Create(); - void Destroy(void* loaderPtr); + __attribute__((visibility("default"))) void* Create(); + __attribute__((visibility("default"))) void Destroy(void* loaderPtr); #ifdef __cplusplus } #endif } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ABILITY_MANAGER_ACCESS_LOADER_H \ No newline at end of file +#endif // ABILITY_MANAGER_ACCESS_LOADER_H diff --git a/services/common/ability_manager/include/ability_manager_access_proxy.h b/services/common/ability_manager/include/ability_manager_access_proxy.h deleted file mode 100644 index 6ca8d1c3d6ab168bef66ad025a7773ba115b1475..0000000000000000000000000000000000000000 --- a/services/common/ability_manager/include/ability_manager_access_proxy.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_ABILITY_MANAGER_ACCESS_PROXY_H -#define OHOS_ABILITY_MANAGER_ACCESS_PROXY_H - -#include - -#include "service_ipc_interface_code.h" -#include "want.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -const int DEFAULT_INVAL_VALUE = -1; -class IAbilityManager : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.aafwk.AbilityManager") - - virtual int StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int requestCode = DEFAULT_INVAL_VALUE, int32_t userId = DEFAULT_INVAL_VALUE) = 0; -}; - -class AbilityManagerAccessProxy : public IRemoteProxy { -public: - explicit AbilityManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} - - ~AbilityManagerAccessProxy() {} - int StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int requestCode = DEFAULT_INVAL_VALUE, int32_t userId = DEFAULT_INVAL_VALUE) override; - -private: - static inline BrokerDelegator delegator_; -}; -} -} -} -#endif // OHOS_ABILITY_MANAGER_ACCESS_PROXY_H diff --git a/services/common/ability_manager/include/ability_manager_adapter.h b/services/common/ability_manager/include/ability_manager_adapter.h new file mode 100644 index 0000000000000000000000000000000000000000..5dab21b8698299bb079243ee31a8a914429a6133 --- /dev/null +++ b/services/common/ability_manager/include/ability_manager_adapter.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_TOKEN_ABILITY_MANAGER_ADAPTER_H +#define ACCESS_TOKEN_ABILITY_MANAGER_ADAPTER_H + +#include +#include "ability_manager_access_loader.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +/** + * @class AbilityManagerAdapter + * AbilityManagerAdapter is used to access ability manager services. + */ +class AbilityManagerAdapter { +private: + AbilityManagerAdapter(); + virtual ~AbilityManagerAdapter(); + DISALLOW_COPY_AND_MOVE(AbilityManagerAdapter); + +public: + static AbilityManagerAdapter& GetInstance(); + + int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); + int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); + + enum class Message { + START_ABILITY = 1001, + KILL_PROCESS_FOR_PERMISSION_UPDATE = 5300, + }; + +private: + void InitProxy(); + + class AbilityMgrDeathRecipient : public IRemoteObject::DeathRecipient { + public: + AbilityMgrDeathRecipient() = default; + ~AbilityMgrDeathRecipient() override = default; + void OnRemoteDied(const wptr& remote) override; + private: + DISALLOW_COPY_AND_MOVE(AbilityMgrDeathRecipient); + }; + + sptr GetProxy(); + void ReleaseProxy(const wptr& remote); + + std::mutex proxyMutex_; + sptr proxy_ = nullptr; + sptr deathRecipient_ = nullptr; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_TOKEN_ABILITY_MANAGER_ADAPTER_H diff --git a/services/common/ability_manager/src/ability_manager_access_client.cpp b/services/common/ability_manager/src/ability_manager_access_client.cpp deleted file mode 100644 index a4b75d32ed8873418030e081fec1f87e302901e1..0000000000000000000000000000000000000000 --- a/services/common/ability_manager/src/ability_manager_access_client.cpp +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "ability_manager_access_client.h" -#include "access_token_error.h" -#include "accesstoken_log.h" -#include "iservice_registry.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AbilityManagerAccessClient" -}; -std::recursive_mutex g_instanceMutex; -} // namespace - -AbilityManagerAccessClient& AbilityManagerAccessClient::GetInstance() -{ - static AbilityManagerAccessClient* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new AbilityManagerAccessClient(); - } - } - return *instance; -} - -AbilityManagerAccessClient::AbilityManagerAccessClient() -{} - -AbilityManagerAccessClient::~AbilityManagerAccessClient() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -int32_t AbilityManagerAccessClient::StartAbility( - const AAFwk::Want &want, const sptr &callerToken, int requestCode, int32_t userId) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return AccessTokenError::ERR_SERVICE_ABNORMAL; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Start ability %{public}s, userId:%{public}d", - want.GetElement().GetAbilityName().c_str(), userId); - return proxy->StartAbility(want, callerToken, userId, requestCode); -} - -void AbilityManagerAccessClient::InitProxy() -{ - auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); - return; - } - auto abilityManagerSa = sam->GetSystemAbility(ABILITY_MGR_SERVICE_ID); - if (abilityManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", ABILITY_MGR_SERVICE_ID); - return; - } - - serviceDeathObserver_ = sptr::MakeSptr(); - if (serviceDeathObserver_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create AbilityManagerAccessDeathRecipient failed"); - return; - } - - if (!abilityManagerSa->IsProxyObject()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Not proxy object"); - return; - } - if (!abilityManagerSa->AddDeathRecipient(serviceDeathObserver_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Add death recipient failed"); - return; - } - - proxy_ = iface_cast(abilityManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); - } -} - -void AbilityManagerAccessClient::OnRemoteDiedHandle() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -sptr AbilityManagerAccessClient::GetProxy() -{ - std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { - InitProxy(); - } - return proxy_; -} - -void AbilityManagerAccessClient::ReleaseProxy() -{ - if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { - proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); - } - proxy_ = nullptr; - serviceDeathObserver_ = nullptr; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/common/ability_manager/src/ability_manager_access_death_recipient.cpp b/services/common/ability_manager/src/ability_manager_access_death_recipient.cpp deleted file mode 100644 index d8a558f893832b754bf055ad993b847bbb215c7b..0000000000000000000000000000000000000000 --- a/services/common/ability_manager/src/ability_manager_access_death_recipient.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "ability_manager_access_death_recipient.h" -#include "accesstoken_log.h" -#include "ability_manager_access_client.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AbilityManagerAccessDeathRecipient"}; -} // namespace - -void AbilityManagerAccessDeathRecipient::OnRemoteDied(const wptr& object) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - AbilityManagerAccessClient::GetInstance().OnRemoteDiedHandle(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/common/ability_manager/src/ability_manager_access_loader.cpp b/services/common/ability_manager/src/ability_manager_access_loader.cpp index 0cbc5bc93628de5b19612030ac47c95201f834a6..b1812b6bd78b638e51a104f31dec449d2abb6741 100644 --- a/services/common/ability_manager/src/ability_manager_access_loader.cpp +++ b/services/common/ability_manager/src/ability_manager_access_loader.cpp @@ -14,22 +14,26 @@ */ #include "ability_manager_access_loader.h" -#include "ability_manager_client.h" +#include "ability_manager_adapter.h" namespace OHOS { namespace Security { namespace AccessToken { int32_t AbilityManagerAccessLoader::StartAbility( - const AAFwk::Want &want, const sptr &callerToken, int32_t requestCode, int32_t userId) + const InnerWant &innerWant, const sptr &callerToken) { #ifdef ABILITY_RUNTIME_ENABLE - return AAFwk::AbilityManagerClient::GetInstance()->StartAbility(want, callerToken, requestCode, userId); + return AbilityManagerAdapter::GetInstance().StartAbility(innerWant, callerToken); #else return 0; #endif } -extern "C" { +int32_t AbilityManagerAccessLoader::KillProcessForPermissionUpdate(uint32_t accessTokenId) +{ + return AbilityManagerAdapter::GetInstance().KillProcessForPermissionUpdate(accessTokenId); +} + void* Create() { return reinterpret_cast(new AbilityManagerAccessLoader); @@ -42,7 +46,6 @@ void Destroy(void* loaderPtr) delete loader; } } -} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/ability_manager/src/ability_manager_access_proxy.cpp b/services/common/ability_manager/src/ability_manager_access_proxy.cpp deleted file mode 100644 index 6abbc09f5e3707182d8c652a5a6ec2cefb886ccb..0000000000000000000000000000000000000000 --- a/services/common/ability_manager/src/ability_manager_access_proxy.cpp +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "ability_manager_access_proxy.h" -#include "access_token_error.h" -#include "accesstoken_log.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { - constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AbilityManagerAccessProxy"}; -} - -int AbilityManagerAccessProxy::StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int requestCode, int32_t userId) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write WriteInterfaceToken."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - - if (!data.WriteParcelable(&want)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Want write failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - if (callerToken) { - if (!data.WriteBool(true) || !data.WriteRemoteObject(callerToken)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "CallerToken and flag write failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - } else { - if (!data.WriteBool(false)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Flag write failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - } - if (!data.WriteInt32(userId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UserId write failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteInt32(requestCode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RequestCode write failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - - int error = Remote()->SendRequest( - static_cast(AccessAbilityServiceInterfaceCode::START_ABILITY_ADD_CALLER), data, reply, option); - if (error != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request error: %{public}d", error); - return error; - } - return reply.ReadInt32(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/ability_manager/src/ability_manager_adapter.cpp b/services/common/ability_manager/src/ability_manager_adapter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..922d1cf4e41620723cf6accc428b94249df7429e --- /dev/null +++ b/services/common/ability_manager/src/ability_manager_adapter.cpp @@ -0,0 +1,195 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ability_manager_adapter.h" +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include +#include "iservice_registry.h" +#include "system_ability_definition.h" +#include "want.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +const int32_t DEFAULT_INVAL_VALUE = -1; +const std::u16string ABILITY_MGR_DESCRIPTOR = u"ohos.aafwk.AbilityManager"; +constexpr const char* BUNDLE_NAME = "bundleName"; +constexpr const char* APP_INDEX = "appIndex"; +constexpr const char* USER_ID = "userId"; +constexpr const char* CALLER_TOKENID = "callerTokenId"; +constexpr const char* RESOURCE_KEY = "ohos.sensitive.resource"; +} +using namespace AAFwk; +AbilityManagerAdapter& AbilityManagerAdapter::GetInstance() +{ + static AbilityManagerAdapter *instance = new (std::nothrow) AbilityManagerAdapter(); + return *instance; +} + +AbilityManagerAdapter::AbilityManagerAdapter() +{} + +AbilityManagerAdapter::~AbilityManagerAdapter() +{} + +static void AbilityManagerConvertWant(const InnerWant &innerWant, AAFwk::Want &want) +{ + if (innerWant.bundleName != std::nullopt && innerWant.abilityName != std::nullopt) { + want.SetElementName(innerWant.bundleName.value(), innerWant.abilityName.value()); + } + if (innerWant.hapBundleName != std::nullopt) { + want.SetParam(BUNDLE_NAME, innerWant.hapBundleName.value()); + } + if (innerWant.hapAppIndex != std::nullopt) { + want.SetParam(APP_INDEX, innerWant.hapAppIndex.value()); + } + if (innerWant.hapUserID != std::nullopt) { + want.SetParam(USER_ID, innerWant.hapUserID.value()); + } + if (innerWant.callerTokenId != std::nullopt) { + want.SetParam(CALLER_TOKENID, std::to_string(innerWant.callerTokenId.value())); + } + if (innerWant.resource != std::nullopt) { + want.SetParam(RESOURCE_KEY, innerWant.resource.value()); + } +} + +int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sptr &callerToken) +{ + auto abms = GetProxy(); + if (abms == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to GetProxy."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + + AAFwk::Want want; + AbilityManagerConvertWant(innerWant, want); + + MessageParcel data; + MessageParcel reply; + MessageOption option; + + if (!data.WriteInterfaceToken(ABILITY_MGR_DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write WriteInterfaceToken."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + + if (!data.WriteParcelable(&want)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Want write failed."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(DEFAULT_INVAL_VALUE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "UserId write failed."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteInt32(DEFAULT_INVAL_VALUE)) { + LOGE(ATM_DOMAIN, ATM_TAG, "RequestCode write failed."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + int32_t error = abms->SendRequest(static_cast(AbilityManagerAdapter::Message::START_ABILITY), + data, reply, option); + if (error != NO_ERROR) { + LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); + return error; + } + return reply.ReadInt32(); +} + +int32_t AbilityManagerAdapter::KillProcessForPermissionUpdate(uint32_t accessTokenId) +{ + auto abms = GetProxy(); + if (abms == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to GetProxy."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + + if (!data.WriteInterfaceToken(ABILITY_MGR_DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write WriteInterfaceToken."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + if (!data.WriteUint32(accessTokenId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); + return AccessTokenError::ERR_WRITE_PARCEL_FAILED; + } + int32_t error = abms->SendRequest(static_cast( + AbilityManagerAdapter::Message::KILL_PROCESS_FOR_PERMISSION_UPDATE), data, reply, option); + if (error != NO_ERROR) { + LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); + return error; + } + return reply.ReadInt32(); +} + +void AbilityManagerAdapter::InitProxy() +{ + if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { + return; + } + sptr systemManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (systemManager == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get system ability registry."); + return; + } + sptr remoteObj = systemManager->CheckSystemAbility(ABILITY_MGR_SERVICE_ID); + if (remoteObj == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to connect ability manager service."); + return; + } + + deathRecipient_ = sptr(new (std::nothrow) AbilityMgrDeathRecipient()); + if (deathRecipient_ == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create AbilityMgrDeathRecipient!"); + return; + } + if ((remoteObj->IsProxyObject()) && (!remoteObj->AddDeathRecipient(deathRecipient_))) { + LOGE(ATM_DOMAIN, ATM_TAG, "Add death recipient to AbilityManagerService failed."); + return; + } + proxy_ = remoteObj; +} + +sptr AbilityManagerAdapter::GetProxy() +{ + std::lock_guard lock(proxyMutex_); + if (proxy_ == nullptr || proxy_->IsObjectDead()) { + InitProxy(); + } + return proxy_; +} + +void AbilityManagerAdapter::ReleaseProxy(const wptr& remote) +{ + std::lock_guard lock(proxyMutex_); + if ((proxy_ != nullptr) && (proxy_ == remote.promote())) { + proxy_->RemoveDeathRecipient(deathRecipient_); + proxy_ = nullptr; + deathRecipient_ = nullptr; + } +} + +void AbilityManagerAdapter::AbilityMgrDeathRecipient::OnRemoteDied(const wptr& remote) +{ + LOGE(ATM_DOMAIN, ATM_TAG, "AbilityMgrDeathRecipient handle remote died."); + AbilityManagerAdapter::GetInstance().ReleaseProxy(remote); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/ability_manager/test/BUILD.gn b/services/common/ability_manager/test/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..56630d32bb69fb3288871fea6fd0d8d768a35477 --- /dev/null +++ b/services/common/ability_manager/test/BUILD.gn @@ -0,0 +1,61 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../access_token.gni") + +ohos_unittest("libaccesstoken_abillity_manager_test") { + subsystem_name = "security" + part_name = "access_token" + module_out_path = part_name + "/" + part_name + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/common/ability_manager/include", + ] + + sources = [ + "${access_token_path}/services/common/ability_manager/src/ability_manager_access_loader.cpp", + "${access_token_path}/services/common/ability_manager/src/ability_manager_adapter.cpp", + "unittest/ability_manager_test.cpp", + ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + + if (ability_runtime_enable) { + cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] + } + + external_deps = [ + "ability_runtime:ability_manager", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] +} + +group("unittest") { + testonly = true + deps = [ ":libaccesstoken_abillity_manager_test" ] +} diff --git a/services/common/ability_manager/include/ability_manager_access_client.h b/services/common/ability_manager/test/unittest/ability_manager_test.cpp similarity index 41% rename from services/common/ability_manager/include/ability_manager_access_client.h rename to services/common/ability_manager/test/unittest/ability_manager_test.cpp index 9805b96141042925ac62ea089aa79378e5c7a23b..e2858abbcb6b4fe45f7f824ec65fcb6078a10688 100644 --- a/services/common/ability_manager/include/ability_manager_access_client.h +++ b/services/common/ability_manager/test/unittest/ability_manager_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,43 +13,46 @@ * limitations under the License. */ -#ifndef ABILITY_MANAGER_ACCESS_CLIENT_H -#define ABILITY_MANAGER_ACCESS_CLIENT_H - -#include +#include #include +#include "access_token.h" +#include "ability_manager_access_loader.h" -#include "ability_manager_access_death_recipient.h" -#include "ability_manager_access_proxy.h" -#include "nocopyable.h" +using namespace testing::ext; namespace OHOS { namespace Security { namespace AccessToken { -class AbilityManagerAccessClient final { +class AbilityManagerTest : public testing::Test { public: - static AbilityManagerAccessClient& GetInstance(); - - virtual ~AbilityManagerAccessClient(); - - int StartAbility(const AAFwk::Want &want, const sptr &callerToken, - int requestCode = DEFAULT_INVAL_VALUE, int32_t userId = DEFAULT_INVAL_VALUE); - void OnRemoteDiedHandle(); - -private: - AbilityManagerAccessClient(); - DISALLOW_COPY_AND_MOVE(AbilityManagerAccessClient); + static void SetUpTestCase(void); + static void TearDownTestCase(void); + void SetUp(); + void TearDown(); +}; - void InitProxy(); - sptr GetProxy(); - void ReleaseProxy(); +void AbilityManagerTest::SetUpTestCase() {} +void AbilityManagerTest::TearDownTestCase() {} +void AbilityManagerTest::SetUp() {} +void AbilityManagerTest::TearDown() {} - sptr serviceDeathObserver_ = nullptr; - std::mutex proxyMutex_; - sptr proxy_ = nullptr; -}; +/** + * @tc.name: AbilityManagerTest001 + * @tc.desc: Test StartAbility with invalid bundle name. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(AbilityManagerTest, AbilityManagerTest001, TestSize.Level1) +{ + AbilityManagerAccessLoaderInterface* loader = static_cast(Create()); + InnerWant innerWant = { + .bundleName = "InvalidBundleName001", + .abilityName = "InvalidAbilityName001" + }; + + EXPECT_NE(ERR_OK, loader->StartAbility(innerWant, nullptr)); + Destroy(loader); +} } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ABILITY_MANAGER_ACCESS_CLIENT_H - diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..a6026e7f25159c1d72caf9398cdc98317edb5da8 --- /dev/null +++ b/services/common/app_manager/BUILD.gn @@ -0,0 +1,55 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../access_token.gni") + +ohos_shared_library("accesstoken_app_manager") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/frameworks/privacy/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "include", + ] + + sources = [ + "src/app_manager_access_client.cpp", + "src/app_state_data.cpp", + "src/app_status_change_callback.cpp", + "src/process_data.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] +} diff --git a/services/common/app_manager/include/app_manager_access_client.h b/services/common/app_manager/include/app_manager_access_client.h index b938169cbfae43f7218d0929d0776fe7285e8b6d..2e2bbcdd0b995add7e4b26267315e04117c50675 100644 --- a/services/common/app_manager/include/app_manager_access_client.h +++ b/services/common/app_manager/include/app_manager_access_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,8 +21,6 @@ #include "app_status_change_callback.h" #include "app_manager_death_callback.h" -#include "app_manager_death_recipient.h" -#include "app_manager_access_proxy.h" #include "nocopyable.h" namespace OHOS { @@ -39,18 +37,31 @@ public: void RegisterDeathCallback(const std::shared_ptr& callback); void OnRemoteDiedHandle(); + enum class Message { + REGISTER_APPLICATION_STATE_OBSERVER = 12, + UNREGISTER_APPLICATION_STATE_OBSERVER = 13, + GET_FOREGROUND_APPLICATIONS = 14, + }; + private: AppManagerAccessClient(); DISALLOW_COPY_AND_MOVE(AppManagerAccessClient); + class AppMgrDeathRecipient : public IRemoteObject::DeathRecipient { + public: + AppMgrDeathRecipient() {} + virtual ~AppMgrDeathRecipient() override = default; + void OnRemoteDied(const wptr& object) override; + }; + void InitProxy(); - sptr GetProxy(); + sptr GetProxy(); void ReleaseProxy(); sptr serviceDeathObserver_ = nullptr; std::mutex proxyMutex_; std::mutex deathCallbackMutex_; - sptr proxy_ = nullptr; + sptr proxy_ = nullptr; std::vector> appManagerDeathCallbackList_; }; } // namespace AccessToken diff --git a/services/common/app_manager/include/app_manager_access_proxy.h b/services/common/app_manager/include/app_manager_access_proxy.h deleted file mode 100644 index fabe1f203b6009c6fd23979c2ab6e638185de76c..0000000000000000000000000000000000000000 --- a/services/common/app_manager/include/app_manager_access_proxy.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESS_APP_MANAGER_ACCESS_PROXY_H -#define ACCESS_APP_MANAGER_ACCESS_PROXY_H - -#include - -#include "app_state_data.h" -#include "process_data.h" -#include "service_ipc_interface_code.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class IApplicationStateObserver : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IApplicationStateObserver"); - - virtual void OnForegroundApplicationChanged(const AppStateData &appStateData) = 0; - virtual void OnProcessDied(const ProcessData &processData) = 0; - virtual void OnApplicationStateChanged(const AppStateData &appStateData) = 0; - enum class Message { - TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED = 0, - TRANSACT_ON_PROCESS_DIED = 5, - TRANSACT_ON_APPLICATION_STATE_CHANGED = 6, - }; -}; - -class IAppMgr : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.AppMgr"); - - virtual int32_t RegisterApplicationStateObserver(const sptr& observer, - const std::vector& bundleNameList = {}) = 0; - virtual int32_t UnregisterApplicationStateObserver(const sptr& observer) = 0; - virtual int32_t GetForegroundApplications(std::vector& list) = 0; - - enum class Message { - REGISTER_APPLICATION_STATE_OBSERVER = 12, - UNREGISTER_APPLICATION_STATE_OBSERVER = 13, - GET_FOREGROUND_APPLICATIONS = 14, - }; -}; - -class AppManagerAccessProxy : public IRemoteProxy { -public: - explicit AppManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} - - virtual ~AppManagerAccessProxy() = default; - - int32_t RegisterApplicationStateObserver(const sptr& observer, - const std::vector &bundleNameList = {}) override; - int32_t UnregisterApplicationStateObserver(const sptr& observer) override; - int32_t GetForegroundApplications(std::vector& list) override; -private: - static inline BrokerDelegator delegator_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESS_APP_MANAGER_ACCESS_PROXY_H diff --git a/services/common/app_manager/include/app_manager_death_callback.h b/services/common/app_manager/include/app_manager_death_callback.h index b558b383ac974cf89209126c41b51c79ea05acda..149e1ad1acd5bb9e32eded9aa01af60b04dec835 100644 --- a/services/common/app_manager/include/app_manager_death_callback.h +++ b/services/common/app_manager/include/app_manager_death_callback.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,7 +17,6 @@ #define ACCESS_APP_MANAGER_DEATH_CALLBACK_H #include -#include "app_manager_access_proxy.h" #include "iremote_stub.h" #include "nocopyable.h" diff --git a/services/common/app_manager/include/app_manager_death_recipient.h b/services/common/app_manager/include/app_manager_death_recipient.h deleted file mode 100644 index d43c9d930362f17b81fcd10d0da8e8d3f3dd40e3..0000000000000000000000000000000000000000 --- a/services/common/app_manager/include/app_manager_death_recipient.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ACCESS_APP_MANAGER_DEATH_RECIPIENT_H -#define ACCESS_APP_MANAGER_DEATH_RECIPIENT_H - -#include "iremote_object.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class AppMgrDeathRecipient : public IRemoteObject::DeathRecipient { -public: - AppMgrDeathRecipient() {} - virtual ~AppMgrDeathRecipient() override = default; - void OnRemoteDied(const wptr& object) override; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // ACCESS_APP_MANAGER_DEATH_RECIPIENT_H - diff --git a/services/common/app_manager/include/app_state_data.h b/services/common/app_manager/include/app_state_data.h index a18e09f3446e67372de21c8ade79ddea453efe31..e8d3523304ed93f3df05ffa3b745fc8b32ac0f3e 100644 --- a/services/common/app_manager/include/app_state_data.h +++ b/services/common/app_manager/include/app_state_data.h @@ -49,6 +49,9 @@ struct AppStateData : public Parcelable { std::string callerBundleName; bool isSplitScreenMode = false; bool isFloatingWindowMode = false; + bool isSpecifyTokenId = false; + int32_t appIndex = 0; + bool isPreloadModule = false; }; } // namespace AccessToken } // namespace Security diff --git a/services/common/app_manager/include/app_status_change_callback.h b/services/common/app_manager/include/app_status_change_callback.h index 9c2f8d8c7d8d1fce641fec4ec57e065f9c13c76d..511de658ba262c7aa2cdaad561a43bf3c8efc370 100644 --- a/services/common/app_manager/include/app_status_change_callback.h +++ b/services/common/app_manager/include/app_status_change_callback.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,13 +17,33 @@ #define ACCESS_APP_STATUS_CHANGE_CALLBACK_H #include -#include "app_manager_access_proxy.h" +#include "app_state_data.h" +#include "process_data.h" #include "iremote_stub.h" #include "nocopyable.h" namespace OHOS { namespace Security { namespace AccessToken { +class IApplicationStateObserver : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IApplicationStateObserver"); + + virtual void OnProcessStateChanged(const ProcessData &processData) = 0; + virtual void OnProcessDied(const ProcessData &processData) = 0; + virtual void OnAppStateChanged(const AppStateData &appStateData) = 0; + virtual void OnAppStopped(const AppStateData &appStateData) = 0; + virtual void OnAppCacheStateChanged(const AppStateData &appStateData) = 0; + + enum class Message { + TRANSACT_ON_PROCESS_STATE_CHANGED = 4, + TRANSACT_ON_PROCESS_DIED = 5, + TRANSACT_ON_APP_STATE_CHANGED = 7, + TRANSACT_ON_APP_STOPPED = 10, + TRANSACT_ON_APP_CACHE_STATE_CHANGED = 13, + }; +}; + class ApplicationStateObserverStub : public IRemoteStub { public: ApplicationStateObserverStub(); @@ -32,14 +52,19 @@ public: virtual int OnRemoteRequest( uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) override; - virtual void OnForegroundApplicationChanged(const AppStateData &appStateData) override {} + virtual void OnProcessStateChanged(const ProcessData &processData) override {} virtual void OnProcessDied(const ProcessData &processData) override {} - virtual void OnApplicationStateChanged(const AppStateData &appStateData) override {} + virtual void OnAppStateChanged(const AppStateData &appStateData) override {} + virtual void OnAppStopped(const AppStateData &appStateData) override {} + virtual void OnAppCacheStateChanged(const AppStateData &appStateData) override {} + DISALLOW_COPY_AND_MOVE(ApplicationStateObserverStub); private: - int32_t HandleOnForegroundApplicationChanged(MessageParcel &data, MessageParcel &reply); + int32_t HandleOnProcessStateChanged(MessageParcel &data, MessageParcel &reply); int32_t HandleOnProcessDied(MessageParcel &data, MessageParcel &reply); - int32_t HandleOnApplicationStateChanged(MessageParcel &data, MessageParcel &reply); + int32_t HandleOnAppStateChanged(MessageParcel &data, MessageParcel &reply); + int32_t HandleOnAppStopped(MessageParcel &data, MessageParcel &reply); + int32_t HandleOnAppCacheStateChanged(MessageParcel &data, MessageParcel &reply); }; } // namespace AccessToken } // namespace Security diff --git a/services/common/app_manager/include/process_data.h b/services/common/app_manager/include/process_data.h index 45d276d1b8e27fbc7f14278b450e2f9071bf55f1..48b2ff7cce9ebed89a5ea27327f00aa3dbdd88d1 100644 --- a/services/common/app_manager/include/process_data.h +++ b/services/common/app_manager/include/process_data.h @@ -82,6 +82,9 @@ struct ProcessData : public Parcelable { bool isTestMode = false; // Indicates whether the process is started by aa test int32_t exitReason = 0; std::string exitMsg = ""; + int32_t childUid = -1; + bool isPreload = false; + bool isPreloadModule = false; }; } // namespace AccessToken } // namespace Security diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp index 7853e18f0aa015c5230eb4a017929f75aeab5dea..374f3e86d0d5400a3bbfeeb388e2dee38e49ccab 100644 --- a/services/common/app_manager/src/app_manager_access_client.cpp +++ b/services/common/app_manager/src/app_manager_access_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,7 +15,7 @@ #include "app_manager_access_client.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -23,10 +23,10 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AppManagerAccessClient" -}; +static constexpr int32_t ERROR = -1; std::recursive_mutex g_instanceMutex; +std::u16string DESCRIPTOR = u"ohos.appexecfwk.AppMgr"; +constexpr int32_t CYCLE_LIMIT = 1000; } // namespace AppManagerAccessClient& AppManagerAccessClient::GetInstance() @@ -35,7 +35,8 @@ AppManagerAccessClient& AppManagerAccessClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new AppManagerAccessClient(); + AppManagerAccessClient* tmp = new AppManagerAccessClient(); + instance = std::move(tmp); } } return *instance; @@ -52,54 +53,121 @@ AppManagerAccessClient::~AppManagerAccessClient() int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr& observer) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); + LOGI(ATM_DOMAIN, ATM_TAG, "Entry"); if (observer == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); - return -1; + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); + return ERROR; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return -1; + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return ERROR; } std::vector bundleNameList; - return proxy->RegisterApplicationStateObserver(observer, bundleNameList); + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + if (!data.WriteRemoteObject(observer->AsObject())) { + LOGE(ATM_DOMAIN, ATM_TAG, "Observer write failed."); + return ERROR; + } + if (!data.WriteStringVector(bundleNameList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "BundleNameList write failed."); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::REGISTER_APPLICATION_STATE_OBSERVER), + data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "RegisterAppStatus failed, error: %{public}d", error); + return ERROR; + } + return reply.ReadInt32(); } int32_t AppManagerAccessClient::UnregisterApplicationStateObserver(const sptr &observer) { if (observer == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); - return -1; + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); + return ERROR; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return -1; + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return ERROR; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + if (!data.WriteRemoteObject(observer->AsObject())) { + LOGE(ATM_DOMAIN, ATM_TAG, "Observer write failed."); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::UNREGISTER_APPLICATION_STATE_OBSERVER), + data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Set microphoneMute failed, error: %d", error); + return error; } - return proxy->UnregisterApplicationStateObserver(observer); + return reply.ReadInt32(); } int32_t AppManagerAccessClient::GetForegroundApplications(std::vector& list) { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return -1; + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); + return ERROR; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::GET_FOREGROUND_APPLICATIONS), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetForegroundApplications failed, error: %{public}d", error); + return error; + } + uint32_t infoSize = reply.ReadUint32(); + if (infoSize > CYCLE_LIMIT) { + LOGE(ATM_DOMAIN, ATM_TAG, "InfoSize is too large"); + return ERROR; + } + for (uint32_t i = 0; i < infoSize; i++) { + std::unique_ptr info(reply.ReadParcelable()); + if (info != nullptr) { + list.emplace_back(*info); + } } - return proxy->GetForegroundApplications(list); + return reply.ReadInt32(); } void AppManagerAccessClient::InitProxy() { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null"); return; } auto appManagerSa = sam->GetSystemAbility(APP_MGR_SERVICE_ID); if (appManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", APP_MGR_SERVICE_ID); return; } @@ -109,17 +177,14 @@ void AppManagerAccessClient::InitProxy() appManagerSa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = iface_cast(appManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); - } + proxy_ = appManagerSa; } void AppManagerAccessClient::RegisterDeathCallback(const std::shared_ptr& callback) { std::lock_guard lock(deathCallbackMutex_); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AppManagerAccessClient: Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "AppManagerAccessClient: Callback is nullptr."); return; } appManagerDeathCallbackList_.emplace_back(callback); @@ -142,10 +207,10 @@ void AppManagerAccessClient::OnRemoteDiedHandle() } } -sptr AppManagerAccessClient::GetProxy() +sptr AppManagerAccessClient::GetProxy() { std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->IsObjectDead()) { InitProxy(); } return proxy_; @@ -154,11 +219,17 @@ sptr AppManagerAccessClient::GetProxy() void AppManagerAccessClient::ReleaseProxy() { if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { - proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); + proxy_->RemoveDeathRecipient(serviceDeathObserver_); } proxy_ = nullptr; serviceDeathObserver_ = nullptr; } + +void AppManagerAccessClient::AppMgrDeathRecipient::OnRemoteDied(const wptr& object) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called", __func__); + AppManagerAccessClient::GetInstance().OnRemoteDiedHandle(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_access_proxy.cpp b/services/common/app_manager/src/app_manager_access_proxy.cpp deleted file mode 100644 index 2bbe4b2d59b5a564fe2b0a0a6ef750be4a31d82c..0000000000000000000000000000000000000000 --- a/services/common/app_manager/src/app_manager_access_proxy.cpp +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "app_manager_access_proxy.h" -#include "accesstoken_log.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AppManagerAccessProxy"}; -static constexpr int32_t ERROR = -1; -constexpr int32_t CYCLE_LIMIT = 1000; -} - -int32_t AppManagerAccessProxy::RegisterApplicationStateObserver(const sptr& observer, - const std::vector& bundleNameList) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); - return ERROR; - } - if (!data.WriteRemoteObject(observer->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Observer write failed."); - return ERROR; - } - if (!data.WriteStringVector(bundleNameList)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "BundleNameList write failed."); - return ERROR; - } - int32_t error = Remote()->SendRequest( - static_cast(IAppMgr::Message::REGISTER_APPLICATION_STATE_OBSERVER), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterAppStatus failed, error: %{public}d", error); - return ERROR; - } - return reply.ReadInt32(); -} - -int32_t AppManagerAccessProxy::UnregisterApplicationStateObserver( - const sptr& observer) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); - return ERROR; - } - if (!data.WriteRemoteObject(observer->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Observer write failed."); - return ERROR; - } - int32_t error = Remote()->SendRequest( - static_cast(IAppMgr::Message::UNREGISTER_APPLICATION_STATE_OBSERVER), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Set microphoneMute failed, error: %d", error); - return error; - } - return reply.ReadInt32(); -} - -int32_t AppManagerAccessProxy::GetForegroundApplications(std::vector& list) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); - return ERROR; - } - int32_t error = Remote()->SendRequest( - static_cast(IAppMgr::Message::GET_FOREGROUND_APPLICATIONS), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetForegroundApplications failed, error: %{public}d", error); - return error; - } - uint32_t infoSize = reply.ReadUint32(); - if (infoSize > CYCLE_LIMIT) { - ACCESSTOKEN_LOG_ERROR(LABEL, "InfoSize is too large"); - return ERROR; - } - for (uint32_t i = 0; i < infoSize; i++) { - std::unique_ptr info(reply.ReadParcelable()); - if (info != nullptr) { - list.emplace_back(*info); - } - } - return reply.ReadInt32(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_death_recipient.cpp b/services/common/app_manager/src/app_manager_death_recipient.cpp deleted file mode 100644 index c18e9b08a9a337fcafdfe733c78debb71e8a4591..0000000000000000000000000000000000000000 --- a/services/common/app_manager/src/app_manager_death_recipient.cpp +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "app_manager_death_recipient.h" - -#include "accesstoken_log.h" -#include "app_manager_access_client.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AppMgrDeathRecipient" -}; -} // namespace - -void AppMgrDeathRecipient::OnRemoteDied(const wptr& object) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - AppManagerAccessClient::GetInstance().OnRemoteDiedHandle(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/app_manager/src/app_state_data.cpp b/services/common/app_manager/src/app_state_data.cpp index 89ef9c611fefd635a7d01afb3576309b08800f6c..48d3bd556460bf0756d2d46182bbec72f8a0c9f5 100644 --- a/services/common/app_manager/src/app_state_data.cpp +++ b/services/common/app_manager/src/app_state_data.cpp @@ -24,7 +24,7 @@ bool AppStateData::Marshalling(Parcel &parcel) const && parcel.WriteInt32(pid) && parcel.WriteUint32(accessTokenId) && parcel.WriteBool(isFocused) && parcel.WriteInt32(extensionType) && parcel.WriteInt32Vector(renderPids) && parcel.WriteString(callerBundleName) && parcel.WriteBool(isSplitScreenMode) - && parcel.WriteBool(isFloatingWindowMode)); + && parcel.WriteBool(isFloatingWindowMode) && parcel.WriteInt32(appIndex) && parcel.WriteBool(isPreloadModule)); } AppStateData *AppStateData::Unmarshalling(Parcel &parcel) @@ -44,6 +44,8 @@ AppStateData *AppStateData::Unmarshalling(Parcel &parcel) appStateData->callerBundleName = parcel.ReadString(); appStateData->isSplitScreenMode = parcel.ReadBool(); appStateData->isFloatingWindowMode = parcel.ReadBool(); + appStateData->appIndex = parcel.ReadInt32(); + appStateData->isPreloadModule = parcel.ReadBool(); return appStateData; } } // namespace AccessToken diff --git a/services/common/app_manager/src/app_status_change_callback.cpp b/services/common/app_manager/src/app_status_change_callback.cpp index 0a6070469e87e84cd2ff37c633b7c4755c6d13cf..6ccb38df66fdb0bb0f72df836e9163a86615ce57 100644 --- a/services/common/app_manager/src/app_status_change_callback.cpp +++ b/services/common/app_manager/src/app_status_change_callback.cpp @@ -14,65 +14,68 @@ */ #include "app_status_change_callback.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ApplicationStateObserverStub" -}; -} ApplicationStateObserverStub::ApplicationStateObserverStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "ApplicationStateObserverStub Instance create"); + LOGI(ATM_DOMAIN, ATM_TAG, "ApplicationStateObserverStub Instance create"); } ApplicationStateObserverStub::~ApplicationStateObserverStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "ApplicationStateObserverStub Instance destroy"); + LOGI(ATM_DOMAIN, ATM_TAG, "ApplicationStateObserverStub Instance destroy"); } int32_t ApplicationStateObserverStub::OnRemoteRequest( uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { if (data.ReadInterfaceToken() != GetDescriptor()) { - ACCESSTOKEN_LOG_INFO(LABEL, "ApplicationStateObserverStub: ReadInterfaceToken failed"); + LOGI(ATM_DOMAIN, ATM_TAG, "ApplicationStateObserverStub: ReadInterfaceToken failed"); return ERROR_IPC_REQUEST_FAIL; } switch (static_cast(code)) { - case IApplicationStateObserver::Message::TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED: { - HandleOnForegroundApplicationChanged(data, reply); + case IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_STATE_CHANGED: { + HandleOnProcessStateChanged(data, reply); return NO_ERROR; } case IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_DIED: { HandleOnProcessDied(data, reply); return NO_ERROR; } - case IApplicationStateObserver::Message::TRANSACT_ON_APPLICATION_STATE_CHANGED: { - HandleOnApplicationStateChanged(data, reply); + case IApplicationStateObserver::Message::TRANSACT_ON_APP_STATE_CHANGED: { + HandleOnAppStateChanged(data, reply); + return NO_ERROR; + } + case IApplicationStateObserver::Message::TRANSACT_ON_APP_STOPPED: { + HandleOnAppStopped(data, reply); + return NO_ERROR; + } + case IApplicationStateObserver::Message::TRANSACT_ON_APP_CACHE_STATE_CHANGED: { + HandleOnAppCacheStateChanged(data, reply); return NO_ERROR; } default: { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Default case, need check AudioListenerStub"); + LOGD(ATM_DOMAIN, ATM_TAG, "Default case, need check AudioListenerStub"); return IPCObjectStub::OnRemoteRequest(code, data, reply, option); } } return NO_ERROR; } -int32_t ApplicationStateObserverStub::HandleOnForegroundApplicationChanged(MessageParcel &data, MessageParcel &reply) +int32_t ApplicationStateObserverStub::HandleOnProcessStateChanged(MessageParcel &data, MessageParcel &reply) { - std::unique_ptr processData(data.ReadParcelable()); + std::unique_ptr processData(data.ReadParcelable()); if (processData == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed"); return -1; } - OnForegroundApplicationChanged(*processData); + OnProcessStateChanged(*processData); return NO_ERROR; } @@ -80,7 +83,7 @@ int32_t ApplicationStateObserverStub::HandleOnProcessDied(MessageParcel &data, M { std::unique_ptr processData(data.ReadParcelable()); if (processData == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed"); return -1; } @@ -88,15 +91,39 @@ int32_t ApplicationStateObserverStub::HandleOnProcessDied(MessageParcel &data, M return NO_ERROR; } -int32_t ApplicationStateObserverStub::HandleOnApplicationStateChanged(MessageParcel &data, MessageParcel &reply) +int32_t ApplicationStateObserverStub::HandleOnAppStateChanged(MessageParcel &data, MessageParcel &reply) +{ + std::unique_ptr processData(data.ReadParcelable()); + if (processData == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed"); + return -1; + } + + OnAppStateChanged(*processData); + return NO_ERROR; +} + +int32_t ApplicationStateObserverStub::HandleOnAppStopped(MessageParcel &data, MessageParcel &reply) +{ + std::unique_ptr appStateData(data.ReadParcelable()); + if (appStateData == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed"); + return -1; + } + + OnAppStopped(*appStateData); + return NO_ERROR; +} + +int32_t ApplicationStateObserverStub::HandleOnAppCacheStateChanged(MessageParcel &data, MessageParcel &reply) { std::unique_ptr appStateData(data.ReadParcelable()); if (appStateData == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed"); return -1; } - OnApplicationStateChanged(*appStateData); + OnAppCacheStateChanged(*appStateData); return NO_ERROR; } } // namespace AccessToken diff --git a/services/common/app_manager/src/process_data.cpp b/services/common/app_manager/src/process_data.cpp index b1ee9925456aad4b465ede21b4e9fb18f6a0aa3e..35a64f4e01cdec332751adf98d7ec15875b6e625 100644 --- a/services/common/app_manager/src/process_data.cpp +++ b/services/common/app_manager/src/process_data.cpp @@ -27,7 +27,8 @@ bool ProcessData::Marshalling(Parcel &parcel) const parcel.WriteInt32(processChangeReason) && parcel.WriteString(processName) && parcel.WriteInt32(static_cast(processType)) && parcel.WriteInt32(extensionType) && parcel.WriteInt32(renderUid) && parcel.WriteUint32(accessTokenId) && - parcel.WriteBool(isTestMode) && parcel.WriteInt32(exitReason) && parcel.WriteString(exitMsg)); + parcel.WriteBool(isTestMode) && parcel.WriteInt32(exitReason) && parcel.WriteString(exitMsg) && + parcel.WriteInt32(childUid) && parcel.WriteBool(isPreload) && parcel.WriteBool(isPreloadModule)); } bool ProcessData::ReadFromParcel(Parcel &parcel) @@ -51,6 +52,9 @@ bool ProcessData::ReadFromParcel(Parcel &parcel) isTestMode = parcel.ReadBool(); exitReason = parcel.ReadInt32(); exitMsg = parcel.ReadString(); + childUid = parcel.ReadInt32(); + isPreload = parcel.ReadBool(); + isPreloadModule = parcel.ReadBool(); return true; } diff --git a/services/common/background_task_manager/include/background_task_manager_access_proxy.h b/services/common/background_task_manager/include/background_task_manager_access_proxy.h index ec323fee5e1f47ec8d049434ac073ebcc163d867..b56028f5fed2ff4f02195d2136f5a069c1190c24 100644 --- a/services/common/background_task_manager/include/background_task_manager_access_proxy.h +++ b/services/common/background_task_manager/include/background_task_manager_access_proxy.h @@ -19,7 +19,6 @@ #include #include "continuous_task_callback_info.h" -#include "service_ipc_interface_code.h" namespace OHOS { namespace Security { @@ -42,7 +41,7 @@ public: class IBackgroundTaskMgr : public IRemoteBroker { public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.resourceschedule.IBackgroundTaskMgr"); + DECLARE_INTERFACE_DESCRIPTOR(u"OHOS.BackgroundTaskMgr.IBackgroundTaskMgr"); virtual int32_t SubscribeBackgroundTask(const sptr &subscriber) = 0; virtual int32_t UnsubscribeBackgroundTask(const sptr &subscriber) = 0; diff --git a/services/common/background_task_manager/include/continuous_task_callback_info.h b/services/common/background_task_manager/include/continuous_task_callback_info.h index dfa77f04db290c37b4b3ce36ec69cf31803197fc..2686cb2c54c097d40d4e53c2ff685179a61099e0 100644 --- a/services/common/background_task_manager/include/continuous_task_callback_info.h +++ b/services/common/background_task_manager/include/continuous_task_callback_info.h @@ -49,6 +49,8 @@ struct ContinuousTaskCallbackInfo : public Parcelable { uint64_t tokenId_ {0}; uint64_t GetFullTokenId() const; + uint32_t GetTypeId() const; + std::vector GetTypeIds() const; bool ReadFromParcel(Parcel &parcel); bool Marshalling(Parcel &parcel) const override; static ContinuousTaskCallbackInfo *Unmarshalling(Parcel &parcel); diff --git a/services/common/background_task_manager/src/background_task_manager_access_client.cpp b/services/common/background_task_manager/src/background_task_manager_access_client.cpp index a9678e179c0d53d68ccfc729311e10d95b25b34a..7ae32486c87848365055339f1596c1d25ed3d480 100644 --- a/services/common/background_task_manager/src/background_task_manager_access_client.cpp +++ b/services/common/background_task_manager/src/background_task_manager_access_client.cpp @@ -14,7 +14,7 @@ */ #include "background_task_manager_access_client.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -22,9 +22,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BackgourndTaskManagerAccessClient" -}; static constexpr int32_t ERROR = -1; std::recursive_mutex g_instanceMutex; } // namespace @@ -35,7 +32,8 @@ BackgourndTaskManagerAccessClient& BackgourndTaskManagerAccessClient::GetInstanc if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new BackgourndTaskManagerAccessClient(); + BackgourndTaskManagerAccessClient* tmp = new BackgourndTaskManagerAccessClient(); + instance = std::move(tmp); } } return *instance; @@ -53,12 +51,12 @@ BackgourndTaskManagerAccessClient::~BackgourndTaskManagerAccessClient() int32_t BackgourndTaskManagerAccessClient::SubscribeBackgroundTask(const sptr& subscriber) { if (subscriber == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); return ERROR; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return ERROR; } return proxy->SubscribeBackgroundTask(subscriber); @@ -67,12 +65,12 @@ int32_t BackgourndTaskManagerAccessClient::SubscribeBackgroundTask(const sptr& subscriber) { if (subscriber == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(ATM_DOMAIN, ATM_TAG, "Callback is nullptr."); return ERROR; } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return ERROR; } return proxy->UnsubscribeBackgroundTask(subscriber); @@ -83,7 +81,7 @@ int32_t BackgourndTaskManagerAccessClient::GetContinuousTaskApps( { auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null"); return ERROR; } return proxy->GetContinuousTaskApps(list); @@ -93,12 +91,12 @@ void BackgourndTaskManagerAccessClient::InitProxy() { auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbilityManager is null"); return; } auto backgroundTaskManagerSa = sam->GetSystemAbility(BACKGROUND_TASK_MANAGER_SERVICE_ID); if (backgroundTaskManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + LOGE(ATM_DOMAIN, ATM_TAG, "GetSystemAbility %{public}d is null", BACKGROUND_TASK_MANAGER_SERVICE_ID); return; } @@ -108,9 +106,9 @@ void BackgourndTaskManagerAccessClient::InitProxy() backgroundTaskManagerSa->AddDeathRecipient(serviceDeathObserver_); } - proxy_ = iface_cast(backgroundTaskManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); + proxy_ = new BackgroundTaskManagerAccessProxy(backgroundTaskManagerSa); + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Iface_cast get null"); } } @@ -123,7 +121,7 @@ void BackgourndTaskManagerAccessClient::OnRemoteDiedHandle() sptr BackgourndTaskManagerAccessClient::GetProxy() { std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { + if (proxy_ == nullptr || proxy_->AsObject() == nullptr || proxy_->AsObject()->IsObjectDead()) { InitProxy(); } return proxy_; @@ -131,7 +129,7 @@ sptr BackgourndTaskManagerAccessClient::GetProxy() void BackgourndTaskManagerAccessClient::ReleaseProxy() { - if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { + if ((proxy_ != nullptr) && (proxy_->AsObject() != nullptr) && (serviceDeathObserver_ != nullptr)) { proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); } proxy_ = nullptr; diff --git a/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp b/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp index 8c43d5080bc4391636a81cf8eb30524737335ae8..c021aa88ea6a6cf876a0d7bd181532a04b890649 100644 --- a/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp +++ b/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp @@ -14,14 +14,13 @@ */ #include "background_task_manager_access_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "errors.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BackgroundTaskManagerAccessProxy"}; static constexpr int32_t ERROR = -1; static constexpr int32_t MAX_CALLBACK_NUM = 10 * 1024; } @@ -32,22 +31,27 @@ int32_t BackgroundTaskManagerAccessProxy::SubscribeBackgroundTask(const sptrAsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write callerToken failed."); return ERROR; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::SUBSCRIBE_BACKGROUND_TASK), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Regist background task observer failed, error: %{public}d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "Regist background task observer failed, error: %{public}d", error); return ERROR; } int32_t result; if (!reply.ReadInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return ERROR; } return result; @@ -59,22 +63,27 @@ int32_t BackgroundTaskManagerAccessProxy::UnsubscribeBackgroundTask(const sptrAsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write callerToken failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Write callerToken failed."); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); return ERROR; } - int32_t error = Remote()->SendRequest( + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::UNSUBSCRIBE_BACKGROUND_TASK), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Unregist background task observer failed, error: %d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "Unregist background task observer failed, error: %d", error); return error; } int32_t result; if (!reply.ReadInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return ERROR; } return result; @@ -87,33 +96,38 @@ int32_t BackgroundTaskManagerAccessProxy::GetContinuousTaskApps( MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); return ERROR; } - int32_t error = Remote()->SendRequest( + int32_t error = remote->SendRequest( static_cast(IBackgroundTaskMgr::Message::GET_CONTINUOUS_TASK_APPS), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get continuous task apps failed, error: %{public}d", error); + LOGE(ATM_DOMAIN, ATM_TAG, "Get continuous task apps failed, error: %{public}d", error); return ERROR; } int32_t result; if (!reply.ReadInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return ERROR; } if (result != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetContinuousTaskApps failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "GetContinuousTaskApps failed."); return result; } int32_t infoSize = reply.ReadInt32(); if ((infoSize < 0) || (infoSize > MAX_CALLBACK_NUM)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "InfoSize:%{public}d invalid.", infoSize); + LOGE(ATM_DOMAIN, ATM_TAG, "InfoSize:%{public}d invalid.", infoSize); return ERROR; } for (int32_t i = 0; i < infoSize; i++) { auto info = ContinuousTaskCallbackInfo::Unmarshalling(reply); if (info == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Read Parcelable infos."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Read Parcelable infos."); return ERROR; } list.emplace_back(info); diff --git a/services/common/background_task_manager/src/background_task_manager_death_recipient.cpp b/services/common/background_task_manager/src/background_task_manager_death_recipient.cpp index 461a6e517e8be26271684d5dd433879c210cd721..2f127c6136b8b41a3de38d9439071b386ac54a43 100644 --- a/services/common/background_task_manager/src/background_task_manager_death_recipient.cpp +++ b/services/common/background_task_manager/src/background_task_manager_death_recipient.cpp @@ -14,21 +14,16 @@ */ #include "background_task_manager_death_recipient.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "background_task_manager_access_client.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BackgroundTaskMgrDeathRecipient" -}; -} // namespace void BackgroundTaskMgrDeathRecipient::OnRemoteDied(const wptr& object) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called", __func__); BackgourndTaskManagerAccessClient::GetInstance().OnRemoteDiedHandle(); } } // namespace AccessToken diff --git a/services/common/background_task_manager/src/continuous_task_callback_info.cpp b/services/common/background_task_manager/src/continuous_task_callback_info.cpp index ee31d415203095bae488dbcb5c9c5b0a1efc5d3d..4bd6842c502e9e93e2535232cc3b4111c57962b4 100644 --- a/services/common/background_task_manager/src/continuous_task_callback_info.cpp +++ b/services/common/background_task_manager/src/continuous_task_callback_info.cpp @@ -14,62 +14,58 @@ */ #include "continuous_task_callback_info.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ContinuousTaskCallbackInfo" -}; -} // namespace + bool ContinuousTaskCallbackInfo::Marshalling(Parcel &parcel) const { if (!parcel.WriteUint32(typeId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); return false; } if (!parcel.WriteInt32(creatorUid_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } if (!parcel.WriteInt32(creatorPid_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } if (!parcel.WriteBool(isFromWebview_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteBool failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteBool failed."); return false; } std::u16string u16AbilityName = Str8ToStr16(abilityName_); if (!parcel.WriteString16(u16AbilityName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteString16 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteString16 failed."); return false; } if (!parcel.WriteBool(isBatchApi_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteBool failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteBool failed."); return false; } if (!parcel.WriteUInt32Vector(typeIds_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUInt32Vector failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUInt32Vector failed."); return false; } if (!parcel.WriteInt32(abilityId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); return false; } if (!parcel.WriteUint64(tokenId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteUint64 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint64 failed."); return false; } return true; @@ -89,51 +85,51 @@ ContinuousTaskCallbackInfo *ContinuousTaskCallbackInfo::Unmarshalling(Parcel &pa bool ContinuousTaskCallbackInfo::ReadFromParcel(Parcel &parcel) { if (!parcel.ReadUint32(typeId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadUint32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint32 failed."); return false; } if (!parcel.ReadInt32(creatorUid_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return false; } int32_t pid; if (!parcel.ReadInt32(pid)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return false; } creatorPid_ = static_cast(pid); if (!parcel.ReadBool(isFromWebview_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadBool failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadBool failed."); return false; } std::u16string u16AbilityName; if (!parcel.ReadString16(u16AbilityName)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadString16 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadString16 failed."); return false; } abilityName_ = Str16ToStr8(u16AbilityName); if (!parcel.ReadBool(isBatchApi_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadBool failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadBool failed."); return false; } if (!parcel.ReadUInt32Vector(&typeIds_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadUInt32Vector failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUInt32Vector failed."); return false; } if (!parcel.ReadInt32(abilityId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadInt32 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadInt32 failed."); return false; } if (!parcel.ReadUint64(tokenId_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadUint64 failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadUint64 failed."); return false; } return true; @@ -143,6 +139,16 @@ uint64_t ContinuousTaskCallbackInfo::GetFullTokenId() const { return tokenId_; } + +uint32_t ContinuousTaskCallbackInfo::GetTypeId() const +{ + return typeId_; +} + +std::vector ContinuousTaskCallbackInfo::GetTypeIds() const +{ + return typeIds_; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/background_task_manager/src/continuous_task_change_callback.cpp b/services/common/background_task_manager/src/continuous_task_change_callback.cpp index e7c8efe3f33ec49eeffa64f382a56711cf3e755a..144463bacd9cbde2380812394f44170946d6e2e7 100644 --- a/services/common/background_task_manager/src/continuous_task_change_callback.cpp +++ b/services/common/background_task_manager/src/continuous_task_change_callback.cpp @@ -15,34 +15,29 @@ #include "continuous_task_change_callback.h" #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BackgroundTaskSubscriberStub" -}; -} BackgroundTaskSubscriberStub::BackgroundTaskSubscriberStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "BackgroundTaskSubscriberStub Instance create."); + LOGI(ATM_DOMAIN, ATM_TAG, "BackgroundTaskSubscriberStub Instance create."); } BackgroundTaskSubscriberStub::~BackgroundTaskSubscriberStub() { - ACCESSTOKEN_LOG_INFO(LABEL, "BackgroundTaskSubscriberStub Instance destroy."); + LOGI(ATM_DOMAIN, ATM_TAG, "BackgroundTaskSubscriberStub Instance destroy."); } int32_t BackgroundTaskSubscriberStub::OnRemoteRequest( uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { if (data.ReadInterfaceToken() != GetDescriptor()) { - ACCESSTOKEN_LOG_INFO(LABEL, "BackgroundTaskSubscriberStub: ReadInterfaceToken failed."); + LOGI(ATM_DOMAIN, ATM_TAG, "BackgroundTaskSubscriberStub: ReadInterfaceToken failed."); return ERROR_IPC_REQUEST_FAIL; } switch (static_cast(code)) { @@ -55,7 +50,7 @@ int32_t BackgroundTaskSubscriberStub::OnRemoteRequest( return NO_ERROR; } default: { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Default case code: %{public}d.", code); + LOGD(ATM_DOMAIN, ATM_TAG, "Default case code: %{public}d.", code); return IPCObjectStub::OnRemoteRequest(code, data, reply, option); } } @@ -67,7 +62,7 @@ void BackgroundTaskSubscriberStub::HandleOnContinuousTaskStart(MessageParcel &da std::shared_ptr continuousTaskCallbackInfo( data.ReadParcelable()); if (continuousTaskCallbackInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return; } OnContinuousTaskStart(continuousTaskCallbackInfo); @@ -78,7 +73,7 @@ void BackgroundTaskSubscriberStub::HandleOnContinuousTaskStop(MessageParcel &dat std::shared_ptr continuousTaskCallbackInfo( data.ReadParcelable()); if (continuousTaskCallbackInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "ReadParcelable failed."); return; } OnContinuousTaskStop(continuousTaskCallbackInfo); diff --git a/services/common/config_policy/src/config_policy_loader.cpp b/services/common/config_policy/src/config_policy_loader.cpp deleted file mode 100644 index 7b09a3a7ed21a7574559336f83d3cdd4e6dab857..0000000000000000000000000000000000000000 --- a/services/common/config_policy/src/config_policy_loader.cpp +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "config_policy_loader.h" - -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -#include "accesstoken_log.h" -#include "config_policy_utils.h" -#include "json_parser.h" -#endif - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "ConfigPolicLoader"}; -static const std::string ACCESSTOKEN_CONFIG_FILE = "/etc/access_token/accesstoken_config.json"; - -static const std::string PERMISSION_MANAGER_BUNDLE_NAME_KEY = "permission_manager_bundle_name"; -static const std::string GRANT_ABILITY_NAME_KEY = "grant_ability_name"; -static const std::string PERMISSION_STATE_SHEET_ABILITY_NAME_KEY = "permission_state_sheet_ability_name"; -static const std::string GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY = "global_switch_sheet_ability_name"; -static const std::string TEMP_PERM_CANCLE_TIME_KEY = "temp_perm_cencle_time"; - -static const std::string RECORD_SIZE_MAXIMUM_KEY = "permission_used_record_size_maximum"; -static const std::string RECORD_AGING_TIME_KEY = "permission_used_record_aging_time"; -static const std::string GLOBAL_DIALOG_BUNDLE_NAME_KEY = "global_dialog_bundle_name"; -static const std::string GLOBAL_DIALOG_ABILITY_NAME_KEY = "global_dialog_ability_name"; - -static const std::string SEND_REQUEST_REPEAT_TIMES_KEY = "send_request_repeat_times"; -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE -} - -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE -void ConfigPolicLoader::GetConfigFilePathList(std::vector& pathList) -{ - CfgDir *dirs = GetCfgDirList(); // malloc a CfgDir point, need to free later - if (dirs == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Can't get cfg file path."); - return; - } - - for (const auto& path : dirs->paths) { - if ((path == nullptr) || (!JsonParser::IsDirExsit(path))) { - continue; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Accesstoken cfg dir: %{public}s.", path); - pathList.emplace_back(path); - } - - FreeCfgDirList(dirs); // free -} - -void from_json(const nlohmann::json& j, AccessTokenServiceConfig& a) -{ - if (!JsonParser::GetStringFromJson(j, PERMISSION_MANAGER_BUNDLE_NAME_KEY, a.grantBundleName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GRANT_ABILITY_NAME_KEY, a.grantAbilityName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, PERMISSION_STATE_SHEET_ABILITY_NAME_KEY, a.permStateAbilityName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY, a.globalSwitchAbilityName)) { - return; - } - - if (!JsonParser::GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancleTime)) { - return; - } -} - -void from_json(const nlohmann::json& j, PrivacyServiceConfig& p) -{ - if (!JsonParser::GetIntFromJson(j, RECORD_SIZE_MAXIMUM_KEY, p.sizeMaxImum)) { - return; - } - - if (!JsonParser::GetIntFromJson(j, RECORD_AGING_TIME_KEY, p.agingTime)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_DIALOG_BUNDLE_NAME_KEY, p.globalDialogBundleName)) { - return; - } - - if (!JsonParser::GetStringFromJson(j, GLOBAL_DIALOG_ABILITY_NAME_KEY, p.globalDialogAbilityName)) { - return; - } -} - -void from_json(const nlohmann::json& j, TokenSyncServiceConfig& t) -{ - if (!JsonParser::GetIntFromJson(j, SEND_REQUEST_REPEAT_TIMES_KEY, t.sendRequestRepeatTimes)) { - return; - } -} - -bool ConfigPolicLoader::GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, - AccessTokenConfigValue& config) -{ - nlohmann::json jsonRes = nlohmann::json::parse(fileContent, nullptr, false); - if (jsonRes.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonRes is invalid."); - return false; - } - - if (type == ServiceType::ACCESSTOKEN_SERVICE) { - if ((jsonRes.find("accesstoken") != jsonRes.end()) && (jsonRes.at("accesstoken").is_object())) { - config.atConfig = jsonRes.at("accesstoken").get(); - return true; - } else { - return false; - } - } else if (type == ServiceType::PRIVACY_SERVICE) { - if ((jsonRes.find("privacy") != jsonRes.end()) && (jsonRes.at("privacy").is_object())) { - config.pConfig = jsonRes.at("privacy").get(); - return true; - } else { - return false; - } - } - - if ((jsonRes.find("tokensync") != jsonRes.end()) && (jsonRes.at("tokensync").is_object())) { - config.tsConfig = jsonRes.at("tokensync").get(); - return true; - } else { - return false; - } -} -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE - -bool ConfigPolicLoader::GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config) -{ - bool successFlag = false; -#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE - std::vector pathList; - GetConfigFilePathList(pathList); - - for (const auto& path : pathList) { - std::string filePath = path + ACCESSTOKEN_CONFIG_FILE; - std::string fileContent; - int32_t res = JsonParser::ReadCfgFile(filePath, fileContent); - if (res != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read Cfg file [%{public}s] failed, error(%{public}d).", - filePath.c_str(), res); - continue; - } - - if (GetConfigValueFromFile(type, fileContent, config)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Get valid config value!"); - successFlag = true; - break; // once get the config value, break the loop - } - } -#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE - return successFlag; -} - -extern "C" { -void* Create() -{ - return reinterpret_cast(new ConfigPolicLoader); -} - -void Destroy(void* loaderPtr) -{ - ConfigPolicyLoaderInterface* loader = reinterpret_cast(loaderPtr); - if (loader != nullptr) { - delete loader; - } -} -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/database/include/sqlite_helper.h b/services/common/database/include/sqlite_helper.h index 68d7020b480df0e15d07296badb86eb1ca3ee10f..cd9a187c6bc46e629deb9dac7feabfa1b6b02594 100644 --- a/services/common/database/include/sqlite_helper.h +++ b/services/common/database/include/sqlite_helper.h @@ -53,6 +53,7 @@ public: private: inline static const std::string PRAGMA_VERSION_COMMAND = "PRAGMA user_version"; + inline static const std::string PRAGMA_WAL_COMMAND = "PRAGMA journal_mode=WAL"; static const int32_t GENERAL_ERROR = -1; const std::string dbName_; @@ -60,6 +61,7 @@ private: int32_t currentVersion_; sqlite3* db_; + void SetWal() const; int32_t GetVersion() const; void SetVersion() const; }; diff --git a/services/common/database/src/memory_guard.cpp b/services/common/database/src/memory_guard.cpp index 98bcb4d9960e13f388df8b98c0279bb6d40b422c..13a018b5cd45f63148e53fa4ce8a7f738c2f1d08 100644 --- a/services/common/database/src/memory_guard.cpp +++ b/services/common/database/src/memory_guard.cpp @@ -14,26 +14,19 @@ */ #include "memory_guard.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "malloc.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -#ifdef CONFIG_USE_JEMALLOC_DFX_INTF -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "MemoryGuard" -}; -#endif -} MemoryGuard::MemoryGuard() { #ifdef CONFIG_USE_JEMALLOC_DFX_INTF int32_t ret1 = mallopt(M_SET_THREAD_CACHE, M_THREAD_CACHE_DISABLE); int32_t ret2 = mallopt(M_DELAYED_FREE, M_DELAYED_FREE_DISABLE); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Disable tcache and delay free, result[%{public}d, %{public}d]", ret1, ret2); + LOGD(ATM_DOMAIN, ATM_TAG, "Disable tcache and delay free, result[%{public}d, %{public}d]", ret1, ret2); #endif } @@ -41,7 +34,7 @@ MemoryGuard::~MemoryGuard() { #ifdef CONFIG_USE_JEMALLOC_DFX_INTF int32_t err = mallopt(M_FLUSH_THREAD_CACHE, 0); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Flush cache, result: %{public}d", err); + LOGD(ATM_DOMAIN, ATM_TAG, "Flush cache, result: %{public}d", err); #endif } } // namespace AccessToken diff --git a/services/common/database/src/sqlite_helper.cpp b/services/common/database/src/sqlite_helper.cpp index 443f4e57ba3b23a6ba72c2355c95346f89b71c93..27c7d15133b3881b81310a188766b79e61658a1b 100644 --- a/services/common/database/src/sqlite_helper.cpp +++ b/services/common/database/src/sqlite_helper.cpp @@ -15,16 +15,13 @@ #include "sqlite_helper.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "sqlite3ext.h" #include namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SqliteHelper"}; -} SqliteHelper::SqliteHelper(const std::string& dbName, const std::string& dbPath, int32_t version) : dbName_(dbName), dbPath_(dbPath), currentVersion_(version), db_(nullptr) @@ -36,13 +33,12 @@ SqliteHelper::~SqliteHelper() void SqliteHelper::Open() __attribute__((no_sanitize("cfi"))) { if (db_ != nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Db s already open"); + LOGW(ATM_DOMAIN, ATM_TAG, "Db s already open"); return; } if (dbName_.empty() || dbPath_.empty() || currentVersion_ < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Param invalid, dbName: %{public}s, " - "dbPath: %{public}s, currentVersion: %{public}d", - dbName_.c_str(), dbPath_.c_str(), currentVersion_); + LOGE(ATM_DOMAIN, ATM_TAG, "Param invalid, dbName: %{public}s, dbPath: %{public}s, currentVersion: %{public}d", + dbName_.c_str(), dbPath_.c_str(), currentVersion_); return; } // set soft heap limit as 10KB @@ -51,10 +47,12 @@ void SqliteHelper::Open() __attribute__((no_sanitize("cfi"))) std::string fileName = dbPath_ + dbName_; int32_t res = sqlite3_open(fileName.c_str(), &db_); if (res != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to open db: %{public}s", sqlite3_errmsg(db_)); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to open db: %{public}s", sqlite3_errmsg(db_)); return; } + SetWal(); + int32_t version = GetVersion(); if (version == currentVersion_) { return; @@ -75,12 +73,12 @@ void SqliteHelper::Open() __attribute__((no_sanitize("cfi"))) void SqliteHelper::Close() { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return; } int32_t ret = sqlite3_close(db_); if (ret != SQLITE_OK) { - ACCESSTOKEN_LOG_WARN(LABEL, "Sqlite3_close error, ret=%{public}d", ret); + LOGW(ATM_DOMAIN, ATM_TAG, "Sqlite3_close error, ret=%{public}d", ret); return; } db_ = nullptr; @@ -89,14 +87,14 @@ void SqliteHelper::Close() int32_t SqliteHelper::BeginTransaction() const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return GENERAL_ERROR; } char* errorMessage = nullptr; int32_t result = 0; int32_t ret = sqlite3_exec(db_, "BEGIN;", nullptr, nullptr, &errorMessage); if (ret != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, errorMsg: %{public}s", errorMessage); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed, errorMsg: %{public}s", errorMessage); result = GENERAL_ERROR; } sqlite3_free(errorMessage); @@ -106,14 +104,14 @@ int32_t SqliteHelper::BeginTransaction() const int32_t SqliteHelper::CommitTransaction() const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return GENERAL_ERROR; } char* errorMessage = nullptr; int32_t result = 0; int32_t ret = sqlite3_exec(db_, "COMMIT;", nullptr, nullptr, &errorMessage); if (ret != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, errorMsg: %{public}s", errorMessage); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed, errorMsg: %{public}s", errorMessage); result = GENERAL_ERROR; } sqlite3_free(errorMessage); @@ -124,14 +122,14 @@ int32_t SqliteHelper::CommitTransaction() const int32_t SqliteHelper::RollbackTransaction() const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return GENERAL_ERROR; } int32_t result = 0; char* errorMessage = nullptr; int32_t ret = sqlite3_exec(db_, "ROLLBACK;", nullptr, nullptr, &errorMessage); if (ret != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, errorMsg: %{public}s", errorMessage); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed, errorMsg: %{public}s", errorMessage); result = GENERAL_ERROR; } sqlite3_free(errorMessage); @@ -146,24 +144,38 @@ Statement SqliteHelper::Prepare(const std::string& sql) const int32_t SqliteHelper::ExecuteSql(const std::string& sql) const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return GENERAL_ERROR; } char* errorMessage = nullptr; int32_t result = 0; int32_t res = sqlite3_exec(db_, sql.c_str(), nullptr, nullptr, &errorMessage); if (res != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed, errorMsg: %{public}s", errorMessage); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed, errorMsg: %{public}s", errorMessage); result = GENERAL_ERROR; } sqlite3_free(errorMessage); return result; } +void SqliteHelper::SetWal() const +{ + if (db_ == nullptr) { + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); + return; + } + auto statement = Prepare(PRAGMA_WAL_COMMAND); + if (statement.Step() != Statement::State::DONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Set wal mode failed, errorMsg: %{public}s", SpitError().c_str()); + } else { + LOGI(ATM_DOMAIN, ATM_TAG, "Set wal mode success!"); + } +} + int32_t SqliteHelper::GetVersion() const __attribute__((no_sanitize("cfi"))) { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return GENERAL_ERROR; } auto statement = Prepare(PRAGMA_VERSION_COMMAND); @@ -171,14 +183,14 @@ int32_t SqliteHelper::GetVersion() const __attribute__((no_sanitize("cfi"))) while (statement.Step() == Statement::State::ROW) { version = statement.GetColumnInt(0); } - ACCESSTOKEN_LOG_INFO(LABEL, "Version: %{public}d", version); + LOGI(ATM_DOMAIN, ATM_TAG, "Version: %{public}d", version); return version; } void SqliteHelper::SetVersion() const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return; } auto statement = Prepare(PRAGMA_VERSION_COMMAND + " = " + std::to_string(currentVersion_)); @@ -188,7 +200,7 @@ void SqliteHelper::SetVersion() const std::string SqliteHelper::SpitError() const { if (db_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Do open data base first!"); + LOGW(ATM_DOMAIN, ATM_TAG, "Do open data base first!"); return ""; } return sqlite3_errmsg(db_); diff --git a/services/common/database/src/statement.cpp b/services/common/database/src/statement.cpp index 9a8123c5eec67dd543e8e89056e25b8ec411ee4a..3a6fec0aaaa6738025109b4fee9ec5900d7c4ed3 100644 --- a/services/common/database/src/statement.cpp +++ b/services/common/database/src/statement.cpp @@ -15,19 +15,16 @@ #include "statement.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "Statement"}; -} Statement::Statement(sqlite3* db, const std::string& sql) : db_(db), sql_(sql) { if (sqlite3_prepare_v2(db, sql.c_str(), sql.size(), &statement_, nullptr) != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot prepare, errorMsg: %{public}s", sqlite3_errmsg(db_)); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot prepare, errorMsg: %{public}s", sqlite3_errmsg(db_)); } } @@ -40,21 +37,21 @@ Statement::~Statement() void Statement::Bind(const int32_t index, const std::string& text) { if (sqlite3_bind_text(statement_, index, text.c_str(), text.size(), SQLITE_TRANSIENT) != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind string, errorMsg: %{public}s", sqlite3_errmsg(db_)); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot bind string, errorMsg: %{public}s", sqlite3_errmsg(db_)); } } void Statement::Bind(const int32_t index, int32_t value) { if (sqlite3_bind_int(statement_, index, value) != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind int32_t, errorMsg: %{public}s", sqlite3_errmsg(db_)); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot bind int32_t, errorMsg: %{public}s", sqlite3_errmsg(db_)); } } void Statement::Bind(const int32_t index, int64_t value) { if (sqlite3_bind_int64(statement_, index, value) != SQLITE_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot bind int64_t, errorMsg: %{public}s", sqlite3_errmsg(db_)); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot bind int64_t, errorMsg: %{public}s", sqlite3_errmsg(db_)); } } diff --git a/services/common/database/test/BUILD.gn b/services/common/database/test/BUILD.gn index 45e7614f89178e8d4b53058278f1174e92249d38..0984317f17cc1b4c71133f9030d6e9d196b501a1 100644 --- a/services/common/database/test/BUILD.gn +++ b/services/common/database/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -40,6 +40,8 @@ ohos_unittest("libdatabase_test") { sources = [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp", "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", @@ -60,7 +62,8 @@ ohos_unittest("libdatabase_test") { "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", - "ipc:ipc_core", + "ipc:ipc_single", + "relational_store:native_rdb", "sqlite:sqlite", ] } diff --git a/services/common/database/test/unittest/database_test.cpp b/services/common/database/test/unittest/database_test.cpp index 99c0bb0f3565699a31ff8c8151dbfae14f522011..99bd22516ba775a8a8818add18e54de9200cdfa5 100644 --- a/services/common/database/test/unittest/database_test.cpp +++ b/services/common/database/test/unittest/database_test.cpp @@ -16,14 +16,17 @@ #include #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token.h" #define private public #include "access_token_db.h" +#include "access_token_open_callback.h" #undef private +#include "access_token_error.h" #include "data_translator.h" #include "permission_def.h" #include "generic_values.h" +#include "token_field_const.h" #include "variant_value.h" using namespace testing::ext; @@ -32,10 +35,7 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DatabaseTest"}; static constexpr int32_t GET_INT64_TRUE_VALUE = -1; -static constexpr int32_t ROLLBACK_TRANSACTION_RESULT_ABNORMAL = -1; -static constexpr int32_t EXECUTESQL_RESULT_ABNORMAL = -1; static const int32_t DEFAULT_VALUE = -1; static const int32_t TEST_TOKEN_ID = 100; } // namespace @@ -92,82 +92,6 @@ HWTEST_F(DatabaseTest, PutVariant001, TestSize.Level1) genericValues.Remove("key"); } -/** - * @tc.name: RollbackTransaction001 - * @tc.desc: RollbackTransaction001 Abnormal branch res != SQLITE_OK - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, RollbackTransaction001, TestSize.Level1) -{ - AccessTokenDb::GetInstance().SetVersion(); - int32_t result = AccessTokenDb::GetInstance().RollbackTransaction(); - EXPECT_EQ(result, ROLLBACK_TRANSACTION_RESULT_ABNORMAL); -} - -/** - * @tc.name: RollbackTransaction002 - * @tc.desc: RollbackTransaction002 Abnormal branch db_ = nullptr - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, RollbackTransaction002, TestSize.Level1) -{ - AccessTokenDb::GetInstance().Close(); - EXPECT_EQ(AccessTokenDb::GetInstance().RollbackTransaction(), ROLLBACK_TRANSACTION_RESULT_ABNORMAL); -} - -/** - * @tc.name: ExecuteSql001 - * @tc.desc: ExecuteSql001 Abnormal branch res != SQLITE_OK - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, ExecuteSql001, TestSize.Level1) -{ - std::string testSql = "test"; - EXPECT_EQ(AccessTokenDb::GetInstance().ExecuteSql(testSql), EXECUTESQL_RESULT_ABNORMAL); -} - -/** - * @tc.name: ExecuteSql002 - * @tc.desc: ExecuteSql002 Abnormal branch db_ = nullptr - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, ExecuteSql002, TestSize.Level1) -{ - std::string testSql = "test"; - AccessTokenDb::GetInstance().Close(); - EXPECT_EQ(AccessTokenDb::GetInstance().ExecuteSql(testSql), EXECUTESQL_RESULT_ABNORMAL); -} - -/** - * @tc.name: SpitError001 - * @tc.desc: SpitError001 Abnormal branch db_ = nullptr - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, SpitError001, TestSize.Level1) -{ - AccessTokenDb::GetInstance().Close(); - std::string result = AccessTokenDb::GetInstance().SpitError().c_str(); - EXPECT_EQ(result.empty(), true); -} - -/** - * @tc.name: SpitError002 - * @tc.desc: SpitError002 use SpitError - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(DatabaseTest, SpitError002, TestSize.Level1) -{ - AccessTokenDb::GetInstance().Open(); - std::string result = AccessTokenDb::GetInstance().SpitError().c_str(); - EXPECT_EQ(result.length() > 0, true); -} - /** * @tc.name: VariantValue64001 * @tc.desc: VariantValue64001 use VariantValue @@ -212,69 +136,16 @@ HWTEST_F(DatabaseTest, VariantValue001, TestSize.Level1) static void RemoveTestTokenHapInfo() { - std::vector hapInfoResults; - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapInfoResults); - for (GenericValues hapInfoValue : hapInfoResults) { - AccessTokenID tokenId = (AccessTokenID)hapInfoValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); - if (tokenId == TEST_TOKEN_ID) { - ASSERT_EQ(AccessTokenDb::SUCCESS, - AccessTokenDb::GetInstance().Remove(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapInfoValue)); - break; - } - } -} - -/* - * @tc.name: SqliteStorageAddTest001 - * @tc.desc: Add function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageAddTest001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageAddTest001 begin"); - - RemoveTestTokenHapInfo(); - - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - genericValues.Put(TokenFiledConst::FIELD_USER_ID, 100); - genericValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, "test_bundle_name"); - genericValues.Put(TokenFiledConst::FIELD_API_VERSION, 9); - genericValues.Put(TokenFiledConst::FIELD_INST_INDEX, 0); - genericValues.Put(TokenFiledConst::FIELD_DLP_TYPE, 0); - genericValues.Put(TokenFiledConst::FIELD_APP_ID, "test_app_id"); - genericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, "test_device_id"); - genericValues.Put(TokenFiledConst::FIELD_APL, ATokenAplEnum::APL_NORMAL); - genericValues.Put(TokenFiledConst::FIELD_TOKEN_VERSION, 0); - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, 0); - genericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, "test_perm_dialog_cap_state"); - - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_HAP_INFO, values)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageAddTest001 end"); -} - -/* - * @tc.name: SqliteStorageAddTest002 - * @tc.desc: Add function test failed - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageAddTest002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageAddTest002 begin"); - - RemoveTestTokenHapInfo(); + GenericValues condition; + condition.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(TEST_TOKEN_ID)); + std::vector deleteDataTypes; + std::vector deleteValues; + deleteDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + deleteValues.emplace_back(condition); - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_HAP_INFO, values)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageAddTest002 end"); + std::vector addDataTypes; + std::vector> addValues; + AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); } /* @@ -285,7 +156,7 @@ HWTEST_F(DatabaseTest, SqliteStorageAddTest002, TestSize.Level1) */ HWTEST_F(DatabaseTest, SqliteStorageModifyTest001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageModifyTest001 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageModifyTest001 begin"); RemoveTestTokenHapInfo(); @@ -303,9 +174,17 @@ HWTEST_F(DatabaseTest, SqliteStorageModifyTest001, TestSize.Level1) genericValues.Put(TokenFiledConst::FIELD_TOKEN_ATTR, 0); genericValues.Put(TokenFiledConst::FIELD_FORBID_PERM_DIALOG, "test_perm_dialog_cap_state"); - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().Add(AccessTokenDb::ACCESSTOKEN_HAP_INFO, values)); + std::vector deleteDataTypes; + std::vector deleteValues; + + std::vector addDataTypes; + std::vector> addValues; + std::vector value; + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); + value.emplace_back(genericValues); + addValues.emplace_back(value); + EXPECT_EQ(0, + AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues)); GenericValues modifyValues; modifyValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, "test_bundle_name_modified"); @@ -314,12 +193,12 @@ HWTEST_F(DatabaseTest, SqliteStorageModifyTest001, TestSize.Level1) conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); conditions.Put(TokenFiledConst::FIELD_USER_ID, 100); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().Modify(AccessTokenDb::ACCESSTOKEN_HAP_INFO, - modifyValues, conditions)); + ASSERT_EQ(0, AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_HAP_INFO, modifyValues, conditions)); bool modifySuccess = false; + GenericValues conditionValue; std::vector hapInfoResults; - AccessTokenDb::GetInstance().Find(AccessTokenDb::ACCESSTOKEN_HAP_INFO, hapInfoResults); + AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapInfoResults); for (GenericValues hapInfoValue : hapInfoResults) { AccessTokenID tokenId = (AccessTokenID)hapInfoValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID); if (tokenId == TEST_TOKEN_ID) { @@ -329,205 +208,7 @@ HWTEST_F(DatabaseTest, SqliteStorageModifyTest001, TestSize.Level1) } } EXPECT_TRUE(modifySuccess); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageModifyTest001 end"); -} - -/* - * @tc.name: SqliteStorageRefreshAllTest001 - * @tc.desc: RefreshAll function test failed - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageRefreshAllTest001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageRefreshAllTest001 begin"); - - RemoveTestTokenHapInfo(); - - GenericValues genericValues; - genericValues.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - - std::vector values; - values.emplace_back(genericValues); - EXPECT_EQ(AccessTokenDb::FAILURE, - AccessTokenDb::GetInstance().RefreshAll(AccessTokenDb::ACCESSTOKEN_HAP_INFO, values)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageRefreshAllTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreateInsertPrepareSqlCmd001 - * @tc.desc: CreateInsertPrepareSqlCmd function test type not found - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateInsertPrepareSqlCmd001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateInsertPrepareSqlCmdTest001 begin"); - AccessTokenDb::DataType type = static_cast(100); - ASSERT_EQ("", AccessTokenDb::GetInstance().CreateInsertPrepareSqlCmd(type)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateInsertPrepareSqlCmdTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreateDeletePrepareSqlCmd001 - * @tc.desc: CreateDeletePrepareSqlCmd function test type not found - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateDeletePrepareSqlCmd001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateDeletePrepareSqlCmdTest001 begin"); - AccessTokenDb::DataType type = static_cast(100); - ASSERT_EQ("", AccessTokenDb::GetInstance().CreateDeletePrepareSqlCmd(type)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateDeletePrepareSqlCmdTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreateUpdatePrepareSqlCmd001 - * @tc.desc: CreateUpdatePrepareSqlCmd function test type not found - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateUpdatePrepareSqlCmd001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateUpdatePrepareSqlCmdTest001 begin"); - - AccessTokenDb::DataType type = static_cast(100); - - GenericValues conditions; - conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, TEST_TOKEN_ID); - conditions.Put(TokenFiledConst::FIELD_USER_ID, 100); - - GenericValues modifyValues; - modifyValues.Put(TokenFiledConst::FIELD_BUNDLE_NAME, "test_bundle_name_modified"); - - std::vector modifyColumns = modifyValues.GetAllKeys(); - std::vector conditionColumns = conditions.GetAllKeys(); - - ASSERT_EQ("", AccessTokenDb::GetInstance().CreateUpdatePrepareSqlCmd(type, modifyColumns, conditionColumns)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateUpdatePrepareSqlCmdTest001 end"); -} - -/** - * @tc.name: SqliteStorageCreateUpdatePrepareSqlCmd002 - * @tc.desc: AccessTokenDb::CreateUpdatePrepareSqlCmd function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateUpdatePrepareSqlCmd002, TestSize.Level1) -{ - AccessTokenDb::DataType type = AccessTokenDb::DataType::ACCESSTOKEN_HAP_INFO; - std::vector modifyColumns; - std::vector conditionColumns; - - // modifyColumns is empty - ASSERT_EQ("", AccessTokenDb::GetInstance().CreateUpdatePrepareSqlCmd(type, modifyColumns, conditionColumns)); - - type = AccessTokenDb::DataType::ACCESSTOKEN_HAP_INFO; - modifyColumns.emplace_back(TokenFiledConst::FIELD_TOKEN_ID); - modifyColumns.emplace_back(TokenFiledConst::FIELD_USER_ID); - // modifyColumns is not empty + modifyColumns.size > 1 + conditionColumns is empty - ASSERT_NE("", AccessTokenDb::GetInstance().CreateUpdatePrepareSqlCmd(type, modifyColumns, conditionColumns)); -} - -/* - * @tc.name: SqliteStorageCreateSelectPrepareSqlCmd001 - * @tc.desc: CreateSelectPrepareSqlCmd function test type not found - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateSelectPrepareSqlCmd001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateSelectPrepareSqlCmdTest001 begin"); - AccessTokenDb::DataType type = static_cast(100); - ASSERT_EQ("", AccessTokenDb::GetInstance().CreateSelectPrepareSqlCmd(type)); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateSelectPrepareSqlCmdTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreateHapTokenInfoTable001 - * @tc.desc: CreateHapTokenInfoTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateHapTokenInfoTable001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateHapTokenInfoTableTest001 begin"); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().CreateHapTokenInfoTable()); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateHapTokenInfoTableTest001 end"); -} - -/** - * @tc.name: SqliteStorageCreateHapTokenInfoTable002 - * @tc.desc: AccessTokenDb::CreateHapTokenInfoTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateHapTokenInfoTable002, TestSize.Level1) -{ - std::map dataTypeToSqlTable; - dataTypeToSqlTable = AccessTokenDb::GetInstance().dataTypeToSqlTable_; // backup - AccessTokenDb::GetInstance().dataTypeToSqlTable_.clear(); - - ASSERT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().CreateHapTokenInfoTable()); - ASSERT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().CreateNativeTokenInfoTable()); - ASSERT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().CreatePermissionDefinitionTable()); - ASSERT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().CreatePermissionStateTable()); - ASSERT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().CreatePermissionRequestToggleStatusTable()); - - AccessTokenDb::GetInstance().dataTypeToSqlTable_ = dataTypeToSqlTable; // recovery -} - -/* - * @tc.name: SqliteStorageCreateNativeTokenInfoTable001 - * @tc.desc: CreateNativeTokenInfoTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreateNativeTokenInfoTable001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateNativeTokenInfoTableTest001 begin"); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().CreateNativeTokenInfoTable()); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreateNativeTokenInfoTableTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreatePermissionDefinitionTable001 - * @tc.desc: CreatePermissionDefinitionTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreatePermissionDefinitionTable001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionDefinitionTableTest001 begin"); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().CreatePermissionDefinitionTable()); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionDefinitionTableTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreatePermissionStateTable001 - * @tc.desc: CreatePermissionStateTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreatePermissionStateTable001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionStateTableTest001 begin"); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().CreatePermissionStateTable()); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionStateTableTest001 end"); -} - -/* - * @tc.name: SqliteStorageCreatePermissionRequestToggleStatusTable001 - * @tc.desc: CreatePermissionRequestToggleStatusTable function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, SqliteStorageCreatePermissionRequestToggleStatusTable001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionRequestToggleStatusTableTest001 begin"); - ASSERT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().CreatePermissionRequestToggleStatusTable()); - ACCESSTOKEN_LOG_INFO(LABEL, "SqliteStorageCreatePermissionRequestToggleStatusTableTest001 end"); + LOGI(ATM_DOMAIN, ATM_TAG, "SqliteStorageModifyTest001 end"); } /* @@ -538,7 +219,7 @@ HWTEST_F(DatabaseTest, SqliteStorageCreatePermissionRequestToggleStatusTable001, */ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionDef001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionDefTest001 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionDefTest001 begin"); RemoveTestTokenHapInfo(); @@ -548,110 +229,41 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionDef001, TestSize.L PermissionDef outPermissionDef; ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionDef(genericValues, outPermissionDef)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionDefTest001 end"); -} - -/* - * @tc.name: DataTranslatorTranslationIntoGenericValues001 - * @tc.desc: DataTranslatorTranslationIntoGenericValues function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoGenericValues001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues001 begin"); - PermissionStateFull grantPermissionReq = { - .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", - .isGeneral = true, - .resDeviceID = {"device1"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} - }; - int grantIndex = 1; - GenericValues genericValues; - ASSERT_NE(RET_SUCCESS, - DataTranslator::TranslationIntoGenericValues(grantPermissionReq, grantIndex, genericValues)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues001 end"); -} - -/* - * @tc.name: DataTranslatorTranslationIntoGenericValues002 - * @tc.desc: DataTranslatorTranslationIntoGenericValues function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoGenericValues002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues002 begin"); - PermissionStateFull grantPermissionReq = { - .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", - .isGeneral = true, - .resDeviceID = {"device1", "device2"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} - }; - int grantIndex = 1; - GenericValues genericValues; - ASSERT_NE(RET_SUCCESS, - DataTranslator::TranslationIntoGenericValues(grantPermissionReq, grantIndex, genericValues)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues002 end"); -} - -/* - * @tc.name: DataTranslatorTranslationIntoGenericValues003 - * @tc.desc: DataTranslatorTranslationIntoGenericValues function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoGenericValues003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues003 begin"); - PermissionStateFull grantPermissionReq = { - .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", - .isGeneral = true, - .resDeviceID = {"device1", "device2"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED} - }; - int grantIndex = 1; - GenericValues genericValues; - ASSERT_NE(RET_SUCCESS, - DataTranslator::TranslationIntoGenericValues(grantPermissionReq, grantIndex, genericValues)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoGenericValues003 end"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionDefTest001 end"); } /* - * @tc.name: DataTranslatorTranslationIntoPermissionStateFull001 - * @tc.desc: TranslationIntoPermissionStateFull function test + * @tc.name: DataTranslatorTranslationIntoPermissionStatus001 + * @tc.desc: TranslationIntoPermissionStatus function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull001, TestSize.Level1) +HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus001, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest001 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus001 begin"); - PermissionStateFull outPermissionState; + PermissionStatus outPermissionState; GenericValues inGenericValues; inGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); inGenericValues.Put(TokenFiledConst::FIELD_PERMISSION_NAME, ""); PermissionDef outPermissionDef; - ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest001 end"); + ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus001 end"); } /* - * @tc.name: DataTranslatorTranslationIntoPermissionStateFull002 - * @tc.desc: TranslationIntoPermissionStateFull function test + * @tc.name: DataTranslatorTranslationIntoPermissionStatus002 + * @tc.desc: TranslationIntoPermissionStatus function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull002, TestSize.Level1) +HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest002 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus002 begin"); - PermissionStateFull outPermissionState; + PermissionStatus outPermissionState; GenericValues inGenericValues; inGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); @@ -659,21 +271,21 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull002, Test inGenericValues.Put(TokenFiledConst::FIELD_DEVICE_ID, ""); PermissionDef outPermissionDef; - ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest002 end"); + ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus002 end"); } /* - * @tc.name: DataTranslatorTranslationIntoPermissionStateFull003 - * @tc.desc: TranslationIntoPermissionStateFull function test + * @tc.name: DataTranslatorTranslationIntoPermissionStatus003 + * @tc.desc: TranslationIntoPermissionStatus function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull003, TestSize.Level1) +HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus003, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest003 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus003 begin"); - PermissionStateFull outPermissionState; + PermissionStatus outPermissionState; GenericValues inGenericValues; inGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); @@ -682,21 +294,21 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull003, Test inGenericValues.Put(TokenFiledConst::FIELD_GRANT_STATE, 100); PermissionDef outPermissionDef; - ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest003 end"); + ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus003 end"); } /* - * @tc.name: DataTranslatorTranslationIntoPermissionStateFull004 - * @tc.desc: TranslationIntoPermissionStateFull function test + * @tc.name: DataTranslatorTranslationIntoPermissionStatus004 + * @tc.desc: TranslationIntoPermissionStatus function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull004, TestSize.Level1) +HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStatus004, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest004 begin"); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus004 begin"); - PermissionStateFull outPermissionState; + PermissionStatus outPermissionState; GenericValues inGenericValues; inGenericValues.Put(TokenFiledConst::FIELD_GRANT_IS_GENERAL, 1); @@ -706,46 +318,9 @@ HWTEST_F(DatabaseTest, DataTranslatorTranslationIntoPermissionStateFull004, Test inGenericValues.Put(TokenFiledConst::FIELD_GRANT_FLAG, 100); PermissionDef outPermissionDef; - ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStateFull(inGenericValues, outPermissionState)); - ACCESSTOKEN_LOG_INFO(LABEL, "DataTranslatorTranslationIntoPermissionStateFullTest004 end"); -} - -/** - * @tc.name: AddAvailableTypeColumn001 - * @tc.desc: test AddAvailableTypeColumn - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, AddAvailableTypeColumn001, TestSize.Level1) -{ - std::map dataTypeToSqlTable; - dataTypeToSqlTable = AccessTokenDb::GetInstance().dataTypeToSqlTable_; - EXPECT_TRUE(dataTypeToSqlTable.size() > 0); - EXPECT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().AddAvailableTypeColumn()); - AccessTokenDb::GetInstance().dataTypeToSqlTable_.clear(); - EXPECT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().AddAvailableTypeColumn()); - AccessTokenDb::GetInstance().dataTypeToSqlTable_ = dataTypeToSqlTable; - EXPECT_EQ(dataTypeToSqlTable.size(), AccessTokenDb::GetInstance().dataTypeToSqlTable_.size()); -} - -/** - * @tc.name: AddPermDialogCapColumn001 - * @tc.desc: test AddPermDialogCapColumn - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(DatabaseTest, AddPermDialogCapColumn001, TestSize.Level1) -{ - std::map dataTypeToSqlTable; - dataTypeToSqlTable = AccessTokenDb::GetInstance().dataTypeToSqlTable_; - EXPECT_TRUE(dataTypeToSqlTable.size() > 0); - EXPECT_EQ(AccessTokenDb::SUCCESS, AccessTokenDb::GetInstance().AddPermDialogCapColumn()); - AccessTokenDb::GetInstance().dataTypeToSqlTable_.clear(); - EXPECT_EQ(AccessTokenDb::FAILURE, AccessTokenDb::GetInstance().AddPermDialogCapColumn()); - AccessTokenDb::GetInstance().dataTypeToSqlTable_ = dataTypeToSqlTable; - EXPECT_EQ(dataTypeToSqlTable.size(), AccessTokenDb::GetInstance().dataTypeToSqlTable_.size()); + ASSERT_NE(RET_SUCCESS, DataTranslator::TranslationIntoPermissionStatus(inGenericValues, outPermissionState)); + LOGI(ATM_DOMAIN, ATM_TAG, "DataTranslatorTranslationIntoPermissionStatus004 end"); } - } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/common/handler/src/access_event_handler.cpp b/services/common/handler/src/access_event_handler.cpp index 389cfc5342a0e7e63e02f0b1f674b4df6bf612f4..82f9f598a1fc0cb54722277b4fd5f879de3fecd0 100644 --- a/services/common/handler/src/access_event_handler.cpp +++ b/services/common/handler/src/access_event_handler.cpp @@ -15,33 +15,30 @@ #include "access_event_handler.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessEventHandler"}; -} + AccessEventHandler::AccessEventHandler( const std::shared_ptr& runner) : AppExecFwk::EventHandler(runner) { - ACCESSTOKEN_LOG_INFO(LABEL, "Enter"); + LOGI(ATM_DOMAIN, ATM_TAG, "Enter"); } AccessEventHandler::~AccessEventHandler() = default; bool AccessEventHandler::ProxyPostTask(const Callback &callback, int64_t delayTime) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PostTask without name"); + LOGD(ATM_DOMAIN, ATM_TAG, "PostTask without name"); return AppExecFwk::EventHandler::PostTask(callback, delayTime); } bool AccessEventHandler::ProxyPostTask( const Callback &callback, const std::string &name, int64_t delayTime) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "PostTask with name"); + LOGD(ATM_DOMAIN, ATM_TAG, "PostTask with name"); return AppExecFwk::EventHandler::PostTask(callback, name, delayTime); } diff --git a/services/common/config_policy/BUILD.gn b/services/common/json_parse/BUILD.gn similarity index 49% rename from services/common/config_policy/BUILD.gn rename to services/common/json_parse/BUILD.gn index 9fe17fe27d6d57ad2a918b3e8e07c718214a80c1..6b340009fac7c2125272bcdfe6f45adb6c420501 100644 --- a/services/common/config_policy/BUILD.gn +++ b/services/common/json_parse/BUILD.gn @@ -14,12 +14,12 @@ import("//build/ohos.gni") import("../../../access_token.gni") -config("accesstoken_config_policy_config") { +config("accesstoken_json_parse_config") { visibility = [ ":*" ] include_dirs = [ "include" ] } -ohos_shared_library("accesstoken_config_policy") { +ohos_shared_library("accesstoken_json_parse") { if (is_standard_system) { subsystem_name = "security" part_name = "access_token" @@ -33,24 +33,70 @@ ohos_shared_library("accesstoken_config_policy") { include_dirs = [ "include", "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] - sources = [ "src/config_policy_loader.cpp" ] + sources = [ + "src/cjson_utils.cpp", + "src/json_parse_loader.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + public_configs = [ ":accesstoken_json_parse_config" ] + + deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] + + external_deps = [ + "cJSON:cjson", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + ] + if (customization_config_policy_enable) { + cflags_cc += [ "-DCUSTOMIZATION_CONFIG_POLICY_ENABLE" ] + external_deps += [ "config_policy:configpolicy_util" ] + } + } +} + +ohos_shared_library("accesstoken_cjson_utils") { + if (is_standard_system) { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ + "include", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + ] + + sources = [ "src/cjson_utils.cpp" ] cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", ] - public_configs = [ ":accesstoken_config_policy_config" ] + public_configs = [ ":accesstoken_json_parse_config" ] deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "hilog:libhilog", - "ipc:ipc_core", - "json:nlohmann_json_static", ] if (customization_config_policy_enable) { cflags_cc += [ "-DCUSTOMIZATION_CONFIG_POLICY_ENABLE" ] diff --git a/services/common/json_parse/include/cjson_utils.h b/services/common/json_parse/include/cjson_utils.h new file mode 100644 index 0000000000000000000000000000000000000000..9c0f10119f41e03d0ca78db57b203e6c25641552 --- /dev/null +++ b/services/common/json_parse/include/cjson_utils.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef JSON_UTILS_H +#define JSON_UTILS_H + +#include +#include +#include +#include +#include +#include "cJSON.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +typedef cJSON CJson; +typedef std::unique_ptr> CJsonUnique; + +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJsonFromString(const std::string& jsonStr); +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJson(void); +/* NO Need to call FreeJson to free the returned pointer when it's no longer in use. */ +CJsonUnique CreateJsonArray(void); +void FreeJson(CJson* jsonObj); + +/* NO Need to call FreeJsonString to free the returned pointer when it's no longer in use. */ +std::string PackJsonToString(const CJson* jsonObj); +std::string PackJsonToString(const CJsonUnique& jsonObj); +void FreeJsonString(char* jsonStr); + +/* + * Can't release the returned pointer, otherwise, an exception may occur. + * It refers to the parent object(param--jsonObj)'s memory. + * It will be recycled along with jsonObj when jsonObj is released. + */ +CJson* GetObjFromJson(const CJson* jsonObj, const std::string& key); +CJson* GetObjFromJson(CJsonUnique& jsonObj, const std::string& key); +CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key); +CJson* GetArrayFromJson(CJsonUnique& jsonObj, const std::string& key); + +/* +* Return a copy of string in jsonObj in std::string +*/ +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out); + +bool GetIntFromJson(const CJson* jsonObj, const std::string& key, int32_t& value); +bool GetIntFromJson(const CJsonUnique& jsonObj, const std::string& key, int32_t& value); +bool GetUnsignedIntFromJson(const CJson* jsonObj, const std::string& key, uint32_t& value); +bool GetUnsignedIntFromJson(const CJsonUnique& jsonObj, const std::string& key, uint32_t& value); +bool GetBoolFromJson(const CJson* jsonObj, const std::string& key, bool& value); +bool GetBoolFromJson(const CJsonUnique& jsonObj, const std::string& key, bool& value); + +bool AddObjToJson(CJson* jsonObj, const std::string& key, const CJson* childObj); +bool AddObjToJson(CJsonUnique& jsonObj, const std::string& key, CJsonUnique& childObj); +bool AddObjToArray(CJson* jsonArr, CJson* item); +bool AddObjToArray(CJsonUnique& jsonArr, CJsonUnique& item); +bool AddStringToJson(CJson* jsonObj, const std::string& key, const std::string& value); +bool AddStringToJson(CJsonUnique& jsonObj, const std::string& key, const std::string& value); +bool AddBoolToJson(CJson* jsonObj, const std::string& key, const bool value); +bool AddBoolToJson(CJsonUnique& jsonObj, const std::string& key, const bool value); +bool AddIntToJson(CJson* jsonObj, const std::string& key, const int value); +bool AddIntToJson(CJsonUnique& jsonObj, const std::string& key, const int value); +bool AddUnsignedIntToJson(CJson* jsonObj, const std::string& key, const uint32_t value); +bool AddUnsignedIntToJson(CJsonUnique& jsonObj, const std::string& key, const uint32_t value); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif + \ No newline at end of file diff --git a/services/common/config_policy/include/config_policy_loader.h b/services/common/json_parse/include/json_parse_loader.h similarity index 63% rename from services/common/config_policy/include/config_policy_loader.h rename to services/common/json_parse/include/json_parse_loader.h index 0c13f0742a43244bbfeb58ebc7647eb012a6f8c0..9ea7ad619e404f094b23b4cfafbc65a7ce9066a1 100644 --- a/services/common/config_policy/include/config_policy_loader.h +++ b/services/common/json_parse/include/json_parse_loader.h @@ -18,17 +18,22 @@ #include #include +#include "permission_def.h" +#include "native_token_info_base.h" +#include "permission_dlp_mode.h" namespace OHOS { namespace Security { namespace AccessToken { -const static std::string CONFIG_POLICY_LIBPATH = "libaccesstoken_config_policy.z.so"; +const static std::string CONFIG_PARSE_LIBPATH = "libaccesstoken_json_parse.z.so"; struct AccessTokenServiceConfig final { std::string grantBundleName; std::string grantAbilityName; + std::string grantServiceAbilityName; std::string permStateAbilityName; std::string globalSwitchAbilityName; - int32_t cancleTime; + int32_t cancleTime = 0; + std::string applicationSettingAbilityName; }; struct PrivacyServiceConfig final { @@ -54,21 +59,37 @@ enum ServiceType { TOKENSYNC_SERVICE, }; +struct PermissionDefParseRet { + PermissionDef permDef; + bool isSuccessful = false; +}; + class ConfigPolicyLoaderInterface { public: ConfigPolicyLoaderInterface() {} virtual ~ConfigPolicyLoaderInterface() {} virtual bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); + virtual int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); + virtual int32_t GetDlpPermissions(std::vector& dlpPerms); + virtual int32_t GetAllPermissionDef(std::vector& permDefList); }; class ConfigPolicLoader final: public ConfigPolicyLoaderInterface { bool GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config); + int32_t GetAllNativeTokenInfo(std::vector& tokenInfos); + int32_t GetDlpPermissions(std::vector& dlpPerms); + int32_t GetAllPermissionDef(std::vector& permDefList); private: #ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE void GetConfigFilePathList(std::vector& pathList); bool GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, AccessTokenConfigValue& config); #endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + bool ParserNativeRawData(const std::string& nativeRawData, std::vector& tokenInfos); + bool ParserPermDefRawData(const std::string& permsRawData, std::vector& permDefList); + bool ParserDlpPermsRawData(const std::string& dlpPermsRawData, std::vector& dlpPerms); + int32_t ReadCfgFile(const std::string& file, std::string& rawData); + bool IsDirExsit(const std::string& file); }; #ifdef __cplusplus @@ -82,4 +103,4 @@ extern "C" { } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ACCESSTOKEN_CONFIG_POLICY_LOADER_H \ No newline at end of file +#endif // ACCESSTOKEN_CONFIG_POLICY_LOADER_H diff --git a/services/common/json_parse/src/cjson_utils.cpp b/services/common/json_parse/src/cjson_utils.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d76f8ee8ad80032367178477431835c772669214 --- /dev/null +++ b/services/common/json_parse/src/cjson_utils.cpp @@ -0,0 +1,375 @@ +/* + * Copyright (C) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cjson_utils.h" +#include +#include +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +#define RECURSE_FLAG_TRUE 1 +} + +CJson *GetItemFromArray(const CJson* jsonArr, int32_t index) +{ + if (jsonArr == nullptr) { + return nullptr; + } + return cJSON_GetArrayItem(jsonArr, index); +} + +CJsonUnique CreateJsonFromString(const std::string& jsonStr) +{ + if (jsonStr.empty()) { + return nullptr; + } + CJsonUnique aPtr(cJSON_Parse(jsonStr.c_str()), FreeJson); + return aPtr; +} + +CJsonUnique CreateJson(void) +{ + CJsonUnique aPtr(cJSON_CreateObject(), FreeJson); + return aPtr; +} + +CJsonUnique CreateJsonArray(void) +{ + CJsonUnique aPtr(cJSON_CreateArray(), FreeJson); + return aPtr; +} + +void FreeJson(CJson* jsonObj) +{ + cJSON_Delete(jsonObj); + jsonObj = nullptr; +} + +std::string PackJsonToString(const CJson* jsonObj) +{ + char* ptr = cJSON_PrintUnformatted(jsonObj); + if (ptr == nullptr) { + return std::string(); + } + std::string ret = std::string(ptr); + FreeJsonString(ptr); + return ret; +} + +std::string PackJsonToString(const CJsonUnique& jsonObj) +{ + return PackJsonToString(jsonObj.get()); +} + +void FreeJsonString(char* jsonStr) +{ + if (jsonStr != nullptr) { + cJSON_free(jsonStr); + } +} + +CJson* GetObjFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsObject(objValue)) { + return objValue; + } + return nullptr; +} + +CJson* GetObjFromJson(CJsonUnique& jsonObj, const std::string& key) +{ + return GetObjFromJson(jsonObj.get(), key); +} + +CJson* GetArrayFromJson(const CJson* jsonObj, const std::string& key) +{ + if (key.empty()) { + return nullptr; + } + + CJson* objValue = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objValue != nullptr && cJSON_IsArray(objValue)) { + return objValue; + } + return nullptr; +} + +CJson* GetArrayFromJson(CJsonUnique& jsonObj, const std::string& key) +{ + return GetArrayFromJson(jsonObj.get(), key); +} + +bool GetStringFromJson(const CJson *jsonObj, const std::string& key, std::string& out) +{ + if (jsonObj == nullptr || key.empty()) { + return false; + } + + cJSON *jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsString(jsonObjTmp)) { + out = cJSON_GetStringValue(jsonObjTmp); + return true; + } + return false; +} + +bool GetIntFromJson(const CJson* jsonObj, const std::string& key, int32_t& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsNumber(jsonObjTmp)) { + value = (int)cJSON_GetNumberValue(jsonObjTmp); + return true; + } + return false; +} + +bool GetIntFromJson(const CJsonUnique& jsonObj, const std::string& key, int32_t& value) +{ + return GetIntFromJson(jsonObj.get(), key, value); +} + +bool GetUnsignedIntFromJson(const CJson* jsonObj, const std::string& key, uint32_t& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsNumber(jsonObjTmp)) { + double realValue = cJSON_GetNumberValue(jsonObjTmp); + if (realValue < 0) { + int32_t tmpValue = static_cast(realValue); + value = static_cast(tmpValue); + } else { + value = static_cast(realValue); + } + return true; + } + return false; +} + +bool GetUnsignedIntFromJson(const CJsonUnique& jsonObj, const std::string& key, uint32_t& value) +{ + return GetUnsignedIntFromJson(jsonObj.get(), key, value); +} + +bool GetBoolFromJson(const CJson* jsonObj, const std::string& key, bool& value) +{ + if (key.empty()) { + return false; + } + + CJson* jsonObjTmp = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (jsonObjTmp != nullptr && cJSON_IsBool(jsonObjTmp)) { + value = cJSON_IsTrue(jsonObjTmp) ? true : false; + return true; + } + return false; +} + +bool GetBoolFromJson(const CJsonUnique& jsonObj, const std::string& key, bool& value) +{ + return GetBoolFromJson(jsonObj.get(), key, value); +} + +bool AddObjToJson(CJson* jsonObj, const std::string& key, const CJson* childObj) +{ + if (key.empty() || childObj == nullptr) { + return false; + } + + CJson* tmpObj = cJSON_Duplicate(childObj, RECURSE_FLAG_TRUE); + if (tmpObj == nullptr) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (!cJSON_AddItemToObject(jsonObj, key.c_str(), tmpObj)) { + cJSON_Delete(tmpObj); + return false; + } + } else { + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmpObj)) { + cJSON_Delete(tmpObj); + return false; + } + } + return true; +} + +bool AddObjToJson(CJsonUnique& jsonObj, const std::string& key, CJsonUnique& childObj) +{ + return AddObjToJson(jsonObj.get(), key, childObj.get()); +} + +bool AddObjToArray(CJson* jsonArr, CJson* item) +{ + if (item == nullptr) { + return false; + } + + if (!cJSON_IsArray(jsonArr)) { + return false; + } + + CJson* tmpObj = cJSON_Duplicate(item, RECURSE_FLAG_TRUE); + if (tmpObj == nullptr) { + return false; + } + + bool ret = cJSON_AddItemToArray(jsonArr, tmpObj); + return ret; +} + +bool AddObjToArray(CJsonUnique& jsonArr, CJsonUnique& item) +{ + return AddObjToArray(jsonArr.get(), item.get()); +} + +bool AddStringToJson(CJson* jsonObj, const std::string& key, const std::string& value) +{ + if (key.empty() || value.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddStringToObject(jsonObj, key.c_str(), value.c_str()) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateString(value.c_str()); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddStringToJson(CJsonUnique& jsonObj, const std::string& key, const std::string& value) +{ + return AddStringToJson(jsonObj.get(), key, value); +} + +bool AddBoolToJson(CJson* jsonObj, const std::string& key, const bool value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddBoolToObject(jsonObj, key.c_str(), value) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateBool(value); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddBoolToJson(CJsonUnique& jsonObj, const std::string& key, const bool value) +{ + return AddBoolToJson(jsonObj.get(), key, value); +} + +bool AddIntToJson(CJson* jsonObj, const std::string& key, const int value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + if (objInJson == nullptr) { + if (cJSON_AddNumberToObject(jsonObj, key.c_str(), value) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateNumber(value); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + + return true; +} + +bool AddIntToJson(CJsonUnique& jsonObj, const std::string& key, const int value) +{ + return AddIntToJson(jsonObj.get(), key, value); +} + +bool AddUnsignedIntToJson(CJson* jsonObj, const std::string& key, const uint32_t value) +{ + if (key.empty()) { + return false; + } + + CJson* objInJson = cJSON_GetObjectItemCaseSensitive(jsonObj, key.c_str()); + double tmpValue = static_cast(value); + if (objInJson == nullptr) { + if (cJSON_AddNumberToObject(jsonObj, key.c_str(), tmpValue) == nullptr) { + return false; + } + } else { + CJson* tmp = cJSON_CreateNumber(tmpValue); + if (tmp == nullptr) { + return false; + } + if (!cJSON_ReplaceItemInObjectCaseSensitive(jsonObj, key.c_str(), tmp)) { + cJSON_Delete(tmp); + return false; + } + } + return true; +} + +bool AddUnsignedIntToJson(CJsonUnique& jsonObj, const std::string& key, const uint32_t value) +{ + return AddUnsignedIntToJson(jsonObj.get(), key, value); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp new file mode 100644 index 0000000000000000000000000000000000000000..494e77fbdccaec63bcba28926b9a1358abce5516 --- /dev/null +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -0,0 +1,676 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "json_parse_loader.h" + +#include +#include +#include +#include +#include +#include + +#include "access_token_error.h" +#include "accesstoken_common_log.h" +#include "cjson_utils.h" +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +#include "config_policy_utils.h" +#endif +#include "data_validator.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +constexpr int32_t MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M +constexpr size_t BUFFER_SIZE = 1024; + +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +static constexpr const char* ACCESSTOKEN_CONFIG_FILE = "/etc/access_token/accesstoken_config.json"; +static constexpr const char* PERMISSION_MANAGER_BUNDLE_NAME_KEY = "permission_manager_bundle_name"; +static constexpr const char* GRANT_ABILITY_NAME_KEY = "grant_ability_name"; +static constexpr const char* GRANT_SERVICE_ABILITY_NAME_KEY = "grant_service_ability_name"; +static constexpr const char* PERMISSION_STATE_SHEET_ABILITY_NAME_KEY = "permission_state_sheet_ability_name"; +static constexpr const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY = "global_switch_sheet_ability_name"; +static constexpr const char* TEMP_PERM_CANCLE_TIME_KEY = "temp_perm_cencle_time"; +static constexpr const char* APPLICATION_SETTING_ABILITY_NAME_KEY = "application_setting_ability_name"; + +static constexpr const char* RECORD_SIZE_MAXIMUM_KEY = "permission_used_record_size_maximum"; +static constexpr const char* RECORD_AGING_TIME_KEY = "permission_used_record_aging_time"; +static constexpr const char* GLOBAL_DIALOG_BUNDLE_NAME_KEY = "global_dialog_bundle_name"; +static constexpr const char* GLOBAL_DIALOG_ABILITY_NAME_KEY = "global_dialog_ability_name"; + +static constexpr const char* SEND_REQUEST_REPEAT_TIMES_KEY = "send_request_repeat_times"; +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + +// native_token.json +static const char* NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; +static const char* JSON_PROCESS_NAME = "processName"; +static const char* JSON_APL = "APL"; +static const char* JSON_VERSION = "version"; +static const char* JSON_TOKEN_ID = "tokenId"; +static const char* JSON_TOKEN_ATTR = "tokenAttr"; +static const char* JSON_DCAPS = "dcaps"; +static const char* JSON_PERMS = "permissions"; +static const char* JSON_ACLS = "nativeAcls"; +static const int32_t MAX_DCAPS_NUM = 10 * 1024; +static const int32_t MAX_REQ_PERM_NUM = 10 * 1024; + +// dlp json +static const char* CLONE_PERMISSION_CONFIG_FILE = "/system/etc/dlp_permission/clone_app_permission.json"; + +// permission_define json +static const char* DEFINE_PERMISSION_FILE = "/system/etc/access_token/permission_definitions.json"; +static const char* PERMISSION_NAME = "name"; +static const char* PERMISSION_GRANT_MODE = "grantMode"; +static const char* PERMISSION_AVAILABLE_LEVEL = "availableLevel"; +static const char* PERMISSION_AVAILABLE_TYPE = "availableType"; +static const char* PERMISSION_PROVISION_ENABLE = "provisionEnable"; +static const char* PERMISSION_DISTRIBUTED_SCENE_ENABLE = "distributedSceneEnable"; +static const char* PERMISSION_LABEL = "label"; +static const char* PERMISSION_DESCRIPTION = "description"; +static const char* AVAILABLE_TYPE_NORMAL_HAP = "NORMAL"; +static const char* AVAILABLE_TYPE_SYSTEM_HAP = "SYSTEM"; +static const char* AVAILABLE_TYPE_MDM = "MDM"; +static const char* AVAILABLE_TYPE_SYSTEM_AND_MDM = "SYSTEM_AND_MDM"; +static const char* AVAILABLE_TYPE_SERVICE = "SERVICE"; +static const char* AVAILABLE_TYPE_ENTERPRISE_NORMAL = "ENTERPRISE_NORMAL"; +static const char* AVAILABLE_LEVEL_NORMAL = "normal"; +static const char* AVAILABLE_LEVEL_SYSTEM_BASIC = "system_basic"; +static const char* AVAILABLE_LEVEL_SYSTEM_CORE = "system_core"; +static const char* PERMISSION_GRANT_MODE_SYSTEM_GRANT = "system_grant"; +static const char* SYSTEM_GRANT_DEFINE_PERMISSION = "systemGrantPermissions"; +static const char* USER_GRANT_DEFINE_PERMISSION = "userGrantPermissions"; +} + +int32_t ConfigPolicLoader::ReadCfgFile(const std::string& file, std::string& rawData) +{ + char filePath[PATH_MAX] = {0}; + if (realpath(file.c_str(), filePath) == nullptr) { + return ERR_FILE_OPERATE_FAILED; + } + int32_t fd = open(filePath, O_RDONLY); + if (fd < 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Open failed errno %{public}d.", errno); + return ERR_FILE_OPERATE_FAILED; + } + struct stat statBuffer; + + if (fstat(fd, &statBuffer) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fstat failed."); + close(fd); + return ERR_FILE_OPERATE_FAILED; + } + + if (statBuffer.st_size == 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is invalid."); + close(fd); + return ERR_PARAM_INVALID; + } + if (statBuffer.st_size > MAX_NATIVE_CONFIG_FILE_SIZE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Config file size is too large."); + close(fd); + return ERR_OVERSIZE; + } + rawData.reserve(statBuffer.st_size); + + char buff[BUFFER_SIZE] = { 0 }; + ssize_t readLen = 0; + while ((readLen = read(fd, buff, BUFFER_SIZE)) > 0) { + rawData.append(buff, readLen); + } + close(fd); + if (readLen == 0) { + return RET_SUCCESS; + } + return ERR_FILE_OPERATE_FAILED; +} + +bool ConfigPolicLoader::IsDirExsit(const std::string& file) +{ + if (file.empty()) { + LOGE(ATM_DOMAIN, ATM_TAG, "File path is empty"); + return false; + } + + struct stat buf; + if (stat(file.c_str(), &buf) != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get file attributes failed, errno %{public}d.", errno); + return false; + } + + if (!S_ISDIR(buf.st_mode)) { + LOGE(ATM_DOMAIN, ATM_TAG, "File mode is not directory."); + return false; + } + + return true; +} + +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE +void ConfigPolicLoader::GetConfigFilePathList(std::vector& pathList) +{ + CfgDir *dirs = GetCfgDirList(); // malloc a CfgDir point, need to free later + if (dirs == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Can't get cfg file path."); + return; + } + + for (const auto& path : dirs->paths) { + if ((path == nullptr) || (!IsDirExsit(path))) { + continue; + } + + LOGI(ATM_DOMAIN, ATM_TAG, "Accesstoken cfg dir: %{public}s.", path); + pathList.emplace_back(path); + } + + FreeCfgDirList(dirs); // free +} + +bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a) +{ + if (!GetStringFromJson(j, PERMISSION_MANAGER_BUNDLE_NAME_KEY, a.grantBundleName)) { + return false; + } + + if (!GetStringFromJson(j, GRANT_ABILITY_NAME_KEY, a.grantAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, GRANT_SERVICE_ABILITY_NAME_KEY, a.grantAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, PERMISSION_STATE_SHEET_ABILITY_NAME_KEY, a.permStateAbilityName)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_SWITCH_SHEET_ABILITY_NAME_KEY, a.globalSwitchAbilityName)) { + return false; + } + + if (!GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancleTime)) { + return false; + } + + if (!GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName)) { + return false; + } + return true; +} + +bool GetPrivacyCfgFromJson(const CJson* j, PrivacyServiceConfig& p) +{ + if (!GetIntFromJson(j, RECORD_SIZE_MAXIMUM_KEY, p.sizeMaxImum)) { + return false; + } + + if (!GetIntFromJson(j, RECORD_AGING_TIME_KEY, p.agingTime)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_DIALOG_BUNDLE_NAME_KEY, p.globalDialogBundleName)) { + return false; + } + + if (!GetStringFromJson(j, GLOBAL_DIALOG_ABILITY_NAME_KEY, p.globalDialogAbilityName)) { + return false; + } + return true; +} + +bool GetTokenSyncCfgFromJson(const CJson* j, TokenSyncServiceConfig& t) +{ + if (!GetIntFromJson(j, SEND_REQUEST_REPEAT_TIMES_KEY, t.sendRequestRepeatTimes)) { + return false; + } + return true; +} + +bool ConfigPolicLoader::GetConfigValueFromFile(const ServiceType& type, const std::string& fileContent, + AccessTokenConfigValue& config) +{ + CJsonUnique jsonRes = CreateJsonFromString(fileContent); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + if (type == ServiceType::ACCESSTOKEN_SERVICE) { + CJson *atJson = GetObjFromJson(jsonRes, "accesstoken"); + return GetAtCfgFromJson(atJson, config.atConfig); + } else if (type == ServiceType::PRIVACY_SERVICE) { + CJson *prJson = GetObjFromJson(jsonRes, "privacy"); + return GetPrivacyCfgFromJson(prJson, config.pConfig); + } + CJson *toSyncJson = GetObjFromJson(jsonRes, "tokensync"); + return GetTokenSyncCfgFromJson(toSyncJson, config.tsConfig); +} +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + +bool ConfigPolicLoader::GetConfigValue(const ServiceType& type, AccessTokenConfigValue& config) +{ + bool successFlag = false; +#ifdef CUSTOMIZATION_CONFIG_POLICY_ENABLE + std::vector pathList; + GetConfigFilePathList(pathList); + + for (const auto& path : pathList) { + std::string filePath = path + ACCESSTOKEN_CONFIG_FILE; + std::string fileContent; + int32_t res = ReadCfgFile(filePath, fileContent); + if (res != 0) { + continue; + } + + if (GetConfigValueFromFile(type, fileContent, config)) { + LOGI(ATM_DOMAIN, ATM_TAG, "Get valid config value from file [%{public}s]!", filePath.c_str()); + successFlag = true; + break; // once get the config value, break the loop + } + } +#endif // CUSTOMIZATION_CONFIG_POLICY_ENABLE + return successFlag; +} + +static int32_t NativeReqPermsGet(const CJson* j, std::vector& permStateList) +{ + CJson *permJson = GetArrayFromJson(j, JSON_PERMS); + if (permJson == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JSON_PERMS is invalid."); + return ERR_PARAM_INVALID; + } + int32_t len = cJSON_GetArraySize(permJson); + if (len > MAX_REQ_PERM_NUM) { + LOGE(ATM_DOMAIN, ATM_TAG, "Permission num oversize."); + return ERR_OVERSIZE; + } + std::set permRes; + for (int32_t i = 0; i < len; i++) { + std::string permReq = cJSON_GetStringValue(cJSON_GetArrayItem(permJson, i)); + PermissionStatus permState; + if (permRes.count(permReq) != 0) { + continue; + } + permState.permissionName = permReq; + permState.grantStatus = PERMISSION_GRANTED; + permState.grantFlag = PERMISSION_SYSTEM_FIXED; + permStateList.push_back(permState); + permRes.insert(permReq); + } + return RET_SUCCESS; +} + +static ATokenTypeEnum GetTokenIdTypeEnum(AccessTokenID id) +{ + AccessTokenIDInner *idInner = reinterpret_cast(&id); + return static_cast(idInner->type); +} + +static void GetSingleNativeTokenFromJson(const CJson* j, NativeTokenInfoBase& native) +{ + NativeTokenInfoBase info; + int32_t aplNum = 0; + if (!GetIntFromJson(j, JSON_APL, aplNum) || !DataValidator::IsAplNumValid(aplNum)) { + return; + } + info.apl = static_cast(aplNum); + int32_t ver; + GetIntFromJson(j, JSON_VERSION, ver); + info.ver = (uint8_t)ver; + GetUnsignedIntFromJson(j, JSON_TOKEN_ID, info.tokenID); + if ((info.ver != DEFAULT_TOKEN_VERSION) || (info.tokenID == 0)) { + return; + } + ATokenTypeEnum type = GetTokenIdTypeEnum(info.tokenID); + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { + return; + } + if (!GetUnsignedIntFromJson(j, JSON_TOKEN_ATTR, info.tokenAttr)) { + return; + } + CJson *dcapsJson = GetArrayFromJson(j, JSON_DCAPS); + CJson *aclsJson = GetArrayFromJson(j, JSON_ACLS); + if ((dcapsJson == nullptr) || (aclsJson == nullptr)) { + return; + } + int32_t dcapLen = cJSON_GetArraySize(dcapsJson); + int32_t aclLen = cJSON_GetArraySize(aclsJson); + if ((dcapLen > MAX_DCAPS_NUM) || (aclLen > MAX_REQ_PERM_NUM)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Native dcap oversize."); + return; + } + for (int32_t i = 0; i < dcapLen; i++) { + std::string item = cJSON_GetStringValue(cJSON_GetArrayItem(dcapsJson, i)); + info.dcap.push_back(item); + } + for (int i = 0; i < aclLen; i++) { + std::string item = cJSON_GetStringValue(cJSON_GetArrayItem(aclsJson, i)); + info.nativeAcls.push_back(item); + } + + if (NativeReqPermsGet(j, info.permStateList) != RET_SUCCESS) { + return; + } + + if (!GetStringFromJson(j, JSON_PROCESS_NAME, info.processName) || + !DataValidator::IsProcessNameValid(info.processName)) { + return; + } + native = info; +} + +bool ConfigPolicLoader::ParserNativeRawData( + const std::string& nativeRawData, std::vector& tokenInfos) +{ + CJsonUnique jsonRes = CreateJsonFromString(nativeRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + int32_t len = cJSON_GetArraySize(jsonRes.get()); + for (int32_t i = 0; i < len; i++) { + cJSON *item = cJSON_GetArrayItem(jsonRes.get(), i); + NativeTokenInfoBase token; + GetSingleNativeTokenFromJson(item, token); + if (!token.processName.empty()) { + tokenInfos.emplace_back(token); + } + } + return true; +} + +int32_t ConfigPolicLoader::GetAllNativeTokenInfo(std::vector& tokenInfos) +{ + std::string nativeRawData; + int32_t ret = ReadCfgFile(NATIVE_TOKEN_CONFIG_FILE, nativeRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", NATIVE_TOKEN_CONFIG_FILE, ret); + return ret; + } + if (!ParserNativeRawData(nativeRawData, tokenInfos)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserNativeRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + return RET_SUCCESS; +} + +static void JsonFromPermissionDlpMode(const CJson *j, PermissionDlpMode& p) +{ + if (!GetStringFromJson(j, "name", p.permissionName)) { + return; + } + if (!DataValidator::IsProcessNameValid(p.permissionName)) { + return; + } + + std::string dlpModeStr; + if (!GetStringFromJson(j, "dlpGrantRange", dlpModeStr)) { + return; + } + if (dlpModeStr == "all") { + p.dlpMode = DLP_PERM_ALL; + return; + } + if (dlpModeStr == "full_control") { + p.dlpMode = DLP_PERM_FULL_CONTROL; + return; + } + p.dlpMode = DLP_PERM_NONE; + return; +} + +bool ConfigPolicLoader::ParserDlpPermsRawData( + const std::string& dlpPermsRawData, std::vector& dlpPerms) +{ + CJsonUnique jsonRes = CreateJsonFromString(dlpPermsRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + cJSON *dlpPermTokenJson = GetArrayFromJson(jsonRes.get(), "dlpPermissions"); + if ((dlpPermTokenJson != nullptr)) { + CJson *j = nullptr; + std::vector dlpPermissions; + cJSON_ArrayForEach(j, dlpPermTokenJson) { + PermissionDlpMode p; + JsonFromPermissionDlpMode(j, p); + dlpPerms.emplace_back(p); + } + } + return true; +} + +int32_t ConfigPolicLoader::GetDlpPermissions(std::vector& dlpPerms) +{ + std::string dlpPermsRawData; + int32_t ret = ReadCfgFile(CLONE_PERMISSION_CONFIG_FILE, dlpPermsRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", CLONE_PERMISSION_CONFIG_FILE, ret); + return ret; + } + if (!ParserDlpPermsRawData(dlpPermsRawData, dlpPerms)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserDlpPermsRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + return RET_SUCCESS; +} + +static bool GetPermissionApl(const std::string &apl, AccessToken::ATokenAplEnum& aplNum) +{ + if (apl == AVAILABLE_LEVEL_SYSTEM_CORE) { + aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_CORE; + return true; + } + if (apl == AVAILABLE_LEVEL_SYSTEM_BASIC) { + aplNum = AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC; + return true; + } + if (apl == AVAILABLE_LEVEL_NORMAL) { + aplNum = AccessToken::ATokenAplEnum::APL_NORMAL; + return true; + } + LOGE(ATM_DOMAIN, ATM_TAG, "Apl: %{public}s is invalid.", apl.c_str()); + return false; +} + +static bool GetPermissionAvailableType( + const std::string &availableType, AccessToken::ATokenAvailableTypeEnum& typeNum) +{ + if (availableType == AVAILABLE_TYPE_NORMAL_HAP) { + typeNum = AccessToken::ATokenAvailableTypeEnum::NORMAL; + return true; + } + if (availableType == AVAILABLE_TYPE_SYSTEM_HAP) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM; + return true; + } + if (availableType == AVAILABLE_TYPE_MDM) { + typeNum = AccessToken::ATokenAvailableTypeEnum::MDM; + return true; + } + if (availableType == AVAILABLE_TYPE_SYSTEM_AND_MDM) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SYSTEM_AND_MDM; + return true; + } + if (availableType == AVAILABLE_TYPE_SERVICE) { + typeNum = AccessToken::ATokenAvailableTypeEnum::SERVICE; + return true; + } + if (availableType == AVAILABLE_TYPE_ENTERPRISE_NORMAL) { + typeNum = AccessToken::ATokenAvailableTypeEnum::ENTERPRISE_NORMAL; + return true; + } + typeNum = AccessToken::ATokenAvailableTypeEnum::INVALID; + LOGE(ATM_DOMAIN, ATM_TAG, "AvailableType: %{public}s is invalid.", availableType.c_str()); + return false; +} + +static int32_t GetPermissionGrantMode(const std::string &mode) +{ + if (mode == PERMISSION_GRANT_MODE_SYSTEM_GRANT) { + return AccessToken::GrantMode::SYSTEM_GRANT; + } + return AccessToken::GrantMode::USER_GRANT; +} + +static void FromJsonPermissionDefParseRet(const CJson *j, PermissionDefParseRet& result) +{ + result.isSuccessful = false; + PermissionDef permDef; + if (!GetStringFromJson(j, PERMISSION_NAME, permDef.permissionName) || + !DataValidator::IsProcessNameValid(permDef.permissionName)) { + return; + } + std::string grantModeStr; + if (!GetStringFromJson(j, PERMISSION_GRANT_MODE, grantModeStr)) { + return; + } + permDef.grantMode = GetPermissionGrantMode(grantModeStr); + + std::string availableLevelStr; + if (!GetStringFromJson(j, PERMISSION_AVAILABLE_LEVEL, availableLevelStr)) { + return; + } + if (!GetPermissionApl(availableLevelStr, permDef.availableLevel)) { + return; + } + + std::string availableTypeStr; + if (!GetStringFromJson(j, PERMISSION_AVAILABLE_TYPE, availableTypeStr)) { + return; + } + if (!GetPermissionAvailableType(availableTypeStr, permDef.availableType)) { + return; + } + + if (!GetBoolFromJson(j, PERMISSION_PROVISION_ENABLE, permDef.provisionEnable)) { + return; + } + if (!GetBoolFromJson(j, PERMISSION_DISTRIBUTED_SCENE_ENABLE, permDef.distributedSceneEnable)) { + return; + } + permDef.bundleName = "system_ability"; + if (permDef.grantMode == AccessToken::GrantMode::SYSTEM_GRANT) { + result.permDef = permDef; + result.isSuccessful = true; + return; + } + if (!GetStringFromJson(j, PERMISSION_LABEL, permDef.label)) { + return; + } + if (!GetStringFromJson(j, PERMISSION_DESCRIPTION, permDef.description)) { + return; + } + result.permDef = permDef; + result.isSuccessful = true; + return; +} + +static bool CheckPermissionDefRules(const PermissionDef& permDef) +{ + // Extension permission support permission for service only. + if (permDef.availableType != AccessToken::ATokenAvailableTypeEnum::SERVICE) { + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s is for hap.", permDef.permissionName.c_str()); + return false; + } + return true; +} + +static int32_t GetPermissionDefList(const CJsonUnique &json, const std::string& permsRawData, + const std::string& type, std::vector& permDefList) +{ + cJSON *JsonData = GetArrayFromJson(json.get(), type); + if (JsonData == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Json is null."); + return ERR_PARAM_INVALID; + } + CJson *j = nullptr; + cJSON_ArrayForEach(j, JsonData) { + PermissionDefParseRet result; + FromJsonPermissionDefParseRet(j, result); + if (!result.isSuccessful) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get permission def failed."); + return ERR_PERM_REQUEST_CFG_FAILED; + } + if (!CheckPermissionDefRules(result.permDef)) { + continue; + } + LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s insert.", result.permDef.permissionName.c_str()); + permDefList.emplace_back(result.permDef); + } + return RET_SUCCESS; +} + +bool ConfigPolicLoader::ParserPermDefRawData( + const std::string& permsRawData, std::vector& permDefList) +{ + CJsonUnique jsonRes = CreateJsonFromString(permsRawData); + if (jsonRes == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonRes is invalid."); + return false; + } + + int32_t ret = GetPermissionDefList(jsonRes, permsRawData, SYSTEM_GRANT_DEFINE_PERMISSION, permDefList); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get system_grant permission def list failed, err = %{public}d.", ret); + return false; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Get system_grant permission size=%{public}zu.", permDefList.size()); + ret = GetPermissionDefList(jsonRes, permsRawData, USER_GRANT_DEFINE_PERMISSION, permDefList); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Get user_grant permission def list failed, err = %{public}d.", ret); + return false; + } + return true; +} + +int32_t ConfigPolicLoader::GetAllPermissionDef(std::vector& permDefList) +{ + std::string permsRawData; + int32_t ret = ReadCfgFile(DEFINE_PERMISSION_FILE, permsRawData); + if (ret != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Read(%{public}s) failed, err = %{public}d.", DEFINE_PERMISSION_FILE, ret); + return ret; + } + if (!ParserPermDefRawData(permsRawData, permDefList)) { + LOGE(ATM_DOMAIN, ATM_TAG, "ParserPermDefRawData failed."); + return ERR_PRASE_RAW_DATA_FAILED; + } + LOGI(ATM_DOMAIN, ATM_TAG, "Get permission size=%{public}zu.", permDefList.size()); + return RET_SUCCESS; +} + +extern "C" { +void* Create() +{ + return reinterpret_cast(new ConfigPolicLoader); +} + +void Destroy(void* loaderPtr) +{ + ConfigPolicyLoaderInterface* loader = reinterpret_cast(loaderPtr); + if (loader != nullptr) { + delete loader; + } +} +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/json_parse/unittest/json_parse_test.cpp b/services/common/json_parse/unittest/json_parse_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..005172b82d479fc3f0b931afa57f123e17b3845f --- /dev/null +++ b/services/common/json_parse/unittest/json_parse_test.cpp @@ -0,0 +1,925 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include "accesstoken_info_manager.h" +#define private public +#include "accesstoken_manager_service.h" +#undef private + +#define private public +#include "json_parse_loader.h" +#undef private + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +class PrivacyParcelTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + + void SetUp(); + void TearDown(); + +public: + std::shared_ptr atManagerService_; +}; + +void PrivacyParcelTest::SetUpTestCase() +{ + // delete all test 0x28100000 - 0x28100007 + for (unsigned int i = 0x28100000; i <= 0x28100007; i++) { + AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(i); + } +} +void PrivacyParcelTest::TearDownTestCase() {} +void PrivacyParcelTest::SetUp() +{ + atManagerService_ = DelayedSingleton::GetInstance(); + EXPECT_NE(nullptr, atManagerService_); +} +void PrivacyParcelTest::TearDown() {} + +/* + * @tc.name: IsDirExsit001 + * @tc.desc: IsDirExsit input param error + * @tc.type: FUNC + * @tc.require: issueI6024A + */ +HWTEST_F(JsonParseTest, IsDirExsit001, TestSize.Level1) +{ + ConfigPolicLoader loader; + EXPECT_FALSE(loader.IsDirExsit("")); + int32_t fd = open(TEST_JSON_PATH.c_str(), O_RDWR | O_CREAT); + EXPECT_NE(-1, fd); + + EXPECT_FALSE(loader.IIsDirExsit(TEST_JSON_PATH.c_str())); +} + +/** + * @tc.name: ParserNativeRawData001 + * @tc.desc: Verify processing right native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData001!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]},)"\ + R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[], "nativeAcls":[]}])"; + + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(2), tokenInfos.size()); + + ASSERT_EQ("process6", tokenInfos[0].processName); + ASSERT_EQ(static_cast(685266937), tokenInfos[0].tokenID); + + ASSERT_EQ("process5", tokenInfos[1].processName); + ASSERT_EQ(static_cast(678065606), tokenInfos[1].tokenID); +} + +/** + * @tc.name: ParserNativeRawData002 + * @tc.desc: Verify processing wrong native token json. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData002, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData002!"); + std::string testStr = R"([{"processName":""}])"; + std::vector tokenInfos; + + ConfigPolicLoader loader; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr1 = R"([{"processName":"", }])"; + loader.ParserNativeRawData(testStr1, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr2 = R"([{"processName":"process6"}, {}])"; + loader.ParserNativeRawData(testStr2, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr3 = R"([{"processName":""}, {"":"", ""}])"; + loader.ParserNativeRawData(testStr3, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr4 = R"([{"processName":"process6", "tokenId":685266937, "APL":3, "version":new}])"; + loader.ParserNativeRawData(testStr4, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr5 = R"([{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])"; + loader.ParserNativeRawData(testStr5, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr6 = + R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}]})"; + loader.ParserNativeRawData(testStr6, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr7 = R"({"NativeToken":[{"processName":"process6", "tokenId":685266937, "APL":7, "version":1}])"; + loader.ParserNativeRawData(testStr7, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr8 = R"(["NativeToken":])"; + loader.ParserNativeRawData(testStr8, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + std::string testStr9 = R"([)"; + loader.ParserNativeRawData(testStr9, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); +} + +/** + * @tc.name: ParserNativeRawData003 + * @tc.desc: Verify from json right case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData003, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData003!"); + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"],)"\ + R"("permissions":["ohos.permission.PLACE_CALL"],)"\ + R"("nativeAcls":["ohos.permission.PLACE_CALL"]})"\ + R"(])"; + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(1), tokenInfos.size()); + ASSERT_EQ(native.tokenID, 685266937); +} + +/** + * @tc.name: ParserNativeRawData004 + * @tc.desc: Verify from json wrong case. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserNativeRawData004, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test ParserNativeRawData004!"); + // version wrong + std::string testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_CORE,"version":2,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + ConfigPolicLoader loader; + std::vector tokenInfos; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // APL wrong + testStr = R"([)"\ + R"({"processName":"process6","APL":-1,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // tokenId wrong + testStr = R"([)"\ + R"({"processName":"process6","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":0,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // process name empty + testStr = R"([)"\ + R"({"processName":"","APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // process name too long + std::string name(512, 'c'); + testStr = R"([)"\ + R"({"processName":name,"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); + + // lose process name + testStr = R"([)"\ + R"({"APL":APL_SYSTEM_BASIC,"version":1,"tokenId":685266937,"tokenAttr":0,)"\ + R"("dcaps":["AT_CAP","ST_CAP"]})"\ + R"(])"; + loader.ParserNativeRawData(testStr, tokenInfos); + ASSERT_EQ(static_cast(0), tokenInfos.size()); +} + +/** + * @tc.name: init001 + * @tc.desc: test get native cfg + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, init001, TestSize.Level1) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "test init001!"); + + const char *dcaps[1]; + dcaps[0] = "AT_CAP_01"; + int dcapNum = 1; + const char *perms[2]; + perms[0] = "ohos.permission.test1"; + perms[1] = "ohos.permission.test2"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = dcapNum, + .permsNum = 2, + .aclsNum = 0, + .dcaps = dcaps, + .perms = perms, + .acls = nullptr, + .processName = "native_token_test7", + .aplStr = "system_core", + }; + uint64_t tokenId = ::GetAccessTokenId(&infoInstance); + ASSERT_NE(tokenId, INVALID_TOKENID); + + atManagerService_->ReloadNativeTokenInfo(); + + NativeTokenInfoBase findInfo; + int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(findInfo.processName, infoInstance.processName); + + ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: ParserPermsRawDataTest001 + * @tc.desc: Parse permission definition information. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest001, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(testStr, tokenInfos)); + EXPECT_EQ(2, permDefList.size()); + + for (const auto& perm : permDefList) { + GTEST_LOG_(INFO) << perm.permissionName.c_str(); + PermissionDefinitionCache::GetInstance().Insert(perm, EXTENSION_PERMISSION_ID); + } + + EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); + EXPECT_TRUE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); + PermissionDef permissionDefResult; + PermissionManager::GetInstance().GetDefPermission(SYSTEM_PERMISSION_A, permissionDefResult); + EXPECT_EQ(SYSTEM_GRANT, permissionDefResult.grantMode); + EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); + EXPECT_EQ(SERVICE, permissionDefResult.availableType); + EXPECT_EQ(true, permissionDefResult.provisionEnable); + EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); + EXPECT_EQ("", permissionDefResult.label); + EXPECT_EQ("", permissionDefResult.description); + + PermissionManager::GetInstance().GetDefPermission(USER_PERMISSION_B, permissionDefResult); + EXPECT_EQ(USER_GRANT, permissionDefResult.grantMode); + EXPECT_EQ(APL_SYSTEM_BASIC, permissionDefResult.availableLevel); + EXPECT_EQ(SERVICE, permissionDefResult.availableType); + EXPECT_EQ(true, permissionDefResult.provisionEnable); + EXPECT_EQ(false, permissionDefResult.distributedSceneEnable); + EXPECT_EQ("$string:test_label_B", permissionDefResult.label); + EXPECT_EQ("$string:test_description_B", permissionDefResult.description); +} + +/** + * @tc.name: ParserPermsRawDataTest002 + * @tc.desc: Invalid file. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest002, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.xxxxxxxxxxxxxxxxxxxxxxxxxx",)"\ + R"("xxxxxxxxxxxxxxxxxxxxxxxxxx":"$string:test_description_B"}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_FALSE(loader.ParserPermsRawData(testStr, tokenInfos)); +} + +/** + * @tc.name: ParserPermsRawDataTest003 + * @tc.desc: Permission definition file missing. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest003, TestSize.Level1) +{ + EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(SYSTEM_PERMISSION_A)); + EXPECT_FALSE(PermissionDefinitionCache::GetInstance().HasDefinition(USER_PERMISSION_B)); + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); + + permsRawData = R"({"userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":"$string:test_description_B"}]})"; + ret = parser.ParserPermsRawData(permsRawData, permDefList); + ASSERT_FALSE(loader.ParserPermsRawData(permsRawData, permDefList)); +} + +/** + * @tc.name: ParserPermsRawDataTest004 + * @tc.desc: Test property value is missing + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest004, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest005 + * @tc.desc: Test property value is missing + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest005, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("description":"$string:test_description_B"}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,})"\ + R"("label":"$string:test_label_B"]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest006 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest006, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":123,"grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":123,"availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":123,)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":SERVICE,"provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest007 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest007, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":"true","distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":"false"}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,"label":123,)"\ + R"("description":"$string:test_description_B"}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[],)"\ + R"("userGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestB","grantMode":"user_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false,)"\ + R"("label":"$string:test_label_B","description":123}]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +/** + * @tc.name: ParserPermsRawDataTest008 + * @tc.desc: Invalid param + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(JsonParseTest, ParserPermsRawDataTest008, TestSize.Level1) +{ + std::string permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"","grantMode":"system_grant","availableLevel":"system_basic",)"\ + R"("availableType":"SERVICE","provisionEnable":true,"distributedSceneEnable":false}],)"\ + R"("userGrantPermissions":[]})"; + ConfigPolicLoader loader; + std::vector permDefList; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); + + permsRawData = R"({"systemGrantPermissions":[)"\ + R"({"name":"ohos.permission.PermDefParserTestA","grantMode":"system_grant","availableLevel":"test",)"\ + R"("availableType":TEST,"provisionEnable":true,"distributedSceneEnable":"false"}],)"\ + R"("userGrantPermissions":[]})"; + ASSERT_TRUE(loader.ParserPermsRawData(permsRawData, permDefList)); + EXPECT_EQ(0, permDefList.size()); +} + +#ifdef SUPPORT_SANDBOX_APP +static void PrepareJsonData1() +{ + std::string testStr = R"({"dlpPermissions":[)"\ + R"({"name":"ohos.permission.CAPTURE_SCREEN","dlpGrantRange":"none"},)"\ + R"({"name":"ohos.permission.CHANGE_ABILITY_ENABLED_STATE","dlpGrantRange":"all"},)"\ + R"({"name":"ohos.permission.CLEAN_APPLICATION_DATA","dlpGrantRange":"full_control"}]})"; + + ConfigPolicLoader loader; + std::vector dlpPerms; + loader.ParserDlpPermsRawData(testStr, permDefList); + for (auto iter = dlpPerms.begin(); iter != dlpPerms.end(); iter++) { + GTEST_LOG_(INFO) << "iter:" << iter->permissionName.c_str(); + } + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms); +} + +/** + * @tc.name: DlpPermissionConfig001 + * @tc.desc: test DLP_COMMON app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig001, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain1", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig001", + .instIndex = 0, + .dlpType = DLP_COMMON, + .appIDDesc = "DlpPermissionConfig001" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig002 + * @tc.desc: test DLP_READ app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig002, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain2", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig002", + .instIndex = 0, + .dlpType = DLP_READ, + .appIDDesc = "DlpPermissionConfig002" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_DENIED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig003 + * @tc.desc: test DLP_FULL_CONTROL app with system_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig003, TestSize.Level1) +{ + PrepareJsonData1(); + + g_infoManagerTestStateA.permissionName = "ohos.permission.CAPTURE_SCREEN"; + g_infoManagerTestStateB.permissionName = "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"; + g_infoManagerTestStateC.permissionName = "ohos.permission.CLEAN_APPLICATION_DATA"; + g_infoManagerTestStateD.permissionName = "ohos.permission.COMMONEVENT_STICKY"; + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain3", + .permList = {}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig003", + .instIndex = 0, + .dlpType = DLP_FULL_CONTROL, + .appIDDesc = "DlpPermissionConfig003" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CLEAN_APPLICATION_DATA"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.COMMONEVENT_STICKY"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CAPTURE_SCREEN"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken( + tokenID, "ohos.permission.CHANGE_ABILITY_ENABLED_STATE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +static void PrepareUserPermState() +{ + g_infoManagerTestStateA.permissionName = "ohos.permission.MEDIA_LOCATION"; + g_infoManagerTestStateA.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateB.permissionName = "ohos.permission.MICROPHONE"; + g_infoManagerTestStateB.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateC.permissionName = "ohos.permission.READ_CALENDAR"; + g_infoManagerTestStateC.grantStatus = PERMISSION_DENIED; + g_infoManagerTestStateD.permissionName = "ohos.permission.READ_CALL_LOG"; + g_infoManagerTestStateD.grantStatus = PERMISSION_DENIED; +} + +static void PrepareJsonData2() +{ + std::string testStr = R"({"dlpPermissions":[)"\ + R"({"name":"ohos.permission.MEDIA_LOCATION","dlpGrantRange":"none"},)"\ + R"({"name":"ohos.permission.MICROPHONE","dlpGrantRange":"all"},)"\ + R"({"name":"ohos.permission.READ_CALENDAR","dlpGrantRange":"full_control"}]})"; + + ConfigPolicLoader loader; + std::vector dlpPerms; + if (!loader.ParserDlpPermsRawData(testStr, permDefList)) { + GTEST_LOG_(INFO) << "ParserDlpPermsRawData failed."; + } + DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPermissions); +} + +/** + * @tc.name: DlpPermissionConfig004 + * @tc.desc: test DLP_COMMON app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig004, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain4", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig004", + .instIndex = 0, + .dlpType = DLP_COMMON, + .appIDDesc = "DlpPermissionConfig004" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + ASSERT_EQ(RET_SUCCESS, ret); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig005 + * @tc.desc: test DLP_READ app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: SR000GVIGR + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig005, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain5", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig005", + .instIndex = 0, + .dlpType = DLP_READ, + .appIDDesc = "DlpPermissionConfig005" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} + +/** + * @tc.name: DlpPermissionConfig006 + * @tc.desc: test DLP_FULL_CONTROL app with user_grant permissions. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionManagerTest, DlpPermissionConfig006, TestSize.Level1) +{ + PrepareJsonData2(); + PrepareUserPermState(); + + static HapPolicy infoManagerTestPolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain6", + .permList = {g_infoManagerPermDef1, g_infoManagerPermDef2, + g_infoManagerPermDef3, g_infoManagerPermDef4}, + .permStateList = {g_infoManagerTestStateA, g_infoManagerTestStateB, + g_infoManagerTestStateC, g_infoManagerTestStateD} + }; + static HapInfoParams infoManagerTestInfoParms = { + .userID = 1, + .bundleName = "DlpPermissionConfig006", + .instIndex = 0, + .dlpType = DLP_FULL_CONTROL, + .appIDDesc = "DlpPermissionConfig006" + }; + AccessTokenIDEx tokenIdEx = {0}; + int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(infoManagerTestInfoParms, + infoManagerTestPolicyPrams, tokenIdEx); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "add a hap token"; + + AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; + + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALENDAR", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MEDIA_LOCATION", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.MICROPHONE", PERMISSION_USER_FIXED); + PermissionManager::GetInstance().GrantPermission(tokenID, + "ohos.permission.READ_CALL_LOG", PERMISSION_USER_FIXED); + + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALENDAR"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MEDIA_LOCATION"); + ASSERT_EQ(PERMISSION_DENIED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.MICROPHONE"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + ret = AccessTokenInfoManager::GetInstance().VerifyAccessToken(tokenID, "ohos.permission.READ_CALL_LOG"); + ASSERT_EQ(PERMISSION_GRANTED, ret); + + ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + ASSERT_EQ(RET_SUCCESS, ret); + GTEST_LOG_(INFO) << "remove the token info"; +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/libraryloader/src/libraryloader.cpp b/services/common/libraryloader/src/libraryloader.cpp index b370cd4f70cf9f67e099211ac5de77e8043be2df..c9d53569622feadac9802cc7f93ece646f51c277 100644 --- a/services/common/libraryloader/src/libraryloader.cpp +++ b/services/common/libraryloader/src/libraryloader.cpp @@ -18,14 +18,12 @@ #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenLibLoader"}; typedef void* (*FUNC_CREATE) (void); typedef void (*FUNC_DESTROY) (void*); } @@ -57,7 +55,7 @@ bool LibraryLoader::PrintErrorLog(const std::string& targetName) { char* error; if ((error = dlerror()) != nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get %{public}s failed, errMsg=%{public}s.", + LOGE(ATM_DOMAIN, ATM_TAG, "Get %{public}s failed, errMsg=%{public}s.", targetName.c_str(), error); return false; } diff --git a/services/common/power_manager/BUILD.gn b/services/common/power_manager/BUILD.gn deleted file mode 100644 index db6ad67983f47b86dce10ee5a86ae63b5001f421..0000000000000000000000000000000000000000 --- a/services/common/power_manager/BUILD.gn +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/ohos.gni") -import("../../../access_token.gni") - -config("accesstoken_power_manager_config") { - visibility = [ ":*" ] - include_dirs = [ "include" ] -} - -ohos_shared_library("accesstoken_power_manager") { - if (is_standard_system && power_manager_enable) { - subsystem_name = "security" - part_name = "access_token" - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - - include_dirs = [ "include" ] - - sources = [ "src/power_manager_loader.cpp" ] - - cflags_cc = [] - configs = [ - "${access_token_path}/config:access_token_compile_flags", - "${access_token_path}/config:coverage_flags", - ] - public_configs = [ ":accesstoken_power_manager_config" ] - - external_deps = [ - "c_utils:utils", - "ipc:ipc_core", - "power_manager:powermgr_client", - ] - } -} diff --git a/services/common/proxy_death/BUILD.gn b/services/common/proxy_death/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..d78510021ded149cf28af73cbd35aae1759b4752 --- /dev/null +++ b/services/common/proxy_death/BUILD.gn @@ -0,0 +1,81 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../access_token.gni") + +config("proxy_death_handler_configs") { + visibility = [ ":*" ] + include_dirs = [ "include" ] +} + +ohos_source_set("proxy_death_stub") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ "include" ] + + sources = [ "src/proxy_death_callback_stub.cpp" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + public_configs = [ ":proxy_death_handler_configs" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + ] +} + +ohos_source_set("proxy_death_handler") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + include_dirs = [ "include" ] + + sources = [ + "src/proxy_death_handler.cpp", + "src/proxy_death_recipient.cpp", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + public_configs = [ ":proxy_death_handler_configs" ] + + deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_single", + ] +} diff --git a/services/common/proxy_death/include/proxy_death_callback.h b/services/common/proxy_death/include/proxy_death_callback.h new file mode 100644 index 0000000000000000000000000000000000000000..3070486308e159c41f4a2ffbf48aa28d0f8528d6 --- /dev/null +++ b/services/common/proxy_death/include/proxy_death_callback.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PROXY_DEATH_CALLBACK_H +#define PROXY_DEATH_CALLBACK_H + +#include "iremote_broker.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +/** + * @brief Declares ProxyDeathCallBack interface class + */ +class ProxyDeathCallBack : public IRemoteBroker { +public: + /** + * @brief declare interface descritor which used in parcel. + * @param const string + */ + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.security.accesstoken.ProxyDeathCallBack"); +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PROXY_DEATH_CALLBACK_H diff --git a/services/common/proxy_death/include/proxy_death_callback_stub.h b/services/common/proxy_death/include/proxy_death_callback_stub.h new file mode 100644 index 0000000000000000000000000000000000000000..e59546f4d092b9e69eb88186ff93f504e0bded2c --- /dev/null +++ b/services/common/proxy_death/include/proxy_death_callback_stub.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PROXY_DEATH_CALLBACK_STUB_H +#define PROXY_DEATH_CALLBACK_STUB_H + +#include + +#include "proxy_death_callback.h" +#include "iremote_stub.h" + + +namespace OHOS { +namespace Security { +namespace AccessToken { +class ProxyDeathCallBackStub : public IRemoteStub { +public: + ProxyDeathCallBackStub() {}; + virtual ~ProxyDeathCallBackStub() = default; + + int32_t OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) override; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // PROXY_DEATH_CALLBACK_STUB_H diff --git a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_death_recipient.h b/services/common/proxy_death/include/proxy_death_handler.h similarity index 45% rename from services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_death_recipient.h rename to services/common/proxy_death/include/proxy_death_handler.h index 334392cd162cd57d0c31ab079fbbc9e8f9484379..523cdbbe9eded4c793bdbc125851547efe8a1011 100644 --- a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_death_recipient.h +++ b/services/common/proxy_death/include/proxy_death_handler.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -14,22 +14,38 @@ */ -#ifndef CAMERA_MANAGER_PRIVACY_DEATH_RECIPIENT_H -#define CAMERA_MANAGER_PRIVACY_DEATH_RECIPIENT_H +#ifndef PROXY_DEATH_HANDLER_H +#define PROXY_DEATH_HANDLER_H +#include +#include +#include #include "iremote_object.h" +#include "proxy_death_param.h" namespace OHOS { namespace Security { namespace AccessToken { -class CameraManagerPrivacyDeathRecipient : public IRemoteObject::DeathRecipient { +class ProxyDeathHandler { public: - CameraManagerPrivacyDeathRecipient() {} - virtual ~CameraManagerPrivacyDeathRecipient() override = default; - void OnRemoteDied(const wptr& object) override; + ProxyDeathHandler() {} + ~ProxyDeathHandler() = default; + + void AddProxyStub(const sptr& proxyStub, std::shared_ptr& param); + void HandleRemoteDied(const sptr& object); + void ReleaseProxyByParam(const std::shared_ptr& param); + +protected: + void ReleaseProxies(); + void ProcessProxyData(const std::shared_ptr& param); + +private: + std::mutex proxyLock_; + using RecipientAndParam = std::pair, std::shared_ptr>; + std::map, RecipientAndParam> proxyStubAndRecipientMap_; }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // CAMERA_MANAGER_PRIVACY_DEATH_RECIPIENT_H +#endif // PROXY_DEATH_HANDLER_H diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp b/services/common/proxy_death/include/proxy_death_param.h similarity index 72% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp rename to services/common/proxy_death/include/proxy_death_param.h index 017814c4b9fe2c0f1247d5418dd015ffe6580206..4fd61a87454bfdbf6893c66b581ae27dd490e86b 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.cpp +++ b/services/common/proxy_death/include/proxy_death_param.h @@ -12,17 +12,23 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "el5_filekey_manager_death_recipient.h" -#include "el5_filekey_manager_client.h" + +#ifndef PROXY_DEATH_PARAM_H +#define PROXY_DEATH_PARAM_H namespace OHOS { namespace Security { namespace AccessToken { -void El5FilekeyManagerDeathRecipient::OnRemoteDied(const wptr& object) -{ - El5FilekeyManagerClient::GetInstance().OnRemoteDiedHandle(); -} +class ProxyDeathParam { +public: + ProxyDeathParam() {} + virtual ~ProxyDeathParam() = default; + virtual void ProcessParam() = 0; + virtual bool IsEqual(ProxyDeathParam* param) = 0; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS +#endif // PROXY_DEATH_PARAM_H + diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h b/services/common/proxy_death/include/proxy_death_recipient.h similarity index 67% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h rename to services/common/proxy_death/include/proxy_death_recipient.h index 65ec8202f0cb7662ef96321721a57c47f9146572..3975a4c42d3298193083ee8009cf163eea84d3b6 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_death_recipient.h +++ b/services/common/proxy_death/include/proxy_death_recipient.h @@ -14,21 +14,27 @@ */ -#ifndef EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H -#define EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H +#ifndef PROXY_DEATH_RECIPIENT_H +#define PROXY_DEATH_RECIPIENT_H +#include #include "iremote_object.h" +#include "proxy_death_handler.h" +#include "proxy_death_param.h" namespace OHOS { namespace Security { namespace AccessToken { -class El5FilekeyManagerDeathRecipient : public IRemoteObject::DeathRecipient { +class ProxyDeathRecipient : public IRemoteObject::DeathRecipient { public: - El5FilekeyManagerDeathRecipient() {} - ~El5FilekeyManagerDeathRecipient() override = default; + ProxyDeathRecipient(ProxyDeathHandler* handler); + virtual ~ProxyDeathRecipient() override = default; void OnRemoteDied(const wptr& object) override; +private: + ProxyDeathHandler* handler_ = nullptr; }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // EL5_FILEKEY_MANAGER_DEATH_RECIPIENT_H +#endif // PROXY_DEATH_RECIPIENT_H + diff --git a/services/common/proxy_death/src/proxy_death_callback_stub.cpp b/services/common/proxy_death/src/proxy_death_callback_stub.cpp new file mode 100644 index 0000000000000000000000000000000000000000..136b126cea1400327d0bc848db32eea18db7dca3 --- /dev/null +++ b/services/common/proxy_death/src/proxy_death_callback_stub.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "proxy_death_callback_stub.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +int32_t ProxyDeathCallBackStub::OnRemoteRequest(uint32_t code, MessageParcel& data, + MessageParcel& reply, MessageOption& option) +{ + return IPCObjectStub::OnRemoteRequest(code, data, reply, option); +} + +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/proxy_death/src/proxy_death_handler.cpp b/services/common/proxy_death/src/proxy_death_handler.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8c3beab810af5747e22c9315d26de80cdd1ef91f --- /dev/null +++ b/services/common/proxy_death/src/proxy_death_handler.cpp @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_common_log.h" +#include "iremote_object.h" +#include "proxy_death_handler.h" +#include "proxy_death_recipient.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +void ProxyDeathHandler::AddProxyStub(const sptr& proxyStub, + std::shared_ptr& param) +{ + std::lock_guard lock(proxyLock_); + if (proxyStub == nullptr || param == nullptr) { + return; + } + if (proxyStubAndRecipientMap_.find(proxyStub) != proxyStubAndRecipientMap_.end()) { + LOGI(ATM_DOMAIN, ATM_TAG, "Proxy is found."); + return; + } + auto proxyDeathRecipient = sptr::MakeSptr(this); + if (proxyDeathRecipient == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Create proxy death recipient failed."); + return; + } + if (proxyStub->IsObjectDead()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote stub is dead."); + return; + } + proxyStub->AddDeathRecipient(proxyDeathRecipient); + RecipientAndParam cur(proxyDeathRecipient, param); + proxyStubAndRecipientMap_.emplace(proxyStub, cur); + if (proxyStub->IsObjectDead()) { + proxyStubAndRecipientMap_.erase(proxyStub); + return; + } +} + +void ProxyDeathHandler::HandleRemoteDied(const sptr& object) +{ + if (object == nullptr) { + return; + } + std::lock_guard lock(proxyLock_); + auto iter = proxyStubAndRecipientMap_.find(object); + if (iter == proxyStubAndRecipientMap_.end()) { + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot find object in map"); + return; + } + object->RemoveDeathRecipient(iter->second.first); + ProcessProxyData(iter->second.second); + proxyStubAndRecipientMap_.erase(iter); +} + +void ProxyDeathHandler::ProcessProxyData(const std::shared_ptr& param) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "called"); + param->ProcessParam(); +} + +void ProxyDeathHandler::ReleaseProxies() +{ + std::lock_guard lock(proxyLock_); + for (auto iter: proxyStubAndRecipientMap_) { + auto object = iter.first; + if (!object->IsObjectDead()) { + object->RemoveDeathRecipient(iter.second.first); + } + } +} + +void ProxyDeathHandler::ReleaseProxyByParam(const std::shared_ptr& param) +{ + std::lock_guard lock(proxyLock_); + for (auto iter = proxyStubAndRecipientMap_.begin(); iter != proxyStubAndRecipientMap_.end();) { + if (iter->second.second->IsEqual(param.get())) { + auto object = iter->first; + if (!object->IsObjectDead()) { + object->RemoveDeathRecipient(iter->second.first); + } + iter = proxyStubAndRecipientMap_.erase(iter); + } else { + ++iter; + } + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp b/services/common/proxy_death/src/proxy_death_recipient.cpp similarity index 54% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp rename to services/common/proxy_death/src/proxy_death_recipient.cpp index 9f10e49fe45b3e48d2548fd1f8b64acae1800940..e778e833187f19e7a0a760c389b79aa5fa40da0f 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.cpp +++ b/services/common/proxy_death/src/proxy_death_recipient.cpp @@ -13,23 +13,32 @@ * limitations under the License. */ -#include "el5_filekey_manager_load_callback.h" - -#include "el5_filekey_manager_client.h" +#include "proxy_death_recipient.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -void El5FilekeyManagerLoadCallback::OnLoadSystemAbilitySuccess(int32_t systemAbilityId, - const sptr &remoteObject) + +ProxyDeathRecipient::ProxyDeathRecipient(ProxyDeathHandler* handler) : handler_(handler) { - El5FilekeyManagerClient::GetInstance().LoadSystemAbilitySuccess(remoteObject); } -void El5FilekeyManagerLoadCallback::OnLoadSystemAbilityFail(int32_t systemAbilityId) +void ProxyDeathRecipient::OnRemoteDied(const wptr& remote) { - El5FilekeyManagerClient::GetInstance().LoadSystemAbilityFail(); + LOGI(ATM_DOMAIN, ATM_TAG, "Proxy died."); + sptr object = remote.promote(); + if (object == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Object is nullptr"); + return; + } + if (handler_ == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Handler is nullptr"); + return; + } + handler_->HandleRemoteDied(object); } } // namespace AccessToken -} // namespace Security +} // namespace Security } // namespace OHOS + diff --git a/services/common/screenlock_manager/BUILD.gn b/services/common/screenlock_manager/BUILD.gn index e7726eef08f260e3cca00e881854ea9c094a364e..8a03c4ba4df1187ea6bf360dc8aae98feb0249fd 100644 --- a/services/common/screenlock_manager/BUILD.gn +++ b/services/common/screenlock_manager/BUILD.gn @@ -34,7 +34,7 @@ ohos_shared_library("accesstoken_screenlock_manager") { sources = [ "src/screenlock_manager_loader.cpp" ] - cflags_cc = [] + cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:access_token_compile_flags", "${access_token_path}/config:coverage_flags", diff --git a/services/common/window_manager/BUILD.gn b/services/common/window_manager/BUILD.gn deleted file mode 100644 index 0b969964213aa98d23cce55fd6853ce83097a969..0000000000000000000000000000000000000000 --- a/services/common/window_manager/BUILD.gn +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/ohos.gni") -import("../../../access_token.gni") - -ohos_shared_library("accesstoken_window_manager") { - if (is_standard_system && window_manager_enable == true) { - subsystem_name = "security" - part_name = "access_token" - sanitize = { - cfi = true - cfi_cross_dso = true - debug = false - } - branch_protector_ret = "pac_ret" - - include_dirs = [ - "${access_token_path}/frameworks/common/include", - "${access_token_path}/frameworks/privacy/include", - "${access_token_path}/interfaces/innerkits/accesstoken/include", - "${access_token_path}/interfaces/innerkits/privacy/include", - "include", - ] - - sources = [ - "src/privacy_mock_session_manager_proxy.cpp", - "src/privacy_scene_session_manager_lite_proxy.cpp", - "src/privacy_scene_session_manager_proxy.cpp", - "src/privacy_session_manager_proxy.cpp", - "src/privacy_window_manager_agent.cpp", - "src/privacy_window_manager_client.cpp", - "src/privacy_window_manager_death_recipient.cpp", - "src/privacy_window_manager_proxy.cpp", - "src/window_manager_loader.cpp", - ] - - cflags_cc = [ "-DHILOG_ENABLE" ] - configs = [ - "${access_token_path}/config:access_token_compile_flags", - "${access_token_path}/config:coverage_flags", - ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - "ipc:ipc_core", - "safwk:system_ability_fwk", - "samgr:samgr_proxy", - "window_manager:libwsutils", - ] - } -} diff --git a/services/common/window_manager/include/privacy_window_manager_agent.h b/services/common/window_manager/include/privacy_window_manager_agent.h index f9d724f5051d00d2ef50d17d053b674b8e26bd1a..fa9b32510d9a4a4b5fffdf1db2a933908574d676 100644 --- a/services/common/window_manager/include/privacy_window_manager_agent.h +++ b/services/common/window_manager/include/privacy_window_manager_agent.h @@ -19,11 +19,12 @@ #include "iremote_stub.h" #include "nocopyable.h" #include "privacy_window_manager_interface.h" -#include "window_manager_loader.h" namespace OHOS { namespace Security { namespace AccessToken { +using WindowChangeCallback = void (*)(uint32_t, bool); + class PrivacyWindowManagerAgent : public IRemoteStub { public: PrivacyWindowManagerAgent(WindowChangeCallback callback); diff --git a/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp b/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp index 6dbb1305177cc855da27831eb264350baf3aae22..2f4586b9ec6b693e6e8fed7e0f80f8109eb8e885 100644 --- a/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp @@ -15,14 +15,11 @@ #include #include "privacy_mock_session_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { - constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyMockSessionManagerProxy"}; -} sptr PrivacyMockSessionManagerProxy::GetSessionManagerService() { @@ -30,13 +27,13 @@ sptr PrivacyMockSessionManagerProxy::GetSessionManagerService() MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInterfaceToken failed"); return nullptr; } if (Remote()->SendRequest(static_cast( MockSessionManagerServiceMessage::TRANS_ID_GET_SESSION_MANAGER_SERVICE), data, reply, option) != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed"); return nullptr; } sptr remoteObject = reply.ReadRemoteObject(); diff --git a/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp b/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp index 7e2921b8069f2b16d0bb4b9d02854cfeb44012e9..73503fd66b90b2be519b13208958912d2cb893df 100644 --- a/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp +++ b/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp @@ -15,15 +15,12 @@ #include "privacy_scene_session_manager_lite_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacySceneSessionManagerLiteProxy"}; -} int32_t PrivacySceneSessionManagerLiteProxy::RegisterWindowManagerAgent(WindowManagerAgentType type, const sptr& windowManagerAgent) @@ -32,25 +29,30 @@ int32_t PrivacySceneSessionManagerLiteProxy::RegisterWindowManagerAgent(WindowMa MessageParcel reply; MessageParcel data; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write InterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write InterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest(static_cast( SceneSessionManagerLiteMessage::TRANS_ID_REGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, err=%{public}d.", error); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, err=%{public}d.", error); return error; } @@ -64,25 +66,30 @@ int32_t PrivacySceneSessionManagerLiteProxy::UnregisterWindowManagerAgent(Window MessageOption option; MessageParcel data; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write InterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write InterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest(static_cast( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest(static_cast( SceneSessionManagerLiteMessage::TRANS_ID_UNREGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, err=%{public}d.", error); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, err=%{public}d.", error); return error; } diff --git a/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp b/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp index 5f5ac1b9c9ea8811fbdc688ae89a88c9752bdc62..0d09f3b57aa9e59eaa35cb69b0d8859418bcdcb6 100644 --- a/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp @@ -15,15 +15,12 @@ #include "privacy_scene_session_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacySceneSessionManagerProxy"}; -} int32_t PrivacySceneSessionManagerProxy::RegisterWindowManagerAgent(WindowManagerAgentType type, const sptr& windowManagerAgent) @@ -32,17 +29,17 @@ int32_t PrivacySceneSessionManagerProxy::RegisterWindowManagerAgent(WindowManage MessageParcel reply; MessageParcel data; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write InterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write InterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } @@ -50,7 +47,7 @@ int32_t PrivacySceneSessionManagerProxy::RegisterWindowManagerAgent(WindowManage SceneSessionManagerMessage::TRANS_ID_REGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, err=%{public}d.", error); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, err=%{public}d.", error); return error; } @@ -64,17 +61,17 @@ int32_t PrivacySceneSessionManagerProxy::UnregisterWindowManagerAgent(WindowMana MessageOption option; MessageParcel data; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write InterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write InterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } @@ -82,7 +79,7 @@ int32_t PrivacySceneSessionManagerProxy::UnregisterWindowManagerAgent(WindowMana SceneSessionManagerMessage::TRANS_ID_UNREGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, err=%{public}d.", error); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, err=%{public}d.", error); return error; } diff --git a/services/common/window_manager/src/privacy_session_manager_proxy.cpp b/services/common/window_manager/src/privacy_session_manager_proxy.cpp index 01b0da5ebb7023cc649026ade37bf04b19905097..1bc8196e8c9ed7c9562b8c14cba694ba0df614b6 100644 --- a/services/common/window_manager/src/privacy_session_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_session_manager_proxy.cpp @@ -15,14 +15,11 @@ #include "privacy_session_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacySessionManagerProxy" }; -} sptr PrivacySessionManagerProxy::GetSceneSessionManager() { @@ -31,15 +28,20 @@ sptr PrivacySessionManagerProxy::GetSceneSessionManager() MessageOption option(MessageOption::TF_SYNC); if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInterfaceToken failed"); return nullptr; } - auto ret = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return nullptr; + } + auto ret = remote->SendRequest( static_cast(SessionManagerServiceMessage::TRANS_ID_GET_SCENE_SESSION_MANAGER), data, reply, option); if (ret != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, errorCode %{public}d", ret); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, errorCode %{public}d", ret); return nullptr; } @@ -53,15 +55,20 @@ sptr PrivacySessionManagerProxy::GetSceneSessionManagerLite() MessageOption option(MessageOption::TF_SYNC); if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInterfaceToken failed"); return nullptr; } - auto ret = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return nullptr; + } + auto ret = remote->SendRequest( static_cast(SessionManagerServiceMessage::TRANS_ID_GET_SCENE_SESSION_MANAGER_LITE), data, reply, option); if (ret != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, errorCode %{public}d", ret); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed, errorCode %{public}d", ret); return nullptr; } diff --git a/services/common/window_manager/src/privacy_window_manager_agent.cpp b/services/common/window_manager/src/privacy_window_manager_agent.cpp index 15fe476c7cb4f6c5600395f18f9ede80518efa54..d38169376c41405d790ce3293210e682e6a2bf8c 100644 --- a/services/common/window_manager/src/privacy_window_manager_agent.cpp +++ b/services/common/window_manager/src/privacy_window_manager_agent.cpp @@ -13,17 +13,12 @@ * limitations under the License. */ #include "privacy_window_manager_agent.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyWindowManagerAgent" -}; -} PrivacyWindowManagerAgent::PrivacyWindowManagerAgent(WindowChangeCallback callback) { @@ -33,9 +28,9 @@ PrivacyWindowManagerAgent::PrivacyWindowManagerAgent(WindowChangeCallback callba int PrivacyWindowManagerAgent::OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, code: %{public}u", __func__, code); + LOGI(PRI_DOMAIN, PRI_TAG, "%{public}s called, code: %{public}u", __func__, code); if (data.ReadInterfaceToken() != IWindowManagerAgent::GetDescriptor()) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, read desciptor error", __func__); + LOGI(PRI_DOMAIN, PRI_TAG, "%{public}s called, read desciptor error", __func__); return ERROR_IPC_REQUEST_FAIL; } PrivacyWindowServiceInterfaceCode msgId = static_cast(code); @@ -60,13 +55,13 @@ int PrivacyWindowManagerAgent::OnRemoteRequest(uint32_t code, MessageParcel& dat void PrivacyWindowManagerAgent::UpdateCameraFloatWindowStatus(uint32_t accessTokenId, bool isShowing) { - ACCESSTOKEN_LOG_INFO(LABEL, "OnChange(tokenId=%{public}d, isShow=%{public}d)", accessTokenId, isShowing); + LOGI(PRI_DOMAIN, PRI_TAG, "OnChange(tokenId=%{public}d, isShow=%{public}d)", accessTokenId, isShowing); callback_(accessTokenId, isShowing); } void PrivacyWindowManagerAgent::UpdateCameraWindowStatus(uint32_t accessTokenId, bool isShowing) { - ACCESSTOKEN_LOG_INFO(LABEL, "OnChange(tokenId=%{public}d, isShow=%{public}d)", accessTokenId, isShowing); + LOGI(PRI_DOMAIN, PRI_TAG, "OnChange(tokenId=%{public}d, isShow=%{public}d)", accessTokenId, isShowing); callback_(accessTokenId, isShowing); } } // namespace AccessToken diff --git a/services/common/window_manager/src/privacy_window_manager_client.cpp b/services/common/window_manager/src/privacy_window_manager_client.cpp index 2851b983272b9e293a44677efcc3c78d7437efb3..e005d9039ab45d22938ab295b4637f163917ef93 100644 --- a/services/common/window_manager/src/privacy_window_manager_client.cpp +++ b/services/common/window_manager/src/privacy_window_manager_client.cpp @@ -15,7 +15,7 @@ #include "privacy_window_manager_client.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "iservice_registry.h" #include "privacy_error.h" @@ -31,9 +31,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyWindowManagerClient" -}; std::recursive_mutex g_instanceMutex; static const int MAX_PTHREAD_NAME_LEN = 15; // pthread name max length } // namespace @@ -44,7 +41,8 @@ PrivacyWindowManagerClient& PrivacyWindowManagerClient::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PrivacyWindowManagerClient(); + PrivacyWindowManagerClient* tmp = new PrivacyWindowManagerClient(); + instance = std::move(tmp); } } return *instance; @@ -58,7 +56,7 @@ PrivacyWindowManagerClient::PrivacyWindowManagerClient() : deathCallback_(nullpt PrivacyWindowManagerClient::~PrivacyWindowManagerClient() { - ACCESSTOKEN_LOG_INFO(LABEL, "~PrivacyWindowManagerClient()."); + LOGI(PRI_DOMAIN, PRI_TAG, "~PrivacyWindowManagerClient()."); std::lock_guard lock(proxyMutex_); RemoveDeathRecipient(); } @@ -71,7 +69,7 @@ int32_t PrivacyWindowManagerClient::RegisterWindowManagerAgent(WindowManagerAgen } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null"); return ERR_SERVICE_ABNORMAL; } return proxy->RegisterWindowManagerAgent(type, windowManagerAgent); @@ -85,7 +83,7 @@ int32_t PrivacyWindowManagerClient::UnregisterWindowManagerAgent(WindowManagerAg } auto proxy = GetProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null"); return ERR_SERVICE_ABNORMAL; } return proxy->UnregisterWindowManagerAgent(type, windowManagerAgent); @@ -96,7 +94,7 @@ int32_t PrivacyWindowManagerClient::RegisterWindowManagerAgentLite(WindowManager { auto proxy = GetLiteProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null"); return ERR_SERVICE_ABNORMAL; } return proxy->RegisterWindowManagerAgent(type, windowManagerAgent); @@ -107,7 +105,7 @@ int32_t PrivacyWindowManagerClient::UnregisterWindowManagerAgentLite(WindowManag { auto proxy = GetLiteProxy(); if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Proxy is null"); return ERR_SERVICE_ABNORMAL; } return proxy->UnregisterWindowManagerAgent(type, windowManagerAgent); @@ -121,96 +119,104 @@ void PrivacyWindowManagerClient::AddDeathCallback(void (*callback)()) void PrivacyWindowManagerClient::InitSessionManagerServiceProxy() { - if (sessionManagerServiceProxy_) { + if (sessionManagerServiceProxy_ && sessionManagerServiceProxy_->AsObject() != nullptr && + (!sessionManagerServiceProxy_->AsObject()->IsObjectDead())) { return; } sptr systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (!systemAbilityManager) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to get system ability mgr."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to get system ability mgr."); return; } sptr remoteObject = systemAbilityManager->GetSystemAbility(WINDOW_MANAGER_SERVICE_ID); if (!remoteObject) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote object is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote object is nullptr"); return; } - mockSessionManagerServiceProxy_ = iface_cast(remoteObject); - if (!mockSessionManagerServiceProxy_) { - ACCESSTOKEN_LOG_WARN(LABEL, "Get mock session manager service proxy failed, nullptr"); + mockSessionManagerServiceProxy_ = new PrivacyMockSessionManagerProxy(remoteObject); + if (!mockSessionManagerServiceProxy_ || mockSessionManagerServiceProxy_->AsObject() == nullptr || + mockSessionManagerServiceProxy_->AsObject()->IsObjectDead()) { + LOGW(PRI_DOMAIN, PRI_TAG, "Get mock session manager service proxy failed, nullptr"); return; } sptr remoteObject2 = mockSessionManagerServiceProxy_->GetSessionManagerService(); if (!remoteObject2) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote object2 is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote object2 is nullptr"); return; } - sessionManagerServiceProxy_ = iface_cast(remoteObject2); - if (!sessionManagerServiceProxy_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SessionManagerServiceProxy_ is nullptr"); + sessionManagerServiceProxy_ = new PrivacySessionManagerProxy(remoteObject2); + if (!sessionManagerServiceProxy_ || sessionManagerServiceProxy_->AsObject() == nullptr || + sessionManagerServiceProxy_->AsObject()->IsObjectDead()) { + LOGE(PRI_DOMAIN, PRI_TAG, "SessionManagerServiceProxy_ is nullptr"); } } void PrivacyWindowManagerClient::InitSceneSessionManagerProxy() { - if (sceneSessionManagerProxy_) { + if (sceneSessionManagerProxy_ && sceneSessionManagerProxy_->AsObject() != nullptr && + (!sceneSessionManagerProxy_->AsObject()->IsObjectDead())) { return; } - if (!sessionManagerServiceProxy_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SessionManagerServiceProxy_ is nullptr"); + if (!sessionManagerServiceProxy_ || sessionManagerServiceProxy_->AsObject() == nullptr || + sessionManagerServiceProxy_->AsObject()->IsObjectDead()) { + LOGE(PRI_DOMAIN, PRI_TAG, "SessionManagerServiceProxy_ is nullptr"); return; } sptr remoteObject = sessionManagerServiceProxy_->GetSceneSessionManager(); if (!remoteObject) { - ACCESSTOKEN_LOG_WARN(LABEL, "Get scene session manager proxy failed, scene session manager service is null"); + LOGW(PRI_DOMAIN, PRI_TAG, "Get scene session manager proxy failed, scene session manager service is null"); return; } - sceneSessionManagerProxy_ = iface_cast(remoteObject); - if (sceneSessionManagerProxy_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "SceneSessionManagerProxy_ is null."); + sceneSessionManagerProxy_ = new PrivacySceneSessionManagerProxy(remoteObject); + if (sceneSessionManagerProxy_ == nullptr || sceneSessionManagerProxy_->AsObject() == nullptr || + sceneSessionManagerProxy_->AsObject()->IsObjectDead()) { + LOGW(PRI_DOMAIN, PRI_TAG, "SceneSessionManagerProxy_ is null."); return; } if (!serviceDeathObserver_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create death Recipient ptr WMSDeathRecipient"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create death Recipient ptr WMSDeathRecipient"); return; } if (remoteObject->IsProxyObject() && !remoteObject->AddDeathRecipient(serviceDeathObserver_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to add death recipient"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to add death recipient"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "InitSceneSessionManagerProxy end."); + LOGI(PRI_DOMAIN, PRI_TAG, "InitSceneSessionManagerProxy end."); } void PrivacyWindowManagerClient::InitSceneSessionManagerLiteProxy() { - if (sceneSessionManagerLiteProxy_) { + if (sceneSessionManagerLiteProxy_ && sceneSessionManagerLiteProxy_->AsObject() != nullptr && + (!sceneSessionManagerLiteProxy_->AsObject()->IsObjectDead())) { return; } if (!sessionManagerServiceProxy_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SessionManagerServiceProxy_ is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "SessionManagerServiceProxy_ is nullptr"); return; } sptr remoteObject = sessionManagerServiceProxy_->GetSceneSessionManagerLite(); if (!remoteObject) { - ACCESSTOKEN_LOG_WARN(LABEL, "Get scene session manager proxy failed, scene session manager service is null"); + LOGW(PRI_DOMAIN, PRI_TAG, "Get scene session manager proxy failed, scene session manager service is null"); return; } - sceneSessionManagerLiteProxy_ = iface_cast(remoteObject); - if (sceneSessionManagerLiteProxy_ == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "SceneSessionManagerLiteProxy_ is null."); + sceneSessionManagerLiteProxy_ = new PrivacySceneSessionManagerLiteProxy(remoteObject); + if (sceneSessionManagerLiteProxy_ == nullptr || sceneSessionManagerLiteProxy_->AsObject() == nullptr || + sceneSessionManagerLiteProxy_->AsObject()->IsObjectDead()) { + LOGW(PRI_DOMAIN, PRI_TAG, "SceneSessionManagerLiteProxy_ is null."); return; } if (!serviceDeathObserver_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create death Recipient ptr WMSDeathRecipient"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create death Recipient ptr WMSDeathRecipient"); return; } if (remoteObject->IsProxyObject() && !remoteObject->AddDeathRecipient(serviceDeathObserver_)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to add death recipient"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to add death recipient"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "InitSceneSessionManagerLiteProxy end."); + LOGI(PRI_DOMAIN, PRI_TAG, "InitSceneSessionManagerLiteProxy end."); } sptr PrivacyWindowManagerClient::GetSSMProxy() @@ -231,17 +237,17 @@ sptr PrivacyWindowManagerClient::GetSSMLiteProxy() void PrivacyWindowManagerClient::InitWMSProxy() { - if (wmsProxy_) { + if (wmsProxy_ && wmsProxy_->AsObject() != nullptr && (!wmsProxy_->AsObject()->IsObjectDead())) { return; } auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "GetSystemAbilityManager is null"); return; } auto windowManagerSa = sam->GetSystemAbility(WINDOW_MANAGER_SERVICE_ID); if (windowManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", + LOGE(PRI_DOMAIN, PRI_TAG, "GetSystemAbility %{public}d is null", WINDOW_MANAGER_SERVICE_ID); return; } @@ -250,12 +256,12 @@ void PrivacyWindowManagerClient::InitWMSProxy() windowManagerSa->AddDeathRecipient(serviceDeathObserver_); } - wmsProxy_ = iface_cast(windowManagerSa); - if (wmsProxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WmsProxy_ is null."); + wmsProxy_ = new PrivacyWindowManagerProxy(windowManagerSa); + if (wmsProxy_ == nullptr || wmsProxy_->AsObject() == nullptr || wmsProxy_->AsObject()->IsObjectDead()) { + LOGE(PRI_DOMAIN, PRI_TAG, "WmsProxy_ is null."); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "InitWMSProxy end."); + LOGI(PRI_DOMAIN, PRI_TAG, "InitWMSProxy end."); } sptr PrivacyWindowManagerClient::GetWMSProxy() @@ -268,7 +274,7 @@ sptr PrivacyWindowManagerClient::GetWMSProxy() void PrivacyWindowManagerClient::OnRemoteDiedHandle() { std::lock_guard lock(proxyMutex_); - ACCESSTOKEN_LOG_INFO(LABEL, "Window manager remote died."); + LOGI(PRI_DOMAIN, PRI_TAG, "Window manager remote died."); RemoveDeathRecipient(); std::function runner = [this]() { diff --git a/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp b/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp index 5da7ce251d457c208c52b06f62c29a5edc96d2ca..6e5589481d39a4c89ee8690e9c43fe537aea5319 100644 --- a/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp +++ b/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp @@ -13,20 +13,16 @@ * limitations under the License. */ #include "privacy_window_manager_death_recipient.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_window_manager_client.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyWindowManagerDeathRecipient"}; -} // namespace void PrivacyWindowManagerDeathRecipient::OnRemoteDied(const wptr& object) { - ACCESSTOKEN_LOG_INFO(LABEL, "WindowManger died."); + LOGI(PRI_DOMAIN, PRI_TAG, "WindowManger died."); PrivacyWindowManagerClient::GetInstance().OnRemoteDiedHandle(); } } // namespace AccessToken diff --git a/services/common/window_manager/src/privacy_window_manager_proxy.cpp b/services/common/window_manager/src/privacy_window_manager_proxy.cpp index 77a3e45946e8dfcdf44f7cb714e3789bae5dc17f..b98b267d312d155dc85e8d8b5d5ebf7247661a8b 100644 --- a/services/common/window_manager/src/privacy_window_manager_proxy.cpp +++ b/services/common/window_manager/src/privacy_window_manager_proxy.cpp @@ -14,15 +14,12 @@ */ #include "privacy_window_manager_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { - constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyWindowManagerProxy"}; -} int32_t PrivacyWindowManagerProxy::RegisterWindowManagerAgent(WindowManagerAgentType type, const sptr& windowManagerAgent) @@ -31,24 +28,29 @@ int32_t PrivacyWindowManagerProxy::RegisterWindowManagerAgent(WindowManagerAgent MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest( static_cast(IWindowManager::WindowManagerMessage::TRANS_ID_REGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed"); return error; } return reply.ReadInt32(); @@ -61,25 +63,30 @@ int32_t PrivacyWindowManagerProxy::UnregisterWindowManagerAgent(WindowManagerAge MessageParcel reply; MessageOption option; if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInterfaceToken failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteUint32(static_cast(type))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write type failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write type failed"); return ERR_WRITE_PARCEL_FAILED; } if (!data.WriteRemoteObject(windowManagerAgent->AsObject())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Write IWindowManagerAgent failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Write IWindowManagerAgent failed"); return ERR_WRITE_PARCEL_FAILED; } - int32_t error = Remote()->SendRequest( + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service is null."); + return ERR_REMOTE_CONNECTION; + } + int32_t error = remote->SendRequest( static_cast(IWindowManager::WindowManagerMessage::TRANS_ID_UNREGISTER_WINDOW_MANAGER_AGENT), data, reply, option); if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest failed"); return error; } diff --git a/services/common/window_manager/src/window_manager_loader.cpp b/services/common/window_manager/src/window_manager_loader.cpp deleted file mode 100644 index f6ca990cc8b0838cdbe6b7d822bb49f472f882f4..0000000000000000000000000000000000000000 --- a/services/common/window_manager/src/window_manager_loader.cpp +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "window_manager_loader.h" -#include "privacy_error.h" -#include "privacy_window_manager_agent.h" -#include "privacy_window_manager_client.h" -#include "scene_board_judgement.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static sptr g_floatWindowCallback = nullptr; -static sptr g_pipWindowCallback = nullptr; -} - -int32_t WindowManagerLoader::RegisterFloatWindowListener(const WindowChangeCallback& callback) -{ - if (g_floatWindowCallback == nullptr) { - g_floatWindowCallback = new (std::nothrow) PrivacyWindowManagerAgent(callback); - if (g_floatWindowCallback == nullptr) { - return ERR_MALLOC_FAILED; - } - } - return PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, g_floatWindowCallback); -} - -int32_t WindowManagerLoader::UnregisterFloatWindowListener(const WindowChangeCallback& callback) -{ - return PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, g_floatWindowCallback); -} - -int32_t WindowManagerLoader::RegisterPipWindowListener(const WindowChangeCallback& callback) -{ - if (!Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) { - return 0; - } - if (g_pipWindowCallback == nullptr) { - g_pipWindowCallback = new (std::nothrow) PrivacyWindowManagerAgent(callback); - if (g_pipWindowCallback == nullptr) { - return ERR_MALLOC_FAILED; - } - } - return PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, g_pipWindowCallback); -} - -int32_t WindowManagerLoader::UnregisterPipWindowListener(const WindowChangeCallback& callback) -{ - if (!Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) { - return 0; - } - return PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, g_pipWindowCallback); -} - -void WindowManagerLoader::AddDeathCallback(void (*callback)()) -{ - PrivacyWindowManagerClient::GetInstance().AddDeathCallback(callback); -} - -extern "C" { -void* Create() -{ - return reinterpret_cast(new (std::nothrow) WindowManagerLoader); -} - -void Destroy(void* loaderPtr) -{ - WindowManagerLoaderInterface* loader = reinterpret_cast(loaderPtr); - if (loader != nullptr) { - delete loader; - } -} -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/common/window_manager/test/BUILD.gn b/services/common/window_manager/test/BUILD.gn index 71bca7fee79bb3a0cf004fe73f726371f815ec1b..a2da391464fa4bfd1abb31ffcedd3111193599ac 100644 --- a/services/common/window_manager/test/BUILD.gn +++ b/services/common/window_manager/test/BUILD.gn @@ -41,7 +41,6 @@ ohos_unittest("libwindow_manager_test") { "${access_token_path}/services/common/window_manager/src/privacy_window_manager_client.cpp", "${access_token_path}/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp", "${access_token_path}/services/common/window_manager/src/privacy_window_manager_proxy.cpp", - "${access_token_path}/services/common/window_manager/src/window_manager_loader.cpp", "unittest/window_manager_test.cpp", ] diff --git a/services/common/window_manager/test/unittest/window_manager_test.cpp b/services/common/window_manager/test/unittest/window_manager_test.cpp index 2e7b0e3e5aa5458c792c91814558ce3666747cb7..c2574d603d2687482737e739ca2754416f53cfcc 100644 --- a/services/common/window_manager/test/unittest/window_manager_test.cpp +++ b/services/common/window_manager/test/unittest/window_manager_test.cpp @@ -60,18 +60,6 @@ HWTEST_F(WindowManagerTest, OnRemoteDiedHandle001, TestSize.Level1) { EXPECT_EQ(nullptr, PrivacyWindowManagerClient::GetInstance().wmsProxy_); } -/** - * @tc.name: UnregisterWindowManagerAgent001 - * @tc.desc: UnregisterWindowManagerAgent. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(WindowManagerTest, UnregisterWindowManagerAgent001, TestSize.Level1) { - PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent( - WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, nullptr); - EXPECT_EQ(nullptr, PrivacyWindowManagerClient::GetInstance().wmsProxy_); -} - } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/el5filekeymanager/BUILD.gn b/services/el5filekeymanager/BUILD.gn index 240f581727e108cf894ae8968138793cdb5b02b0..b2445cc3282ff04d49bde504c85fd47e96f2a732 100644 --- a/services/el5filekeymanager/BUILD.gn +++ b/services/el5filekeymanager/BUILD.gn @@ -44,7 +44,13 @@ if (is_standard_system && ability_base_enable == true) { shlib_type = "sa" cflags = [] - cflags_cc = [] + cflags_cc = [ + "-fdata-sections", + "-ffunction-sections", + "-fno-asynchronous-unwind-tables", + "-fno-unwind-tables", + "-Os", + ] defines = [] sources = [ "src/el5_filekey_callback_proxy.cpp", @@ -61,13 +67,13 @@ if (is_standard_system && ability_base_enable == true) { include_dirs = [ "${access_token_path}/services/el5filekeymanager/include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] deps = [ + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", - "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/services/el5filekeymanager:el5_filekey_manager_cfg", ] @@ -76,7 +82,6 @@ if (is_standard_system && ability_base_enable == true) { "c_utils:utils", "hilog:libhilog", "ipc:ipc_single", - "json:nlohmann_json_static", "safwk:system_ability_fwk", "samgr:samgr_proxy", ] diff --git a/services/el5filekeymanager/el5_filekey_manager.cfg b/services/el5filekeymanager/el5_filekey_manager.cfg index a11b32b9cac17f6e6792594f4f9fb7e8a87a6d88..455fffb8807707b0e52fbdeb9a0a46b5dc31f8c2 100644 --- a/services/el5filekeymanager/el5_filekey_manager.cfg +++ b/services/el5filekeymanager/el5_filekey_manager.cfg @@ -28,7 +28,11 @@ "ohos.permission.PUBLISH_SYSTEM_COMMON_EVENT", "ohos.permission.STORAGE_MANAGER_CRYPT", "ohos.permission.MANAGE_LOCAL_ACCOUNTS", - "ohos.permission.USE_USER_IDM" + "ohos.permission.USE_USER_IDM", + "ohos.permission.RUNNING_STATE_OBSERVER", + "ohos.permission.GET_TELEPHONY_STATE", + "ohos.permission.SET_TELEPHONY_STATE", + "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED" ], "permission_acls": [ "ohos.permission.MONITOR_DEVICE_NETWORK_STATE", diff --git a/services/el5filekeymanager/include/el5_filekey_manager_service.h b/services/el5filekeymanager/include/el5_filekey_manager_service.h index c06fe1a08938f43bad5a0b27e79e0fd92527f6c2..3571fecfe5a0cee2554f0a0add9f22a7c7e2d58d 100644 --- a/services/el5filekeymanager/include/el5_filekey_manager_service.h +++ b/services/el5filekeymanager/include/el5_filekey_manager_service.h @@ -40,17 +40,22 @@ public: virtual ~El5FilekeyManagerService(); int32_t Init(); + void UnInit(); int32_t AcquireAccess(DataLockType type) override; int32_t ReleaseAccess(DataLockType type) override; int32_t GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) override; - int32_t DeleteAppKey(const std::string& keyId) override; + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) override; int32_t GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) override; int32_t ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) override; int32_t SetFilePathPolicy() override; int32_t RegisterCallback(const sptr &callback) override; + int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) override; + int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID) override; + int32_t QueryAppKeyState(DataLockType type) override; + void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId); int32_t SetPolicyScreenLocked(); int32_t HandleUserCommonEvent(const std::string &eventName, int32_t userId); void PostDelayedUnloadTask(uint32_t delayedTime); diff --git a/services/el5filekeymanager/include/el5_filekey_manager_service_ability.h b/services/el5filekeymanager/include/el5_filekey_manager_service_ability.h index 7f6363c8a09de0c249779565b143d8f2d366cd1e..357d62e2bcf6190f69989b643ab352c25e8bd558 100644 --- a/services/el5filekeymanager/include/el5_filekey_manager_service_ability.h +++ b/services/el5filekeymanager/include/el5_filekey_manager_service_ability.h @@ -40,6 +40,7 @@ public: private: void OnStart(const SystemAbilityOnDemandReason &startReason) final; void OnStop() final; + void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; DISALLOW_COPY_AND_MOVE(El5FilekeyManagerServiceAbility); DECLARE_SYSTEM_ABILITY(El5FilekeyManagerServiceAbility); diff --git a/services/el5filekeymanager/include/el5_filekey_manager_stub.h b/services/el5filekeymanager/include/el5_filekey_manager_stub.h index 41757b9a03ff16e1a7ce9b25e47739f5561ff503..79058840622b39a98e0142c01641fd2aff62a492 100644 --- a/services/el5filekeymanager/include/el5_filekey_manager_stub.h +++ b/services/el5filekeymanager/include/el5_filekey_manager_stub.h @@ -41,6 +41,9 @@ private: void ChangeUserAppkeysLoadInfoInner(MessageParcel &data, MessageParcel &reply); void SetFilePathPolicyInner(MessageParcel &data, MessageParcel &reply); void RegisterCallbackInner(MessageParcel &data, MessageParcel &reply); + void GenerateGroupIDKeyInner(MessageParcel &data, MessageParcel &reply); + void DeleteGroupIDKeyInner(MessageParcel &data, MessageParcel &reply); + void QueryAppKeyStateInner(MessageParcel &data, MessageParcel &reply); void MarshallingKeyInfos(MessageParcel &reply, std::vector>& keyInfos); int32_t UnmarshallingLoadInfos(MessageParcel &data, std::vector> &loadInfos); diff --git a/services/el5filekeymanager/sa_profile/8250.json b/services/el5filekeymanager/sa_profile/8250.json index 0ad279268b7e425aaf41bd621eb419f88d33068d..f7341c6c3245644d882b373871f9abe2b66ed392 100644 --- a/services/el5filekeymanager/sa_profile/8250.json +++ b/services/el5filekeymanager/sa_profile/8250.json @@ -5,6 +5,7 @@ "name": 8250, "libpath": "libel5_filekey_manager_service.z.so", "run-on-create": false, + "auto-restart":true, "distributed": false, "dump_level": 1, "start-on-demand": { diff --git a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp index 66225702abf78d1dac3076fe9972f17744fe282a..8b7f6f66230d25f1d37a95ab3ec001d9c30da78e 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_service.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_service.cpp @@ -75,29 +75,6 @@ int32_t El5FilekeyManagerService::Init() unloadHandler_ = std::make_shared(runner); #endif -#ifdef COMMON_EVENT_SERVICE_ENABLE - if (subscriber_ == nullptr) { - EventFwk::MatchingSkills matchingSkills; - matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_LOCKED); - matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_UNLOCKED); - EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills); - subscriber_ = std::make_shared(subscribeInfo); - bool ret = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_); - if (!ret) { - LOG_ERROR("Subscribe common event failed."); - subscriber_ = nullptr; - } - } -#endif - -#ifdef THEME_SCREENLOCK_MGR_ENABLE - // screen is unlocked, sa is called by USER_REMOVED, auto stop in 30s. - if (!ScreenLock::ScreenLockManager::GetInstance()->IsScreenLocked()) { - LOG_DEBUG("Init when screen is unlocked."); - PostDelayedUnloadTask(SCREEN_ON_DELAY_TIME); - } -#endif - handler_ = dlopen("/system/lib64/libel5_filekey_manager_api.z.so", RTLD_LAZY); if (handler_ == nullptr) { LOG_ERROR("Policy not exist, just start service."); @@ -119,6 +96,49 @@ int32_t El5FilekeyManagerService::Init() return EFM_SUCCESS; } +void El5FilekeyManagerService::UnInit() +{ + LOG_INFO("UnInit start"); + if (service_) { + service_->UnInit(); + } +} + +void El5FilekeyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) +{ + LOG_INFO("SaId %{public}d added", systemAbilityId); +#ifdef COMMON_EVENT_SERVICE_ENABLE + if (systemAbilityId == COMMON_EVENT_SERVICE_ID) { + if (subscriber_ == nullptr) { + EventFwk::MatchingSkills matchingSkills; + matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_LOCKED); + matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_UNLOCKED); + EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills); + subscriber_ = std::make_shared(subscribeInfo); + bool ret = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_); + if (!ret) { + LOG_ERROR("Subscribe common event failed."); + subscriber_ = nullptr; + } + } + } +#endif + +#ifdef THEME_SCREENLOCK_MGR_ENABLE + if (systemAbilityId == SCREENLOCK_SERVICE_ID) { + // screen is unlocked, sa is called by USER_REMOVED, auto stop in 30s. + if (!ScreenLock::ScreenLockManager::GetInstance()->IsScreenLocked()) { + LOG_INFO("Init when screen is unlocked."); + PostDelayedUnloadTask(SCREEN_ON_DELAY_TIME); + } + } +#endif + + if (service_ != nullptr) { + service_->OnAddSystemAbility(systemAbilityId, deviceId); + } +} + void El5FilekeyManagerService::PostDelayedUnloadTask(uint32_t delayedTime) { #ifdef EVENTHANDLER_ENABLE @@ -149,7 +169,7 @@ void El5FilekeyManagerService::CancelDelayedUnloadTask() int32_t El5FilekeyManagerService::AcquireAccess(DataLockType type) { - LOG_DEBUG("Acquire type %{public}d.", type); + LOG_INFO("Acquire type %{public}d.", type); bool isApp = true; int32_t ret = CheckReqLockPermission(type, isApp); if (ret != EFM_SUCCESS) { @@ -167,7 +187,7 @@ int32_t El5FilekeyManagerService::AcquireAccess(DataLockType type) int32_t El5FilekeyManagerService::ReleaseAccess(DataLockType type) { - LOG_DEBUG("Release type %{public}d.", type); + LOG_INFO("Release type %{public}d.", type); bool isApp = true; int32_t ret = CheckReqLockPermission(type, isApp); if (ret != EFM_SUCCESS) { @@ -185,7 +205,7 @@ int32_t El5FilekeyManagerService::ReleaseAccess(DataLockType type) int32_t El5FilekeyManagerService::GenerateAppKey(uint32_t uid, const std::string& bundleName, std::string& keyId) { - LOG_DEBUG("Generate app key for %{public}s.", bundleName.c_str()); + LOG_INFO("Generate app key for %{public}s.", bundleName.c_str()); if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { LOG_ERROR("Generate app key permission denied."); return EFM_ERR_NO_PERMISSION; @@ -200,9 +220,13 @@ int32_t El5FilekeyManagerService::GenerateAppKey(uint32_t uid, const std::string return service_->GenerateAppKey(uid, bundleName, keyId); } -int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& keyId) +int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& bundleName, int32_t userId) { - LOG_DEBUG("Delete app key."); + LOG_INFO("Delete %{public}d's %{public}s app key.", userId, bundleName.c_str()); + if (userId < 0) { + LOG_ERROR("UserId is invalid!"); + return EFM_ERR_INVALID_PARAMETER; + } if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { LOG_ERROR("Delete app key permission denied."); return EFM_ERR_NO_PERMISSION; @@ -214,13 +238,13 @@ int32_t El5FilekeyManagerService::DeleteAppKey(const std::string& keyId) return EFM_SUCCESS; } - return service_->DeleteAppKey(keyId); + return service_->DeleteAppKey(bundleName, userId); } int32_t El5FilekeyManagerService::GetUserAppKey(int32_t userId, bool getAllFlag, std::vector> &keyInfos) { - LOG_DEBUG("Get user %{public}d app key.", userId); + LOG_INFO("Get user %{public}d app key.", userId); if (userId < 0) { LOG_ERROR("UserId is invalid!"); return EFM_ERR_INVALID_PARAMETER; @@ -242,7 +266,7 @@ int32_t El5FilekeyManagerService::GetUserAppKey(int32_t userId, bool getAllFlag, int32_t El5FilekeyManagerService::ChangeUserAppkeysLoadInfo(int32_t userId, std::vector> &loadInfos) { - LOG_DEBUG("Change user %{public}d load infos.", userId); + LOG_INFO("Change user %{public}d load infos.", userId); if (userId < 0) { LOG_ERROR("UserId is invalid!"); return EFM_ERR_INVALID_PARAMETER; @@ -264,7 +288,7 @@ int32_t El5FilekeyManagerService::ChangeUserAppkeysLoadInfo(int32_t userId, int32_t El5FilekeyManagerService::SetFilePathPolicy() { int32_t userId = IPCSkeleton::GetCallingUid() / USERID_MASK; - LOG_DEBUG("Set user %{public}d file path policy.", userId); + LOG_INFO("Set user %{public}d file path policy.", userId); if (!VerifyHapCallingProcess(userId, SET_POLICY_CALLER, IPCSkeleton::GetCallingTokenID())) { LOG_ERROR("Set file path policy permission denied."); return EFM_ERR_NO_PERMISSION; @@ -281,7 +305,7 @@ int32_t El5FilekeyManagerService::SetFilePathPolicy() int32_t El5FilekeyManagerService::RegisterCallback(const sptr &callback) { - LOG_DEBUG("Register callback."); + LOG_INFO("Register callback."); if (!VerifyNativeCallingProcess(FOUNDATION, IPCSkeleton::GetCallingTokenID())) { LOG_ERROR("Register callback permission denied."); return EFM_ERR_NO_PERMISSION; @@ -296,6 +320,58 @@ int32_t El5FilekeyManagerService::RegisterCallback(const sptrRegisterCallback(callback); } +int32_t El5FilekeyManagerService::GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) +{ + LOG_INFO("Generate groupID for %{public}s.", groupID.c_str()); + if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { + LOG_ERROR("Generate groupID permission denied."); + return EFM_ERR_NO_PERMISSION; + } + + if (service_ == nullptr) { + LOG_ERROR("Failed to get policy."); + PostDelayedUnloadTask(API_DELAY_TIME); + return EFM_SUCCESS; + } + + return service_->GenerateGroupIDKey(uid, groupID, keyId); +} + +int32_t El5FilekeyManagerService::DeleteGroupIDKey(uint32_t uid, const std::string &groupID) +{ + LOG_INFO("Delete %{public}d's %{public}s app key.", uid, groupID.c_str()); + if (IPCSkeleton::GetCallingUid() != INSTALLS_UID) { + LOG_ERROR("Delete app key permission denied."); + return EFM_ERR_NO_PERMISSION; + } + + if (service_ == nullptr) { + LOG_ERROR("Failed to get policy."); + PostDelayedUnloadTask(API_DELAY_TIME); + return EFM_SUCCESS; + } + + return service_->DeleteGroupIDKey(uid, groupID); +} + +int32_t El5FilekeyManagerService::QueryAppKeyState(DataLockType type) +{ + LOG_INFO("Query type %{public}d.", type); + bool isApp = true; + int32_t ret = CheckReqLockPermission(type, isApp); + if (ret != EFM_SUCCESS) { + return ret; + } + + if (service_ == nullptr) { + LOG_ERROR("Failed to get policy."); + PostDelayedUnloadTask(API_DELAY_TIME); + return EFM_SUCCESS; + } + + return service_->QueryAppKeyState(type, isApp); +} + bool El5FilekeyManagerService::IsSystemApp() { uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); @@ -365,7 +441,7 @@ bool El5FilekeyManagerService::VerifyHapCallingProcess(int32_t userId, const std int32_t El5FilekeyManagerService::SetPolicyScreenLocked() { - LOG_INFO("service SetPolicyScreenLocked"); + LOG_INFO("Service SetPolicyScreenLocked"); if (service_ == nullptr) { LOG_ERROR("Failed to get policy."); PostDelayedUnloadTask(API_DELAY_TIME); @@ -376,7 +452,7 @@ int32_t El5FilekeyManagerService::SetPolicyScreenLocked() int32_t El5FilekeyManagerService::HandleUserCommonEvent(const std::string &eventName, int32_t userId) { - LOG_INFO("service handle event:%{public}s userId:%{public}d", eventName.c_str(), userId); + LOG_INFO("Service handle event:%{public}s userId:%{public}d", eventName.c_str(), userId); if (service_ == nullptr) { LOG_ERROR("Failed to get policy."); PostDelayedUnloadTask(API_DELAY_TIME); @@ -398,6 +474,7 @@ int El5FilekeyManagerService::Dump(int fd, const std::vector& ar dprintf(fd, "Usage:\n"); dprintf(fd, " -h: command help\n"); dprintf(fd, " -a: dump all el5 data information \n"); + dprintf(fd, " -t [time]: use arguments time to set screen lock timeout minutes only in deleloper mode\n"); return EFM_SUCCESS; } @@ -406,7 +483,7 @@ int El5FilekeyManagerService::Dump(int fd, const std::vector& ar PostDelayedUnloadTask(API_DELAY_TIME); return EFM_SUCCESS; } - LOG_INFO("start dump data"); + LOG_INFO("Start dump data"); service_->DumpData(fd, args); return EFM_SUCCESS; diff --git a/services/el5filekeymanager/src/el5_filekey_manager_service_ability.cpp b/services/el5filekeymanager/src/el5_filekey_manager_service_ability.cpp index bfec336afb07e9dbd2f2d0567473cc2d525add1f..fcd3f65fa398a56ba7656f82a39f5cdaebbcf41f 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_service_ability.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_service_ability.cpp @@ -41,6 +41,7 @@ void El5FilekeyManagerServiceAbility::OnStart(const SystemAbilityOnDemandReason LOG_INFO("OnStart called."); std::string reasonName = startReason.GetName(); LOG_INFO("El5FilekeyManager onStart reason name:%{public}s", reasonName.c_str()); + if (service_ != nullptr) { LOG_ERROR("The El5FilekeyManagerService has existed."); return; @@ -53,16 +54,22 @@ void El5FilekeyManagerServiceAbility::OnStart(const SystemAbilityOnDemandReason return; } + AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID); + AddSystemAbilityListener(SCREENLOCK_SERVICE_ID); + AddSystemAbilityListener(TELEPHONY_CALL_MANAGER_SYS_ABILITY_ID); + AddSystemAbilityListener(TIME_SERVICE_ID); + AddSystemAbilityListener(DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID); + if (reasonName == "usual.event.SCREEN_LOCKED") { service_->SetPolicyScreenLocked(); } else if (reasonName == "usual.event.USER_REMOVED" || reasonName == "usual.event.USER_STOPPED") { std::string strUserId = startReason.GetValue(); int32_t userId = 0; if (StrToInt(strUserId, userId)) { - LOG_INFO("el5 manager start, common event:%{public}s userId:%{public}d", reasonName.c_str(), userId); + LOG_INFO("El5 manager start, common event:%{public}s userId:%{public}d", reasonName.c_str(), userId); service_->HandleUserCommonEvent(reasonName, userId); } else { - LOG_ERROR("el5 manager start, invalid userId:%{public}s", strUserId.c_str()); + LOG_ERROR("El5 manager start, invalid userId:%{public}s", strUserId.c_str()); } } @@ -74,8 +81,18 @@ void El5FilekeyManagerServiceAbility::OnStart(const SystemAbilityOnDemandReason void El5FilekeyManagerServiceAbility::OnStop() { - LOG_INFO("onStop called."); - service_ = nullptr; + LOG_INFO("OnStop called."); + if (service_) { + service_->UnInit(); + service_ = nullptr; + } +} + +void El5FilekeyManagerServiceAbility::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) +{ + if (service_) { + service_->OnAddSystemAbility(systemAbilityId, deviceId); + } } } // namespace AccessToken } // namespace Security diff --git a/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp b/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp index 4bc22021fc0697e71a2bf6c2a1c80dbe8b8060a2..055ff7ed9d683c0d234ea61daef93cc8592ffb69 100644 --- a/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp +++ b/services/el5filekeymanager/src/el5_filekey_manager_stub.cpp @@ -52,13 +52,19 @@ void El5FilekeyManagerStub::SetFuncInMap() &El5FilekeyManagerStub::SetFilePathPolicyInner; requestMap_[static_cast(EFMInterfaceCode::REGISTER_CALLBACK)] = &El5FilekeyManagerStub::RegisterCallbackInner; + requestMap_[static_cast(EFMInterfaceCode::GENERATE_GROUPID_KEY)] = + &El5FilekeyManagerStub::GenerateGroupIDKeyInner; + requestMap_[static_cast(EFMInterfaceCode::DELETE_GROUPID_KEY)] = + &El5FilekeyManagerStub::DeleteGroupIDKeyInner; + requestMap_[static_cast(EFMInterfaceCode::QUERY_APP_KEY_STATE)] = + &El5FilekeyManagerStub::QueryAppKeyStateInner; } int32_t El5FilekeyManagerStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { if (data.ReadInterfaceToken() != El5FilekeyManagerInterface::GetDescriptor()) { - LOG_ERROR("get unexpected descriptor"); + LOG_ERROR("Get unexpected descriptor"); return EFM_ERR_IPC_TOKEN_INVALID; } @@ -97,8 +103,9 @@ void El5FilekeyManagerStub::GenerateAppKeyInner(MessageParcel &data, MessageParc void El5FilekeyManagerStub::DeleteAppKeyInner(MessageParcel &data, MessageParcel &reply) { - std::string keyId = data.ReadString(); - reply.WriteInt32(this->DeleteAppKey(keyId)); + std::string bundleName = data.ReadString(); + int32_t userId = data.ReadInt32(); + reply.WriteInt32(this->DeleteAppKey(bundleName, userId)); } void El5FilekeyManagerStub::GetUserAppKeyInner(MessageParcel &data, MessageParcel &reply) @@ -137,6 +144,28 @@ void El5FilekeyManagerStub::RegisterCallbackInner(MessageParcel &data, MessagePa reply.WriteInt32(this->RegisterCallback(callback)); } +void El5FilekeyManagerStub::GenerateGroupIDKeyInner(MessageParcel &data, MessageParcel &reply) +{ + uint32_t uid = data.ReadUint32(); + std::string groupID = data.ReadString(); + std::string keyId; + reply.WriteInt32(this->GenerateGroupIDKey(uid, groupID, keyId)); + reply.WriteString(keyId); +} + +void El5FilekeyManagerStub::DeleteGroupIDKeyInner(MessageParcel &data, MessageParcel &reply) +{ + uint32_t uid = data.ReadUint32(); + std::string groupID = data.ReadString(); + reply.WriteInt32(this->DeleteGroupIDKey(uid, groupID)); +} + +void El5FilekeyManagerStub::QueryAppKeyStateInner(MessageParcel &data, MessageParcel &reply) +{ + DataLockType type = static_cast(data.ReadInt32()); + reply.WriteInt32(this->QueryAppKeyState(type)); +} + void El5FilekeyManagerStub::MarshallingKeyInfos(MessageParcel &reply, std::vector>& keyInfos) { diff --git a/services/el5filekeymanager/test/BUILD.gn b/services/el5filekeymanager/test/BUILD.gn index 5de7c08dab79b6951081afb866b5fc46ec6226e7..5dee1aa0ba2fe99b27b76aafb457139b022a18c7 100644 --- a/services/el5filekeymanager/test/BUILD.gn +++ b/services/el5filekeymanager/test/BUILD.gn @@ -30,7 +30,7 @@ if (is_standard_system && ability_base_enable == true) { "../include", "mock/include", "include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] sources = [ @@ -43,11 +43,10 @@ if (is_standard_system && ability_base_enable == true) { configs = [ "${access_token_path}/config:coverage_flags" ] deps = [ + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", - "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", - "//third_party/googletest:gtest_main", ] external_deps = [ @@ -95,7 +94,7 @@ if (is_standard_system && ability_base_enable == true) { include_dirs = [ "../include", "include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] sources = [ @@ -107,11 +106,10 @@ if (is_standard_system && ability_base_enable == true) { configs = [ "${access_token_path}/config:coverage_flags" ] deps = [ + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", - "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", - "//third_party/googletest:gtest_main", ] external_deps = [ @@ -159,7 +157,7 @@ if (is_standard_system && ability_base_enable == true) { include_dirs = [ "../include", "include", - "${access_token_path}/frameworks/el5filekeymanager/include/", + "${access_token_path}/frameworks/inner_api/el5filekeymanager/include/", ] sources = [ @@ -171,11 +169,10 @@ if (is_standard_system && ability_base_enable == true) { configs = [ "${access_token_path}/config:coverage_flags" ] deps = [ + "${access_token_path}/interfaces/inner_api/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", - "${access_token_path}/interfaces/innerkits/el5filekeymanager:el5_filekey_manager_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", - "//third_party/googletest:gtest_main", ] external_deps = [ diff --git a/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp b/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp index 08547ed3c03fe202ec84130ae3b02f4d8a8836b7..2f1d17c0351fe22fcaa4749946fe13e8e37f19f2 100644 --- a/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp +++ b/services/el5filekeymanager/test/src/el5_filekey_manager_service_mock_unittest.cpp @@ -22,6 +22,9 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; +namespace { +constexpr uint32_t SCREEN_ON_DELAY_TIME = 30; +} // namespace void El5FilekeyManagerServiceMockTest::SetUpTestCase() { @@ -29,6 +32,7 @@ void El5FilekeyManagerServiceMockTest::SetUpTestCase() void El5FilekeyManagerServiceMockTest::TearDownTestCase() { + sleep(SCREEN_ON_DELAY_TIME); } void El5FilekeyManagerServiceMockTest::SetUp() @@ -67,7 +71,7 @@ public: return EFM_SUCCESS; } - int32_t DeleteAppKey(const std::string& keyId) + int32_t DeleteAppKey(const std::string& bundleName, int32_t userId) { return EFM_SUCCESS; } @@ -90,6 +94,26 @@ public: return EFM_SUCCESS; } + int32_t RegisterCallback(const OHOS::sptr &callback) + { + return EFM_SUCCESS; + } + + int32_t GenerateGroupIDKey(uint32_t uid, const std::string &groupID, std::string &keyId) + { + return EFM_SUCCESS; + } + + int32_t DeleteGroupIDKey(uint32_t uid, const std::string &groupID) + { + return EFM_SUCCESS; + } + + int32_t QueryAppKeyState(DataLockType type, bool isApp) + { + return EFM_SUCCESS; + } + int32_t HandleUserCommonEvent(const std::string &eventName, int32_t userId) { return EFM_SUCCESS; @@ -105,9 +129,14 @@ public: return EFM_SUCCESS; } - int32_t RegisterCallback(const OHOS::sptr &callback) + void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) { - return EFM_SUCCESS; + GTEST_LOG_(INFO) << "OnAddSystemAbility."; + } + + void UnInit() + { + GTEST_LOG_(INFO) << "UnInit."; } }; @@ -219,7 +248,7 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, GenerateAppKey002, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId. + * @tc.desc: Delete app key by bundle name and user id. * @tc.type: FUNC * @tc.require: issueIAD2MD */ @@ -227,16 +256,17 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteAppKey001, TestSize.Level1) { el5FilekeyManagerService_->service_ = nullptr; - std::string keyId = ""; + std::string bundleName = ""; + int32_t userId = 100; MockIpc::SetCallingUid(3060); - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_SUCCESS); + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_SUCCESS); } /** * @tc.name: DeleteAppKey002 - * @tc.desc: Delete app key by keyId. + * @tc.desc: Delete app key by bundle name and user id. * @tc.type: FUNC * @tc.require: issueIAD2MD */ @@ -244,11 +274,12 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteAppKey002, TestSize.Level1) { el5FilekeyManagerService_->service_ = new TestEl5FilekeyServiceExt(); - std::string keyId = ""; + std::string bundleName = ""; + int32_t userId = 100; MockIpc::SetCallingUid(3060); - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_SUCCESS); + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_SUCCESS); } /** @@ -416,6 +447,114 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, RegisterCallback002, TestSize.Level1) ASSERT_EQ(el5FilekeyManagerService_->RegisterCallback((new TestEl5FilekeyCallback())), EFM_SUCCESS); } +/** + * @tc.name: GenerateGroupIDKey001 + * @tc.desc: Generate data group key by user id and group id. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, GenerateGroupIDKey001, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = nullptr; + + uint32_t uid = 100; + std::string groupID = "abcdefghijklmn"; + std::string keyId; + + MockIpc::SetCallingUid(3060); + + ASSERT_EQ(el5FilekeyManagerService_->GenerateGroupIDKey(uid, groupID, keyId), EFM_SUCCESS); +} + +/** + * @tc.name: GenerateGroupIDKey002 + * @tc.desc: Generate data group key by user id and group id. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, GenerateGroupIDKey002, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = new TestEl5FilekeyServiceExt(); + + uint32_t uid = 100; + std::string groupID = "abcdefghijklmn"; + std::string keyId; + + MockIpc::SetCallingUid(3060); + + ASSERT_EQ(el5FilekeyManagerService_->GenerateGroupIDKey(uid, groupID, keyId), EFM_SUCCESS); +} + +/** + * @tc.name: DeleteGroupIDKey001 + * @tc.desc: Delete data group key by user id and group id. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteGroupIDKey001, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = nullptr; + + uint32_t uid = 100; + std::string groupID = ""; + + MockIpc::SetCallingUid(3060); + + ASSERT_EQ(el5FilekeyManagerService_->DeleteGroupIDKey(uid, groupID), EFM_SUCCESS); +} + +/** + * @tc.name: DeleteGroupIDKey002 + * @tc.desc: Delete data group key by user id and group id. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, DeleteGroupIDKey002, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = new TestEl5FilekeyServiceExt(); + + uint32_t uid = 100; + std::string groupID = ""; + + MockIpc::SetCallingUid(3060); + + ASSERT_EQ(el5FilekeyManagerService_->DeleteGroupIDKey(uid, groupID), EFM_SUCCESS); +} + +/** + * @tc.name: QueryAppKeyState001 + * @tc.desc: Query default type app key. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, QueryAppKeyState001, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = nullptr; + + MockIpc::SetCallingUid(20020025); + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, "com.ohos.medialibrary.medialibrarydata", 0); + MockIpc::SetCallingTokenID(static_cast(tokenId)); + + ASSERT_EQ(el5FilekeyManagerService_->QueryAppKeyState(DEFAULT_DATA), EFM_SUCCESS); +} + +/** + * @tc.name: QueryAppKeyState002 + * @tc.desc: Query default type app key. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, QueryAppKeyState002, TestSize.Level1) +{ + el5FilekeyManagerService_->service_ = new TestEl5FilekeyServiceExt(); + + MockIpc::SetCallingUid(20020025); + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(100, "com.ohos.medialibrary.medialibrarydata", 0); + MockIpc::SetCallingTokenID(static_cast(tokenId)); + + ASSERT_EQ(el5FilekeyManagerService_->QueryAppKeyState(DEFAULT_DATA), EFM_SUCCESS); +} + /** * @tc.name: SetPolicyScreenLocked001 * @tc.desc: SetPolicyScreenLocked @@ -499,3 +638,66 @@ HWTEST_F(El5FilekeyManagerServiceMockTest, HandleUserCommonEvent002, TestSize.Le int userId = 1; ASSERT_EQ(el5FilekeyManagerService_->HandleUserCommonEvent(eventName, userId), EFM_SUCCESS); } + +/** + * @tc.name: OnRemoteRequest001 + * @tc.desc: El5FilekeyCallbackStub function test OnRemoteRequest001. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, OnRemoteRequest001, TestSize.Level1) +{ + TestEl5FilekeyCallback testEl5FilekeyCallback; + OHOS::MessageParcel data; + OHOS::MessageParcel reply; + OHOS::MessageOption option; + uint32_t code = static_cast(El5FilekeyCallbackInterface::Code::ON_REGENERATE_APP_KEY); + + ASSERT_EQ(data.WriteInterfaceToken(El5FilekeyCallbackInterface::GetDescriptor()), true); + data.WriteUint32(1); // infosSize + data.WriteInt32(1); // AppKeyInfo size + data.WriteUint32(static_cast(AppKeyType::APP)); + data.WriteUint32(1000); + std::string bundleName = "ohos.permission.test"; + data.WriteString(bundleName); + data.WriteInt32(100); + data.WriteString("testGroupId"); + ASSERT_EQ(testEl5FilekeyCallback.OnRemoteRequest(code, data, reply, option), OHOS::NO_ERROR); +} + +/** + * @tc.name: Marshalling001 + * @tc.desc: AppKeyInfo function test Marshalling. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, Marshalling001, TestSize.Level1) +{ + AppKeyInfo appKeyInfo; + appKeyInfo.uid = 1000; + appKeyInfo.bundleName = "test"; + appKeyInfo.userId = 200; + appKeyInfo.groupID = "testGroupId"; + OHOS::Parcel parcel; + ASSERT_EQ(appKeyInfo.Marshalling(parcel), true); +} + +/** + * @tc.name: Unmarshalling001 + * @tc.desc: AppKeyInfo function test Marshalling. + * @tc.type: FUNC + * @tc.require: Issue Number + */ +HWTEST_F(El5FilekeyManagerServiceMockTest, Unmarshalling001, TestSize.Level1) +{ + AppKeyInfo appKeyInfo; + OHOS::Parcel parcel; + parcel.WriteUint32(static_cast(AppKeyType::GROUPID)); + parcel.WriteUint32(1000); + parcel.WriteString("ohos.permission.test"); + parcel.WriteInt32(100); + parcel.WriteString("testGroupId"); + auto info = appKeyInfo.Unmarshalling(parcel); + ASSERT_EQ(info != nullptr, true); + ASSERT_EQ(info->bundleName, "ohos.permission.test"); +} diff --git a/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp b/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp index b47f0b5c145ab5c8b173dc75b2d9fea72f5144f9..3c2ae63537ec970dd4f5b62081936e8a0bebbd43 100644 --- a/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp +++ b/services/el5filekeymanager/test/src/el5_filekey_manager_service_unittest.cpp @@ -21,6 +21,9 @@ using namespace testing::ext; using namespace OHOS::Security::AccessToken; +namespace { +constexpr uint32_t SCREEN_ON_DELAY_TIME = 30; +} // namespace void El5FilekeyManagerServiceTest::SetUpTestCase() { @@ -28,6 +31,7 @@ void El5FilekeyManagerServiceTest::SetUpTestCase() void El5FilekeyManagerServiceTest::TearDownTestCase() { + sleep(SCREEN_ON_DELAY_TIME); } void El5FilekeyManagerServiceTest::SetUp() @@ -120,14 +124,15 @@ HWTEST_F(El5FilekeyManagerServiceTest, GenerateAppKey001, TestSize.Level1) /** * @tc.name: DeleteAppKey001 - * @tc.desc: Delete app key by keyId without permission. + * @tc.desc: Delete app key by bundle name and user id without permission. * @tc.type: FUNC * @tc.require: issueI9JGMV */ HWTEST_F(El5FilekeyManagerServiceTest, DeleteAppKey001, TestSize.Level1) { - std::string keyId = ""; - ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(keyId), EFM_ERR_NO_PERMISSION); + std::string bundleName = ""; + int32_t userId = 100; + ASSERT_EQ(el5FilekeyManagerService_->DeleteAppKey(bundleName, userId), EFM_ERR_NO_PERMISSION); } /** @@ -206,6 +211,67 @@ HWTEST_F(El5FilekeyManagerServiceTest, RegisterCallback001, TestSize.Level1) ASSERT_EQ(el5FilekeyManagerService_->RegisterCallback((new TestEl5FilekeyCallback())), EFM_ERR_NO_PERMISSION); } +/** + * @tc.name: GenerateGroupIDKey001 + * @tc.desc: Generate data group key by userId and group id without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerServiceTest, GenerateGroupIDKey001, TestSize.Level1) +{ + uint32_t uid = 100; + std::string groupID = "abcdefghijklmn"; + std::string keyId; + ASSERT_EQ(el5FilekeyManagerService_->GenerateGroupIDKey(uid, groupID, keyId), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: DeleteGroupIDKey001 + * @tc.desc: Delete data group key by user id and group id without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerServiceTest, DeleteGroupIDKey001, TestSize.Level1) +{ + uint32_t uid = 100; + std::string groupID = ""; + ASSERT_EQ(el5FilekeyManagerService_->DeleteGroupIDKey(uid, groupID), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: QueryAppKeyState001 + * @tc.desc: Query media type app key without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerServiceTest, QueryAppKeyState001, TestSize.Level1) +{ + ASSERT_EQ(el5FilekeyManagerService_->QueryAppKeyState(MEDIA_DATA), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: QueryAppKeyState002 + * @tc.desc: Query all type app key without permission. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerServiceTest, QueryAppKeyState002, TestSize.Level1) +{ + ASSERT_EQ(el5FilekeyManagerService_->QueryAppKeyState(ALL_DATA), EFM_ERR_NO_PERMISSION); +} + +/** + * @tc.name: QueryAppKeyState003 + * @tc.desc: Query invalid type app key. + * @tc.type: FUNC + * @tc.require: issueIAD2MD + */ +HWTEST_F(El5FilekeyManagerServiceTest, QueryAppKeyState003, TestSize.Level1) +{ + uint32_t type = 3; + ASSERT_EQ(el5FilekeyManagerService_->QueryAppKeyState(static_cast(type)), EFM_ERR_NO_PERMISSION); +} + /** * @tc.name: SetPolicyScreenLocked001 * @tc.desc: SetPolicyScreenLocked @@ -256,35 +322,6 @@ HWTEST_F(El5FilekeyManagerServiceTest, Dump003, TestSize.Level1) ASSERT_EQ(el5FilekeyManagerService_->Dump(fd, args), EFM_SUCCESS); } -/** - * @tc.name: PostDelayedUnloadTask001 - * @tc.desc: PostDelayedUnloadTask fun test. - * @tc.type: FUNC - * @tc.require: issueI9Q6K2 - */ -HWTEST_F(El5FilekeyManagerServiceTest, PostDelayedUnloadTask001, TestSize.Level1) -{ -#ifndef EVENTHANDLER_ENABLE -#define EVENTHANDLER_ENABLE - int32_t delayedTime = 1; - el5FilekeyManagerService_->PostDelayedUnloadTask(delayedTime); -#endif -} - -/** - * @tc.name: CancelDelayedUnloadTask001 - * @tc.desc: CancelDelayedUnloadTask fun test. - * @tc.type: FUNC - * @tc.require: issueI9Q6K2 - */ -HWTEST_F(El5FilekeyManagerServiceTest, CancelDelayedUnloadTask001, TestSize.Level1) -{ -#ifndef EVENTHANDLER_ENABLE -#define EVENTHANDLER_ENABLE - el5FilekeyManagerService_->CancelDelayedUnloadTask(); -#endif -} - /** * @tc.name: IsSystemApp001 * @tc.desc: IsSystemApp fun test. diff --git a/services/el5filekeymanager/test/src/el5_filekey_manager_stub_unittest.cpp b/services/el5filekeymanager/test/src/el5_filekey_manager_stub_unittest.cpp index 6746e7fcca39930d0bce9feb63028b9b30802ff7..d0fae46b97584617bcbe1bfb2cfc692e84ca4c41 100644 --- a/services/el5filekeymanager/test/src/el5_filekey_manager_stub_unittest.cpp +++ b/services/el5filekeymanager/test/src/el5_filekey_manager_stub_unittest.cpp @@ -246,4 +246,58 @@ HWTEST_F(El5FilekeyManagerStubTest, OnRemoteRequest011, TestSize.Level1) int32_t code = -1; ASSERT_EQ(el5FilekeyManagerStub_->OnRemoteRequest(code, data, reply, option), EFM_ERR_IPC_TOKEN_INVALID); -} \ No newline at end of file +} + +/** + * @tc.name: OnRemoteRequest0012 + * @tc.desc: EFMInterfaceCode::GENERATE_GROUPID_KEY. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerStubTest, OnRemoteRequest0012, TestSize.Level1) +{ + OHOS::MessageParcel data; + OHOS::MessageParcel reply; + OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())); + + ASSERT_EQ(el5FilekeyManagerStub_->OnRemoteRequest( + static_cast(EFMInterfaceCode::GENERATE_GROUPID_KEY), data, reply, option), OHOS::NO_ERROR); +} + +/** + * @tc.name: OnRemoteRequest0013 + * @tc.desc: EFMInterfaceCode::DELETE_GROUPID_KEY. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerStubTest, OnRemoteRequest0013, TestSize.Level1) +{ + OHOS::MessageParcel data; + OHOS::MessageParcel reply; + OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())); + + ASSERT_EQ(el5FilekeyManagerStub_->OnRemoteRequest( + static_cast(EFMInterfaceCode::DELETE_GROUPID_KEY), data, reply, option), OHOS::NO_ERROR); +} + +/** + * @tc.name: OnRemoteRequest0014 + * @tc.desc: EFMInterfaceCode::QUERY_APP_KEY_STATE. + * @tc.type: FUNC + * @tc.require: issueI9JGMV + */ +HWTEST_F(El5FilekeyManagerStubTest, OnRemoteRequest0014, TestSize.Level1) +{ + OHOS::MessageParcel data; + OHOS::MessageParcel reply; + OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(El5FilekeyManagerInterface::GetDescriptor())); + + ASSERT_EQ(el5FilekeyManagerStub_->OnRemoteRequest( + static_cast(EFMInterfaceCode::QUERY_APP_KEY_STATE), data, reply, option), OHOS::NO_ERROR); +} diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index ecfd2e94e3a14e83a2cd2e5639a99229e1415c66..24f932dbde108aaa5321b5bb55a6bd723c4c66c0 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -50,6 +50,7 @@ if (is_standard_system && ability_base_enable == true) { "include/active", "include/common", "include/database", + "include/proxy", "include/record", "include/service", "include/sensitive", @@ -60,16 +61,14 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", - "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", - "${access_token_path}/services/common/power_manager/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", - "${audio_framework_path}/services/audio_policy/common/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ @@ -81,17 +80,13 @@ if (is_standard_system && ability_base_enable == true) { "src/database/data_translator.cpp", "src/database/permission_used_record_db.cpp", "src/database/privacy_field_const.cpp", + "src/proxy/privacy_manager_proxy_death_param.cpp", "src/record/on_permission_used_record_callback_proxy.cpp", "src/record/permission_record.cpp", "src/record/permission_record_manager.cpp", - "src/record/permission_record_repository.cpp", - "src/record/permission_used_record_cache.cpp", - "src/sensitive/audio_manager/audio_manager_privacy_client.cpp", - "src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp", - "src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp", - "src/sensitive/camera_manager/camera_manager_privacy_client.cpp", - "src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp", - "src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp", + "src/record/permission_record_set.cpp", + "src/sensitive/audio_manager/audio_manager_adapter.cpp", + "src/sensitive/camera_manager/camera_manager_adapter.cpp", "src/service/privacy_manager_service.cpp", "src/service/privacy_manager_stub.cpp", ] @@ -112,6 +107,7 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/proxy_death:proxy_death_handler", "${access_token_path}/services/privacymanager:privacy.rc", ] @@ -127,13 +123,19 @@ if (is_standard_system && ability_base_enable == true) { "sqlite:sqlite", ] - if (ohos_indep_compiler_enable) { - external_deps += [ - "bounds_checking_function:libsec_shared", - "json:nlohmann_json_static", - ] + if (audio_framework_enable) { + cflags_cc += [ "-DAUDIO_FRAMEWORK_ENABLE" ] + external_deps += [ "audio_framework:audio_client" ] } + if (camera_framework_enable) { + cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] + external_deps += [ "camera_framework:camera_framework" ] + } + + if (ohos_indep_compiler_enable) { + external_deps += [ "bounds_checking_function:libsec_shared" ] + } if (eventhandler_enable == true) { cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] external_deps += [ "eventhandler:libeventhandler" ] @@ -155,15 +157,24 @@ if (is_standard_system && ability_base_enable == true) { cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] include_dirs += [ "${access_token_path}/services/common/window_manager/include" ] + sources += [ + "${access_token_path}/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_agent.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_client.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_proxy.cpp", + ] + external_deps += [ "window_manager:libwsutils" ] } if (access_token_app_security_privacy_service_enable) { cflags_cc += [ "-DAPP_SECURITY_PRIVACY_SERVICE" ] - } - - if (hicollie_enable == true) { - external_deps += [ "hicollie:libhicollie" ] - cflags_cc += [ "-DHICOLLIE_ENABLE" ] + } else { + include_dirs += + [ "${access_token_path}/services/common/ability_manager/include" ] } } } diff --git a/services/privacymanager/include/active/active_status_callback_manager.h b/services/privacymanager/include/active/active_status_callback_manager.h index b630f95ac3f59902e96a672f27ab3dd1b0377885..a80a105fd03f208b98bad5e2cc27ec6f48d07903 100644 --- a/services/privacymanager/include/active/active_status_callback_manager.h +++ b/services/privacymanager/include/active/active_status_callback_manager.h @@ -23,7 +23,8 @@ #include "access_event_handler.h" #endif #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" +#include "active_change_response_info.h" #include "perm_active_status_callback_death_recipient.h" #include "perm_active_status_change_callback_proxy.h" @@ -37,6 +38,7 @@ struct CallbackData { : permList_(permList), callbackObject_(callback) {} + AccessTokenID registerTokenId {0}; std::vector permList_; sptr callbackObject_; }; @@ -48,16 +50,14 @@ public: static ActiveStatusCallbackManager& GetInstance(); int32_t AddCallback( - const std::vector& permList, const sptr& callback); + AccessTokenID regiterTokenId, const std::vector& permList, const sptr& callback); int32_t RemoveCallback(const sptr& callback); bool NeedCalled(const std::vector& permList, const std::string& permName); - void ExecuteCallbackAsync( - AccessTokenID tokenId, const std::string& permName, const std::string& deviceId, ActiveChangeType changeType); + void ExecuteCallbackAsync(ActiveChangeResponse& info); #ifdef EVENTHANDLER_ENABLE void InitEventHandler(const std::shared_ptr& eventHandler); #endif - void ActiveStatusChange(AccessTokenID tokenId, const std::string& permName, - const std::string& deviceId, ActiveChangeType changeType); + void ActiveStatusChange(ActiveChangeResponse& info); private: std::mutex mutex_; std::vector callbackDataList_; diff --git a/services/privacymanager/include/common/constant.h b/services/privacymanager/include/common/constant.h index 2087ac6ba8f45110cd98c1118be221afe9596194..d265b35d837a0d46440409d0a6617c4405c35b08 100644 --- a/services/privacymanager/include/common/constant.h +++ b/services/privacymanager/include/common/constant.h @@ -68,6 +68,22 @@ public: OP_READ_WRITE_DESKTOP_DIRECTORY = 39, OP_ACCESS_NEARLINK = 40, OP_CAPTURE_SCREEN = 41, + SHORT_TERM_WRITE_IMAGEVIDEO = 42, + CAMERA_BACKGROUND = 43, + OP_CUSTOM_SCREEN_CAPTURE = 44, + // 以下声明仅用于下载 桌面 文档文件夹权限的访问记录使用,需要和普通权限做区分 + OP_READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_READ = 100, + OP_READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_WRITE = 101, + OP_READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_READ = 102, + OP_READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_WRITE = 103, + OP_READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_READ = 104, + OP_READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_WRITE = 105, + OP_READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_READ = 106, + OP_READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_WRITE = 107, + OP_READ_WRITE_DESKTOP_DIRECTORY_MEDIA_READ = 108, + OP_READ_WRITE_DESKTOP_DIRECTORY_MEDIA_WRITE = 109, + OP_READ_WRITE_DESKTOP_DIRECTORY_OTHER_READ = 110, + OP_READ_WRITE_DESKTOP_DIRECTORY_OTHER_WRITE = 111, }; enum ErrorCode { diff --git a/services/privacymanager/include/database/permission_used_record_db.h b/services/privacymanager/include/database/permission_used_record_db.h index 2edf1f988c10e95c23cfb72cb0ffa2262cbd4ce0..df38a6ddf39f5c2a64f2c66fa5b87ff84c0311c8 100644 --- a/services/privacymanager/include/database/permission_used_record_db.h +++ b/services/privacymanager/include/database/permission_used_record_db.h @@ -17,12 +17,14 @@ #define PERMISSION_USED_RECORD_DB_H #include +#include #include "generic_values.h" -#include "sqlite_helper.h" +#include "permission_record.h" #include "nocopyable.h" #include "rwlock.h" +#include "sqlite_helper.h" namespace OHOS { namespace Security { @@ -37,6 +39,7 @@ public: enum DataType { PERMISSION_RECORD, PERMISSION_USED_TYPE, + PERMISSION_USED_RECORD_TOGGLE_STATUS, }; enum ExecuteResult { FAILURE = -1, SUCCESS }; static PermissionUsedRecordDb& GetInstance(); @@ -49,6 +52,8 @@ public: std::vector& results, int32_t databaseQueryCount); int32_t Count(DataType type); int32_t DeleteExpireRecords(DataType type, const GenericValues& andConditions); + int32_t DeleteHistoryRecordsInTables(std::vector dateTypes, + const std::unordered_set& tokenIDList); int32_t DeleteExcessiveRecords(DataType type, uint32_t excessiveSize); int32_t Update(DataType type, const GenericValues& modifyValue, const GenericValues& conditionValue); int32_t Query(DataType type, const GenericValues& conditionValue, std::vector& results); @@ -65,9 +70,13 @@ private: int32_t CreatePermissionRecordTable() const; int32_t CreatePermissionUsedTypeTable() const; + int32_t CreatePermissionUsedRecordToggleStatusTable() const; int32_t InsertLockScreenStatusColumn() const; int32_t InsertPermissionUsedTypeColumn() const; + int32_t UpdatePermissionRecordTablePrimaryKey() const; + std::string CreateDeleteHistoryRecordsPrepareSqlCmd(DataType type, + const std::unordered_set& tokenIDList) const; std::string CreateInsertPrepareSqlCmd(DataType type) const; std::string CreateDeletePrepareSqlCmd( DataType type, const std::vector& columnNames = std::vector()) const; @@ -85,9 +94,11 @@ private: private: inline static constexpr const char* PERMISSION_RECORD_TABLE = "permission_record_table"; inline static constexpr const char* PERMISSION_USED_TYPE_TABLE = "permission_used_type_table"; + inline static constexpr const char* PERMISSION_USED_RECORD_TOGGLE_STATUS_TABLE = + "permission_used_record_toggle_status_table"; inline static constexpr const char* DATABASE_NAME = "permission_used_record.db"; inline static constexpr const char* DATABASE_PATH = "/data/service/el1/public/access_token/"; - static const int32_t DATABASE_VERSION = 3; + static const int32_t DATABASE_VERSION = 5; }; } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/include/database/privacy_field_const.h b/services/privacymanager/include/database/privacy_field_const.h index 8c8946a3516dfd025c4043b4dfc1db24b2473586..c7f47a62ef17824de085284f85e45d9619dac498 100644 --- a/services/privacymanager/include/database/privacy_field_const.h +++ b/services/privacymanager/include/database/privacy_field_const.h @@ -23,6 +23,7 @@ namespace Security { namespace AccessToken { class PrivacyFiledConst { public: + const static std::string FIELD_USER_ID; const static std::string FIELD_TOKEN_ID; const static std::string FIELD_DEVICE_ID; const static std::string FIELD_OP_CODE; diff --git a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h b/services/privacymanager/include/proxy/privacy_manager_proxy_death_param.h similarity index 57% rename from interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h rename to services/privacymanager/include/proxy/privacy_manager_proxy_death_param.h index 1771249a4e604821e4445023b3ae22ee13465956..86c14509347a446b9d79694c7690e42f6369c7f9 100644 --- a/interfaces/innerkits/el5filekeymanager/src/el5_filekey_manager_load_callback.h +++ b/services/privacymanager/include/proxy/privacy_manager_proxy_death_param.h @@ -13,25 +13,31 @@ * limitations under the License. */ -#ifndef EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H -#define EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H +#ifndef PRIVACY_PROXY_DEATH_PARAM_H +#define PRIVACY_PROXY_DEATH_PARAM_H -#include -#include +#include "privacy_manager_proxy_death_param.h" -#include "refbase.h" -#include "system_ability_load_callback_stub.h" +#include +#include "accesstoken_common_log.h" +#include "access_token.h" +#include "proxy_death_param.h" namespace OHOS { namespace Security { namespace AccessToken { -class El5FilekeyManagerLoadCallback : public SystemAbilityLoadCallbackStub { + +class PrivacyManagerProxyDeathParam : public ProxyDeathParam { public: - void OnLoadSystemAbilitySuccess(int32_t systemAbilityId, - const sptr &remoteObject) override; - void OnLoadSystemAbilityFail(int32_t systemAbilityId) override; + PrivacyManagerProxyDeathParam(int32_t callerPid); + ~PrivacyManagerProxyDeathParam() override {}; + void ProcessParam() override; + bool IsEqual(ProxyDeathParam* param) override; +private: + int32_t pid_; }; + } // namespace AccessToken -} // namespace Security +} // namespace Security } // namespace OHOS -#endif // EL5_FILEKEY_MANAGER_LOAD_CALLBACK_H +#endif // PRIVACY_PROXY_DEATH_PARAM_H \ No newline at end of file diff --git a/services/privacymanager/include/record/permission_record.h b/services/privacymanager/include/record/permission_record.h index d210cac8e81df3800cbe37ff63434434cda3f140..e29d464398eb5f7cdf4e326267371b9babfcba4a 100644 --- a/services/privacymanager/include/record/permission_record.h +++ b/services/privacymanager/include/record/permission_record.h @@ -16,6 +16,7 @@ #ifndef PERMISSION_RECORD_H #define PERMISSION_RECORD_H +#include #include "active_change_response_info.h" #include "generic_values.h" #include "permission_used_type.h" @@ -39,6 +40,31 @@ struct PermissionRecord { static void TranslationIntoGenericValues(const PermissionRecord& record, GenericValues& values); static void TranslationIntoPermissionRecord(const GenericValues& values, PermissionRecord& record); }; + +struct ContinusPermissionRecord { + uint32_t tokenId = 0; + int32_t opCode = 0; + int32_t status = 0; + int32_t pid = 0; + int32_t callerPid = 0; + + bool operator < (const ContinusPermissionRecord& other) const; + + uint64_t GetTokenIdAndPermCode() const; + uint64_t GetTokenIdAndPid() const; + bool IsEqualRecord(const ContinusPermissionRecord& record) const; + bool IsEqualTokenId(const ContinusPermissionRecord& record) const; + bool IsEqualPermCode(const ContinusPermissionRecord& record) const; + bool IsEqualCallerPid(const ContinusPermissionRecord& record) const; + bool IsEqualPid(const ContinusPermissionRecord& record) const; + bool IsEqualTokenIdAndPid(const ContinusPermissionRecord& record) const; + static bool IsPidValid(int32_t pid); +}; + +struct PermissionRecordCache { + PermissionRecord record; + bool needUpdateToDb = false; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/privacymanager/include/record/permission_record_manager.h b/services/privacymanager/include/record/permission_record_manager.h index 867d6562677ca704ed26e8c99804a3f4454044c0..17f738733380a00281e40aa39a4eaf0cbe49d2e1 100644 --- a/services/privacymanager/include/record/permission_record_manager.h +++ b/services/privacymanager/include/record/permission_record_manager.h @@ -16,9 +16,10 @@ #ifndef PERMISSION_RECORD_MANAGER_H #define PERMISSION_RECORD_MANAGER_H -#include #include #include +#include +#include #ifdef EVENTHANDLER_ENABLE #include "access_event_handler.h" @@ -27,17 +28,20 @@ #include "active_change_response_info.h" #include "add_perm_param_info.h" #include "app_manager_death_callback.h" -#include "app_manager_death_recipient.h" #include "app_status_change_callback.h" #include "hap_token_info.h" #include "libraryloader.h" #include "nocopyable.h" #include "on_permission_used_record_callback.h" #include "permission_record.h" +#include "permission_record_set.h" #include "permission_used_request.h" #include "permission_used_result.h" #include "permission_used_type_info.h" #include "privacy_param.h" +#ifdef CAMERA_FLOAT_WINDOW_ENABLE +#include "privacy_window_manager_agent.h" +#endif #include "rwlock.h" #include "safe_map.h" #include "thread_pool.h" @@ -50,8 +54,8 @@ public: PrivacyAppStateObserver() = default; ~PrivacyAppStateObserver() = default; void OnProcessDied(const ProcessData &processData) override; - void OnApplicationStateChanged(const AppStateData &appStateData) override; - void OnForegroundApplicationChanged(const AppStateData &appStateData) override; + void OnAppStopped(const AppStateData &appStateData) override; + void OnAppStateChanged(const AppStateData &appStateData) override; DISALLOW_COPY_AND_MOVE(PrivacyAppStateObserver); }; @@ -71,33 +75,40 @@ public: void Init(); int32_t AddPermissionUsedRecord(const AddPermParamInfo& info); - void RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID); + void RemovePermissionUsedRecords(AccessTokenID tokenId); + bool IsUserIdValid(int32_t userID) const; + int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status); + int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status); + void RemoveHistoryPermissionUsedRecords(std::unordered_set tokenIDList); int32_t GetPermissionUsedRecords(const PermissionUsedRequest& request, PermissionUsedResult& result); int32_t GetPermissionUsedRecordsAsync( const PermissionUsedRequest& request, const sptr& callback); - int32_t StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName); - int32_t StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const sptr& callback); - int32_t StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName); + int32_t StartUsingPermission(const PermissionUsedTypeInfo &info, int32_t callerPid); + int32_t StartUsingPermission(const PermissionUsedTypeInfo &info, const sptr& callback, + int32_t callerPid); + int32_t StopUsingPermission(AccessTokenID tokenId, int32_t pid, const std::string& permissionName, + int32_t callerPid); + bool HasCallerInStartList(int32_t callerPid); int32_t RegisterPermActiveStatusCallback( - const std::vector& permList, const sptr& callback); + AccessTokenID regiterTokenId, const std::vector& permList, const sptr& callback); int32_t UnRegisterPermActiveStatusCallback(const sptr& callback); - void CallbackExecute(AccessTokenID tokenId, const std::string& permissionName, int32_t status); + void CallbackExecute(const ContinusPermissionRecord& record, const std::string& permissionName, + PermissionUsedType type = PermissionUsedType::NORMAL_TYPE); int32_t PermissionListFilter(const std::vector& listSrc, std::vector& listRes); - bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName); + bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid); int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& results); - int32_t SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute); + int32_t SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute, + AccessTokenID tokenID); int32_t SetEdmMutePolicy(const std::string permissionName, bool isMute); int32_t SetPrivacyMutePolicy(const std::string permissionName, bool isMute); int32_t SetTempMutePolicy(const std::string permissionName, bool isMute); int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed); - void NotifyAppStateChange(AccessTokenID tokenId, ActiveChangeType status); + void NotifyAppStateChange(AccessTokenID tokenId, int32_t pid, ActiveChangeType status); void SetLockScreenStatus(int32_t lockScreenStatus); - int32_t GetLockScreenStatus(); - bool IsScreenOn(); + int32_t GetLockScreenStatus(bool isIpc = false); #ifdef CAMERA_FLOAT_WINDOW_ENABLE void NotifyCameraWindowChange(bool isPip, AccessTokenID tokenId, bool isShowing); @@ -106,26 +117,38 @@ public: void OnAppMgrRemoteDiedHandle(); void OnAudioMgrRemoteDiedHandle(); void OnCameraMgrRemoteDiedHandle(); + void RemoveRecordFromStartListByPid(const AccessTokenID tokenId, int32_t pid); void RemoveRecordFromStartListByToken(const AccessTokenID tokenId); void RemoveRecordFromStartListByOp(int32_t opCode); + void RemoveRecordFromStartListByCallerPid(int32_t callerPid); void ExecuteAllCameraExecuteCallback(); + void UpdatePermRecImmediately(); + void ExecuteDeletePermissionRecordTask(); private: PermissionRecordManager(); DISALLOW_COPY_AND_MOVE(PermissionRecordManager); - bool IsAllowedUsingCamera(AccessTokenID tokenId); - bool IsAllowedUsingMicrophone(AccessTokenID tokenId); - - void AddRecord(const PermissionRecord& record); + bool IsAllowedUsingCamera(AccessTokenID tokenId, int32_t pid); + bool IsAllowedUsingMicrophone(AccessTokenID tokenId, int32_t pid); + + bool CheckPermissionUsedRecordToggleStatus(int32_t userID); + bool UpdatePermUsedRecToggleStatusMap(int32_t userID, bool status); + void UpdatePermUsedRecToggleStatusMapFromDb(); + bool AddOrUpdateUsedStatusIfNeeded(int32_t userID, bool status); + void AddRecToCacheAndValueVec(const PermissionRecord& record, std::vector& values); + int32_t MergeOrInsertRecord(const PermissionRecord& record); + bool UpdatePermissionUsedRecordToDb(const PermissionRecord& record); + int32_t AddRecord(const PermissionRecord& record); int32_t GetPermissionRecord(const AddPermParamInfo& info, PermissionRecord& record); bool CreateBundleUsedRecord(const AccessTokenID tokenId, BundleUsedRecord& bundleRecord); - void ExecuteDeletePermissionRecordTask(); int32_t GetCurDeleteTaskNum(); void AddDeleteTaskNum(); void ReduceDeleteTaskNum(); int32_t DeletePermissionRecord(int32_t days); + void GetMergedRecordsFromCache(std::vector& mergedRecords); + void InsteadMergedRecIfNecessary(GenericValues& mergedRecord, std::vector& mergedRecords); void MergeSamePermission(const PermissionUsageFlag& flag, const PermissionUsedRecord& inRecord, PermissionUsedRecord& outRecord); void FillPermissionUsedRecords(const PermissionUsedRecord& record, const PermissionUsageFlag& flag, @@ -135,25 +158,26 @@ private: PermissionUsedResult& result); bool GetRecordsFromLocalDB(const PermissionUsedRequest& request, PermissionUsedResult& result); - void ExecuteAndUpdateRecord(uint32_t tokenId, ActiveChangeType status); + void ExecuteAndUpdateRecord(uint32_t tokenId, int32_t pid, ActiveChangeType status); + +#ifndef APP_SECURITY_PRIVACY_SERVICE void ExecuteAndUpdateRecordByPerm(const std::string& permissionName, bool switchStatus); - void RemoveRecordFromStartList(const PermissionRecord& record); - bool GetRecordFromStartList(uint32_t tokenId, int32_t opCode, PermissionRecord& record); - bool AddRecordToStartList(const PermissionRecord& record); + bool ShowGlobalDialog(const std::string& permissionName); +#endif + int32_t RemoveRecordFromStartList(AccessTokenID tokenId, int32_t pid, + const std::string& permissionName, int32_t callerPid); + int32_t AddRecordToStartList(const PermissionUsedTypeInfo& info, int32_t status, int32_t callerPid); - std::string GetDeviceId(AccessTokenID tokenId); void PermListToString(const std::vector& permList); bool GetGlobalSwitchStatus(const std::string& permissionName); - bool ShowGlobalDialog(const std::string& permissionName); void ModifyMuteStatus(const std::string& permissionName, int32_t index, bool isMute); bool GetMuteStatus(const std::string& permissionName, int32_t index); - void ExecuteCameraCallbackAsync(AccessTokenID tokenId); + void ExecuteCameraCallbackAsync(AccessTokenID tokenId, int32_t pid); void TransformEnumToBitValue(const PermissionUsedType type, uint32_t& value); bool AddOrUpdateUsedTypeIfNeeded(const AccessTokenID tokenId, const int32_t opCode, const PermissionUsedType type); - void RemovePermissionUsedType(AccessTokenID tokenId); void AddDataValueToResults(const GenericValues value, std::vector& results); #ifdef CAMERA_FLOAT_WINDOW_ENABLE @@ -161,10 +185,10 @@ private: void ClearWindowShowing(); #endif bool IsCameraWindowShow(AccessTokenID tokenId); + uint64_t GetUniqueId(uint32_t tokenId, int32_t pid) const; bool RegisterWindowCallback(); - bool UnRegisterWindowCallback(); void InitializeMuteState(const std::string& permissionName); - int32_t GetAppStatus(AccessTokenID tokenId); + int32_t GetAppStatus(AccessTokenID tokenId, int32_t pid = -1); bool RegisterAppStatusListener(); bool Register(); @@ -174,13 +198,15 @@ private: void SetDefaultConfigValue(); void GetConfigValue(); + bool ToRemoveRecord(const ContinusPermissionRecord& targetRecord, + const IsEqualFunc& isEqualFunc, bool needClearCamera = true); private: bool hasInited_ = false; OHOS::Utils::RWLock rwLock_; std::mutex startRecordListMutex_; - std::vector startRecordList_; - SafeMap> cameraCallbackMap_; + std::set startRecordList_; + SafeMap> cameraCallbackMap_; // microphone std::mutex micMuteMutex_; @@ -213,10 +239,10 @@ private: std::vector foreTokenIdList_; #ifdef CAMERA_FLOAT_WINDOW_ENABLE - bool isAutoClose = false; - std::mutex windowLoaderMutex_; + std::mutex windowMutex_; bool isWmRegistered = false; - LibraryLoader* windowLoader_ = nullptr; + sptr floatWindowCallback_ = nullptr; + sptr pipWindowCallback_ = nullptr; std::mutex windowStatusMutex_; // camera float window @@ -231,14 +257,19 @@ private: // record config int32_t recordSizeMaximum_ = 0; int32_t recordAgingTime_ = 0; +#ifndef APP_SECURITY_PRIVACY_SERVICE std::string globalDialogBundleName_; std::string globalDialogAbilityName_; - -#ifdef EVENTHANDLER_ENABLE - std::shared_ptr deleteEventRunner_; - std::shared_ptr deleteEventHandler_; + std::mutex abilityManagerMutex_; + std::shared_ptr abilityManagerLoader_; #endif std::atomic_int32_t deleteTaskNum_ = 0; + + std::mutex permUsedRecMutex_; + std::vector permUsedRecList_; + + std::mutex permUsedRecToggleStatusMutex_; + std::map permUsedRecToggleStatusMap_; }; } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/include/record/permission_record_repository.h b/services/privacymanager/include/record/permission_record_repository.h deleted file mode 100644 index 791170a06bb8c1d42dc11a8817d90e784e390998..0000000000000000000000000000000000000000 --- a/services/privacymanager/include/record/permission_record_repository.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_RECORD_REPOSITORY_H -#define PERMISSION_RECORD_REPOSITORY_H - -#include -#include -#include "generic_values.h" -#include "permission_used_record_db.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class PermissionRecordRepository final { -public: - virtual ~PermissionRecordRepository(); - PermissionRecordRepository(); - - static PermissionRecordRepository& GetInstance(); - - bool Add(const PermissionUsedRecordDb::DataType type, const std::vector& recordValues); - bool FindRecordValues(const std::set& opCodeList, const GenericValues& andConditionValues, - std::vector& recordValues, int32_t databaseQueryCount); - bool Remove(const PermissionUsedRecordDb::DataType type, const GenericValues& conditionValues); - int32_t CountRecordValues(); - bool DeleteExpireRecordsValues(const GenericValues& andConditions); - bool DeleteExcessiveSizeRecordValues(uint32_t excessiveSize); - bool Update(const PermissionUsedRecordDb::DataType type, const GenericValues& modifyValue, - const GenericValues& conditionValue); - bool Query(const PermissionUsedRecordDb::DataType type, const GenericValues& conditionValue, - std::vector& results); -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_RECORD_REPOSITORY_H diff --git a/services/accesstokenmanager/main/cpp/include/form_manager/running_form_info.h b/services/privacymanager/include/record/permission_record_set.h similarity index 45% rename from services/accesstokenmanager/main/cpp/include/form_manager/running_form_info.h rename to services/privacymanager/include/record/permission_record_set.h index e5aa3a2cb6608120101ad929fa3402ae0e5bbf6d..7b425134402f228c600aa9df79fb391e60d4b70a 100644 --- a/services/accesstokenmanager/main/cpp/include/form_manager/running_form_info.h +++ b/services/privacymanager/include/record/permission_record_set.h @@ -13,41 +13,28 @@ * limitations under the License. */ -#ifndef ACCESS_RUNNING_FORM_INFO_H -#define ACCESS_RUNNING_FORM_INFO_H +#ifndef PERMISSION_RECORD_SET_H +#define PERMISSION_RECORD_SET_H -#include -#include - -#include "form_instance.h" -#include "parcel.h" -#include "iremote_object.h" +#include +#include "permission_record.h" namespace OHOS { namespace Security { namespace AccessToken { -/** - * @struct RunningFormInfo - * Defines running form info. - */ -struct RunningFormInfo : public Parcelable { - int64_t formId_; - std::string formName_; - std::string bundleName_; - std::string moduleName_; - std::string abilityName_; - std::string description_; - int32_t dimension_; - std::string hostBundleName_; - FormLocation formLocation_; - FormVisibilityType formVisiblity_ = FormVisibilityType::UNKNOWN; - FormUsageState formUsageState_ = FormUsageState::USED; +using IsEqualFunc=bool (ContinusPermissionRecord::*)(const ContinusPermissionRecord& record) const; - bool ReadFromParcel(Parcel &parcel); - bool Marshalling(Parcel &parcel) const override; - static RunningFormInfo *Unmarshalling(Parcel &parcel); +class PermissionRecordSet { +public: + static void GetInActiveUniqueRecord(const std::set& recordList, + const std::vector& removedList, std::vector& retList); + static void GetUnusedCameraRecords(const std::set& recordList, + const std::vector& removedList, std::vector& retList); + static void RemoveByKey(std::set& recordList, + const ContinusPermissionRecord& record, const IsEqualFunc& isEqualFunc, + std::vector& retList); }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // ACCESS_RUNNING_FORM_INFO_H +#endif // PERMISSION_RECORD_SET_H diff --git a/services/privacymanager/include/record/permission_used_record_cache.h b/services/privacymanager/include/record/permission_used_record_cache.h deleted file mode 100644 index 99ede87b5953135ea15039b893b1b85622e88674..0000000000000000000000000000000000000000 --- a/services/privacymanager/include/record/permission_used_record_cache.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 2022-2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PERMISSION_USED_RECORD_CACHE_H -#define PERMISSION_USED_RECORD_CACHE_H - -#include -#include -#include -#ifdef EVENTHANDLER_ENABLE -#include "access_event_handler.h" -#endif -#include "access_token.h" -#include "nocopyable.h" -#include "permission_record.h" -#include "permission_record_node.h" -#include "rwlock.h" -#include "thread_pool.h" -namespace OHOS { -namespace Security { -namespace AccessToken { -class PermissionUsedRecordCache { -public: - static PermissionUsedRecordCache& GetInstance(); - ~PermissionUsedRecordCache(); - void AddRecordToBuffer(const PermissionRecord& record); - void MergeRecord(PermissionRecord& record, std::shared_ptr curFindMergePos); - void AddToPersistQueue(const std::shared_ptr persistPendingBufferHead); - void ExecuteReadRecordBufferTask(); - int32_t PersistPendingRecords(); - int32_t RemoveRecords(const AccessTokenID tokenId); - void RemoveFromPersistQueueAndDatabase(const AccessTokenID tokenId); - void GetRecords(const std::vector& permissionList, const GenericValues& andConditionValues, - std::vector& findRecordsValues, int32_t cache1QueryCount); - void GetFromPersistQueueAndDatabase(const std::set& opCodeList, const GenericValues& andConditionValues, - std::vector& findRecordsValues, int32_t cache2QueryCount); - bool RecordCompare(const AccessTokenID tokenId, const std::set& opCodeList, - const GenericValues& andConditionValues, const PermissionRecord& record); - void TransferToOpcode(std::set& opCodeList, - const std::vector& permissionList); - void ResetRecordBuffer(const int32_t remainCount, - std::shared_ptr& persistPendingBufferEnd); - void ResetRecordBufferWhenAdd(const int32_t remainCount, - std::shared_ptr& persistPendingBufferEnd); - void AddRecordNode(const PermissionRecord& record); - void DeleteRecordNode(std::shared_ptr deleteRecordNode); - void PersistPendingRecordsImmediately(); - -private: - PermissionUsedRecordCache(); - DISALLOW_COPY_AND_MOVE(PermissionUsedRecordCache); - bool RecordMergeCheck(const PermissionRecord& record1, const PermissionRecord& record2); - void DeepCopyFromHead(const std::shared_ptr& oriHeadNode, - std::shared_ptr& copyHeadNode, int32_t copyCount); - int32_t GetCurBufferTaskNum(); - void AddBufferTaskNum(); - void ReduceBufferTaskNum(); - bool hasInited_; - OHOS::Utils::RWLock initLock_; - int32_t readableSize_ = 0; - std::shared_ptr recordBufferHead_ = std::make_shared(); - std::shared_ptr curRecordBufferPos_ = recordBufferHead_; - std::vector> persistPendingBufferQueue_; - const static int64_t INTERVAL = 15 * 60 * 1000; // 1s = 1000ms - const static int32_t MAX_PERSIST_SIZE = 100; - bool persistIsRunning_ = false; - // cacheLock1_ is used for locking recordBufferHead_ and curRecordBufferPos_ - OHOS::Utils::RWLock cacheLock1_; - // cacheLock2_ is used for locking persistPendingBufferQueue_ and persistIsRunning_ - OHOS::Utils::RWLock cacheLock2_; -#ifdef EVENTHANDLER_ENABLE - std::shared_ptr bufferEventRunner_; - std::shared_ptr bufferEventHandler_; -#endif - std::atomic_int32_t bufferTaskNum_ = 0; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif // PERMISSION_USED_RECORD_CACHE_H diff --git a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_client.h b/services/privacymanager/include/sensitive/audio_manager/audio_manager_adapter.h similarity index 46% rename from services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_client.h rename to services/privacymanager/include/sensitive/audio_manager/audio_manager_adapter.h index 433b08da3a1d8637ea6b3de4c6c21e4dc8fda538..ba0a752b5de7f4077c960082da90412c47ecc138 100644 --- a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_client.h +++ b/services/privacymanager/include/sensitive/audio_manager/audio_manager_adapter.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,42 +13,51 @@ * limitations under the License. */ -#ifndef AUDIO_MANAGER_PRIVACY_CLIENT_H -#define AUDIO_MANAGER_PRIVACY_CLIENT_H +#ifndef ACCESSTOKEN_AUDIO_MANAGER_ADAPTER_H +#define ACCESSTOKEN_AUDIO_MANAGER_ADAPTER_H #include #include -#include "audio_manager_privacy_death_recipient.h" -#include "audio_manager_privacy_proxy.h" +#include #include "nocopyable.h" namespace OHOS { namespace Security { namespace AccessToken { -class AudioManagerPrivacyClient final { +class AudioManagerAdapter final { +private: + AudioManagerAdapter(); + virtual ~AudioManagerAdapter(); + DISALLOW_COPY_AND_MOVE(AudioManagerAdapter); + public: - static AudioManagerPrivacyClient& GetInstance(); - virtual ~AudioManagerPrivacyClient(); + static AudioManagerAdapter& GetInstance(); - int32_t SetMicrophoneMutePersistent(const bool isMute, const PolicyType type); bool GetPersistentMicMuteState(); - void OnRemoteDiedHandle(); +#ifdef AUDIO_FRAMEWORK_ENABLE private: - AudioManagerPrivacyClient(); - DISALLOW_COPY_AND_MOVE(AudioManagerPrivacyClient); - void InitProxy(); - sptr GetProxy(); - void ReleaseProxy(); - sptr serviceDeathObserver_ = nullptr; + class AudioManagerDeathRecipient : public IRemoteObject::DeathRecipient { + public: + AudioManagerDeathRecipient() = default; + ~AudioManagerDeathRecipient() override = default; + void OnRemoteDied(const wptr& remote) override; + private: + DISALLOW_COPY_AND_MOVE(AudioManagerDeathRecipient); + }; + + sptr GetProxy(); + void ReleaseProxy(const wptr& remote); + std::mutex proxyMutex_; - sptr proxy_ = nullptr; + sptr proxy_ = nullptr; + sptr deathRecipient_ = nullptr; +#endif }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // AUDIO_MANAGER_PRIVACY_CLIENT_H - +#endif // ACCESSTOKEN_AUDIO_MANAGER_ADAPTER_H diff --git a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_proxy.h b/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_proxy.h deleted file mode 100644 index a49f2944a47aeb067e0381a2337486fcee5e3e3b..0000000000000000000000000000000000000000 --- a/services/privacymanager/include/sensitive/audio_manager/audio_manager_privacy_proxy.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_AUDIO_MANAGER_PRIVACY_PROXY_H -#define OHOS_AUDIO_MANAGER_PRIVACY_PROXY_H - -#include -#include "privacy_param.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class IAudioPolicy : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"IAudioPolicy"); - - virtual bool GetPersistentMicMuteState() = 0; - virtual int32_t SetMicrophoneMutePersistent(const bool isMute, const PolicyType type) = 0; -}; - -class AudioManagerPrivacyProxy : public IRemoteProxy { -public: - explicit AudioManagerPrivacyProxy(const sptr &impl) : IRemoteProxy(impl) {} - - virtual ~AudioManagerPrivacyProxy() = default; - - bool GetPersistentMicMuteState() override; - int32_t SetMicrophoneMutePersistent(const bool isMute, const PolicyType type) override; -private: - static inline BrokerDelegator delegator_; -}; -} -} -} -#endif // OHOS_AUDIO_MANAGER_PRIVACY_PROXY_H diff --git a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_client.h b/services/privacymanager/include/sensitive/camera_manager/camera_manager_adapter.h similarity index 45% rename from services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_client.h rename to services/privacymanager/include/sensitive/camera_manager/camera_manager_adapter.h index 9d91757c41d2f26e3a2fe83e381d91f3ee22c74f..bb0bd20a2400c4fc01d9b1f8c6ad8a5cbfc67853 100644 --- a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_client.h +++ b/services/privacymanager/include/sensitive/camera_manager/camera_manager_adapter.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,43 +13,50 @@ * limitations under the License. */ -#ifndef CAMERA_MANAGER_PRIVACY_CLIENT_H -#define CAMERA_MANAGER_PRIVACY_CLIENT_H +#ifndef ACCESSTOKEN_CAMERA_MANAGER_ADAPTER_H +#define ACCESSTOKEN_CAMERA_MANAGER_ADAPTER_H #include -#include #include -#include "camera_manager_privacy_death_recipient.h" -#include "camera_manager_privacy_proxy.h" +#include #include "nocopyable.h" namespace OHOS { namespace Security { namespace AccessToken { -class CameraManagerPrivacyClient final { -public: - static CameraManagerPrivacyClient& GetInstance(); - virtual ~CameraManagerPrivacyClient(); +class CameraManagerAdapter final { +private: + CameraManagerAdapter(); + virtual ~CameraManagerAdapter(); + DISALLOW_COPY_AND_MOVE(CameraManagerAdapter); - int32_t MuteCameraPersist(PolicyType policyType, bool muteMode); +public: + static CameraManagerAdapter& GetInstance(); bool IsCameraMuted(); - void OnRemoteDiedHandle(); +#ifdef CAMERA_FRAMEWORK_ENABLE private: - CameraManagerPrivacyClient(); - DISALLOW_COPY_AND_MOVE(CameraManagerPrivacyClient); - void InitProxy(); - sptr GetProxy(); - void ReleaseProxy(); - sptr serviceDeathObserver_ = nullptr; + class CameraManagerDeathRecipient : public IRemoteObject::DeathRecipient { + public: + CameraManagerDeathRecipient() = default; + ~CameraManagerDeathRecipient() override = default; + void OnRemoteDied(const wptr& remote) override; + private: + DISALLOW_COPY_AND_MOVE(CameraManagerDeathRecipient); + }; + + sptr GetProxy(); + void ReleaseProxy(const wptr& remote); + std::mutex proxyMutex_; - sptr proxy_ = nullptr; + sptr proxy_ = nullptr; + sptr deathRecipient_ = nullptr; +#endif }; } // namespace AccessToken } // namespace Security } // namespace OHOS -#endif // CAMERA_MANAGER_PRIVACY_CLIENT_H - +#endif // ACCESSTOKEN_CAMERA_MANAGER_ADAPTER_H diff --git a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_proxy.h b/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_proxy.h deleted file mode 100644 index d6240cc6766085f39898f997588a23caaf1b422d..0000000000000000000000000000000000000000 --- a/services/privacymanager/include/sensitive/camera_manager/camera_manager_privacy_proxy.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_CAMERA_MANAGER_PRIVACY_PROXY_H -#define OHOS_CAMERA_MANAGER_PRIVACY_PROXY_H - -#include - -#include "privacy_camera_service_ipc_interface_code.h" -#include "privacy_param.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -class ICameraService : public IRemoteBroker { -public: - DECLARE_INTERFACE_DESCRIPTOR(u"ICameraService"); - - virtual int32_t MuteCameraPersist(PolicyType policyType, bool muteMode) = 0; - virtual int32_t IsCameraMuted(bool &muteMode) = 0; -}; - -class CameraManagerPrivacyProxy : public IRemoteProxy { -public: - explicit CameraManagerPrivacyProxy(const sptr &impl) : IRemoteProxy(impl) {} - - virtual ~CameraManagerPrivacyProxy() = default; - - int32_t MuteCameraPersist(PolicyType policyType, bool muteMode) override; - int32_t IsCameraMuted(bool &muteMode) override; -private: - static inline BrokerDelegator delegator_; -}; -} -} -} -#endif // OHOS_CAMERA_MANAGER_PRIVACY_PROXY_H diff --git a/services/privacymanager/include/service/privacy_manager_service.h b/services/privacymanager/include/service/privacy_manager_service.h index f242168da0342d9c4593581a16f35fbf7f46b855..08a785cf79b3feeb759cd99bf46a0dbc0c3cd9e9 100644 --- a/services/privacymanager/include/service/privacy_manager_service.h +++ b/services/privacymanager/include/service/privacy_manager_service.h @@ -24,6 +24,7 @@ #include "privacy_manager_stub.h" #include "iremote_object.h" #include "nocopyable.h" +#include "proxy_death_handler.h" #include "singleton.h" #include "system_ability.h" @@ -40,11 +41,14 @@ public: void OnStop() override; int32_t AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode = false) override; - int32_t StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) override; - int32_t StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const sptr& callback) override; - int32_t StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName) override; - int32_t RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID) override; + int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) override; + int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) override; + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& anonyStub) override; + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& callback, const sptr& anonyStub) override; + int32_t StopUsingPermission(AccessTokenID tokenId, int32_t pid, const std::string& permissionName) override; + int32_t RemovePermissionUsedRecords(AccessTokenID tokenId) override; int32_t GetPermissionUsedRecords( const PermissionUsedRequestParcel& request, PermissionUsedResultParcel& result) override; int32_t GetPermissionUsedRecords( @@ -59,16 +63,19 @@ public: int32_t GetSpecialSecCompEnhance(const std::string& bundleName, std::vector& enhanceParcelList) override; #endif - bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName) override; + bool IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid) override; int32_t GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) override; int32_t Dump(int32_t fd, const std::vector& args) override; - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) override; + int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, AccessTokenID tokenID) override; int32_t SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) override; private: void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; bool Initialize(); int32_t ResponseDumpCommand(int32_t fd, const std::vector& args); + std::shared_ptr GetProxyDeathHandler(); + void ProcessProxyDeathStub(const sptr& anonyStub, int32_t callerPid); + void ReleaseDeathStub(int32_t callerPid); ServiceRunningState state_; @@ -76,6 +83,8 @@ private: std::shared_ptr eventRunner_; std::shared_ptr eventHandler_; #endif + std::mutex deathHandlerMutex_; + std::shared_ptr proxyDeathHandler_; }; } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/include/service/privacy_manager_stub.h b/services/privacymanager/include/service/privacy_manager_stub.h index 12666daacf8a9484c058dc62a54286ec8926e826..a79b423c7270a4911afabe0c34fa873a06f2c606 100644 --- a/services/privacymanager/include/service/privacy_manager_stub.h +++ b/services/privacymanager/include/service/privacy_manager_stub.h @@ -34,6 +34,8 @@ public: private: void AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply); + void SetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply); + void GetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply); void StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply); void StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply); void StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply); @@ -53,6 +55,7 @@ private: void GetPermissionUsedTypeInfosInner(MessageParcel& data, MessageParcel& reply); void SetMutePolicyInner(MessageParcel& data, MessageParcel& reply); void SetHapWithFGReminderInner(MessageParcel& data, MessageParcel& reply); + bool IsPrivilegedCalling() const; bool IsAccessTokenCalling() const; bool IsSystemAppCalling() const; bool VerifyPermission(const std::string& permission) const; @@ -61,6 +64,9 @@ private: AccessTokenID secCompTokenId_ = 0; #endif void SetPrivacyFuncInMap(); +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + static const int32_t ROOT_UID = 0; +#endif using RequestType = void (PrivacyManagerStub::*)(MessageParcel &data, MessageParcel &reply); std::map requestMap_; diff --git a/services/privacymanager/privacy.cfg b/services/privacymanager/privacy.cfg index 4bac1b547701b2e21948dd3f484ee806fc517dee..d7b26ab0021e8ae23131b2bd4cf478b8b2622d0b 100644 --- a/services/privacymanager/privacy.cfg +++ b/services/privacymanager/privacy.cfg @@ -2,6 +2,7 @@ "services" : [{ "name" : "privacy_service", "path" : ["/system/bin/sa_main", "/system/profile/privacy_service.json"], + "critical" : [1, 4, 240], "importance" : -20, "uid" : "access_token", "gid" : ["access_token"], @@ -16,7 +17,8 @@ "ohos.permission.CAMERA_CONTROL", "ohos.permission.MICROPHONE_CONTROL", "ohos.permission.MANAGE_LOCAL_ACCOUNTS", - "ohos.permission.SET_SUPER_PRIVACY" + "ohos.permission.SET_SUPER_PRIVACY", + "ohos.permission.MANAGE_SECURE_SETTINGS" ], "permission_acls" : [ "ohos.permission.MANAGE_DISPOSED_APP_STATUS", diff --git a/services/privacymanager/src/active/active_status_callback_manager.cpp b/services/privacymanager/src/active/active_status_callback_manager.cpp index 1c93e07396e29205e688b831440842da4e4e0dbf..d5e926725a7d423c482cbb29bafa7516126ab0ac 100644 --- a/services/privacymanager/src/active/active_status_callback_manager.cpp +++ b/services/privacymanager/src/active/active_status_callback_manager.cpp @@ -21,16 +21,14 @@ #include #include "accesstoken_dfx_define.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" +#include "ipc_skeleton.h" #include "privacy_error.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "ActiveStatusCallbackManager" -}; static const uint32_t MAX_CALLBACK_SIZE = 1024; std::recursive_mutex g_instanceMutex; } @@ -41,7 +39,8 @@ ActiveStatusCallbackManager& ActiveStatusCallbackManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new ActiveStatusCallbackManager(); + ActiveStatusCallbackManager* tmp = new ActiveStatusCallbackManager(); + instance = std::move(tmp); } } return *instance; @@ -65,35 +64,39 @@ void ActiveStatusCallbackManager::InitEventHandler(const std::shared_ptr& permList, const sptr& callback) + AccessTokenID regiterTokenId, const std::vector& permList, const sptr& callback) { if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Input is nullptr"); + LOGE(PRI_DOMAIN, PRI_TAG, "Input is nullptr"); return PrivacyError::ERR_PARAM_INVALID; } std::lock_guard lock(mutex_); if (callbackDataList_.size() >= MAX_CALLBACK_SIZE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "List size has reached max value"); + LOGE(PRI_DOMAIN, PRI_TAG, "List size has reached max value"); return PrivacyError::ERR_CALLBACKS_EXCEED_LIMITATION; } - callback->AddDeathRecipient(callbackDeathRecipient_); + if (callback->IsProxyObject() && !callback->AddDeathRecipient(callbackDeathRecipient_)) { + LOGE(PRI_DOMAIN, PRI_TAG, "add death recipient failed"); + return PrivacyError::ERR_ADD_DEATH_RECIPIENT_FAILED; + } CallbackData recordInstance; + recordInstance.registerTokenId = regiterTokenId; recordInstance.callbackObject_ = callback; recordInstance.permList_ = permList; callbackDataList_.emplace_back(recordInstance); - ACCESSTOKEN_LOG_INFO(LABEL, "RecordInstance is added"); + LOGI(PRI_DOMAIN, PRI_TAG, "RecordInstance is added"); return RET_SUCCESS; } int32_t ActiveStatusCallbackManager::RemoveCallback(const sptr& callback) { - ACCESSTOKEN_LOG_INFO(LABEL, "Called"); + LOGI(PRI_DOMAIN, PRI_TAG, "Called"); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is nullptr."); + LOGE(PRI_DOMAIN, PRI_TAG, "Callback is nullptr."); return PrivacyError::ERR_PARAM_INVALID; } @@ -101,7 +104,7 @@ int32_t ActiveStatusCallbackManager::RemoveCallback(const sptr& c for (auto it = callbackDataList_.begin(); it != callbackDataList_.end(); ++it) { if (callback == (*it).callbackObject_) { - ACCESSTOKEN_LOG_INFO(LABEL, "Find callback"); + LOGI(PRI_DOMAIN, PRI_TAG, "Find callback"); if (callbackDeathRecipient_ != nullptr) { callback->RemoveDeathRecipient(callbackDeathRecipient_); } @@ -123,62 +126,58 @@ bool ActiveStatusCallbackManager::NeedCalled(const std::vector& per } -void ActiveStatusCallbackManager::ActiveStatusChange( - AccessTokenID tokenId, const std::string& permName, const std::string& deviceId, ActiveChangeType changeType) +void ActiveStatusCallbackManager::ActiveStatusChange(ActiveChangeResponse& info) { std::vector> list; { std::lock_guard lock(mutex_); for (auto it = callbackDataList_.begin(); it != callbackDataList_.end(); ++it) { std::vector permList = (*it).permList_; - if (!NeedCalled(permList, permName)) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenId %{public}u, permName %{public}s", tokenId, permName.c_str()); + if (!NeedCalled(permList, info.permissionName)) { + LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u, perm %{public}s", info.tokenID, + info.permissionName.c_str()); continue; } list.emplace_back((*it).callbackObject_); } } for (auto it = list.begin(); it != list.end(); ++it) { - auto callback = iface_cast(*it); + sptr callback = new PermActiveStatusChangeCallbackProxy(*it); if (callback != nullptr) { - ActiveChangeResponse resInfo; - resInfo.type = changeType; - resInfo.permissionName = permName; - resInfo.tokenID = tokenId; - resInfo.deviceId = deviceId; - ACCESSTOKEN_LOG_INFO(LABEL, - "callback execute tokenId %{public}u, permision %{public}s changeType %{public}d", - tokenId, permName.c_str(), changeType); - callback->ActiveStatusChangeCallback(resInfo); + LOGI(PRI_DOMAIN, PRI_TAG, "callback execute callingTokenId %{public}u, tokenId %{public}u, " + "permision %{public}s, changeType %{public}d, usedType %{public}d, pid %{public}d", info.callingTokenID, + info.tokenID, info.permissionName.c_str(), info.type, info.usedType, info.pid); + callback->ActiveStatusChangeCallback(info); } } } -void ActiveStatusCallbackManager::ExecuteCallbackAsync( - AccessTokenID tokenId, const std::string& permName, const std::string& deviceId, ActiveChangeType changeType) +void ActiveStatusCallbackManager::ExecuteCallbackAsync(ActiveChangeResponse& info) { - if (changeType == PERM_ACTIVE_IN_BACKGROUND) { + if (info.type == PERM_ACTIVE_IN_BACKGROUND) { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "PERMISSION_CHECK_EVENT", HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "CODE", BACKGROUND_CALL_EVENT, - "CALLER_TOKENID", tokenId, "PERMISSION_NAME", permName, "REASON", "background call"); + "CALLER_TOKENID", info.tokenID, "PERMISSION_NAME", info.permissionName, "REASON", "background call"); } #ifdef EVENTHANDLER_ENABLE if (eventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to get EventHandler"); return; } - std::string taskName = permName + std::to_string(tokenId); - ACCESSTOKEN_LOG_INFO(LABEL, "Add permission task name:%{public}s", taskName.c_str()); - std::function task = ([tokenId, permName, deviceId, changeType]() { - ActiveStatusCallbackManager::GetInstance().ActiveStatusChange(tokenId, permName, deviceId, changeType); - ACCESSTOKEN_LOG_INFO(LABEL, "Token: %{public}d, ActiveStatusChange end", tokenId); + std::string taskName = info.permissionName + std::to_string(info.tokenID); + LOGI(PRI_DOMAIN, PRI_TAG, "Add permission task name:%{public}s", taskName.c_str()); + std::function task = ([info]() mutable { + ActiveStatusCallbackManager::GetInstance().ActiveStatusChange(info); + LOGI(PRI_DOMAIN, PRI_TAG, + "Token: %{public}u, permName: %{public}s, changeType: %{public}d, ActiveStatusChange end", + info.tokenID, info.permissionName.c_str(), info.type); }); eventHandler_->ProxyPostTask(task, taskName); - ACCESSTOKEN_LOG_INFO(LABEL, "The callback execution is complete"); + LOGI(PRI_DOMAIN, PRI_TAG, "The callback execution is complete"); return; #else - ACCESSTOKEN_LOG_INFO(LABEL, "Event handler is unenabled"); + LOGI(PRI_DOMAIN, PRI_TAG, "Event handler is unenabled"); return; #endif } diff --git a/services/privacymanager/src/active/perm_active_status_callback_death_recipient.cpp b/services/privacymanager/src/active/perm_active_status_callback_death_recipient.cpp index 98101dadbffed80d66dc585ac082c8a3b5c83dd2..608623e514875f7af916cb827fa05e07fb774174 100644 --- a/services/privacymanager/src/active/perm_active_status_callback_death_recipient.cpp +++ b/services/privacymanager/src/active/perm_active_status_callback_death_recipient.cpp @@ -21,26 +21,22 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "PermActiveStatusCallbackDeathRecipient" -}; -} + void PermActiveStatusCallbackDeathRecipient::OnRemoteDied(const wptr &remote) { - ACCESSTOKEN_LOG_INFO(LABEL, "Enter"); + LOGI(ATM_DOMAIN, ATM_TAG, "Enter"); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote object is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "Remote object is nullptr"); return; } sptr object = remote.promote(); if (object == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Object is nullptr"); + LOGE(ATM_DOMAIN, ATM_TAG, "Object is nullptr"); return; } ActiveStatusCallbackManager::GetInstance().RemoveCallback(object); - ACCESSTOKEN_LOG_INFO(LABEL, "End"); + LOGI(ATM_DOMAIN, ATM_TAG, "End"); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/src/active/perm_active_status_change_callback_proxy.cpp b/services/privacymanager/src/active/perm_active_status_change_callback_proxy.cpp index b94d2e227c072e9fb6c736576fcdb589e17cfc41..32451f590f4c74a1eaa755f50d1ee3366d281e55 100644 --- a/services/privacymanager/src/active/perm_active_status_change_callback_proxy.cpp +++ b/services/privacymanager/src/active/perm_active_status_change_callback_proxy.cpp @@ -15,17 +15,12 @@ #include "perm_active_status_change_callback_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "perm_active_response_parcel.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermActiveStatusChangeCallbackProxy" -}; -} PermActiveStatusChangeCallbackProxy::PermActiveStatusChangeCallbackProxy(const sptr& impl) : IRemoteProxy(impl) { @@ -42,7 +37,7 @@ void PermActiveStatusChangeCallbackProxy::ActiveStatusChangeCallback(ActiveChang ActiveChangeResponseParcel resultParcel; resultParcel.changeResponse = result; if (!data.WriteParcelable(&resultParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable"); return; } @@ -50,17 +45,15 @@ void PermActiveStatusChangeCallbackProxy::ActiveStatusChangeCallback(ActiveChang MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service null."); return; } int32_t requestResult = remote->SendRequest( static_cast(PrivacyActiveChangeInterfaceCode::PERM_ACTIVE_STATUS_CHANGE), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(PRI_DOMAIN, PRI_TAG, "Send request fail, result: %{public}d", requestResult); return; } - - ACCESSTOKEN_LOG_INFO(LABEL, "SendRequest success"); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/src/active/state_change_callback_proxy.cpp b/services/privacymanager/src/active/state_change_callback_proxy.cpp index 35fbffb35b4c452d735de5433a7532b21c1b3e59..7b9809d6135e3157b49796896dd376425cc7ff72 100644 --- a/services/privacymanager/src/active/state_change_callback_proxy.cpp +++ b/services/privacymanager/src/active/state_change_callback_proxy.cpp @@ -15,17 +15,12 @@ #include "state_change_callback_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "perm_active_response_parcel.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "StateChangeCallbackProxy" -}; -} StateChangeCallbackProxy::StateChangeCallbackProxy(const sptr& impl) : IRemoteProxy(impl) { @@ -40,12 +35,11 @@ void StateChangeCallbackProxy::StateChangeNotify(AccessTokenID tokenId, bool isS data.WriteInterfaceToken(IStateChangeCallback::GetDescriptor()); if (!data.WriteUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Write tokenId"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to Write tokenId"); return; } - if (!data.WriteBool(isShowing)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to Write isShowing"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to Write isShowing"); return; } @@ -53,17 +47,17 @@ void StateChangeCallbackProxy::StateChangeNotify(AccessTokenID tokenId, bool isS MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service null."); return; } int32_t requestResult = remote->SendRequest( static_cast(IStateChangeCallback::STATE_CHANGE_CALLBACK), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(PRI_DOMAIN, PRI_TAG, "Send request fail, result: %{public}d", requestResult); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "SendRequest success"); + LOGI(PRI_DOMAIN, PRI_TAG, "SendRequest success"); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/src/common/constant.cpp b/services/privacymanager/src/common/constant.cpp index 808ed58c4dc73a4f19ad95b3bb35169a565d13e5..40dd5c5f175e9630d07a8e02c17e44db9e024458 100644 --- a/services/privacymanager/src/common/constant.cpp +++ b/services/privacymanager/src/common/constant.cpp @@ -73,6 +73,36 @@ const std::map Constant::PERMISSION_OPCODE_MAP = { "ohos.permission.ACCESS_NEARLINK", Constant::OP_ACCESS_NEARLINK), std::map::value_type( "ohos.permission.CAPTURE_SCREEN", Constant::OP_CAPTURE_SCREEN), + std::map::value_type( + "ohos.permission.SHORT_TERM_WRITE_IMAGEVIDEO", Constant::SHORT_TERM_WRITE_IMAGEVIDEO), + std::map::value_type( + "ohos.permission.CAMERA_BACKGROUND", Constant::CAMERA_BACKGROUND), + std::map::value_type( + "ohos.permission.CUSTOM_SCREEN_CAPTURE", Constant::OP_CUSTOM_SCREEN_CAPTURE), + std::map::value_type("ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_READ", + Constant::OP_READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_READ), + std::map::value_type("ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_WRITE", + Constant::OP_READ_WRITE_DOWNLOAD_DIRECTORY_MEDIA_WRITE), + std::map::value_type("ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_READ", + Constant::OP_READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_READ), + std::map::value_type("ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_WRITE", + Constant::OP_READ_WRITE_DOWNLOAD_DIRECTORY_OTHER_WRITE), + std::map::value_type("ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_READ", + Constant::OP_READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_READ), + std::map::value_type("ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_WRITE", + Constant::OP_READ_WRITE_DOCUMENTS_DIRECTORY_MEDIA_WRITE), + std::map::value_type("ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_READ", + Constant::OP_READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_READ), + std::map::value_type("ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_WRITE", + Constant::OP_READ_WRITE_DOCUMENTS_DIRECTORY_OTHER_WRITE), + std::map::value_type("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY_MEDIA_READ", + Constant::OP_READ_WRITE_DESKTOP_DIRECTORY_MEDIA_READ), + std::map::value_type("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY_MEDIA_WRITE", + Constant::OP_READ_WRITE_DESKTOP_DIRECTORY_MEDIA_WRITE), + std::map::value_type("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY_OTHER_READ", + Constant::OP_READ_WRITE_DESKTOP_DIRECTORY_OTHER_READ), + std::map::value_type("ohos.permission.READ_WRITE_DESKTOP_DIRECTORY_OTHER_WRITE", + Constant::OP_READ_WRITE_DESKTOP_DIRECTORY_OTHER_WRITE), }; bool Constant::TransferPermissionToOpcode(const std::string& permissionName, int32_t& opCode) diff --git a/services/privacymanager/src/common/privacy_common_event_subscriber.cpp b/services/privacymanager/src/common/privacy_common_event_subscriber.cpp index 947408a1fb47fb702d3dc7f1792686e86afc97ea..c20275f038bc7bb53b0f26acbf88765c1a47b2b2 100644 --- a/services/privacymanager/src/common/privacy_common_event_subscriber.cpp +++ b/services/privacymanager/src/common/privacy_common_event_subscriber.cpp @@ -15,11 +15,10 @@ #include "privacy_common_event_subscriber.h" #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "common_event_subscribe_info.h" #include "permission_record_manager.h" -#include "permission_used_record_cache.h" #include "want.h" @@ -28,9 +27,6 @@ namespace Security { namespace AccessToken { #ifdef COMMON_EVENT_SERVICE_ENABLE namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyCommonEventSubscriber" -}; static bool g_isRegistered = false; @@ -39,16 +35,15 @@ static std::shared_ptr g_subscriber = nullptr; void PrivacyCommonEventSubscriber::RegisterEvent() { - ACCESSTOKEN_LOG_INFO(LABEL, "RegisterEvent start"); + LOGI(PRI_DOMAIN, PRI_TAG, "RegisterEvent start"); if (g_isRegistered) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Status observer already registered"); + LOGD(PRI_DOMAIN, PRI_TAG, "Status observer already registered"); return; } auto skill = std::make_shared(); skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_UNLOCKED); skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_LOCKED); - skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED); skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_OFF); skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED); skill->AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_FULLY_REMOVED); @@ -57,7 +52,7 @@ void PrivacyCommonEventSubscriber::RegisterEvent() g_subscriber = std::make_shared(*info); const auto result = EventFwk::CommonEventManager::SubscribeCommonEvent(g_subscriber); if (!result) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RegisterEvent result is err"); + LOGE(PRI_DOMAIN, PRI_TAG, "RegisterEvent result is err"); return; } g_isRegistered = true; @@ -65,10 +60,10 @@ void PrivacyCommonEventSubscriber::RegisterEvent() void PrivacyCommonEventSubscriber::UnRegisterEvent() { - ACCESSTOKEN_LOG_INFO(LABEL, "UnregisterEvent start"); + LOGI(PRI_DOMAIN, PRI_TAG, "UnregisterEvent start"); const auto result = EventFwk::CommonEventManager::UnSubscribeCommonEvent(g_subscriber); if (!result) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnregisterEvent result is err"); + LOGE(PRI_DOMAIN, PRI_TAG, "UnregisterEvent result is err"); return; } g_isRegistered = false; @@ -78,27 +73,24 @@ void PrivacyCommonEventSubscriber::OnReceiveEvent(const EventFwk::CommonEventDat { const auto want = event.GetWant(); const auto action = want.GetAction(); - ACCESSTOKEN_LOG_INFO(LABEL, "Receive event(%{public}s)", action.c_str()); + LOGI(PRI_DOMAIN, PRI_TAG, "Receive event(%{public}s)", action.c_str()); if (action == EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_UNLOCKED) { - PermissionRecordManager::GetInstance() - .SetLockScreenStatus(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); + PermissionRecordManager::GetInstance().SetLockScreenStatus(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_LOCKED) { - PermissionRecordManager::GetInstance() - .SetLockScreenStatus(LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED); - } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED) { + PermissionRecordManager::GetInstance().SetLockScreenStatus(LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED); PermissionRecordManager::GetInstance().ExecuteAllCameraExecuteCallback(); } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_SCREEN_OFF) { - PermissionRecordManager::GetInstance().ExecuteAllCameraExecuteCallback(); + PermissionRecordManager::GetInstance().ExecuteDeletePermissionRecordTask(); } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED || action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_FULLY_REMOVED) { uint32_t tokenId = static_cast(want.GetParams().GetIntParam("accessTokenId", 0)); - ACCESSTOKEN_LOG_INFO(LABEL, "Receive package uninstall: tokenId=%{public}d.", tokenId); - PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId, ""); + LOGI(PRI_DOMAIN, PRI_TAG, "Receive package uninstall: tokenId=%{public}d.", tokenId); + PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId); } else if (action == EventFwk::CommonEventSupport::COMMON_EVENT_SHUTDOWN) { // when receive shut down power event, store the cache data to database immediately - PermissionUsedRecordCache::GetInstance().PersistPendingRecordsImmediately(); + PermissionRecordManager::GetInstance().UpdatePermRecImmediately(); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Action is invalid."); + LOGE(PRI_DOMAIN, PRI_TAG, "Action is invalid."); } } #endif diff --git a/services/privacymanager/src/database/data_translator.cpp b/services/privacymanager/src/database/data_translator.cpp index d6a169021d0b74fb39529c5020f06a726c67ec2a..82b81ebbde46936558bcf92e6c1cc13444d0316d 100644 --- a/services/privacymanager/src/database/data_translator.cpp +++ b/services/privacymanager/src/database/data_translator.cpp @@ -78,17 +78,25 @@ int32_t DataTranslator::TranslationGenericValuesIntoPermissionUsedRecord(const P { int32_t accessCount = inGenericValues.GetInt(PrivacyFiledConst::FIELD_ACCESS_COUNT); int32_t rejectCount = inGenericValues.GetInt(PrivacyFiledConst::FIELD_REJECT_COUNT); + std::string permission; int32_t opCode = inGenericValues.GetInt(PrivacyFiledConst::FIELD_OP_CODE); if (!Constant::TransferOpcodeToPermission(opCode, permission)) { return Constant::FAILURE; } + permissionRecord.permissionName = permission; int64_t timestamp = inGenericValues.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP); - permissionRecord.permissionName = permission; + int32_t type = inGenericValues.GetInt(PrivacyFiledConst::FIELD_USED_TYPE); if (accessCount != 0) { permissionRecord.accessCount = accessCount; + + if ((type == static_cast(PermissionUsedType::PICKER_TYPE)) || + (type == static_cast(PermissionUsedType::SECURITY_COMPONENT_TYPE))) { + permissionRecord.secAccessCount = accessCount; + } + permissionRecord.lastAccessTime = timestamp; permissionRecord.lastAccessDuration = inGenericValues.GetInt64(PrivacyFiledConst::FIELD_ACCESS_DURATION); } @@ -107,7 +115,6 @@ int32_t DataTranslator::TranslationGenericValuesIntoPermissionUsedRecord(const P int32_t lockScreenStatus = inGenericValues.GetInt(PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS); detail.lockScreenStatus = lockScreenStatus == VariantValue::DEFAULT_VALUE ? LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED : lockScreenStatus; - int32_t type = inGenericValues.GetInt(PrivacyFiledConst::FIELD_USED_TYPE); detail.type = static_cast(type); if (permissionRecord.lastAccessTime > 0) { detail.timestamp = permissionRecord.lastAccessTime; diff --git a/services/privacymanager/src/database/permission_used_record_db.cpp b/services/privacymanager/src/database/permission_used_record_db.cpp index f47b370375f8c840801053d54279dcf3ee2464af..ab67470a7e2a752da553f402640e991980c88212 100644 --- a/services/privacymanager/src/database/permission_used_record_db.cpp +++ b/services/privacymanager/src/database/permission_used_record_db.cpp @@ -15,24 +15,25 @@ #include "permission_used_record_db.h" +#include #include -#include "accesstoken_log.h" + +#include "accesstoken_common_log.h" #include "active_change_response_info.h" #include "constant.h" #include "permission_used_type.h" #include "privacy_field_const.h" +#include "time_util.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermissionUsedRecordDb" -}; constexpr const char* FIELD_COUNT_NUMBER = "count"; constexpr const char* INTEGER_STR = " integer not null,"; constexpr const char* CREATE_TABLE_STR = "create table if not exists "; constexpr const char* WHERE_1_STR = " where 1 = 1"; +constexpr const size_t TOKEN_ID_LENGTH = 11; std::recursive_mutex g_instanceMutex; } @@ -43,7 +44,8 @@ PermissionUsedRecordDb& PermissionUsedRecordDb::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PermissionUsedRecordDb(); + PermissionUsedRecordDb* tmp = new PermissionUsedRecordDb(); + instance = std::move(tmp); } } return *instance; @@ -56,21 +58,31 @@ PermissionUsedRecordDb::~PermissionUsedRecordDb() void PermissionUsedRecordDb::OnCreate() { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); + LOGI(PRI_DOMAIN, PRI_TAG, "Entry"); CreatePermissionRecordTable(); CreatePermissionUsedTypeTable(); + CreatePermissionUsedRecordToggleStatusTable(); } void PermissionUsedRecordDb::OnUpdate(int32_t version) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry"); + LOGI(PRI_DOMAIN, PRI_TAG, "Entry"); if (version == DataBaseVersion::VERISION_1) { InsertLockScreenStatusColumn(); InsertPermissionUsedTypeColumn(); CreatePermissionUsedTypeTable(); + UpdatePermissionRecordTablePrimaryKey(); + CreatePermissionUsedRecordToggleStatusTable(); } else if (version == DataBaseVersion::VERISION_2) { InsertPermissionUsedTypeColumn(); CreatePermissionUsedTypeTable(); + UpdatePermissionRecordTablePrimaryKey(); + CreatePermissionUsedRecordToggleStatusTable(); + } else if (version == DataBaseVersion::VERISION_3) { + UpdatePermissionRecordTablePrimaryKey(); + CreatePermissionUsedRecordToggleStatusTable(); + } else if (version == DataBaseVersion::VERISION_4) { + CreatePermissionUsedRecordToggleStatusTable(); } } @@ -108,21 +120,32 @@ PermissionUsedRecordDb::PermissionUsedRecordDb() : SqliteHelper(DATABASE_NAME, D PrivacyFiledConst::FIELD_USED_TYPE }; + SqliteTable permissionUsedRecordToggleStatusTable; + permissionUsedRecordToggleStatusTable.tableName_ = PERMISSION_USED_RECORD_TOGGLE_STATUS_TABLE; + permissionUsedRecordToggleStatusTable.tableColumnNames_ = { + PrivacyFiledConst::FIELD_USER_ID, + PrivacyFiledConst::FIELD_STATUS + }; + dataTypeToSqlTable_ = { {PERMISSION_RECORD, permissionRecordTable}, {PERMISSION_USED_TYPE, permissionUsedTypeTable}, + {PERMISSION_USED_RECORD_TOGGLE_STATUS, permissionUsedRecordToggleStatusTable}, }; Open(); } int32_t PermissionUsedRecordDb::Add(DataType type, const std::vector& values) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string prepareSql = CreateInsertPrepareSqlCmd(type); if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); + LOGE(PRI_DOMAIN, PRI_TAG, "Type %{public}u invalid", type); return FAILURE; } + LOGD(PRI_DOMAIN, PRI_TAG, "Add sql is %{public}s.", prepareSql.c_str()); auto statement = Prepare(prepareSql); BeginTransaction(); @@ -134,51 +157,65 @@ int32_t PermissionUsedRecordDb::Add(DataType type, const std::vector lock(this->rwLock_); std::vector columnNames = conditions.GetAllKeys(); std::string prepareSql = CreateDeletePrepareSqlCmd(type, columnNames); if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); + LOGE(PRI_DOMAIN, PRI_TAG, "Type %{public}u invalid", type); return FAILURE; } + LOGD(PRI_DOMAIN, PRI_TAG, "Remove sql is %{public}s.", prepareSql.c_str()); auto statement = Prepare(prepareSql); for (const auto& columnName : columnNames) { statement.Bind(columnName, conditions.Get(columnName)); } int32_t ret = statement.Step(); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "Remove cost %{public}" PRId64 ".", endTime - beginTime); + return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; } int32_t PermissionUsedRecordDb::FindByConditions(DataType type, const std::set& opCodeList, const GenericValues& andConditions, std::vector& results, int32_t databaseQueryCount) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::vector andColumns = andConditions.GetAllKeys(); int32_t tokenId = andConditions.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID); std::string prepareSql = CreateSelectByConditionPrepareSqlCmd(tokenId, type, opCodeList, andColumns, databaseQueryCount); if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); + LOGE(PRI_DOMAIN, PRI_TAG, "Type %{public}u invalid", type); return FAILURE; } + LOGD(PRI_DOMAIN, PRI_TAG, "FindByConditions sql is %{public}s.", prepareSql.c_str()); auto statement = Prepare(prepareSql); @@ -199,29 +236,43 @@ int32_t PermissionUsedRecordDb::FindByConditions(DataType type, const std::set lock(this->rwLock_); GenericValues countValue; std::string countSql = CreateCountPrepareSqlCmd(type); + LOGD(PRI_DOMAIN, PRI_TAG, "Count sql is %{public}s.", countSql.c_str()); auto countStatement = Prepare(countSql); if (countStatement.Step() == Statement::State::ROW) { int32_t column = 0; countValue.Put(FIELD_COUNT_NUMBER, countStatement.GetValue(column, false)); } + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "Count cost %{public}" PRId64 ".", endTime - beginTime); + return countValue.GetInt(FIELD_COUNT_NUMBER); } int32_t PermissionUsedRecordDb::DeleteExpireRecords(DataType type, const GenericValues& andConditions) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::vector andColumns = andConditions.GetAllKeys(); if (!andColumns.empty()) { std::string deleteExpireSql = CreateDeleteExpireRecordsPrepareSqlCmd(type, andColumns); + LOGD(PRI_DOMAIN, PRI_TAG, "DeleteExpireRecords sql is %{public}s.", deleteExpireSql.c_str()); auto deleteExpireStatement = Prepare(deleteExpireSql); for (const auto& columnName : andColumns) { deleteExpireStatement.Bind(columnName, andConditions.Get(columnName)); @@ -230,32 +281,73 @@ int32_t PermissionUsedRecordDb::DeleteExpireRecords(DataType type, return FAILURE; } } + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "DeleteExpireRecords cost %{public}" PRId64 ".", endTime - beginTime); + + return SUCCESS; +} + +int32_t PermissionUsedRecordDb::DeleteHistoryRecordsInTables(std::vector dateTypes, + const std::unordered_set& tokenIDList) +{ + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); + BeginTransaction(); + for (const auto& type : dateTypes) { + std::string deleteHistorySql = CreateDeleteHistoryRecordsPrepareSqlCmd(type, tokenIDList); + LOGD(PRI_DOMAIN, PRI_TAG, "DeleteHistoryRecordsInTables sql is %{public}s.", deleteHistorySql.c_str()); + auto deleteHistoryStatement = Prepare(deleteHistorySql); + if (deleteHistoryStatement.Step() != Statement::State::DONE) { + LOGE(PRI_DOMAIN, PRI_TAG, "Rollback transaction."); + RollbackTransaction(); + return FAILURE; + } + } + + LOGD(PRI_DOMAIN, PRI_TAG, "Commit transaction."); + CommitTransaction(); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "DeleteHistoryRecordsInTables cost %{public}" PRId64 ".", endTime - beginTime); + return SUCCESS; } int32_t PermissionUsedRecordDb::DeleteExcessiveRecords(DataType type, uint32_t excessiveSize) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string deleteExcessiveSql = CreateDeleteExcessiveRecordsPrepareSqlCmd(type, excessiveSize); + LOGD(PRI_DOMAIN, PRI_TAG, "DeleteExcessiveRecords sql is %{public}s.", deleteExcessiveSql.c_str()); auto deleteExcessiveStatement = Prepare(deleteExcessiveSql); if (deleteExcessiveStatement.Step() != Statement::State::DONE) { return FAILURE; } + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "DeleteExcessiveRecords cost %{public}" PRId64 ".", endTime - beginTime); + return SUCCESS; } int32_t PermissionUsedRecordDb::Update(DataType type, const GenericValues& modifyValue, const GenericValues& conditionValue) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + std::vector modifyNames = modifyValue.GetAllKeys(); std::vector conditionNames = conditionValue.GetAllKeys(); OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string prepareSql = CreateUpdatePrepareSqlCmd(type, modifyNames, conditionNames); if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); + LOGE(PRI_DOMAIN, PRI_TAG, "Type %{public}u invalid", type); return FAILURE; } + LOGD(PRI_DOMAIN, PRI_TAG, "Update sql is %{public}s.", prepareSql.c_str()); auto statement = Prepare(prepareSql); @@ -268,20 +360,33 @@ int32_t PermissionUsedRecordDb::Update(DataType type, const GenericValues& modif } int32_t ret = statement.Step(); - return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; + if (ret != Statement::State::DONE) { + LOGE(PRI_DOMAIN, PRI_TAG, + "Update table Type %{public}u failed, errCode is %{public}d, errMsg is %{public}s.", type, ret, + SpitError().c_str()); + return FAILURE; + } + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "Update cost %{public}" PRId64 ".", endTime - beginTime); + + return SUCCESS; } int32_t PermissionUsedRecordDb::Query(DataType type, const GenericValues& conditionValue, std::vector& results) { + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + std::vector conditionColumns = conditionValue.GetAllKeys(); OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::string prepareSql = CreateQueryPrepareSqlCmd(type, conditionColumns); if (prepareSql.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Type %{public}u invalid", type); + LOGE(PRI_DOMAIN, PRI_TAG, "Type %{public}u invalid.", type); return FAILURE; } + LOGD(PRI_DOMAIN, PRI_TAG, "Query sql is %{public}s.", prepareSql.c_str()); auto statement = Prepare(prepareSql); for (const auto& conditionColumn : conditionColumns) { @@ -299,6 +404,9 @@ int32_t PermissionUsedRecordDb::Query(DataType type, const GenericValues& condit results.emplace_back(value); } + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + LOGI(PRI_DOMAIN, PRI_TAG, "Query cost %{public}" PRId64 ".", endTime - beginTime); + return SUCCESS; } @@ -471,6 +579,31 @@ std::string PermissionUsedRecordDb::CreateDeleteExpireRecordsPrepareSqlCmd(DataT return sql; } +std::string PermissionUsedRecordDb::CreateDeleteHistoryRecordsPrepareSqlCmd(DataType type, + const std::unordered_set& tokenIDList) const +{ + auto it = dataTypeToSqlTable_.find(type); + if (it == dataTypeToSqlTable_.end()) { + return std::string(); + } + std::string sql = "delete from " + it->second.tableName_ + " where "; + sql.append(PrivacyFiledConst::FIELD_TOKEN_ID); + sql.append(" in ( "); + + size_t sqlLen = sql.size(); + sqlLen += TOKEN_ID_LENGTH * tokenIDList.size(); + sql.reserve(sqlLen); + + for (auto token = tokenIDList.begin(); token != tokenIDList.end(); ++token) { + sql.append(std::to_string(*token)); + if (std::next(token) != tokenIDList.end()) { + sql.append(", "); + } + } + sql.append(" )"); + return sql; +} + std::string PermissionUsedRecordDb::CreateDeleteExcessiveRecordsPrepareSqlCmd(DataType type, uint32_t excessiveSize) const { @@ -523,6 +656,8 @@ int32_t PermissionUsedRecordDb::CreatePermissionRecordTable() const .append(PrivacyFiledConst::FIELD_STATUS) .append(",") .append(PrivacyFiledConst::FIELD_TIMESTAMP) + .append(",") + .append(PrivacyFiledConst::FIELD_USED_TYPE) .append("))"); return ExecuteSql(sql); } @@ -549,6 +684,24 @@ int32_t PermissionUsedRecordDb::CreatePermissionUsedTypeTable() const return ExecuteSql(sql); } +int32_t PermissionUsedRecordDb::CreatePermissionUsedRecordToggleStatusTable() const +{ + auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS); + if (it == dataTypeToSqlTable_.end()) { + return FAILURE; + } + std::string sql = CREATE_TABLE_STR; + sql.append(it->second.tableName_ + " (") + .append(PrivacyFiledConst::FIELD_USER_ID) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_STATUS) + .append(INTEGER_STR) + .append("primary key(") + .append(PrivacyFiledConst::FIELD_USER_ID) + .append("))"); + return ExecuteSql(sql); +} + int32_t PermissionUsedRecordDb::InsertLockScreenStatusColumn() const { auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_RECORD); @@ -559,7 +712,7 @@ int32_t PermissionUsedRecordDb::InsertLockScreenStatusColumn() const PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS + "=" + std::to_string(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); int32_t checkResult = ExecuteSql(checkSql); - ACCESSTOKEN_LOG_INFO(LABEL, "Check result:%{public}d", checkResult); + LOGI(PRI_DOMAIN, PRI_TAG, "Check result:%{public}d", checkResult); if (checkResult != -1) { return SUCCESS; } @@ -570,7 +723,7 @@ int32_t PermissionUsedRecordDb::InsertLockScreenStatusColumn() const .append(" integer default ") .append(std::to_string(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED)); int32_t insertResult = ExecuteSql(sql); - ACCESSTOKEN_LOG_INFO(LABEL, "Insert column result:%{public}d", insertResult); + LOGI(PRI_DOMAIN, PRI_TAG, "Insert column result:%{public}d", insertResult); return insertResult; } @@ -584,7 +737,7 @@ int32_t PermissionUsedRecordDb::InsertPermissionUsedTypeColumn() const PrivacyFiledConst::FIELD_USED_TYPE + "=" + std::to_string(PermissionUsedType::NORMAL_TYPE); int32_t checkResult = ExecuteSql(checkSql); - ACCESSTOKEN_LOG_INFO(LABEL, "Check result:%{public}d", checkResult); + LOGI(PRI_DOMAIN, PRI_TAG, "Check result:%{public}d", checkResult); if (checkResult != -1) { return SUCCESS; } @@ -595,9 +748,97 @@ int32_t PermissionUsedRecordDb::InsertPermissionUsedTypeColumn() const .append(" integer default ") .append(std::to_string(PermissionUsedType::NORMAL_TYPE)); int32_t insertResult = ExecuteSql(sql); - ACCESSTOKEN_LOG_INFO(LABEL, "Insert column result:%{public}d", insertResult); + LOGI(PRI_DOMAIN, PRI_TAG, "Insert column result:%{public}d", insertResult); return insertResult; } + +static void CreateNewPermissionRecordTable(std::string& newTableName, std::string& createNewSql) +{ + createNewSql = CREATE_TABLE_STR; + createNewSql.append(newTableName + " (") + .append(PrivacyFiledConst::FIELD_TOKEN_ID) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_OP_CODE) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_STATUS) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_TIMESTAMP) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_ACCESS_DURATION) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_ACCESS_COUNT) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_REJECT_COUNT) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS) + .append(INTEGER_STR) + .append(PrivacyFiledConst::FIELD_USED_TYPE) + .append(INTEGER_STR) + .append("primary key(") + .append(PrivacyFiledConst::FIELD_TOKEN_ID) + .append(",") + .append(PrivacyFiledConst::FIELD_OP_CODE) + .append(",") + .append(PrivacyFiledConst::FIELD_STATUS) + .append(",") + .append(PrivacyFiledConst::FIELD_TIMESTAMP) + .append(",") + .append(PrivacyFiledConst::FIELD_USED_TYPE) + .append("))"); +} + +int32_t PermissionUsedRecordDb::UpdatePermissionRecordTablePrimaryKey() const +{ + auto it = dataTypeToSqlTable_.find(DataType::PERMISSION_RECORD); + if (it == dataTypeToSqlTable_.end()) { + return FAILURE; + } + + std::string tableName = it->second.tableName_; + std::string newTableName = it->second.tableName_ + "_new"; + std::string createNewSql; + CreateNewPermissionRecordTable(newTableName, createNewSql); + + BeginTransaction(); + + int32_t createNewRes = ExecuteSql(createNewSql); // 1、create new table with new primary key + if (createNewRes != 0) { + LOGE(PRI_DOMAIN, PRI_TAG, "Create new table failed, errCode is %{public}d, errMsg is %{public}s.", + createNewRes, SpitError().c_str()); + return FAILURE; + } + + std::string copyDataSql = "insert into " + newTableName + " select * from " + tableName; + int32_t copyDataRes = ExecuteSql(copyDataSql); // 2、copy data from old table to new table + if (copyDataRes != 0) { + LOGE(PRI_DOMAIN, PRI_TAG, "Copy data from old table failed, errCode is %{public}d, errMsg is %{public}s.", + copyDataRes, SpitError().c_str()); + RollbackTransaction(); + return FAILURE; + } + + std::string dropOldSql = "drop table " + tableName; + int32_t dropOldRes = ExecuteSql(dropOldSql); // 3、drop old table + if (dropOldRes != 0) { + LOGE(PRI_DOMAIN, PRI_TAG, "Drop old table failed, errCode is %{public}d, errMsg is %{public}s.", + dropOldRes, SpitError().c_str()); + RollbackTransaction(); + return FAILURE; + } + + std::string renameSql = "alter table " + newTableName + " rename to " + tableName; + int32_t renameRes = ExecuteSql(renameSql); // 4、rename new table to old + if (renameRes != 0) { + LOGE(PRI_DOMAIN, PRI_TAG, "Rename table failed, errCode is %{public}d, errMsg is %{public}s.", + renameRes, SpitError().c_str()); + RollbackTransaction(); + return FAILURE; + } + + CommitTransaction(); + + return SUCCESS; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/privacymanager/src/database/privacy_field_const.cpp b/services/privacymanager/src/database/privacy_field_const.cpp index 845efa00da23db6e122398868943fdf00033e817..3dfe464a3363821847b0947e78df2e80814387ba 100644 --- a/services/privacymanager/src/database/privacy_field_const.cpp +++ b/services/privacymanager/src/database/privacy_field_const.cpp @@ -17,6 +17,7 @@ namespace OHOS { namespace Security { namespace AccessToken { +const std::string PrivacyFiledConst::FIELD_USER_ID = "user_id"; const std::string PrivacyFiledConst::FIELD_TOKEN_ID = "token_id"; const std::string PrivacyFiledConst::FIELD_DEVICE_ID = "device_id"; const std::string PrivacyFiledConst::FIELD_OP_CODE = "op_code"; diff --git a/services/common/power_manager/src/power_manager_loader.cpp b/services/privacymanager/src/proxy/privacy_manager_proxy_death_param.cpp similarity index 52% rename from services/common/power_manager/src/power_manager_loader.cpp rename to services/privacymanager/src/proxy/privacy_manager_proxy_death_param.cpp index bab03d3cc251f3315cf6521d7691adc271580c1b..8950da190e49819de4c96e20145f39935db9b047 100644 --- a/services/common/power_manager/src/power_manager_loader.cpp +++ b/services/privacymanager/src/proxy/privacy_manager_proxy_death_param.cpp @@ -12,40 +12,32 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "power_manager_loader.h" -#include "power_mgr_client.h" +#include "privacy_manager_proxy_death_param.h" + +#include "accesstoken_common_log.h" +#include "permission_record_manager.h" namespace OHOS { namespace Security { namespace AccessToken { -bool PowerManagerLoader::IsScreenOn() -{ - bool isScreenOn = PowerMgr::PowerMgrClient::GetInstance().IsScreenOn(); - delete &PowerMgr::PowerMgrClient::GetInstance(); - return isScreenOn; -} -void PowerManagerLoader::WakeupDevice() -{ - PowerMgr::PowerMgrClient::GetInstance().WakeupDevice(); - delete &PowerMgr::PowerMgrClient::GetInstance(); -} +PrivacyManagerProxyDeathParam::PrivacyManagerProxyDeathParam(int32_t pid): pid_(pid) {} -extern "C" { -void* Create() +void PrivacyManagerProxyDeathParam::ProcessParam() { - return reinterpret_cast(new PowerManagerLoader); + LOGI(PRI_DOMAIN, PRI_TAG, "Remove by caller pid, pid = %{public}d.", pid_); + PermissionRecordManager::GetInstance().RemoveRecordFromStartListByCallerPid(pid_); } -void Destroy(void* loaderPtr) +bool PrivacyManagerProxyDeathParam::IsEqual(ProxyDeathParam* param) { - PowerManagerLoaderInterface* loader = reinterpret_cast(loaderPtr); - if (loader != nullptr) { - delete loader; + if (param == nullptr) { + return false; } -} + return pid_ == (reinterpret_cast(param))->pid_; } } // namespace AccessToken } // namespace Security } // namespace OHOS + diff --git a/services/privacymanager/src/record/on_permission_used_record_callback_proxy.cpp b/services/privacymanager/src/record/on_permission_used_record_callback_proxy.cpp index ce1c59c41efbce64246131b94e79854f62c5ed71..66b8b769895913afca56e21820eb1c75ad454e50 100644 --- a/services/privacymanager/src/record/on_permission_used_record_callback_proxy.cpp +++ b/services/privacymanager/src/record/on_permission_used_record_callback_proxy.cpp @@ -15,17 +15,12 @@ #include "on_permission_used_record_callback_proxy.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "permission_used_result_parcel.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "OnPermissionUsedRecordCallbackProxy" -}; -} OnPermissionUsedRecordCallbackProxy::OnPermissionUsedRecordCallbackProxy(const sptr& impl) : IRemoteProxy(impl) { @@ -39,14 +34,14 @@ void OnPermissionUsedRecordCallbackProxy::OnQueried(ErrCode code, PermissionUsed MessageParcel data; data.WriteInterfaceToken(OnPermissionUsedRecordCallback::GetDescriptor()); if (!data.WriteInt32(code)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(code)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(code)"); return; } PermissionUsedResultParcel usedResultParcel; usedResultParcel.result = result; if (!data.WriteParcelable(&usedResultParcel)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteParcelable(result)"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteParcelable(result)"); return; } @@ -54,17 +49,17 @@ void OnPermissionUsedRecordCallbackProxy::OnQueried(ErrCode code, PermissionUsed MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remote service null."); + LOGE(PRI_DOMAIN, PRI_TAG, "Remote service null."); return; } int32_t requestResult = remote->SendRequest( static_cast(PrivacyPermissionRecordInterfaceCode::ON_QUERIED), data, reply, option); if (requestResult != NO_ERROR) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request fail, result: %{public}d", requestResult); + LOGE(PRI_DOMAIN, PRI_TAG, "Send request fail, result: %{public}d", requestResult); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "SendRequest success"); + LOGI(PRI_DOMAIN, PRI_TAG, "SendRequest success"); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/src/record/permission_record.cpp b/services/privacymanager/src/record/permission_record.cpp index 32f41a03d9cd18fc60f335b1d4550c2840bc2ce8..f10615fa2e1e71f8c5b8f3b9d4e3b453ac811c7c 100644 --- a/services/privacymanager/src/record/permission_record.cpp +++ b/services/privacymanager/src/record/permission_record.cpp @@ -48,6 +48,65 @@ void PermissionRecord::TranslationIntoPermissionRecord(const GenericValues& valu record.lockScreenStatus = lockScreenStatus == VariantValue::DEFAULT_VALUE ? LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED : lockScreenStatus; } + +bool ContinusPermissionRecord::IsPidValid(int32_t pid) +{ + return pid > 0; +} + +bool ContinusPermissionRecord::operator < (const ContinusPermissionRecord& other) const +{ + if (tokenId != other.tokenId) { + return tokenId < other.tokenId; + } else if (opCode != other.opCode) { + return opCode < other.opCode; + } else if (pid != other.pid) { + return pid < other.pid; + } + return callerPid < other.callerPid; +} + +uint64_t ContinusPermissionRecord::GetTokenIdAndPermCode() const +{ + // 32 bit + return (static_cast(this->tokenId) << 32) | (static_cast(this->opCode) & 0xFFFFFFFF); +} + +uint64_t ContinusPermissionRecord::GetTokenIdAndPid() const +{ + uint32_t tmpPid = (pid <= 0) ? 0 : (uint32_t)pid; + return ((uint64_t)tmpPid << 32) | ((uint64_t)tokenId & 0xFFFFFFFF); // 32: bit +} + +bool ContinusPermissionRecord::IsEqualRecord(const ContinusPermissionRecord& record) const +{ + return IsEqualTokenIdAndPid(record) && IsEqualPermCode(record) && IsEqualCallerPid(record); +} + +bool ContinusPermissionRecord::IsEqualTokenId(const ContinusPermissionRecord& record) const +{ + return tokenId == record.tokenId; +} + +bool ContinusPermissionRecord::IsEqualPermCode(const ContinusPermissionRecord& record) const +{ + return record.opCode == opCode; +} + +bool ContinusPermissionRecord::IsEqualCallerPid(const ContinusPermissionRecord& record) const +{ + return record.callerPid == callerPid; +} + +bool ContinusPermissionRecord::IsEqualPid(const ContinusPermissionRecord& record) const +{ + return !IsPidValid(record.pid) || record.pid == pid; +} + +bool ContinusPermissionRecord::IsEqualTokenIdAndPid(const ContinusPermissionRecord& record) const +{ + return tokenId == record.tokenId && IsEqualPid(record); +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 224367eae5d8bbc1b365cac6cc0f5c8250f02ff3..c4ab4f4851c412a1c8d8097e4d2928aef740c888 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -19,57 +19,62 @@ #include #include -#include "ability_manager_access_client.h" +#ifndef APP_SECURITY_PRIVACY_SERVICE +#include "ability_manager_access_loader.h" +#endif #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "active_status_callback_manager.h" #include "app_manager_access_client.h" -#include "audio_manager_privacy_client.h" -#include "camera_manager_privacy_client.h" -#include "config_policy_loader.h" +#include "audio_manager_adapter.h" +#include "camera_manager_adapter.h" #include "constant.h" #include "constant_common.h" #include "data_translator.h" #include "i_state_change_callback.h" +#include "ipc_skeleton.h" #include "iservice_registry.h" +#include "json_parse_loader.h" #include "libraryloader.h" #include "parameter.h" #include "parcel_utils.h" -#include "permission_record_repository.h" -#include "permission_used_record_cache.h" -#include "power_manager_loader.h" +#include "permission_record_set.h" +#include "permission_used_record_db.h" #include "privacy_error.h" #include "privacy_field_const.h" #include "refbase.h" +#include "screenlock_manager_loader.h" #include "state_change_callback_proxy.h" #include "system_ability_definition.h" #include "time_util.h" -#include "want.h" #ifdef CAMERA_FLOAT_WINDOW_ENABLE -#include "window_manager_loader.h" +#include "privacy_window_manager_client.h" +#include "scene_board_judgement.h" #endif namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermissionRecordManager" -}; static const int32_t VALUE_MAX_LEN = 32; -constexpr const char* DEFAULT_DEVICEID = "0"; constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE"; constexpr const char* EDM_MIC_MUTE_KEY = "persist.edm.mic_disable"; +constexpr const char* EDM_CAMERA_MUTE_KEY = "persist.edm.camera_disable"; +#ifndef APP_SECURITY_PRIVACY_SERVICE constexpr const char* DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME = "com.ohos.permissionmanager"; constexpr const char* DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY = "com.ohos.permissionmanager.GlobalExtAbility"; -constexpr const char* RESOURCE_KEY = "ohos.sensitive.resource"; +#endif static const int32_t DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM = 500000; static const int32_t DEFAULT_PERMISSION_USED_RECORD_AGING_TIME = 7; static const uint32_t NORMAL_TYPE_ADD_VALUE = 1; static const uint32_t PICKER_TYPE_ADD_VALUE = 2; static const uint32_t SEC_COMPONENT_TYPE_ADD_VALUE = 4; +static constexpr int64_t ONE_MINUTE_MILLISECONDS = 60 * 1000; // 1 min = 60 * 1000 ms +static constexpr int32_t MAX_USER_ID = 10736; +static constexpr int32_t BASE_USER_RANGE = 200000; +constexpr const char* EDM_PROCESS_NAME = "edm"; std::recursive_mutex g_instanceMutex; } PermissionRecordManager& PermissionRecordManager::GetInstance() @@ -78,7 +83,8 @@ PermissionRecordManager& PermissionRecordManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PermissionRecordManager(); + PermissionRecordManager* tmp = new PermissionRecordManager(); + instance = std::move(tmp); } } return *instance; @@ -101,12 +107,10 @@ PermissionRecordManager::~PermissionRecordManager() Unregister(); } -void PrivacyAppStateObserver::OnForegroundApplicationChanged(const AppStateData &appStateData) +void PrivacyAppStateObserver::OnAppStateChanged(const AppStateData &appStateData) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "OnChange(id=%{public}d, state=%{public}d).", - appStateData.accessTokenId, appStateData.state); - - uint32_t tokenId = appStateData.accessTokenId; + LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, pid=%{public}d, state=%{public}d).", + appStateData.accessTokenId, appStateData.pid, appStateData.state); ActiveChangeType status = PERM_INACTIVE; if (appStateData.state == static_cast(ApplicationState::APP_STATE_FOREGROUND)) { @@ -114,12 +118,12 @@ void PrivacyAppStateObserver::OnForegroundApplicationChanged(const AppStateData } else if (appStateData.state == static_cast(ApplicationState::APP_STATE_BACKGROUND)) { status = PERM_ACTIVE_IN_BACKGROUND; } - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, status); + PermissionRecordManager::GetInstance().NotifyAppStateChange(appStateData.accessTokenId, appStateData.pid, status); } -void PrivacyAppStateObserver::OnApplicationStateChanged(const AppStateData &appStateData) +void PrivacyAppStateObserver::OnAppStopped(const AppStateData &appStateData) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "OnChange(id=%{public}d, state=%{public}d).", + LOGI(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}d, state=%{public}d).", appStateData.accessTokenId, appStateData.state); if (appStateData.state == static_cast(ApplicationState::APP_STATE_TERMINATED)) { @@ -129,10 +133,10 @@ void PrivacyAppStateObserver::OnApplicationStateChanged(const AppStateData &appS void PrivacyAppStateObserver::OnProcessDied(const ProcessData &processData) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "OnChange(id=%{public}d, state=%{public}d).", - processData.accessTokenId, processData.state); + LOGD(PRI_DOMAIN, PRI_TAG, "OnChange(id=%{public}u, pid=%{public}d, state=%{public}d).", + processData.accessTokenId, processData.pid, processData.state); - PermissionRecordManager::GetInstance().RemoveRecordFromStartListByToken(processData.accessTokenId); + PermissionRecordManager::GetInstance().RemoveRecordFromStartListByPid(processData.accessTokenId, processData.pid); } void PrivacyAppManagerDeathCallback::NotifyAppManagerDeath() @@ -140,25 +144,177 @@ void PrivacyAppManagerDeathCallback::NotifyAppManagerDeath() PermissionRecordManager::GetInstance().OnAppMgrRemoteDiedHandle(); } -void PermissionRecordManager::AddRecord(const PermissionRecord& record) +void PermissionRecordManager::AddRecToCacheAndValueVec(const PermissionRecord& record, + std::vector& values) +{ + PermissionRecordCache cache; + cache.record = record; + permUsedRecList_.emplace_back(cache); + + GenericValues value; + PermissionRecord::TranslationIntoGenericValues(record, value); + values.emplace_back(value); +} + +static bool RecordMergeCheck(const PermissionRecord& record1, const PermissionRecord& record2) +{ + // timestamp in the same minute + if (!AccessToken::TimeUtil::IsTimeStampsSameMinute(record1.timestamp, record2.timestamp)) { + return false; + } + + // the same tokenID + opCode + status + lockScreenStatus + usedType + if ((record1.tokenId != record2.tokenId) || + (record1.opCode != record2.opCode) || + (record1.status != record2.status) || + (record1.lockScreenStatus != record2.lockScreenStatus) || + (record1.type != record2.type)) { + return false; + } + + // both success + if (((record1.accessCount > 0) && (record2.accessCount == 0)) || + ((record1.accessCount == 0) && (record2.accessCount > 0))) { + return false; + } + + // both failure + if (((record1.rejectCount > 0) && (record2.rejectCount == 0)) || + ((record1.rejectCount == 0) && (record2.rejectCount > 0))) { + return false; + } + + return true; +} + +int32_t PermissionRecordManager::MergeOrInsertRecord(const PermissionRecord& record) { + std::vector insertRecords; + { + std::lock_guard lock(permUsedRecMutex_); + if (permUsedRecList_.empty()) { + LOGI(PRI_DOMAIN, PRI_TAG, "First record in cache!"); + + AddRecToCacheAndValueVec(record, insertRecords); + } else { + bool mergeFlag = false; + for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) { + if (RecordMergeCheck(it->record, record)) { + LOGI(PRI_DOMAIN, PRI_TAG, "Merge record, ori timestamp is %{public}" PRId64 ".", + it->record.timestamp); + + // merge new record to older one if match the merge condition + it->record.accessCount += record.accessCount; + it->record.rejectCount += record.rejectCount; + + // set update flag to true + it->needUpdateToDb = true; + mergeFlag = true; + break; + } + } + + if (!mergeFlag) { + // record can't merge store to database immediately and add to cache + AddRecToCacheAndValueVec(record, insertRecords); + } + } + } + + if (insertRecords.empty()) { + return Constant::SUCCESS; + } + Utils::UniqueWriteGuard lk(this->rwLock_); - ACCESSTOKEN_LOG_INFO(LABEL, - "Add record: id %{public}d, opCode %{public}d, status: %{public}d," - "lockScreenStatus %{public}d, timestamp %{public}" PRId64 ", type %{public}d", - record.tokenId, record.opCode, record.status, record.lockScreenStatus, record.timestamp, record.type); - PermissionUsedRecordCache::GetInstance().AddRecordToBuffer(record); + int32_t res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, + insertRecords); + if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { + LOGI(PRI_DOMAIN, PRI_TAG, "Add permission_record_table failed!"); + return res; + } + + LOGI(PRI_DOMAIN, PRI_TAG, "Add record, id %{public}d, op %{public}d, status: %{public}d, sucCnt: %{public}d, " + "failCnt: %{public}d, lockScreenStatus %{public}d, timestamp %{public}" PRId64 ", type %{public}d.", + record.tokenId, record.opCode, record.status, record.accessCount, record.rejectCount, record.lockScreenStatus, + record.timestamp, record.type); + + return Constant::SUCCESS; +} + +bool PermissionRecordManager::UpdatePermissionUsedRecordToDb(const PermissionRecord& record) +{ + GenericValues modifyValue; + modifyValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount); + modifyValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount); + + GenericValues conditionValue; + conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(record.tokenId)); + conditionValue.Put(PrivacyFiledConst::FIELD_OP_CODE, record.opCode); + conditionValue.Put(PrivacyFiledConst::FIELD_STATUS, record.status); + conditionValue.Put(PrivacyFiledConst::FIELD_TIMESTAMP, record.timestamp); + conditionValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, record.type); + + { + Utils::UniqueWriteGuard lk(this->rwLock_); + return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, + modifyValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS); + } +} + +int32_t PermissionRecordManager::AddRecord(const PermissionRecord& record) +{ + int32_t res = MergeOrInsertRecord(record); + if (res != Constant::SUCCESS) { + return res; + } + + int64_t updateStamp = record.timestamp - ONE_MINUTE_MILLISECONDS; // timestamp less than 1 min from now + std::lock_guard lock(permUsedRecMutex_); + auto it = permUsedRecList_.begin(); + while (it != permUsedRecList_.end()) { + if ((it->record.timestamp > updateStamp) || (it->record.opCode != record.opCode)) { + // record from cache less than updateStamp may merge, ignore them + ++it; + continue; + } + + /* + needUpdateToDb: + - flase means record not merge, when the timestamp of those records less than 1 min from now + they can not merge any more, remove them from cache + - true means record has merged, need to update database before remove from cache + whether update database succeed or not, recod remove from cache + */ + if ((it->needUpdateToDb) && (!UpdatePermissionUsedRecordToDb(it->record))) { + LOGE(PRI_DOMAIN, PRI_TAG, "Record with timestamp %{public}" PRId64 "update database failed!", + it->record.timestamp); + } + + it = permUsedRecList_.erase(it); + } + + return Constant::SUCCESS; +} + +void PermissionRecordManager::UpdatePermRecImmediately() +{ + std::lock_guard lock(permUsedRecMutex_); + for (auto it = permUsedRecList_.begin(); it != permUsedRecList_.end(); ++it) { + if (it->needUpdateToDb) { + UpdatePermissionUsedRecordToDb(it->record); + } + } } int32_t PermissionRecordManager::GetPermissionRecord(const AddPermParamInfo& info, PermissionRecord& record) { if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Not hap(%{public}d).", info.tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", info.tokenId); return PrivacyError::ERR_PARAM_INVALID; } int32_t opCode; if (!Constant::TransferPermissionToOpcode(info.permissionName, opCode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid perm(%{public}s)", info.permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", info.permissionName.c_str()); return PrivacyError::ERR_PERMISSION_NOT_EXIST; } if (GetMuteStatus(info.permissionName, EDM)) { @@ -174,7 +330,7 @@ int32_t PermissionRecordManager::GetPermissionRecord(const AddPermParamInfo& inf record.timestamp = AccessToken::TimeUtil::GetCurrentTimestamp(); record.accessDuration = 0; record.type = info.type; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Record status: %{public}d", record.status); + LOGD(PRI_DOMAIN, PRI_TAG, "Record status: %{public}d", record.status); return Constant::SUCCESS; } @@ -200,14 +356,15 @@ bool PermissionRecordManager::AddOrUpdateUsedTypeIfNeeded(const AccessTokenID to conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode); std::vector results; - if (!PermissionRecordRepository::GetInstance().Query( - PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, conditionValue, results)) { + int32_t res = PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, + conditionValue, results); + if (res != PermissionUsedRecordDb::SUCCESS) { return false; } if (results.empty()) { // empty means there is no permission used type record, add it - ACCESSTOKEN_LOG_DEBUG(LABEL, "No exsit record, add it."); + LOGD(PRI_DOMAIN, PRI_TAG, "No exsit record, add it."); GenericValues recordValue; recordValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); @@ -216,39 +373,60 @@ bool PermissionRecordManager::AddOrUpdateUsedTypeIfNeeded(const AccessTokenID to std::vector recordValues; recordValues.emplace_back(recordValue); - if (!PermissionRecordRepository::GetInstance().Add( - PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, recordValues)) { + res = PermissionUsedRecordDb::GetInstance().Add(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, + recordValues); + if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { return false; } } else { // not empty means there is permission used type record exsit, update it if needed uint32_t dbType = static_cast(results[0].GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Record exsit, type is %{public}u.", dbType); + LOGD(PRI_DOMAIN, PRI_TAG, "Record exsit, type is %{public}u.", dbType); if ((dbType & inputType) == inputType) { // true means visitTypeEnum has exsits, no need to add - ACCESSTOKEN_LOG_DEBUG(LABEL, "Used type has add."); + LOGD(PRI_DOMAIN, PRI_TAG, "Used type has add."); return true; } else { results[0].Remove(PrivacyFiledConst::FIELD_USED_TYPE); dbType |= inputType; // false means visitTypeEnum not exsits, update record - ACCESSTOKEN_LOG_DEBUG(LABEL, "Used type not add, generate new %{public}u.", dbType); + LOGD(PRI_DOMAIN, PRI_TAG, "Used type not add, generate new %{public}u.", dbType); GenericValues newValue; newValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast(dbType)); - return PermissionRecordRepository::GetInstance().Update( - PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, newValue, results[0]); + return (PermissionUsedRecordDb::GetInstance().Update(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, + newValue, results[0]) == PermissionUsedRecordDb::ExecuteResult::SUCCESS); } } return true; } +bool PermissionRecordManager::CheckPermissionUsedRecordToggleStatus(int32_t userID) +{ + auto it = permUsedRecToggleStatusMap_.find(userID); + if (it != permUsedRecToggleStatusMap_.end()) { + LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d.", it->first, it->second ? 1 : 0); + return it->second; + } + LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d not exist record, return true.", userID); + return true; +} + int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& info) { - ExecuteDeletePermissionRecordTask(); + HapTokenInfo tokenInfo; + if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != Constant::SUCCESS) { + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", info.tokenId); + return PrivacyError::ERR_TOKENID_NOT_EXIST; + } + + if (!CheckPermissionUsedRecordToggleStatus(tokenInfo.userID)) { + LOGI(PRI_DOMAIN, PRI_TAG, "The permission used record toggle status is false."); + return PrivacyError::PRIVACY_TOGGELE_RESTRICTED; + } if ((info.successCount == 0) && (info.failCount == 0)) { return PrivacyError::ERR_PARAM_INVALID; @@ -260,42 +438,209 @@ int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& return result; } - AddRecord(record); + result = AddRecord(record); + if (result != Constant::SUCCESS) { + return result; + } + return AddOrUpdateUsedTypeIfNeeded( info.tokenId, record.opCode, info.type) ? Constant::SUCCESS : Constant::FAILURE; } -void PermissionRecordManager::RemovePermissionUsedType(AccessTokenID tokenId) +int32_t PermissionRecordManager::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) +{ + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + if (!PermissionRecordManager::IsUserIdValid(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid."); + return PrivacyError::ERR_PARAM_INVALID; + } + + if (!status) { + std::unordered_set tokenIDList; + int32_t ret = AccessTokenKit::GetTokenIDByUserID(userID, tokenIDList); + if (ret != RET_SUCCESS) { + return Constant::FAILURE; + } + if (!tokenIDList.empty()) { + RemoveHistoryPermissionUsedRecords(tokenIDList); + } + } + + if (!UpdatePermUsedRecToggleStatusMap(userID, status)) { + LOGD(PRI_DOMAIN, PRI_TAG, "The status is the same as that set last time, not need to update database."); + return Constant::SUCCESS; + } + + if (!AddOrUpdateUsedStatusIfNeeded(userID, status)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to AddOrUpdateUsedStatusIfNeeded."); + return Constant::FAILURE; + } + + return Constant::SUCCESS; +} + +bool PermissionRecordManager::UpdatePermUsedRecToggleStatusMap(int32_t userID, bool status) +{ + std::lock_guard lock(permUsedRecToggleStatusMutex_); + auto it = permUsedRecToggleStatusMap_.find(userID); + if (it == permUsedRecToggleStatusMap_.end()) { + permUsedRecToggleStatusMap_.insert(std::make_pair(userID, status)); + return true; + } else { + if (it->second != status) { + it->second = status; + return true; + } + } + + return false; +} + +bool PermissionRecordManager::AddOrUpdateUsedStatusIfNeeded(int32_t userID, bool status) +{ + GenericValues conditionValue; + conditionValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID); + + std::vector results; + int32_t res = PermissionUsedRecordDb::GetInstance().Query( + PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, conditionValue, results); + if (res != PermissionUsedRecordDb::SUCCESS) { + return false; + } + + if (results.empty()) { + // empty means there is no user record, add it + LOGD(PRI_DOMAIN, PRI_TAG, "No exsit record, add it."); + + GenericValues recordValue; + recordValue.Put(PrivacyFiledConst::FIELD_USER_ID, userID); + recordValue.Put(PrivacyFiledConst::FIELD_STATUS, status); + + std::vector recordValues; + recordValues.emplace_back(recordValue); + int32_t res = PermissionUsedRecordDb::GetInstance().Add( + PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, recordValues); + if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { + return false; + } + } else { + LOGD(PRI_DOMAIN, PRI_TAG, "Exsit record, update it."); + GenericValues newValue; + newValue.Put(PrivacyFiledConst::FIELD_STATUS, static_cast(status)); + return (PermissionUsedRecordDb::GetInstance().Update( + PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, + newValue, conditionValue) == PermissionUsedRecordDb::ExecuteResult::SUCCESS); + } + + return true; +} + +int32_t PermissionRecordManager::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) { - GenericValues conditionValues; - conditionValues.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); - PermissionRecordRepository::GetInstance().Remove( - PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, conditionValues); + if (userID == 0) { + userID = IPCSkeleton::GetCallingUid() / BASE_USER_RANGE; + } + + if (!PermissionRecordManager::IsUserIdValid(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "UserID is invalid."); + return PrivacyError::ERR_PARAM_INVALID; + } + + auto it = permUsedRecToggleStatusMap_.find(userID); + if (it == permUsedRecToggleStatusMap_.end()) { + status = true; + } else { + status = it->second; + } + + return Constant::SUCCESS; } -void PermissionRecordManager::RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID) +void PermissionRecordManager::UpdatePermUsedRecToggleStatusMapFromDb() { - // only support remove by tokenId(local) - std::string device = GetDeviceId(tokenId); - if (!deviceID.empty() && device != deviceID) { - ACCESSTOKEN_LOG_ERROR(LABEL, "DeviceID mismatch"); + std::vector permUsedRecordToggleStatusRes; + GenericValues conditionValue; + + int32_t res = PermissionUsedRecordDb::GetInstance().Query( + PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS, + conditionValue, permUsedRecordToggleStatusRes); + if (res != PermissionUsedRecordDb::SUCCESS || permUsedRecordToggleStatusRes.empty()) { + LOGE(PRI_DOMAIN, PRI_TAG, "Not exsit record, res:%{public}d.", res); return; } - Utils::UniqueWriteGuard lk(this->rwLock_); - PermissionUsedRecordCache::GetInstance().RemoveRecords(tokenId); // remove from cache and database - RemovePermissionUsedType(tokenId); + int32_t userID = 0; + bool status = true; + auto it = permUsedRecordToggleStatusRes.begin(); + while (it != permUsedRecordToggleStatusRes.end()) { + userID = it->GetInt(PrivacyFiledConst::FIELD_USER_ID); + status = static_cast(it->GetInt(PrivacyFiledConst::FIELD_STATUS)); + UpdatePermUsedRecToggleStatusMap(userID, status); + ++it; + } + return; +} + +void PermissionRecordManager::RemoveHistoryPermissionUsedRecords(std::unordered_set tokenIDList) +{ + // remove from database + std::vector dataTypes; + dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_RECORD); + dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE); + PermissionUsedRecordDb::GetInstance().DeleteHistoryRecordsInTables(dataTypes, tokenIDList); + + { + // remove from record cache + std::lock_guard lock(permUsedRecMutex_); + auto it = permUsedRecList_.begin(); + while (it != permUsedRecList_.end()) { + if (tokenIDList.find(it->record.tokenId) != tokenIDList.end()) { + it = permUsedRecList_.erase(it); + } else { + ++it; + } + } + } +} + +void PermissionRecordManager::RemovePermissionUsedRecords(AccessTokenID tokenId) +{ + { + // remove from record cache + std::lock_guard lock(permUsedRecMutex_); + auto it = permUsedRecList_.begin(); + while (it != permUsedRecList_.end()) { + if (tokenId == it->record.tokenId) { + it = permUsedRecList_.erase(it); + } else { + ++it; + } + } + } + + GenericValues conditions; + conditions.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + { + // remove from database + Utils::UniqueWriteGuard lk(this->rwLock_); + PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, conditions); + PermissionUsedRecordDb::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, + conditions); + } + + // remove from start list RemoveRecordFromStartListByToken(tokenId); } int32_t PermissionRecordManager::GetPermissionUsedRecords( const PermissionUsedRequest& request, PermissionUsedResult& result) { - ExecuteDeletePermissionRecordTask(); - if (!request.isRemote && !GetRecordsFromLocalDB(request, result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to GetRecordsFromLocalDB"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to GetRecordsFromLocalDB"); return PrivacyError::ERR_PARAM_INVALID; } return Constant::SUCCESS; @@ -305,7 +650,7 @@ int32_t PermissionRecordManager::GetPermissionUsedRecordsAsync( const PermissionUsedRequest& request, const sptr& callback) { auto task = [request, callback]() { - ACCESSTOKEN_LOG_INFO(LABEL, "GetPermissionUsedRecordsAsync task called"); + LOGI(PRI_DOMAIN, PRI_TAG, "GetPermissionUsedRecordsAsync task called"); PermissionUsedResult result; int32_t retCode = PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request, result); callback->OnQueried(retCode, result); @@ -315,10 +660,56 @@ int32_t PermissionRecordManager::GetPermissionUsedRecordsAsync( return Constant::SUCCESS; } +static void TransferToOpcode(const std::vector& permissionList, std::set& opCodeList) +{ + for (const auto& permission : permissionList) { + int32_t opCode = Constant::OP_INVALID; + if (Constant::TransferPermissionToOpcode(permission, opCode)) { + opCodeList.insert(opCode); + } + } +} + +void PermissionRecordManager::GetMergedRecordsFromCache(std::vector& mergedRecords) +{ + std::lock_guard lock(permUsedRecMutex_); + for (const auto& cache : permUsedRecList_) { + if (cache.needUpdateToDb) { + mergedRecords.emplace_back(cache.record); + } + } +} + +void PermissionRecordManager::InsteadMergedRecIfNecessary(GenericValues& queryValue, + std::vector& mergedRecords) +{ + uint32_t tokenId = static_cast(queryValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)); + int32_t opCode = queryValue.GetInt(PrivacyFiledConst::FIELD_OP_CODE); + int32_t status = queryValue.GetInt(PrivacyFiledConst::FIELD_STATUS); + int64_t timestamp = queryValue.GetInt64(PrivacyFiledConst::FIELD_TIMESTAMP); + PermissionUsedType type = static_cast(queryValue.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); + + for (const auto& record : mergedRecords) { + if ((tokenId == record.tokenId) && + (opCode == record.opCode) && + (status == record.status) && + (timestamp == record.timestamp) && + (type == record.type)) { + // find merged record, instead accessCount and rejectCount + queryValue.Remove(PrivacyFiledConst::FIELD_ACCESS_COUNT); + queryValue.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, record.accessCount); + queryValue.Remove(PrivacyFiledConst::FIELD_REJECT_COUNT); + queryValue.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, record.rejectCount); + return; + } + } +} + void PermissionRecordManager::MergeSamePermission(const PermissionUsageFlag& flag, const PermissionUsedRecord& inRecord, PermissionUsedRecord& outRecord) { outRecord.accessCount += inRecord.accessCount; + outRecord.secAccessCount += inRecord.secAccessCount; outRecord.rejectCount += inRecord.rejectCount; // update lastAccessTime、lastRejectTime and lastAccessDuration to the nearer one @@ -366,7 +757,7 @@ bool PermissionRecordManager::FillBundleUsedRecord(const GenericValues& value, c // translate database value into PermissionUsedRecord value PermissionUsedRecord record; if (DataTranslator::TranslationGenericValuesIntoPermissionUsedRecord(flag, value, record) != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to transform op(%{public}d)", + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to transform op(%{public}d)", value.GetInt(PrivacyFiledConst::FIELD_OP_CODE)); return false; } @@ -393,7 +784,7 @@ static void AddDebugLog(const AccessTokenID tokenId, const BundleUsedRecord& bun tokenTotalSuccCount += permissionRecord.accessCount; tokenTotalFailCount += permissionRecord.rejectCount; } - ACCESSTOKEN_LOG_INFO(LABEL, "TokenId %{public}d[%{public}s] get %{public}d records, success %{public}d," + LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d[%{public}s] get %{public}d records, success %{public}d," " failure %{public}d", tokenId, bundleRecord.bundleName.c_str(), queryCount, tokenTotalSuccCount, tokenTotalFailCount); totalSuccCount += tokenTotalSuccCount; @@ -404,34 +795,36 @@ bool PermissionRecordManager::GetRecordsFromLocalDB(const PermissionUsedRequest& { GenericValues andConditionValues; if (DataTranslator::TranslationIntoGenericValues(request, andConditionValues) != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Query time or flag is invalid"); + LOGE(PRI_DOMAIN, PRI_TAG, "Query time or flag is invalid"); return false; } - // sumarry don't limit querry data num, detail do int32_t dataLimitNum = request.flag == FLAG_PERMISSION_USAGE_DETAIL ? MAX_ACCESS_RECORD_SIZE : recordSizeMaximum_; int32_t totalSuccCount = 0; int32_t totalFailCount = 0; - std::vector findRecordsValues; + std::vector findRecordsValues; // summary don't limit querry data num, detail do - { - // find records from cache and database - Utils::UniqueReadGuard lk(this->rwLock_); - PermissionUsedRecordCache::GetInstance().GetRecords(request.permissionList, andConditionValues, - findRecordsValues, dataLimitNum); - } + std::set opCodeList; + TransferToOpcode(request.permissionList, opCodeList); + PermissionUsedRecordDb::GetInstance().FindByConditions(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, + opCodeList, andConditionValues, findRecordsValues, dataLimitNum); uint32_t currentCount = findRecordsValues.size(); // handle query result if (currentCount == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "No record match the condition."); + LOGI(PRI_DOMAIN, PRI_TAG, "No record match the condition."); return true; } + std::vector mergedRecords; + GetMergedRecordsFromCache(mergedRecords); + std::set tokenIdList; std::map tokenIdToBundleMap; std::map tokenIdToCountMap; - for (const auto& recordValue : findRecordsValues) { + for (auto& recordValue : findRecordsValues) { + InsteadMergedRecIfNecessary(recordValue, mergedRecords); + int32_t tokenId = recordValue.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID); if (tokenIdList.count(tokenId) == 0) { tokenIdList.insert(tokenId); // new tokenId, inset into set @@ -453,12 +846,11 @@ bool PermissionRecordManager::GetRecordsFromLocalDB(const PermissionUsedRequest& for (auto iter = tokenIdToBundleMap.begin(); iter != tokenIdToBundleMap.end(); ++iter) { result.bundleRecords.emplace_back(iter->second); - // add debug log when get exsit record AddDebugLog(iter->first, iter->second, tokenIdToCountMap[iter->first], totalSuccCount, totalFailCount); } if (request.flag == FLAG_PERMISSION_USAGE_SUMMARY) { - ACCESSTOKEN_LOG_INFO(LABEL, "Total success count is %{public}d, total failure count is %{public}d", + LOGI(PRI_DOMAIN, PRI_TAG, "Total success count is %{public}d, total failure count is %{public}d", totalSuccCount, totalFailCount); } @@ -469,40 +861,35 @@ bool PermissionRecordManager::CreateBundleUsedRecord(const AccessTokenID tokenId { HapTokenInfo tokenInfo; if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetHapTokenInfo failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "GetHapTokenInfo failed, tokenId is %{public}u.", tokenId); return false; } bundleRecord.tokenId = tokenId; bundleRecord.isRemote = false; - bundleRecord.deviceId = GetDeviceId(tokenId); + bundleRecord.deviceId = ""; bundleRecord.bundleName = tokenInfo.bundleName; return true; } +// call this when receive screen off common event void PermissionRecordManager::ExecuteDeletePermissionRecordTask() { -#ifdef EVENTHANDLER_ENABLE if (GetCurDeleteTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, "Has delete task!"); + LOGI(PRI_DOMAIN, PRI_TAG, "Has delete task!"); return; } AddDeleteTaskNum(); - if (deleteEventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler."); - ReduceDeleteTaskNum(); - return; - } std::function delayed = ([this]() { DeletePermissionRecord(recordAgingTime_); - ACCESSTOKEN_LOG_INFO(LABEL, "Delete record end."); + LOGI(PRI_DOMAIN, PRI_TAG, "Delete record end."); // Sleep for one minute to avoid frequent refresh of the file. std::this_thread::sleep_for(std::chrono::minutes(1)); ReduceDeleteTaskNum(); }); - deleteEventHandler_->ProxyPostTask(delayed); -#endif + std::thread deleteThread(delayed); + deleteThread.detach(); } int32_t PermissionRecordManager::GetCurDeleteTaskNum() @@ -523,71 +910,104 @@ void PermissionRecordManager::ReduceDeleteTaskNum() int32_t PermissionRecordManager::DeletePermissionRecord(int32_t days) { int64_t interval = days * Constant::ONE_DAY_MILLISECONDS; - int32_t total = PermissionRecordRepository::GetInstance().CountRecordValues(); + int32_t total = PermissionUsedRecordDb::GetInstance().Count(PermissionUsedRecordDb::DataType::PERMISSION_RECORD); if (total > recordSizeMaximum_) { uint32_t excessiveSize = static_cast(total) - static_cast(recordSizeMaximum_); - if (!PermissionRecordRepository::GetInstance().DeleteExcessiveSizeRecordValues(excessiveSize)) { + int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExcessiveRecords( + PermissionUsedRecordDb::DataType::PERMISSION_RECORD, excessiveSize); + if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { return Constant::FAILURE; } } GenericValues andConditionValues; int64_t deleteTimestamp = AccessToken::TimeUtil::GetCurrentTimestamp() - interval; andConditionValues.Put(PrivacyFiledConst::FIELD_TIMESTAMP_END, deleteTimestamp); - if (!PermissionRecordRepository::GetInstance().DeleteExpireRecordsValues(andConditionValues)) { + int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExpireRecords( + PermissionUsedRecordDb::DataType::PERMISSION_RECORD, andConditionValues); + if (res != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { return Constant::FAILURE; } return Constant::SUCCESS; } -bool PermissionRecordManager::AddRecordToStartList(const PermissionRecord& record) +int32_t PermissionRecordManager::AddRecordToStartList( + const PermissionUsedTypeInfo &info, int32_t status, int32_t callerPid) { + int32_t opCode; + int ret = Constant::SUCCESS; + const std::string& permissionName = info.permissionName; + if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid perm(%{public}s)", permissionName.c_str()); + return PrivacyError::ERR_PERMISSION_NOT_EXIST; + } + + ContinusPermissionRecord newRecord = { + .tokenId = info.tokenId, + .opCode = opCode, + .status = status, + .pid = info.pid, + .callerPid = callerPid, + }; + std::lock_guard lock(startRecordListMutex_); - bool hasStarted = std::any_of(startRecordList_.begin(), startRecordList_.end(), - [record](const auto& rec) { return (rec.opCode == record.opCode) && (rec.tokenId == record.tokenId); }); - ACCESSTOKEN_LOG_ERROR(LABEL, "Id(%{public}d), opCode(%{public}d), hasStarted(%{public}d).", - record.tokenId, record.opCode, hasStarted); - if (!hasStarted) { - startRecordList_.emplace_back(record); + for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { + if (it->IsEqualRecord(newRecord)) { + ret = PrivacyError::ERR_PERMISSION_ALREADY_START_USING; + break; + } + } + if (ret != PrivacyError::ERR_PERMISSION_ALREADY_START_USING) { + startRecordList_.emplace(newRecord); } - return hasStarted; + + CallbackExecute(newRecord, permissionName, info.type); + + return ret; } -void PermissionRecordManager::ExecuteAndUpdateRecord(uint32_t tokenId, ActiveChangeType status) +void PermissionRecordManager::ExecuteAndUpdateRecord(uint32_t tokenId, int32_t pid, ActiveChangeType status) { - std::vector permList; std::vector camPermList; std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { + std::set updateList; + for (auto it = startRecordList_.begin(); it != startRecordList_.end();) { if ((it->tokenId == tokenId) && ((it->status) != PERM_INACTIVE) && ((it->status) != status)) { std::string perm; Constant::TransferOpcodeToPermission(it->opCode, perm); if ((GetMuteStatus(perm, EDM)) || (!GetGlobalSwitchStatus(perm))) { + ++it; continue; } // app use camera background without float window bool isShow = IsCameraWindowShow(tokenId); - if ((perm == CAMERA_PERMISSION_NAME) && (status == PERM_ACTIVE_IN_BACKGROUND) && (!isShow)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Camera float window is close!"); + bool isAllowedBackGround = false; + if (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGROUND") == PERMISSION_GRANTED) { + isAllowedBackGround = true; + } + if ((perm == CAMERA_PERMISSION_NAME) && (status == PERM_ACTIVE_IN_BACKGROUND) && + (!isShow) && (!isAllowedBackGround)) { + LOGI(PRI_DOMAIN, PRI_TAG, "Camera float window is close!"); camPermList.emplace_back(perm); + ++it; continue; } - permList.emplace_back(perm); - int64_t curStamp = AccessToken::TimeUtil::GetCurrentTimestamp(); // update status to input and timestamp to now in cache - it->status = status; - it->timestamp = curStamp; - ACCESSTOKEN_LOG_DEBUG(LABEL, "TokenId %{public}d get permission %{public}s.", tokenId, perm.c_str()); + auto record = *it; + record.status = status; + updateList.emplace(record); + it = startRecordList_.erase(it); + LOGD(PRI_DOMAIN, PRI_TAG, "TokenId %{public}d get permission %{public}s.", tokenId, perm.c_str()); + continue; } + ++it; } + startRecordList_.insert(updateList.begin(), updateList.end()); + if (!camPermList.empty()) { - ExecuteCameraCallbackAsync(tokenId); - } - // each permission sends a status change notice - for (const auto& perm : permList) { - CallbackExecute(tokenId, perm, status); + ExecuteCameraCallbackAsync(tokenId, pid); } } @@ -595,126 +1015,159 @@ void PermissionRecordManager::ExecuteAndUpdateRecord(uint32_t tokenId, ActiveCha * when foreground change background or background change foreground,change accessDuration and store in database, * change status and accessDuration and timestamp in cache */ -void PermissionRecordManager::NotifyAppStateChange(AccessTokenID tokenId, ActiveChangeType status) +void PermissionRecordManager::NotifyAppStateChange(AccessTokenID tokenId, int32_t pid, ActiveChangeType status) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id %{public}d, status %{public}d", tokenId, status); + LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, status %{public}d", tokenId, pid, status); // find permissions from startRecordList_ by tokenId which status diff from currStatus - ExecuteAndUpdateRecord(tokenId, status); + ExecuteAndUpdateRecord(tokenId, pid, status); } void PermissionRecordManager::SetLockScreenStatus(int32_t lockScreenStatus) { - ACCESSTOKEN_LOG_INFO(LABEL, "LockScreenStatus %{public}d", lockScreenStatus); + LOGI(PRI_DOMAIN, PRI_TAG, "LockScreenStatus %{public}d", lockScreenStatus); std::lock_guard lock(lockScreenStateMutex_); lockScreenStatus_ = lockScreenStatus; } -int32_t PermissionRecordManager::GetLockScreenStatus() +int32_t PermissionRecordManager::GetLockScreenStatus(bool isIpc) { - std::lock_guard lock(lockScreenStateMutex_); - return lockScreenStatus_; + int32_t lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED; + + if (isIpc) { + LibraryLoader loader(SCREENLOCK_MANAGER_LIBPATH); + ScreenLockManagerAccessLoaderInterface* screenlockManagerLoader = + loader.GetObject(); + if (screenlockManagerLoader != nullptr) { + if (screenlockManagerLoader->IsScreenLocked()) { + lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED; + } + } + } else { + std::lock_guard lock(lockScreenStateMutex_); + lockScreenStatus = lockScreenStatus_; + } + + return lockScreenStatus; } -bool PermissionRecordManager::IsScreenOn() +int32_t PermissionRecordManager::RemoveRecordFromStartList( + AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid) { - LibraryLoader loader(POWER_MANAGER_LIBPATH); - PowerManagerLoaderInterface* powerManagerLoader = loader.GetObject(); - if (powerManagerLoader == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to load powermanager."); - return false; + int32_t opCode; + if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s)", permissionName.c_str()); + return PrivacyError::ERR_PERMISSION_NOT_EXIST; } - return powerManagerLoader->IsScreenOn(); + + LOGD(PRI_DOMAIN, PRI_TAG, "Id %{public}u, pid %{public}d, perm %{public}s, callerPid %{public}d", + tokenId, pid, permissionName.c_str(), callerPid); + ContinusPermissionRecord record = { + .tokenId = tokenId, + .opCode = opCode, + .pid = pid, + .callerPid = callerPid, + }; + if (!ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualRecord, false)) { + LOGE(PRI_DOMAIN, PRI_TAG, "No records started, tokenId=%{public}u, pid=%{public}d, " \ + "opCode=%{public}d, callerPid=%{public}d", tokenId, pid, opCode, callerPid); + return PrivacyError::ERR_PERMISSION_NOT_START_USING; + } + return Constant::SUCCESS; } -void PermissionRecordManager::RemoveRecordFromStartList(const PermissionRecord& record) +/* +* remove all record of pid, +* when pidList is empty, execute active callback +*/ +void PermissionRecordManager::RemoveRecordFromStartListByPid(const AccessTokenID tokenId, int32_t pid) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Id %{public}d, opCode %{public}d", record.tokenId, record.opCode); - std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { - if ((it->opCode == record.opCode) && (it->tokenId == record.tokenId)) { - startRecordList_.erase(it); - return; - } - } + LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u, pid %{public}d", tokenId, pid); + ContinusPermissionRecord record = {0}; + record.tokenId = tokenId; + record.pid = pid; + (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPid); } +/* +* remove all record of token, and execute active callback +*/ void PermissionRecordManager::RemoveRecordFromStartListByToken(const AccessTokenID tokenId) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenId %{public}d", tokenId); - bool isUsingCamera = false; - { - std::vector permList; - std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end();) { - if (it->tokenId != tokenId) { - it++; - continue; - } - isUsingCamera = (it->opCode == Constant::OP_CAMERA); - std::string perm; - Constant::TransferOpcodeToPermission(it->opCode, perm); - permList.emplace_back(perm); - it = startRecordList_.erase(it); - } - for (const auto& perm : permList) { - CallbackExecute(tokenId, perm, PERM_INACTIVE); - } - } - if (isUsingCamera) { - cameraCallbackMap_.Erase(tokenId); - UnRegisterWindowCallback(); // unregister window linstener - } + LOGI(PRI_DOMAIN, PRI_TAG, "TokenId %{public}u", tokenId); + ContinusPermissionRecord record = {0}; + record.tokenId = tokenId; + (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualTokenId); } void PermissionRecordManager::RemoveRecordFromStartListByOp(int32_t opCode) { - ACCESSTOKEN_LOG_INFO(LABEL, "OpCode %{public}d", opCode); - bool isUsingCamera = (opCode == Constant::OP_CAMERA); - std::string perm; - Constant::TransferOpcodeToPermission(opCode, perm); + LOGI(PRI_DOMAIN, PRI_TAG, "OpCode %{public}d", opCode); + ContinusPermissionRecord record = {0}; + record.opCode = opCode; + (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualPermCode); +} + +void PermissionRecordManager::RemoveRecordFromStartListByCallerPid(int32_t callerPid) +{ + LOGI(PRI_DOMAIN, PRI_TAG, "CallerPid %{public}d", callerPid); + ContinusPermissionRecord record = {0}; + record.callerPid = callerPid; + (void) ToRemoveRecord(record, &ContinusPermissionRecord::IsEqualCallerPid); +} + +bool PermissionRecordManager::ToRemoveRecord(const ContinusPermissionRecord& targetRecord, + const IsEqualFunc& isEqualFunc, bool needClearCamera) +{ + std::vector unusedCameraRecord; { - std::vector tokenList; + std::string perm; + std::vector removeList, inactiveList; std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end();) { - if (it->opCode != opCode) { - it++; - continue; - } - tokenList.emplace_back(it->tokenId); - it = startRecordList_.erase(it); + PermissionRecordSet::RemoveByKey(startRecordList_, targetRecord, isEqualFunc, removeList); + if (removeList.empty()) { + return false; } - for (size_t i = 0; i < tokenList.size(); ++i) { - CallbackExecute(tokenList[i], perm, PERM_INACTIVE); + PermissionRecordSet::GetInActiveUniqueRecord(startRecordList_, removeList, inactiveList); + for (const auto& record: inactiveList) { + Constant::TransferOpcodeToPermission(record.opCode, perm); + ContinusPermissionRecord newRecord; + newRecord.tokenId = record.tokenId; + newRecord.status = PERM_INACTIVE; + newRecord.pid = record.pid; + newRecord.callerPid = record.callerPid; + CallbackExecute(newRecord, perm); } - } - if (isUsingCamera) { - UnRegisterWindowCallback(); // unregister window linstener - } -} - -bool PermissionRecordManager::GetRecordFromStartList(uint32_t tokenId, int32_t opCode, PermissionRecord& record) -{ - std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { - if ((it->opCode == opCode) && (it->tokenId == tokenId)) { - it->accessCount = 1; - record = *it; - record.accessDuration = AccessToken::TimeUtil::GetCurrentTimestamp() - record.timestamp; - startRecordList_.erase(it); + if (!needClearCamera) { return true; } + PermissionRecordSet::GetUnusedCameraRecords(startRecordList_, removeList, unusedCameraRecord); } - return false; + + for (const auto& record: unusedCameraRecord) { + cameraCallbackMap_.Erase(GetUniqueId(record.tokenId, record.pid)); + } + LOGI(PRI_DOMAIN, PRI_TAG, "cameraCallbackMap size = %{public}d after clearing", + cameraCallbackMap_.Size()); + return true; } -void PermissionRecordManager::CallbackExecute( - AccessTokenID tokenId, const std::string& permissionName, int32_t status) +void PermissionRecordManager::CallbackExecute(const ContinusPermissionRecord& record, const std::string& permissionName, + PermissionUsedType type) { - ACCESSTOKEN_LOG_INFO(LABEL, - "ExecuteCallbackAsync, tokenId %{public}d using permission %{public}s, status %{public}d", - tokenId, permissionName.c_str(), status); - ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync( - tokenId, permissionName, GetDeviceId(tokenId), (ActiveChangeType)status); + LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCallbackAsync, tokenId %{public}d using permission %{public}s, " + "status %{public}d, type %{public}d, pid %{public}d, callerPid %{public}d.", record.tokenId, + permissionName.c_str(), record.status, type, record.pid, record.callerPid); + + ActiveChangeResponse info; + info.callingTokenID = IPCSkeleton::GetCallingTokenID(); + info.tokenID = record.tokenId; + info.permissionName = permissionName; + info.deviceId = ""; + info.type = static_cast(record.status); + info.usedType = type; + info.pid = record.pid; + + ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync(info); } bool PermissionRecordManager::GetGlobalSwitchStatus(const std::string& permissionName) @@ -723,10 +1176,10 @@ bool PermissionRecordManager::GetGlobalSwitchStatus(const std::string& permissio // only manage camera and microphone global switch now, other default true if (permissionName == MICROPHONE_PERMISSION_NAME) { isOpen = !isMicMixMute_; - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen); + LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen); } else if (permissionName == CAMERA_PERMISSION_NAME) { isOpen = !isCamMixMute_; - ACCESSTOKEN_LOG_INFO(LABEL, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen); + LOGI(PRI_DOMAIN, PRI_TAG, "Permission is %{public}s, status is %{public}d", permissionName.c_str(), isOpen); } return isOpen; } @@ -739,29 +1192,32 @@ void PermissionRecordManager::ExecuteAndUpdateRecordByPerm(const std::string& pe { int32_t opCode; Constant::TransferPermissionToOpcode(permissionName, opCode); - std::vector recordList; + std::set updatedRecordList; std::lock_guard lock(startRecordListMutex_); - for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { - PermissionRecord& record = *it; + for (auto it = startRecordList_.begin(); it != startRecordList_.end();) { + ContinusPermissionRecord record = *it; if ((record.opCode) != static_cast(opCode)) { + ++it; continue; } if (switchStatus) { - ACCESSTOKEN_LOG_INFO(LABEL, "Global switch is open, update record from inactive"); + LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is open, update record from inactive"); // no need to store in database when status from inactive to foreground or background record.status = GetAppStatus(record.tokenId); } else { - ACCESSTOKEN_LOG_INFO(LABEL, "Global switch is close, update record to inactive"); + LOGI(PRI_DOMAIN, PRI_TAG, "Global switch is close, update record to inactive"); record.status = PERM_INACTIVE; } - recordList.emplace_back(*it); + updatedRecordList.emplace(record); + it = startRecordList_.erase(it); } + startRecordList_.insert(updatedRecordList.begin(), updatedRecordList.end()); // each permission sends a status change notice - for (const auto& record : recordList) { - CallbackExecute(record.tokenId, permissionName, record.status); + for (const auto& record : updatedRecordList) { + CallbackExecute(record, permissionName); } } -#endif + bool PermissionRecordManager::ShowGlobalDialog(const std::string& permissionName) { std::string resource; @@ -770,48 +1226,62 @@ bool PermissionRecordManager::ShowGlobalDialog(const std::string& permissionName } else if (permissionName == MICROPHONE_PERMISSION_NAME) { resource = "microphone"; } else { - ACCESSTOKEN_LOG_INFO(LABEL, "Invalid permissionName(%{public}s).", permissionName.c_str()); + LOGI(PRI_DOMAIN, PRI_TAG, "Invalid permissionName(%{public}s).", permissionName.c_str()); return true; } - AAFwk::Want want; - want.SetElementName(globalDialogBundleName_, globalDialogAbilityName_); - want.SetParam(RESOURCE_KEY, resource); - ErrCode err = AbilityManagerAccessClient::GetInstance().StartAbility(want, nullptr); + InnerWant innerWant = { + .bundleName = globalDialogBundleName_, + .abilityName = globalDialogAbilityName_, + .resource = resource + }; + + std::lock_guard lock(abilityManagerMutex_); + if (abilityManagerLoader_ == nullptr) { + abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); + } + + AbilityManagerAccessLoaderInterface* abilityManager = + abilityManagerLoader_->GetObject(); + if (abilityManager == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "AbilityManager is nullptr!"); + return false; + } + ErrCode err = abilityManager->StartAbility(innerWant, nullptr); if (err != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to StartAbility, err:%{public}d", err); + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to StartAbility, err:%{public}d", err); return false; } return true; } +#endif void PermissionRecordManager::ExecuteAllCameraExecuteCallback() { - std::vector tokenList; - { - std::lock_guard lock(startRecordListMutex_); - for (auto iter = startRecordList_.begin(); iter != startRecordList_.end(); ++iter) { - if (iter->opCode != Constant::OP_CAMERA) { - continue; - } - tokenList.emplace_back(iter->tokenId); + LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteAllCameraExecuteCallback called"); + auto it = [&](uint64_t id, sptr cameraCallback) { + auto callback = iface_cast(cameraCallback); + AccessTokenID tokenId = static_cast(id); + if (callback != nullptr) { + LOGI(PRI_DOMAIN, PRI_TAG, + "CameraCallback tokenId %{public}d changeType %{public}d.", tokenId, PERM_INACTIVE); + callback->StateChangeNotify(tokenId, false); } - } - for (size_t i = 0; i < tokenList.size(); ++i) { - ExecuteCameraCallbackAsync(tokenList[i]); - } + }; + this->cameraCallbackMap_.Iterate(it); } -void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId) +void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId, int32_t pid) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Entry"); - auto task = [tokenId, this]() { - ACCESSTOKEN_LOG_INFO(LABEL, "ExecuteCameraCallbackAsync task called"); - auto it = [&](AccessTokenID id, sptr cameraCallback) { + LOGD(PRI_DOMAIN, PRI_TAG, "Entry."); + auto task = [tokenId, pid, this]() { + uint64_t uniqueId = GetUniqueId(tokenId, pid); + LOGI(PRI_DOMAIN, PRI_TAG, "ExecuteCameraCallbackAsync task called."); + auto it = [&](uint64_t id, sptr cameraCallback) { auto callback = iface_cast(cameraCallback); - if ((tokenId == id) && (callback != nullptr)) { - ACCESSTOKEN_LOG_INFO( - LABEL, "CameraCallback tokenId %{public}d changeType %{public}d", tokenId, PERM_INACTIVE); + if ((uniqueId == id) && (callback != nullptr)) { + LOGI(PRI_DOMAIN, PRI_TAG, "CameraCallback tokenId(%{public}u) pid( %{public}d) changeType %{public}d", + tokenId, pid, PERM_INACTIVE); callback->StateChangeNotify(tokenId, false); } }; @@ -819,136 +1289,106 @@ void PermissionRecordManager::ExecuteCameraCallbackAsync(AccessTokenID tokenId) }; std::thread executeThread(task); executeThread.detach(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "The cameraCallback execution is complete"); + LOGD(PRI_DOMAIN, PRI_TAG, "The cameraCallback execution is complete."); } -int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info, int32_t callerPid) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry, tokenId=0x%{public}x, permissionName=%{public}s", - tokenId, permissionName.c_str()); + AccessTokenID tokenId = info.tokenId; + const std::string &permissionName = info.permissionName; + LOGI(PRI_DOMAIN, PRI_TAG, + "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.", + tokenId, info.pid, permissionName.c_str(), info.type, callerPid); + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { + LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); + return PrivacyError::ERR_PARAM_INVALID; + } + InitializeMuteState(permissionName); if (GetMuteStatus(permissionName, EDM)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "EDM not allow."); + LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow."); return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED; } if (!Register()) { return PrivacyError::ERR_MALLOC_FAILED; } - // instantaneous record accessCount set to zero in StartUsingPermission, wait for combine in StopUsingPermission - int32_t accessCount = 0; - int32_t failCount = 0; - AddPermParamInfo info; - info.tokenId = tokenId; - info.permissionName = permissionName; - info.successCount = accessCount; - info.failCount = failCount; - - PermissionRecord record = { 0 }; - int32_t result = GetPermissionRecord(info, record); - if (result != Constant::SUCCESS) { - return result; - } - - if (AddRecordToStartList(record)) { - return PrivacyError::ERR_PERMISSION_ALREADY_START_USING; - } + int32_t status = GetAppStatus(tokenId); #ifndef APP_SECURITY_PRIVACY_SERVICE if (!GetGlobalSwitchStatus(permissionName)) { if (!ShowGlobalDialog(permissionName)) { - RemoveRecordFromStartList(record); - UnRegisterWindowCallback(); return ERR_SERVICE_ABNORMAL; } - } else { - CallbackExecute(tokenId, permissionName, record.status); + status = PERM_INACTIVE; } -#else - CallbackExecute(tokenId, permissionName, record.status); #endif - return Constant::SUCCESS; + return AddRecordToStartList(info, status, callerPid); } -int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const sptr& callback) +int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeInfo &info, + const sptr& callback, int32_t callerPid) { - ACCESSTOKEN_LOG_INFO(LABEL, "Entry, tokenId=0x%{public}x, permissionName=%{public}s", - tokenId, permissionName.c_str()); - if (permissionName != CAMERA_PERMISSION_NAME) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ERR_PARAM_INVALID is null."); + AccessTokenID tokenId = info.tokenId; + const std::string &permissionName = info.permissionName; + LOGI(PRI_DOMAIN, PRI_TAG, + "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.", + tokenId, info.pid, permissionName.c_str(), info.type, callerPid); + if ((permissionName != CAMERA_PERMISSION_NAME) || (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP)) { + LOGD(PRI_DOMAIN, PRI_TAG, "Token(%{public}u), perm(%{public}s).", tokenId, permissionName.c_str()); return PrivacyError::ERR_PARAM_INVALID; } + InitializeMuteState(permissionName); - if (!Register()) { - return PrivacyError::ERR_MALLOC_FAILED; + if (GetMuteStatus(permissionName, EDM)) { + LOGE(PRI_DOMAIN, PRI_TAG, "EDM not allow."); + return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED; } - // instantaneous record accessCount set to zero in StartUsingPermission, wait for combine in StopUsingPermission - int32_t accessCount = 0; - int32_t failCount = 0; - PermissionRecord record = { 0 }; - AddPermParamInfo info; - info.tokenId = tokenId; - info.permissionName = permissionName; - info.successCount = accessCount; - info.failCount = failCount; - int32_t result = GetPermissionRecord(info, record); - if (result != Constant::SUCCESS) { - return result; - } - cameraCallbackMap_.EnsureInsert(tokenId, callback); - if (AddRecordToStartList(record)) { - cameraCallbackMap_.Erase(tokenId); - return PrivacyError::ERR_PERMISSION_ALREADY_START_USING; - } - if (!RegisterWindowCallback()) { - cameraCallbackMap_.Erase(tokenId); - return PrivacyError::ERR_WINDOW_CALLBACK_FAILED; + if (!Register()) { + return PrivacyError::ERR_MALLOC_FAILED; } + int32_t status = GetAppStatus(tokenId); #ifndef APP_SECURITY_PRIVACY_SERVICE if (!GetGlobalSwitchStatus(permissionName)) { if (!ShowGlobalDialog(permissionName)) { - RemoveRecordFromStartList(record); - UnRegisterWindowCallback(); - cameraCallbackMap_.Erase(tokenId); return ERR_SERVICE_ABNORMAL; } - } else { - CallbackExecute(tokenId, permissionName, record.status); + status = PERM_INACTIVE; } -#else - CallbackExecute(tokenId, permissionName, record.status); #endif - return Constant::SUCCESS; + uint64_t id = GetUniqueId(tokenId, info.pid); + cameraCallbackMap_.EnsureInsert(id, callback); + if (!RegisterWindowCallback()) { + cameraCallbackMap_.Erase(id); + return PrivacyError::ERR_WINDOW_CALLBACK_FAILED; + } + int32_t ret = AddRecordToStartList(info, status, callerPid); + if (ret != RET_SUCCESS) { + cameraCallbackMap_.Erase(id); + } + return ret; } -int32_t PermissionRecordManager::StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +int32_t PermissionRecordManager::StopUsingPermission( + AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid) { - ACCESSTOKEN_LOG_INFO(LABEL, "Id=0x%{public}x, permissionName=%{public}s", - tokenId, permissionName.c_str()); - ExecuteDeletePermissionRecordTask(); - if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Not hap(%{public}d).", tokenId); + LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; } - int32_t opCode; - if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permission(%{public}s)", permissionName.c_str()); - return PrivacyError::ERR_PERMISSION_NOT_EXIST; - } - PermissionRecord record; - if (!GetRecordFromStartList(tokenId, opCode, record)) { - return PrivacyError::ERR_PERMISSION_NOT_START_USING; - } + return RemoveRecordFromStartList(tokenId, pid, permissionName, callerPid); +} - if (record.status != PERM_INACTIVE) { - CallbackExecute(tokenId, permissionName, PERM_INACTIVE); +bool PermissionRecordManager::HasCallerInStartList(int32_t callerPid) +{ + std::lock_guard lock(startRecordListMutex_); + for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { + if (it->callerPid == callerPid) { + return true; + } } - // clear callback - UnRegisterWindowCallback(); - return Constant::SUCCESS; + return false; } void PermissionRecordManager::PermListToString(const std::vector& permList) @@ -956,7 +1396,7 @@ void PermissionRecordManager::PermListToString(const std::vector& p std::string permStr; permStr = accumulate(permList.begin(), permList.end(), std::string(" ")); - ACCESSTOKEN_LOG_INFO(LABEL, "PermStr =%{public}s", permStr.c_str()); + LOGI(PRI_DOMAIN, PRI_TAG, "PermStr =%{public}s.", permStr.c_str()); } int32_t PermissionRecordManager::PermissionListFilter( @@ -972,30 +1412,33 @@ int32_t PermissionRecordManager::PermissionListFilter( permSet.insert(perm); continue; } - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission %{public}s invalid!", perm.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Permission %{public}s invalid!", perm.c_str()); } if ((listRes.empty()) && (!listSrc.empty())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Valid permission size is 0!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Valid permission size is 0!"); return PrivacyError::ERR_PARAM_INVALID; } PermListToString(listRes); return Constant::SUCCESS; } -bool PermissionRecordManager::IsAllowedUsingCamera(AccessTokenID tokenId) +bool PermissionRecordManager::IsAllowedUsingCamera(AccessTokenID tokenId, int32_t pid) { - int32_t status = GetAppStatus(tokenId); - bool isScreenOn = IsScreenOn(); - ACCESSTOKEN_LOG_INFO(LABEL, "Id(%{public}d), appStatus(%{public}d), isScreenOn(%{public}d)", - tokenId, status, isScreenOn); + // allow foregound application or background application with CAMERA_BACKGROUND permission use camera + int32_t status = GetAppStatus(tokenId, pid); + + LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, appStatus %{public}d(1-foreground 2-background).", tokenId, status); + if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) { + return true; + } - return (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) && isScreenOn; + return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGROUND") == PERMISSION_GRANTED); } -bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId) +bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId, int32_t pid) { - int32_t status = GetAppStatus(tokenId); - ACCESSTOKEN_LOG_INFO(LABEL, "Id %{public}d, status is %{public}d", tokenId, status); + int32_t status = GetAppStatus(tokenId, pid); + LOGI(PRI_DOMAIN, PRI_TAG, "Id %{public}d, status is %{public}d(1-foreground 2-background).", tokenId, status); if (status == ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND) { return true; } @@ -1005,34 +1448,30 @@ bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId) if (iter != foreTokenIdList_.end()) { return true; } - return false; + + return (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED); } -bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, + int32_t pid) { if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Id(%{public}d) is not hap.", tokenId); - return false; - } - - if (GetMuteStatus(permissionName, EDM)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "EDM not allow."); + LOGD(PRI_DOMAIN, PRI_TAG, "Id(%{public}d) is not hap.", tokenId); return false; } if (permissionName == CAMERA_PERMISSION_NAME) { - return IsAllowedUsingCamera(tokenId); + return IsAllowedUsingCamera(tokenId, pid); } else if (permissionName == MICROPHONE_PERMISSION_NAME) { - return IsAllowedUsingMicrophone(tokenId); + return IsAllowedUsingMicrophone(tokenId, pid); } - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid permission(%{public}s).", permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid permission(%{public}s).", permissionName.c_str()); return false; } -int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute) +int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute, + AccessTokenID tokenID) { - ACCESSTOKEN_LOG_INFO(LABEL, "CallerType: %{public}d, policyType: %{public}d, isMute: %{public}d", - callerType, policyType, isMute); std::string permissionName; if (callerType == MICROPHONE) { permissionName = MICROPHONE_PERMISSION_NAME; @@ -1043,6 +1482,11 @@ int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, con } if (policyType == EDM) { + static uint32_t edmTokenID = AccessTokenKit::GetNativeTokenId(EDM_PROCESS_NAME); + if (edmTokenID != tokenID) { + return PrivacyError::ERR_FIRST_CALLER_NOT_EDM; + } + return SetEdmMutePolicy(permissionName, isMute); } @@ -1059,22 +1503,22 @@ int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, con int32_t PermissionRecordManager::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) { if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Not hap(%{public}d).", tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; } std::lock_guard lock(foreReminderMutex_); auto iter = std::find(foreTokenIdList_.begin(), foreTokenIdList_.end(), tokenId); if (iter == foreTokenIdList_.end() && isAllowed) { foreTokenIdList_.emplace_back(tokenId); - ACCESSTOKEN_LOG_INFO(LABEL, "Set hap(%{public}d) foreground", tokenId); + LOGI(PRI_DOMAIN, PRI_TAG, "Set hap(%{public}d) foreground.", tokenId); return RET_SUCCESS; } if (iter != foreTokenIdList_.end() && !isAllowed) { foreTokenIdList_.erase(iter); - ACCESSTOKEN_LOG_INFO(LABEL, "cancel hap(%{public}d) foreground", tokenId); + LOGI(PRI_DOMAIN, PRI_TAG, "cancel hap(%{public}d) foreground.", tokenId); return RET_SUCCESS; } - ACCESSTOKEN_LOG_ERROR(LABEL, "(%{public}d) is invalid to be operated", tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "(%{public}d) is invalid to be operated.", tokenId); return PrivacyError::ERR_PARAM_INVALID; } @@ -1118,9 +1562,13 @@ int32_t PermissionRecordManager::SetTempMutePolicy(const std::string permissionN return PrivacyError::ERR_EDM_POLICY_CHECK_FAILED; } if (GetMuteStatus(permissionName, MIXED)) { - if (!ShowGlobalDialog(permissionName)) { - return ERR_SERVICE_ABNORMAL; - } + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + ContinusPermissionRecord record; + record.tokenId = callingTokenID; + record.status = PERM_TEMPORARY_CALL; + record.pid = -1; // pid -1 with no meaning + record.callerPid = -1; // pid -1 with no meaning + CallbackExecute(record, permissionName); return PrivacyError::ERR_PRIVACY_POLICY_CHECK_FAILED; } } @@ -1144,7 +1592,7 @@ void PermissionRecordManager::ModifyMuteStatus(const std::string& permissionName isCamMixMute_ = isMute; } } - ACCESSTOKEN_LOG_INFO(LABEL, "permissionName: %{public}s, isMute: %{public}d, index: %{public}d", + LOGI(PRI_DOMAIN, PRI_TAG, "permissionName: %{public}s, isMute: %{public}d, index: %{public}d.", permissionName.c_str(), isMute, index); } @@ -1157,21 +1605,23 @@ bool PermissionRecordManager::GetMuteStatus(const std::string& permissionName, i } else if (permissionName == CAMERA_PERMISSION_NAME) { std::lock_guard lock(camMuteMutex_); isMute = (index == EDM) ? isCamEdmMute_ : isCamMixMute_; + } else { + return false; } - ACCESSTOKEN_LOG_INFO(LABEL, "perm: %{public}s, isMute: %{public}d, index: %{public}d", + LOGI(PRI_DOMAIN, PRI_TAG, "perm: %{public}s, isMute: %{public}d, index: %{public}d.", permissionName.c_str(), isMute, index); return isMute; } int32_t PermissionRecordManager::RegisterPermActiveStatusCallback( - const std::vector& permList, const sptr& callback) + AccessTokenID regiterTokenId, const std::vector& permList, const sptr& callback) { std::vector permListRes; int32_t res = PermissionListFilter(permList, permListRes); if (res != Constant::SUCCESS) { return res; } - return ActiveStatusCallbackManager::GetInstance().AddCallback(permListRes, callback); + return ActiveStatusCallbackManager::GetInstance().AddCallback(regiterTokenId, permListRes, callback); } int32_t PermissionRecordManager::UnRegisterPermActiveStatusCallback(const sptr& callback) @@ -1208,7 +1658,7 @@ int32_t PermissionRecordManager::GetPermissionUsedTypeInfos(AccessTokenID tokenI if (tokenId != INVALID_TOKENID) { HapTokenInfo tokenInfo; if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid tokenId(%{public}d)", tokenId); + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", tokenId); return PrivacyError::ERR_TOKENID_NOT_EXIST; } value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); @@ -1217,15 +1667,15 @@ int32_t PermissionRecordManager::GetPermissionUsedTypeInfos(AccessTokenID tokenI if (!permissionName.empty()) { int32_t opCode; if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid (%{public}s)", permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Invalid (%{public}s).", permissionName.c_str()); return PrivacyError::ERR_PERMISSION_NOT_EXIST; } value.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode); } std::vector valueResults; - if (!PermissionRecordRepository::GetInstance().Query( - PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, value, valueResults)) { + if (PermissionUsedRecordDb::GetInstance().Query(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE, + value, valueResults) != PermissionUsedRecordDb::ExecuteResult::SUCCESS) { return Constant::FAILURE; } @@ -1233,30 +1683,24 @@ int32_t PermissionRecordManager::GetPermissionUsedTypeInfos(AccessTokenID tokenI AddDataValueToResults(valueResult, results); } - ACCESSTOKEN_LOG_INFO(LABEL, "Get %{public}zu permission used type records", results.size()); + LOGI(PRI_DOMAIN, PRI_TAG, "Get %{public}zu permission used type records.", results.size()); return Constant::SUCCESS; } -std::string PermissionRecordManager::GetDeviceId(AccessTokenID tokenId) -{ - HapTokenInfo tokenInfo; - if (AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo) != Constant::SUCCESS) { - return ""; - } - if (tokenInfo.deviceID == DEFAULT_DEVICEID) { // local - return ConstantCommon::GetLocalDeviceId(); - } - return tokenInfo.deviceID; -} - -int32_t PermissionRecordManager::GetAppStatus(AccessTokenID tokenId) +int32_t PermissionRecordManager::GetAppStatus(AccessTokenID tokenId, int32_t pid) { int32_t status = PERM_ACTIVE_IN_BACKGROUND; std::vector foreGroundAppList; AppManagerAccessClient::GetInstance().GetForegroundApplications(foreGroundAppList); if (std::any_of(foreGroundAppList.begin(), foreGroundAppList.end(), - [=](const auto& foreGroundApp) { return foreGroundApp.accessTokenId == tokenId; })) { + [=](const auto& foreGroundApp) { + if (pid == -1) { + return foreGroundApp.accessTokenId == tokenId; + } + + return ((foreGroundApp.accessTokenId == tokenId) && (foreGroundApp.pid == pid)); + })) { status = PERM_ACTIVE_IN_FOREGROUND; } return status; @@ -1270,7 +1714,7 @@ bool PermissionRecordManager::Register() if (appManagerDeathCallback_ == nullptr) { appManagerDeathCallback_ = std::make_shared(); if (appManagerDeathCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register appManagerDeathCallback failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Register appManagerDeathCallback failed."); return false; } AppManagerAccessClient::GetInstance().RegisterDeathCallback(appManagerDeathCallback_); @@ -1282,10 +1726,14 @@ bool PermissionRecordManager::Register() if (appStateCallback_ == nullptr) { appStateCallback_ = new (std::nothrow) PrivacyAppStateObserver(); if (appStateCallback_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register appStateCallback failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Register appStateCallback failed."); + return false; + } + int32_t result = AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_); + if (result != ERR_OK) { + LOGE(PRI_DOMAIN, PRI_TAG, "Register application state observer failed(%{public}d).", result); return false; } - AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(appStateCallback_); } } return true; @@ -1320,119 +1768,81 @@ void HandleWindowDied() bool PermissionRecordManager::RegisterWindowCallback() { #ifdef CAMERA_FLOAT_WINDOW_ENABLE - std::lock_guard lock(windowLoaderMutex_); - ACCESSTOKEN_LOG_INFO(LABEL, "Begin to RegisterWindowCallback."); - if (windowLoader_ != nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "WindowCallback has already been registered."); - return true; - } - if (!HasUsingCamera()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Camera is not using."); - return true; - } - windowLoader_ = new (std::nothrow) LibraryLoader(WINDOW_MANAGER_PATH); - if (windowLoader_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to new %{public}s.", WINDOW_MANAGER_PATH.c_str()); - return false; - } - WindowManagerLoaderInterface* winManagerLoader = windowLoader_->GetObject(); - if (winManagerLoader == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to dlopen %{public}s.", WINDOW_MANAGER_PATH.c_str()); - delete windowLoader_; - windowLoader_ = nullptr; - return false; - } + LOGI(PRI_DOMAIN, PRI_TAG, "Begin to RegisterWindowCallback."); + + std::lock_guard lock(windowMutex_); WindowChangeCallback floatCallback = UpdateCameraFloatWindowStatus; - ErrCode err = winManagerLoader->RegisterFloatWindowListener(floatCallback); - if (err != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to register float window listener, err:%{public}d", err); - delete windowLoader_; - windowLoader_ = nullptr; - return false; + if (floatWindowCallback_ == nullptr) { + floatWindowCallback_ = new (std::nothrow) PrivacyWindowManagerAgent(floatCallback); + if (floatWindowCallback_ == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to new PrivacyWindowManagerAgent."); + return false; + } } - WindowChangeCallback pipCallback = UpdatePipWindowStatus; - err = winManagerLoader->RegisterPipWindowListener(pipCallback); + ErrCode err = PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent( + WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, floatWindowCallback_); if (err != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to register pip window listener, err:%{public}d", err); - winManagerLoader->UnregisterFloatWindowListener(floatCallback); - delete windowLoader_; - windowLoader_ = nullptr; + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to register float window listener, err:%{public}d", err); return false; } - winManagerLoader->AddDeathCallback(HandleWindowDied); -#endif - return true; -} -bool PermissionRecordManager::UnRegisterWindowCallback() -{ - bool isSuccess = true; -#ifdef CAMERA_FLOAT_WINDOW_ENABLE - if (!isAutoClose) { - return true; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Begin to UnRegisterWindowCallback."); - std::lock_guard lock(windowLoaderMutex_); - if (windowLoader_ == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "WindowCallback has already been unregistered."); - return true; - } - if (HasUsingCamera()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Camera is using."); - return true; - } - WindowManagerLoaderInterface* winManagerLoader = windowLoader_->GetObject(); - if (winManagerLoader == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to dlopen %{public}s.", WINDOW_MANAGER_PATH.c_str()); - delete windowLoader_; - windowLoader_ = nullptr; - return false; - } - WindowChangeCallback floatCallback = UpdateCameraFloatWindowStatus; - ErrCode err = winManagerLoader->UnregisterFloatWindowListener(floatCallback); - if (err != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to unregister float window, err:%{public}d", err); - isSuccess = false; - } - WindowChangeCallback pipCallback = UpdatePipWindowStatus; - err = winManagerLoader->UnregisterPipWindowListener(pipCallback); - if (err != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to unregister pip window, err:%{public}d", err); - isSuccess = false; + if (Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) { + WindowChangeCallback pipCallback = UpdatePipWindowStatus; + + if (pipWindowCallback_ == nullptr) { + pipWindowCallback_ = new (std::nothrow) PrivacyWindowManagerAgent(pipCallback); + if (floatWindowCallback_ == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to new PrivacyWindowManagerAgent."); + return false; + } + } + + err = PrivacyWindowManagerClient::GetInstance().RegisterWindowManagerAgent( + WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_WINDOW, pipWindowCallback_); + if (err != ERR_OK) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to register pip window listener, err:%{public}d", err); + PrivacyWindowManagerClient::GetInstance().UnregisterWindowManagerAgent( + WindowManagerAgentType::WINDOW_MANAGER_AGENT_TYPE_CAMERA_FLOAT, floatWindowCallback_); + return false; + } } - delete windowLoader_; - windowLoader_ = nullptr; + + PrivacyWindowManagerClient::GetInstance().AddDeathCallback(HandleWindowDied); #endif - return isSuccess; + return true; } void PermissionRecordManager::InitializeMuteState(const std::string& permissionName) { if (permissionName == MICROPHONE_PERMISSION_NAME) { - bool isMicMute = AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState(); - ACCESSTOKEN_LOG_INFO(LABEL, "Mic mute state: %{public}d.", isMicMute); + bool isMicMute = AudioManagerAdapter::GetInstance().GetPersistentMicMuteState(); + LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicMute); ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, MIXED, isMicMute); { std::lock_guard lock(micLoadMutex_); if (!isMicLoad_) { - ACCESSTOKEN_LOG_INFO(LABEL, "Mic mute state: %{public}d.", isMicLoad_); + LOGI(PRI_DOMAIN, PRI_TAG, "Mic mute state: %{public}d.", isMicLoad_); bool isEdmMute = false; if (!GetMuteParameter(EDM_MIC_MUTE_KEY, isEdmMute)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get param failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "Get param failed"); return; } ModifyMuteStatus(MICROPHONE_PERMISSION_NAME, EDM, isEdmMute); } } } else if (permissionName == CAMERA_PERMISSION_NAME) { - bool isCameraMute = CameraManagerPrivacyClient::GetInstance().IsCameraMuted(); - ACCESSTOKEN_LOG_INFO(LABEL, "Camera mute state: %{public}d.", isCameraMute); + bool isCameraMute = CameraManagerAdapter::GetInstance().IsCameraMuted(); + LOGI(PRI_DOMAIN, PRI_TAG, "Camera mute state: %{public}d.", isCameraMute); ModifyMuteStatus(CAMERA_PERMISSION_NAME, MIXED, isCameraMute); { std::lock_guard lock(camLoadMutex_); if (!isCamLoad_) { bool isEdmMute = false; - ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute); + if (!GetMuteParameter(EDM_CAMERA_MUTE_KEY, isEdmMute)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Get camera param failed"); + return; + } + ModifyMuteStatus(CAMERA_PERMISSION_NAME, EDM, isEdmMute); } } } @@ -1453,12 +1863,12 @@ bool PermissionRecordManager::GetMuteParameter(const char* key, bool& isMute) char value[VALUE_MAX_LEN] = {0}; int32_t ret = GetParameter(key, "", value, VALUE_MAX_LEN - 1); if (ret < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Return default value, ret=%{public}d", ret); + LOGE(PRI_DOMAIN, PRI_TAG, "Return default value, ret=%{public}d", ret); return false; } isMute = false; if (strncmp(value, "true", VALUE_MAX_LEN) == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "EDM not allow."); + LOGI(PRI_DOMAIN, PRI_TAG, "EDM not allow."); isMute = true; } return true; @@ -1466,35 +1876,29 @@ bool PermissionRecordManager::GetMuteParameter(const char* key, bool& isMute) void PermissionRecordManager::OnAppMgrRemoteDiedHandle() { - ACCESSTOKEN_LOG_INFO(LABEL, "Handle app fwk died."); + LOGI(PRI_DOMAIN, PRI_TAG, "Handle app fwk died."); std::lock_guard lock(appStateMutex_); appStateCallback_ = nullptr; } void PermissionRecordManager::OnAudioMgrRemoteDiedHandle() { - ACCESSTOKEN_LOG_INFO(LABEL, "Handle audio fwk died."); - std::lock_guard lock(micLoadMutex_); - isMicLoad_ = false; + LOGI(PRI_DOMAIN, PRI_TAG, "Handle audio fwk died."); + { + std::lock_guard lock(micLoadMutex_); + isMicLoad_ = false; + } } void PermissionRecordManager::OnCameraMgrRemoteDiedHandle() { - ACCESSTOKEN_LOG_INFO(LABEL, "Handle camera fwk died."); + LOGI(PRI_DOMAIN, PRI_TAG, "Handle camera fwk died."); { std::lock_guard lock(camLoadMutex_); isCamLoad_ = false; } - RemoveRecordFromStartListByOp(Constant::OP_CAMERA); #ifdef CAMERA_FLOAT_WINDOW_ENABLE ClearWindowShowing(); - { - std::lock_guard lock(windowLoaderMutex_); - if (windowLoader_ != nullptr) { - delete windowLoader_; - windowLoader_ = nullptr; - } - } #endif } @@ -1515,7 +1919,7 @@ bool PermissionRecordManager::IsCameraWindowShow(AccessTokenID tokenId) */ void PermissionRecordManager::NotifyCameraWindowChange(bool isPip, AccessTokenID tokenId, bool isShowing) { - ACCESSTOKEN_LOG_INFO(LABEL, "Update window, isPip(%{public}d), id(%{public}d), status(%{public}d)", + LOGI(PRI_DOMAIN, PRI_TAG, "Update window, isPip(%{public}d), id(%{public}u), status(%{public}d)", isPip, tokenId, isShowing); { std::lock_guard lock(windowStatusMutex_); @@ -1528,19 +1932,19 @@ void PermissionRecordManager::NotifyCameraWindowChange(bool isPip, AccessTokenID } } if (isShowing) { - ACCESSTOKEN_LOG_INFO(LABEL, "Camera float window is showing!"); + LOGI(PRI_DOMAIN, PRI_TAG, "Camera float window is showing!"); } else { if ((GetAppStatus(tokenId) == ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND) && !IsCameraWindowShow(tokenId)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Token(%{public}d) is background, pip and float window is not show.", tokenId); - ExecuteCameraCallbackAsync(tokenId); + LOGI(PRI_DOMAIN, PRI_TAG, "Token(%{public}d) is background, pip and float window is not show.", tokenId); + ExecuteCameraCallbackAsync(tokenId, -1); } } } void PermissionRecordManager::ClearWindowShowing() { - ACCESSTOKEN_LOG_INFO(LABEL, "Clear window show status."); + LOGI(PRI_DOMAIN, PRI_TAG, "Clear window show status."); { std::lock_guard lock(windowStatusMutex_); camFloatWindowShowing_ = false; @@ -1554,7 +1958,7 @@ void PermissionRecordManager::ClearWindowShowing() /* Handle window manager die */ void PermissionRecordManager::OnWindowMgrRemoteDied() { - ACCESSTOKEN_LOG_INFO(LABEL, "Handle window manager died."); + LOGI(PRI_DOMAIN, PRI_TAG, "Handle window manager died."); ClearWindowShowing(); } #endif @@ -1563,16 +1967,18 @@ void PermissionRecordManager::SetDefaultConfigValue() { recordSizeMaximum_ = DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM; recordAgingTime_ = DEFAULT_PERMISSION_USED_RECORD_AGING_TIME; +#ifndef APP_SECURITY_PRIVACY_SERVICE globalDialogBundleName_ = DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME; globalDialogAbilityName_ = DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY; +#endif } void PermissionRecordManager::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; @@ -1582,17 +1988,29 @@ void PermissionRecordManager::GetConfigValue() ? DEFAULT_PERMISSION_USED_RECORD_SIZE_MAXIMUM : value.pConfig.sizeMaxImum; recordAgingTime_ = value.pConfig.agingTime == 0 ? DEFAULT_PERMISSION_USED_RECORD_AGING_TIME : value.pConfig.agingTime; +#ifndef APP_SECURITY_PRIVACY_SERVICE globalDialogBundleName_ = value.pConfig.globalDialogBundleName.empty() ? DEFAULT_PERMISSION_MANAGER_BUNDLE_NAME : value.pConfig.globalDialogBundleName; globalDialogAbilityName_ = value.pConfig.globalDialogAbilityName.empty() ? DEFAULT_PERMISSION_MANAGER_DIALOG_ABILITY : value.pConfig.globalDialogAbilityName; +#endif } else { SetDefaultConfigValue(); } - ACCESSTOKEN_LOG_INFO(LABEL, "RecordSizeMaximum_ is %{public}d, recordAgingTime_ is %{public}d," - " globalDialogBundleName_ is %{public}s, globalDialogAbilityName_ is %{public}s.", - recordSizeMaximum_, recordAgingTime_, globalDialogBundleName_.c_str(), globalDialogAbilityName_.c_str()); + LOGI(PRI_DOMAIN, PRI_TAG, "RecordSizeMaximum_ is %{public}d, recordAgingTime_ is %{public}d", + recordSizeMaximum_, recordAgingTime_); +} + +uint64_t PermissionRecordManager::GetUniqueId(uint32_t tokenId, int32_t pid) const +{ + uint32_t tmpPid = (pid <= 0) ? 0 : (uint32_t)pid; + return ((uint64_t)tmpPid << 32) | ((uint64_t)tokenId & 0xFFFFFFFF); // 32: bit +} + +bool PermissionRecordManager::IsUserIdValid(int32_t userID) const +{ + return userID >= 0 && userID <= MAX_USER_ID; } void PermissionRecordManager::Init() @@ -1600,15 +2018,10 @@ void PermissionRecordManager::Init() if (hasInited_) { return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Init"); + LOGI(PRI_DOMAIN, PRI_TAG, "Init"); hasInited_ = true; -#ifdef EVENTHANDLER_ENABLE - deleteEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (deleteEventRunner_ != nullptr) { - deleteEventHandler_ = std::make_shared(deleteEventRunner_); - } -#endif + UpdatePermUsedRecToggleStatusMapFromDb(); GetConfigValue(); } diff --git a/services/privacymanager/src/record/permission_record_repository.cpp b/services/privacymanager/src/record/permission_record_repository.cpp deleted file mode 100644 index c0405a3b40edcceac9e4221fac27ddd6c2c5d3d6..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/record/permission_record_repository.cpp +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_record_repository.h" - -#include -#include "permission_used_record_db.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -std::recursive_mutex g_instanceMutex; -} - -PermissionRecordRepository& PermissionRecordRepository::GetInstance() -{ - static PermissionRecordRepository* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new PermissionRecordRepository(); - } - } - return *instance; -} - -PermissionRecordRepository::PermissionRecordRepository() -{ -} - -PermissionRecordRepository::~PermissionRecordRepository() -{ -} - -bool PermissionRecordRepository::Add(const PermissionUsedRecordDb::DataType type, - const std::vector& recordValues) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().Add(type, recordValues); - return res == PermissionUsedRecordDb::SUCCESS; -} - -bool PermissionRecordRepository::FindRecordValues(const std::set& opCodeList, - const GenericValues& andConditionValues, std::vector& recordValues, int32_t databaseQueryCount) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().FindByConditions(PermissionUsedRecordDb::PERMISSION_RECORD, - opCodeList, andConditionValues, recordValues, databaseQueryCount); - return res == PermissionUsedRecordDb::SUCCESS; -} - -bool PermissionRecordRepository::Remove(const PermissionUsedRecordDb::DataType type, - const GenericValues& conditionValues) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().Remove(type, conditionValues); - return res == PermissionUsedRecordDb::SUCCESS; -} - -int32_t PermissionRecordRepository::CountRecordValues() -{ - return PermissionUsedRecordDb::GetInstance().Count(PermissionUsedRecordDb::PERMISSION_RECORD); -} - -bool PermissionRecordRepository::DeleteExpireRecordsValues(const GenericValues& andConditions) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExpireRecords(PermissionUsedRecordDb::PERMISSION_RECORD, - andConditions); - return res == PermissionUsedRecordDb::SUCCESS; -} - -bool PermissionRecordRepository::DeleteExcessiveSizeRecordValues(uint32_t excessiveSize) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().DeleteExcessiveRecords( - PermissionUsedRecordDb::PERMISSION_RECORD, excessiveSize); - if (res != PermissionUsedRecordDb::SUCCESS) { - return false; - } - return true; -} - -bool PermissionRecordRepository::Update(const PermissionUsedRecordDb::DataType type, - const GenericValues& modifyValue, const GenericValues& conditionValue) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().Update(type, modifyValue, conditionValue); - return res == PermissionUsedRecordDb::SUCCESS; -} - -bool PermissionRecordRepository::Query(const PermissionUsedRecordDb::DataType type, - const GenericValues& conditionValue, std::vector& results) -{ - int32_t res = PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results); - return res == PermissionUsedRecordDb::SUCCESS; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS \ No newline at end of file diff --git a/services/privacymanager/src/record/permission_record_set.cpp b/services/privacymanager/src/record/permission_record_set.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f8d061c7b7c8b02beb447844eb620d99b87a8ff5 --- /dev/null +++ b/services/privacymanager/src/record/permission_record_set.cpp @@ -0,0 +1,123 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_record_set.h" +#include "accesstoken_common_log.h" +#include "constant.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +void PermissionRecordSet::RemoveByKey(std::set& recordList, + const ContinusPermissionRecord& record, const IsEqualFunc& isEqualFunc, + std::vector& retList) +{ + for (auto it = recordList.begin(); it != recordList.end();) { + if (((*it).*isEqualFunc)(record)) { + retList.emplace_back(*it); + it = recordList.erase(it); + } else { + ++it; + } + } + LOGD(PRI_DOMAIN, PRI_TAG, "After removing record List size = %{public}zu, removed size = %{public}zu", + recordList.size(), retList.size()); +} + +void PermissionRecordSet::GetInActiveUniqueRecord(const std::set& recordList, + const std::vector& removedList, std::vector& retList) +{ + // get unique record with tokenid and opcode + uint64_t lastUniqueKey = 0; + for (const auto &record: removedList) { + uint64_t curUniqueKey = record.GetTokenIdAndPermCode(); + if (lastUniqueKey != curUniqueKey) { + retList.emplace_back(record); + lastUniqueKey = curUniqueKey; + } + } + LOGD(PRI_DOMAIN, PRI_TAG, "Unique list size = %{public}zu", retList.size()); + + // filter active records with same tokenid and opcode in set + auto iterRemoved = retList.begin(); + auto iterRemain = recordList.begin(); + uint64_t removeKey, remainKey; + while (iterRemoved != retList.end() && iterRemain != recordList.end()) { + removeKey = iterRemoved->GetTokenIdAndPermCode(); + remainKey = iterRemain->GetTokenIdAndPermCode(); + if (removeKey < remainKey) { + ++iterRemoved; + continue; + } else if (removeKey == remainKey) { + if (iterRemain->status != PERM_INACTIVE) { + iterRemoved = retList.erase(iterRemoved); + continue; + } + } + ++iterRemain; + } + LOGI(PRI_DOMAIN, PRI_TAG, "Get inactive list size = %{public}zu", retList.size()); +} + +void PermissionRecordSet::GetUnusedCameraRecords(const std::set& recordList, + const std::vector& removedList, std::vector& retList) +{ + if (removedList.empty()) { + return; + } + // filtering irrelevant records + uint64_t lastUniqueKey = 0; + for (auto iter = removedList.begin(); iter != removedList.end(); ++iter) { + if (iter->opCode != Constant::OP_CAMERA) { + continue; + } + uint64_t curUniqueKey = iter->GetTokenIdAndPid(); + if (lastUniqueKey == curUniqueKey) { + continue; + } + lastUniqueKey = curUniqueKey; + retList.emplace_back(*iter); + } + LOGD(PRI_DOMAIN, PRI_TAG, "Unique list size = %{public}zu", retList.size()); + + // filter records with same tokenid, opcode and pid in set + auto iterRemoved = retList.begin(); + auto iterRemain = recordList.begin(); + uint64_t removeKey, remainKey; + while (iterRemoved != retList.end() && iterRemain != recordList.end()) { + removeKey = iterRemoved->GetTokenIdAndPermCode(); + remainKey = iterRemain->GetTokenIdAndPermCode(); + if (removeKey < remainKey) { + ++iterRemoved; + continue; + } else if (removeKey == remainKey) { + if (iterRemoved->IsEqualPid(*iterRemain)) { + iterRemoved = retList.erase(iterRemoved); + continue; + } else if (iterRemoved->pid < iterRemain->pid) { + ++iterRemoved; + } else { + ++iterRemain; + } + } else { + ++iterRemain; + } + } + LOGI(PRI_DOMAIN, PRI_TAG, "Get unused camera list size = %{public}zu", retList.size()); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/services/privacymanager/src/record/permission_used_record_cache.cpp b/services/privacymanager/src/record/permission_used_record_cache.cpp deleted file mode 100644 index 6173c87ee0e360f3704356168bc17a21c6f4fad3..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/record/permission_used_record_cache.cpp +++ /dev/null @@ -1,588 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "permission_used_record_cache.h" -#include "accesstoken_log.h" -#include "constant.h" -#include "generic_values.h" -#include "permission_record.h" -#include "permission_record_manager.h" -#include "permission_record_node.h" -#include "permission_record_repository.h" -#include "privacy_field_const.h" -#include "time_util.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PermissionUsedRecordCache" -}; -std::recursive_mutex g_instanceMutex; -} -PermissionUsedRecordCache::PermissionUsedRecordCache() - : hasInited_(false) -{ -#ifdef EVENTHANDLER_ENABLE - bufferEventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); - if (bufferEventRunner_ != nullptr) { - bufferEventHandler_ = std::make_shared(bufferEventRunner_); - } -#endif -} - -PermissionUsedRecordCache::~PermissionUsedRecordCache() -{ - if (!hasInited_) { - return; - } - this->hasInited_ = false; -} - -PermissionUsedRecordCache& PermissionUsedRecordCache::GetInstance() -{ - static PermissionUsedRecordCache* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new PermissionUsedRecordCache(); - } - } - - if (!instance->hasInited_) { - Utils::UniqueWriteGuard infoGuard(instance->initLock_); - if (!instance->hasInited_) { - instance->hasInited_ = true; - } - } - return *instance; -} - -bool PermissionUsedRecordCache::RecordMergeCheck(const PermissionRecord& record1, const PermissionRecord& record2) -{ - // timestamp in the same minute - if (!AccessToken::TimeUtil::IsTimeStampsSameMinute(record1.timestamp, record2.timestamp)) { - return false; - } - - // the same tokenID + opCode + status + lockScreenStatus + usedType - if ((record1.tokenId != record2.tokenId) || - (record1.opCode != record2.opCode) || - (record1.status != record2.status) || - (record1.lockScreenStatus != record2.lockScreenStatus) || - (record1.type != record2.type)) { - return false; - } - - bool startFlag = ((record1.timestamp == record2.timestamp) && // same timestamp - ((record1.accessCount == 0) && (record2.accessCount == 1)) && - ((record1.rejectCount == 0) && (record2.rejectCount == 0))); - // true means record1 is instantaneous record add by StartUsingPermission, record2 is add by StopUsingPermission - if (startFlag) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "StopUsingPermission record combine StartUsingPermission record."); - return true; - } - - // both success - if (((record1.accessCount > 0) && (record2.accessCount == 0)) || - ((record1.accessCount == 0) && (record2.accessCount > 0))) { - return false; - } - - // both failure - if (((record1.rejectCount > 0) && (record2.rejectCount == 0)) || - ((record1.rejectCount == 0) && (record2.rejectCount > 0))) { - return false; - } - - return true; -} - -// data from cache1 to cache2, should use deep copy to avoid data change in multithread scene -void PermissionUsedRecordCache::DeepCopyFromHead(const std::shared_ptr& oriHeadNode, - std::shared_ptr& copyHeadNode, int32_t copyCount) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Deep copy count is %{public}d.", copyCount); - - std::shared_ptr head = oriHeadNode; - std::shared_ptr currentNode = copyHeadNode; - - if (head == nullptr) { - return; - } else { - currentNode->record = head->record; - } - - while (head->next != nullptr) { - if (copyCount <= 0) { - break; - } - - head = head->next; - std::shared_ptr tmpNode = std::make_shared(); - tmpNode->record = head->record; - tmpNode->pre = currentNode; - currentNode->next = tmpNode; - currentNode = currentNode->next; - copyCount--; - } -} - -void PermissionUsedRecordCache::AddRecordToBuffer(const PermissionRecord& record) -{ - std::shared_ptr curFindMergePos; - std::shared_ptr persistPendingBufferHead = std::make_shared(); - std::shared_ptr persistPendingBufferEnd = nullptr; - PermissionRecord mergedRecord = record; - { - Utils::UniqueWriteGuard lock1(this->cacheLock1_); - curFindMergePos = curRecordBufferPos_; - int32_t remainCount = 0; // records left in cache1 - while (curFindMergePos != recordBufferHead_) { - auto pre = curFindMergePos->pre.lock(); - if ((record.timestamp - curFindMergePos->record.timestamp) >= INTERVAL) { - persistPendingBufferEnd = curFindMergePos; - break; - } else if (RecordMergeCheck(curFindMergePos->record, record)) { - MergeRecord(mergedRecord, curFindMergePos); - } else { - remainCount++; - } - curFindMergePos = pre; - } - AddRecordNode(mergedRecord); // refresh curRecordBUfferPos and readableSize - remainCount++; - // when current record timestamp more than last record timestamp 15mins - if ((remainCount >= MAX_PERSIST_SIZE) || (persistPendingBufferEnd != nullptr)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Reset record count: %{public}d", remainCount); - /* - * when remainCount reach the max, move all data from cache1 to cache2 - * otherwise copyCount should be readableSize_ - remainCount beause curFindMergePos match from tail to head - */ - int32_t copyCount = remainCount >= MAX_PERSIST_SIZE ? remainCount : readableSize_ - remainCount; - DeepCopyFromHead(recordBufferHead_, persistPendingBufferHead, copyCount); - - ResetRecordBufferWhenAdd(remainCount, persistPendingBufferEnd); - } - } - if (persistPendingBufferEnd != nullptr) { - AddToPersistQueue(persistPendingBufferHead); - } -} - -void PermissionUsedRecordCache::MergeRecord(PermissionRecord& record, - std::shared_ptr curFindMergePos) -{ - record.accessDuration += curFindMergePos->record.accessDuration; - record.accessCount += curFindMergePos->record.accessCount; - record.rejectCount += curFindMergePos->record.rejectCount; - if (curRecordBufferPos_ == curFindMergePos) { - curRecordBufferPos_ = curRecordBufferPos_->pre.lock(); - } - DeleteRecordNode(curFindMergePos); // delete old same node - readableSize_--; -} - -void PermissionUsedRecordCache::AddToPersistQueue( - const std::shared_ptr persistPendingBufferHead) -{ - bool startPersist = false; - { - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - persistPendingBufferQueue_.emplace_back(persistPendingBufferHead); - if (!persistIsRunning_) { - startPersist = true; - } - } - if (startPersist) { - ExecuteReadRecordBufferTask(); - } -} - -void PermissionUsedRecordCache::ExecuteReadRecordBufferTask() -{ -#ifdef EVENTHANDLER_ENABLE - if (GetCurBufferTaskNum() > 1) { - ACCESSTOKEN_LOG_INFO(LABEL, "Has delete task!"); - return; - } - AddBufferTaskNum(); - if (bufferEventHandler_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler."); - ReduceBufferTaskNum(); - return; - } - - std::function delayed = ([this]() { - PersistPendingRecords(); - ACCESSTOKEN_LOG_INFO(LABEL, "Record buffer end."); - // Sleep for one minute to avoid frequent refresh of the file. - std::this_thread::sleep_for(std::chrono::minutes(1)); - ReduceBufferTaskNum(); - }); - - bufferEventHandler_->ProxyPostTask(delayed); -#endif -} - -int32_t PermissionUsedRecordCache::GetCurBufferTaskNum() -{ - return bufferTaskNum_.load(); -} - -void PermissionUsedRecordCache::AddBufferTaskNum() -{ - bufferTaskNum_++; -} - -void PermissionUsedRecordCache::ReduceBufferTaskNum() -{ - bufferTaskNum_--; -} - -int32_t PermissionUsedRecordCache::PersistPendingRecords() -{ - std::shared_ptr persistPendingBufferHead; - bool isEmpty; - { - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - isEmpty = persistPendingBufferQueue_.empty(); - persistIsRunning_ = true; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Add %{public}d record node", readableSize_); - while (!isEmpty) { - { - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - persistPendingBufferHead = persistPendingBufferQueue_[0]; - persistPendingBufferQueue_.erase(persistPendingBufferQueue_.begin()); - } - std::vector insertValues; - std::shared_ptr curPendingRecordNode = - persistPendingBufferHead->next; - while (curPendingRecordNode != nullptr) { - auto next = curPendingRecordNode->next; - GenericValues tmpRecordValues; - PermissionRecord tmpRecord = curPendingRecordNode->record; - PermissionRecord::TranslationIntoGenericValues(tmpRecord, tmpRecordValues); - insertValues.emplace_back(tmpRecordValues); - DeleteRecordNode(curPendingRecordNode); - curPendingRecordNode = next; - } - if (!insertValues.empty() && !PermissionRecordRepository::GetInstance().Add( - PermissionUsedRecordDb::DataType::PERMISSION_RECORD, insertValues)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to persist pending records, insertValues size: %{public}u", - static_cast(insertValues.size())); - } - { - Utils::UniqueReadGuard lock2(this->cacheLock2_); - isEmpty = persistPendingBufferQueue_.empty(); - } - } - { - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - if (isEmpty) { // free persistPendingBufferQueue - std::vector> tmpPersistPendingBufferQueue; - std::swap(tmpPersistPendingBufferQueue, persistPendingBufferQueue_); - } - persistIsRunning_ = false; - } - return true; -} - -void PermissionUsedRecordCache::PersistPendingRecordsImmediately() -{ - std::shared_ptr persistPendingBufferHead = std::make_shared(); - // this function can be use only when receive power shut down common event - { - Utils::UniqueWriteGuard lock1(this->cacheLock1_); - DeepCopyFromHead(recordBufferHead_, persistPendingBufferHead, readableSize_); - } - { - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - persistPendingBufferQueue_.emplace_back(persistPendingBufferHead); - } - - PersistPendingRecords(); -} - -int32_t PermissionUsedRecordCache::RemoveRecords(const AccessTokenID tokenId) -{ - std::shared_ptr curFindDeletePos; - std::shared_ptr persistPendingBufferHead = std::make_shared(); - std::shared_ptr persistPendingBufferEnd = nullptr; - - { - int32_t countPersistPendingNode = 0; - Utils::UniqueWriteGuard lock1(this->cacheLock1_); - curFindDeletePos = recordBufferHead_->next; - while (curFindDeletePos != nullptr) { - auto next = curFindDeletePos->next; - if (curFindDeletePos->record.tokenId == tokenId) { - if (curRecordBufferPos_ == curFindDeletePos) { - curRecordBufferPos_ = curFindDeletePos->pre.lock(); - } - DeleteRecordNode(curFindDeletePos); - readableSize_--; - } else if (AccessToken::TimeUtil::GetCurrentTimestamp() - curFindDeletePos->record.timestamp >= INTERVAL) { - persistPendingBufferEnd = curFindDeletePos; - countPersistPendingNode++; - } - curFindDeletePos = next; - } - - // this should do after delete the matched tokenID data - if (persistPendingBufferEnd != nullptr) { - DeepCopyFromHead(recordBufferHead_, persistPendingBufferHead, countPersistPendingNode); - - int32_t remainCount = readableSize_ - countPersistPendingNode; - ResetRecordBuffer(remainCount, persistPendingBufferEnd); - } - } - - RemoveFromPersistQueueAndDatabase(tokenId); - if (persistPendingBufferEnd != nullptr) { // add to queue - AddToPersistQueue(persistPendingBufferHead); - } - return Constant::SUCCESS; -} - -void PermissionUsedRecordCache::RemoveFromPersistQueueAndDatabase(const AccessTokenID tokenId) -{ - { - std::shared_ptr curFindDeletePos; - Utils::UniqueWriteGuard lock2(this->cacheLock2_); - if (!persistPendingBufferQueue_.empty()) { - for (const auto& persistHead : persistPendingBufferQueue_) { - curFindDeletePos = persistHead->next; - while (curFindDeletePos != nullptr) { - auto next = curFindDeletePos->next; - if (curFindDeletePos->record.tokenId == tokenId) { - DeleteRecordNode(curFindDeletePos); - } - curFindDeletePos = next; - } - } - } - } - GenericValues record; - record.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); - // remove from database - PermissionRecordRepository::GetInstance().Remove(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, record); -} - -void PermissionUsedRecordCache::GetRecords(const std::vector& permissionList, - const GenericValues& andConditionValues, std::vector& findRecordsValues, int32_t cache1QueryCount) -{ - std::set opCodeList; - std::shared_ptr curFindPos; - std::shared_ptr persistPendingBufferHead = std::make_shared(); - std::shared_ptr persistPendingBufferEnd = nullptr; - int32_t countPersistPendingNode = 0; - AccessTokenID tokenId = static_cast(andConditionValues.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)); - TransferToOpcode(opCodeList, permissionList); - { - Utils::UniqueWriteGuard lock1(this->cacheLock1_); - curFindPos = recordBufferHead_->next; - while (curFindPos != nullptr) { - if (cache1QueryCount == 0) { - break; - } - auto next = curFindPos->next; - if (RecordCompare(tokenId, opCodeList, andConditionValues, curFindPos->record)) { - GenericValues recordValues; - PermissionRecord::TranslationIntoGenericValues(curFindPos->record, recordValues); - findRecordsValues.emplace_back(recordValues); - cache1QueryCount--; - } - if (AccessToken::TimeUtil::GetCurrentTimestamp() - curFindPos->record.timestamp >= INTERVAL) { - persistPendingBufferEnd = curFindPos; - countPersistPendingNode++; - } - curFindPos = next; - } - - if (persistPendingBufferEnd != nullptr) { - DeepCopyFromHead(recordBufferHead_, persistPendingBufferHead, countPersistPendingNode); - - int32_t remainCount = readableSize_ - countPersistPendingNode; - ResetRecordBuffer(remainCount, persistPendingBufferEnd); - } - } - - if (cache1QueryCount > 0) { - GetFromPersistQueueAndDatabase(opCodeList, andConditionValues, findRecordsValues, cache1QueryCount); - } - - // this should after query persist queue and database - if (countPersistPendingNode != 0) { - AddToPersistQueue(persistPendingBufferHead); - } -} - -void PermissionUsedRecordCache::GetFromPersistQueueAndDatabase(const std::set& opCodeList, - const GenericValues& andConditionValues, std::vector& findRecordsValues, int32_t cache2QueryCount) -{ - AccessTokenID tokenId = static_cast(andConditionValues.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)); - std::shared_ptr curFindPos; - { - Utils::UniqueReadGuard lock2(this->cacheLock2_); - for (const auto& persistHead : persistPendingBufferQueue_) { - curFindPos = persistHead->next; - while (curFindPos != nullptr) { - auto next = curFindPos->next; - if (RecordCompare(tokenId, opCodeList, andConditionValues, curFindPos->record)) { - GenericValues recordValues; - PermissionRecord::TranslationIntoGenericValues(curFindPos->record, recordValues); - if (cache2QueryCount == 0) { - break; - } - findRecordsValues.emplace_back(recordValues); - cache2QueryCount--; - } - curFindPos = next; - } - if (cache2QueryCount == 0) { - return; - } - } - } - - if (!PermissionRecordRepository::GetInstance().FindRecordValues(opCodeList, andConditionValues, - findRecordsValues, cache2QueryCount)) { // find records from database - ACCESSTOKEN_LOG_ERROR(LABEL, "Find records from database failed"); - } -} - -void PermissionUsedRecordCache::ResetRecordBufferWhenAdd(const int32_t remainCount, - std::shared_ptr& persistPendingBufferEnd) -{ - std::shared_ptr tmpRecordBufferHead = - std::make_shared(); - if (remainCount >= MAX_PERSIST_SIZE) { - readableSize_ = 1; - tmpRecordBufferHead->next = curRecordBufferPos_; - persistPendingBufferEnd = curRecordBufferPos_->pre.lock(); - persistPendingBufferEnd->next.reset(); //release the last node next - recordBufferHead_ = tmpRecordBufferHead; - recordBufferHead_->next->pre = recordBufferHead_; - return; - } - readableSize_ = remainCount; - // refresh recordBufferHead - tmpRecordBufferHead->next = persistPendingBufferEnd->next; - persistPendingBufferEnd->next.reset(); //release persistPendingBufferEnd->next - recordBufferHead_ = tmpRecordBufferHead; - // recordBufferHead_->next->pre equals to persistPendingBufferEnd, reset recordBufferHead_->next->pre - recordBufferHead_->next->pre = recordBufferHead_; -} - -void PermissionUsedRecordCache::ResetRecordBuffer(const int32_t remainCount, - std::shared_ptr& persistPendingBufferEnd) -{ - readableSize_ = remainCount; - // refresh recordBufferHead - std::shared_ptr tmpRecordBufferHead = - std::make_shared(); - tmpRecordBufferHead->next = persistPendingBufferEnd->next; - persistPendingBufferEnd->next.reset(); - recordBufferHead_ = tmpRecordBufferHead; - - if (persistPendingBufferEnd == curRecordBufferPos_) { - // persistPendingBufferEnd == curRecordBufferPos, reset curRecordBufferPos - curRecordBufferPos_ = recordBufferHead_; - } else { - // recordBufferHead_->next->pre = persistPendingBufferEnd, reset recordBufferHead_->next->pre - recordBufferHead_->next->pre = recordBufferHead_; - } -} - -void PermissionUsedRecordCache::TransferToOpcode(std::set& opCodeList, - const std::vector& permissionList) -{ - for (const auto& permission : permissionList) { - int32_t opCode = Constant::OP_INVALID; - Constant::TransferPermissionToOpcode(permission, opCode); - opCodeList.insert(opCode); - } -} - -bool PermissionUsedRecordCache::RecordCompare(const AccessTokenID tokenId, const std::set& opCodeList, - const GenericValues& andConditionValues, const PermissionRecord& record) -{ - // compare tokenId - if ((tokenId != 0) && (record.tokenId != tokenId)) { - return false; - } - // compare opCode - if (!opCodeList.empty() && opCodeList.find(record.opCode) == opCodeList.end()) { - return false; - } - - std::vector andColumns = andConditionValues.GetAllKeys(); - if (!andColumns.empty()) { - for (auto andColumn : andColumns) { - // compare begin timestamp - if ((andColumn == PrivacyFiledConst::FIELD_TIMESTAMP_BEGIN) && - (record.timestamp < andConditionValues.GetInt64(andColumn))) { - return false; - } else if ((andColumn == PrivacyFiledConst::FIELD_TIMESTAMP_END) && - (record.timestamp > andConditionValues.GetInt64(andColumn))) { - return false; - } else if ((andColumn == PrivacyFiledConst::FIELD_TIMESTAMP) && - (record.timestamp != andConditionValues.GetInt64(andColumn))) { - return false; - } - - // compare lockScreenStatus - if ((andColumn == PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS) && - (record.lockScreenStatus != andConditionValues.GetInt(andColumn))) { - return false; - } - - // compare app status - if ((andColumn == PrivacyFiledConst::FIELD_STATUS) && - (record.status != andConditionValues.GetInt(andColumn))) { - return false; - } - } - } - return true; -} - -void PermissionUsedRecordCache::AddRecordNode(const PermissionRecord& record) -{ - std::shared_ptr tmpRecordNode = std::make_shared(); - tmpRecordNode->record = record; - tmpRecordNode->pre = curRecordBufferPos_; - curRecordBufferPos_->next = tmpRecordNode; - curRecordBufferPos_ = curRecordBufferPos_->next; - readableSize_++; -} - -void PermissionUsedRecordCache::DeleteRecordNode(std::shared_ptr deleteRecordNode) -{ - std::shared_ptr pre = deleteRecordNode->pre.lock(); - if (deleteRecordNode->next == nullptr) { // End of the linked list - pre->next = nullptr; - } else { - std::shared_ptr next = deleteRecordNode->next; - pre->next = next; - next->pre = pre; - } -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS \ No newline at end of file diff --git a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp b/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp index 26c8e9012dc4075336beb4eca9382763b3c2c62f..8091a5f9341ef921ebb26925da58f6e9f5bd8faa 100644 --- a/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp +++ b/services/privacymanager/src/seccomp/privacy_sec_comp_enhance_agent.cpp @@ -16,29 +16,28 @@ #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "app_manager_access_client.h" #include "ipc_skeleton.h" #include "privacy_error.h" +#include "securec.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacySecCompEnhanceAgent" -}; +static const std::string SCENE_BOARD_PKG_NAME = "com.ohos.sceneboard"; std::recursive_mutex g_instanceMutex; } void PrivacyAppUsingSecCompStateObserver::OnProcessDied(const ProcessData &processData) { - ACCESSTOKEN_LOG_INFO(LABEL, "OnProcessDied pid %{public}d", processData.pid); + LOGI(PRI_DOMAIN, PRI_TAG, "OnProcessDied pid %{public}d", processData.pid); PrivacySecCompEnhanceAgent::GetInstance().RemoveSecCompEnhance(processData.pid); } void PrivacySecCompAppManagerDeathCallback::NotifyAppManagerDeath() { - ACCESSTOKEN_LOG_INFO(LABEL, "AppManagerDeath called"); + LOGI(PRI_DOMAIN, PRI_TAG, "AppManagerDeath called"); PrivacySecCompEnhanceAgent::GetInstance().OnAppMgrRemoteDiedHandle(); } @@ -49,7 +48,8 @@ PrivacySecCompEnhanceAgent& PrivacySecCompEnhanceAgent::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new PrivacySecCompEnhanceAgent(); + PrivacySecCompEnhanceAgent* tmp = new PrivacySecCompEnhanceAgent(); + instance = std::move(tmp); } } return *instance; @@ -62,11 +62,11 @@ void PrivacySecCompEnhanceAgent::InitAppObserver() } observer_ = new (std::nothrow) PrivacyAppUsingSecCompStateObserver(); if (observer_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "New observer failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "New observer failed."); return; } if (AppManagerAccessClient::GetInstance().RegisterApplicationStateObserver(observer_) != 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register observer failed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Register observer failed."); observer_ = nullptr; return; } @@ -91,7 +91,7 @@ PrivacySecCompEnhanceAgent::~PrivacySecCompEnhanceAgent() void PrivacySecCompEnhanceAgent::OnAppMgrRemoteDiedHandle() { - ACCESSTOKEN_LOG_INFO(LABEL, "OnAppMgrRemoteDiedHandle."); + LOGI(PRI_DOMAIN, PRI_TAG, "OnAppMgrRemoteDiedHandle."); std::lock_guard lock(secCompEnhanceMutex_); secCompEnhanceData_.clear(); observer_ = nullptr; @@ -103,11 +103,11 @@ void PrivacySecCompEnhanceAgent::RemoveSecCompEnhance(int pid) for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); ++iter) { if (iter->pid == pid) { secCompEnhanceData_.erase(iter); - ACCESSTOKEN_LOG_INFO(LABEL, "Remove pid %{public}d data.", pid); + LOGI(PRI_DOMAIN, PRI_TAG, "Remove pid %{public}d data.", pid); return; } } - ACCESSTOKEN_LOG_ERROR(LABEL, "Not found pid %{public}d data.", pid); + LOGE(PRI_DOMAIN, PRI_TAG, "Not found pid %{public}d data.", pid); return; } @@ -118,7 +118,7 @@ int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceD int pid = IPCSkeleton::GetCallingPid(); if (std::any_of(secCompEnhanceData_.begin(), secCompEnhanceData_.end(), [pid](const auto& e) { return e.pid == pid; })) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Register sec comp enhance exist, pid %{public}d.", pid); + LOGE(PRI_DOMAIN, PRI_TAG, "Register sec comp enhance exist, pid %{public}d.", pid); return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; } SecCompEnhanceData enhance; @@ -128,9 +128,18 @@ int32_t PrivacySecCompEnhanceAgent::RegisterSecCompEnhance(const SecCompEnhanceD enhance.challenge = enhanceData.challenge; enhance.sessionId = enhanceData.sessionId; enhance.seqNum = enhanceData.seqNum; - enhance.key = enhanceData.key; + enhance.isSceneBoard = false; + if (memcpy_s(enhance.key, AES_KEY_STORAGE_LEN, enhanceData.key, AES_KEY_STORAGE_LEN) != EOK) { + return PrivacyError::ERR_CALLBACK_ALREADY_EXIST; + } + HapTokenInfo info; + if (AccessTokenKit::GetHapTokenInfo(enhance.token, info) == AccessTokenKitRet::RET_SUCCESS) { + if (info.bundleName == SCENE_BOARD_PKG_NAME) { + enhance.isSceneBoard = true; + } + } secCompEnhanceData_.emplace_back(enhance); - ACCESSTOKEN_LOG_INFO(LABEL, "Register sec comp enhance success, pid %{public}d, total %{public}u.", + LOGI(PRI_DOMAIN, PRI_TAG, "Register sec comp enhance success, pid %{public}d, total %{public}u.", pid, static_cast(secCompEnhanceData_.size())); return RET_SUCCESS; } @@ -142,7 +151,7 @@ int32_t PrivacySecCompEnhanceAgent::UpdateSecCompEnhance(int32_t pid, uint32_t s for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); ++iter) { if (iter->pid == pid) { iter->seqNum = seqNum; - ACCESSTOKEN_LOG_INFO(LABEL, "Update pid=%{public}d data successful.", pid); + LOGI(PRI_DOMAIN, PRI_TAG, "Update pid=%{public}d data successful.", pid); return RET_SUCCESS; } } @@ -156,7 +165,7 @@ int32_t PrivacySecCompEnhanceAgent::GetSecCompEnhance(int32_t pid, SecCompEnhanc for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); ++iter) { if (iter->pid == pid) { enhanceData = *iter; - ACCESSTOKEN_LOG_INFO(LABEL, "Get pid %{public}d data.", pid); + LOGI(PRI_DOMAIN, PRI_TAG, "Get pid %{public}d data.", pid); return RET_SUCCESS; } } @@ -168,11 +177,8 @@ int32_t PrivacySecCompEnhanceAgent::GetSpecialSecCompEnhance(const std::string& { std::lock_guard lock(secCompEnhanceMutex_); for (auto iter = secCompEnhanceData_.begin(); iter != secCompEnhanceData_.end(); iter++) { - HapTokenInfo info; - if (AccessTokenKit::GetHapTokenInfo(iter->token, info) == AccessTokenKitRet::RET_SUCCESS) { - if (bundleName == info.bundleName) { - enhanceList.emplace_back(*iter); - } + if ((*iter).isSceneBoard) { + enhanceList.emplace_back(*iter); } } return RET_SUCCESS; diff --git a/services/privacymanager/src/sensitive/audio_manager/audio_manager_adapter.cpp b/services/privacymanager/src/sensitive/audio_manager/audio_manager_adapter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..91458d52fef453043c6a3b29870d6009bb6a96f2 --- /dev/null +++ b/services/privacymanager/src/sensitive/audio_manager/audio_manager_adapter.cpp @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "audio_manager_adapter.h" +#include "accesstoken_common_log.h" +#ifdef AUDIO_FRAMEWORK_ENABLE +#include "audio_policy_ipc_interface_code.h" +#endif +#include +#include "iservice_registry.h" +#include "system_ability_definition.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +AudioManagerAdapter& AudioManagerAdapter::GetInstance() +{ + static AudioManagerAdapter *instance = new (std::nothrow) AudioManagerAdapter(); + return *instance; +} + +AudioManagerAdapter::AudioManagerAdapter() +{} + +AudioManagerAdapter::~AudioManagerAdapter() +{} + +bool AudioManagerAdapter::GetPersistentMicMuteState() +{ +#ifndef AUDIO_FRAMEWORK_ENABLE + LOGI(PRI_DOMAIN, PRI_TAG, "audio framework is not support."); + return false; +#else + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to GetProxy."); + return false; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + + std::u16string AUDIO_MGR_DESCRIPTOR = u"IAudioPolicy"; + if (!data.WriteInterfaceToken(AUDIO_MGR_DESCRIPTOR)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); + return false; + } + int32_t error = proxy->SendRequest( + static_cast(AudioStandard::AudioPolicyInterfaceCode::GET_MICROPHONE_MUTE_PERSISTENT), + data, reply, option); + if (error != NO_ERROR) { + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest error: %{public}d", error); + return false; + } + return reply.ReadBool(); +#endif +} + +#ifdef AUDIO_FRAMEWORK_ENABLE +void AudioManagerAdapter::InitProxy() +{ + if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { + return; + } + sptr systemManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (systemManager == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to get system ability registry."); + return; + } + sptr remoteObj = systemManager->CheckSystemAbility(AUDIO_POLICY_SERVICE_ID); + if (remoteObj == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to connect ability manager service."); + return; + } + + deathRecipient_ = sptr(new (std::nothrow) AudioManagerDeathRecipient()); + if (deathRecipient_ == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create AudioManagerDeathRecipient!"); + return; + } + if ((remoteObj->IsProxyObject()) && (!remoteObj->AddDeathRecipient(deathRecipient_))) { + LOGE(PRI_DOMAIN, PRI_TAG, "Add death recipient to AbilityManagerService failed."); + return; + } + proxy_ = remoteObj; +} + +sptr AudioManagerAdapter::GetProxy() +{ + std::lock_guard lock(proxyMutex_); + if (proxy_ == nullptr || proxy_->IsObjectDead()) { + InitProxy(); + } + return proxy_; +} + +void AudioManagerAdapter::ReleaseProxy(const wptr& remote) +{ + std::lock_guard lock(proxyMutex_); + if ((proxy_ != nullptr) && (proxy_ == remote.promote())) { + proxy_->RemoveDeathRecipient(deathRecipient_); + proxy_ = nullptr; + deathRecipient_ = nullptr; + } +} + +void AudioManagerAdapter::AudioManagerDeathRecipient::OnRemoteDied(const wptr& remote) +{ + LOGE(PRI_DOMAIN, PRI_TAG, "AudioManagerDeathRecipient handle remote died."); + AudioManagerAdapter::GetInstance().ReleaseProxy(remote); +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_client.cpp b/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_client.cpp deleted file mode 100644 index 4965d73f6f6e27c1b52ebcb649a9e9d0cd6310e2..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_client.cpp +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "audio_manager_privacy_client.h" -#include - -#include "accesstoken_log.h" -#include "iservice_registry.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "AudioManagerPrivacyClient" -}; -std::recursive_mutex g_instanceMutex; -} // namespace - -AudioManagerPrivacyClient& AudioManagerPrivacyClient::GetInstance() -{ - static AudioManagerPrivacyClient* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new AudioManagerPrivacyClient(); - } - } - return *instance; -} - -AudioManagerPrivacyClient::AudioManagerPrivacyClient() -{} - -AudioManagerPrivacyClient::~AudioManagerPrivacyClient() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -int32_t AudioManagerPrivacyClient::SetMicrophoneMutePersistent(const bool isMute, const PolicyType type) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return -1; - } - return proxy->SetMicrophoneMutePersistent(isMute, type); -} - -bool AudioManagerPrivacyClient::GetPersistentMicMuteState() -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return false; - } - return proxy->GetPersistentMicMuteState(); -} - -void AudioManagerPrivacyClient::InitProxy() -{ - auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); - return; - } - auto audioManagerSa = sam->GetSystemAbility(AUDIO_POLICY_SERVICE_ID); - if (audioManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", - AUDIO_POLICY_SERVICE_ID); - return; - } - - serviceDeathObserver_ = sptr::MakeSptr(); - if (serviceDeathObserver_ != nullptr) { - audioManagerSa->AddDeathRecipient(serviceDeathObserver_); - } - - proxy_ = new AudioManagerPrivacyProxy(audioManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); - } -} - -void AudioManagerPrivacyClient::OnRemoteDiedHandle() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -sptr AudioManagerPrivacyClient::GetProxy() -{ - std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { - InitProxy(); - } - return proxy_; -} - -void AudioManagerPrivacyClient::ReleaseProxy() -{ - if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { - proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); - } - proxy_ = nullptr; - serviceDeathObserver_ = nullptr; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp b/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp deleted file mode 100644 index 6159efb57797960ceffd058665d04fecb6cd829a..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "audio_manager_privacy_death_recipient.h" - -#include "accesstoken_log.h" -#include "audio_manager_privacy_client.h" -#include "permission_record_manager.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "AudioMgrDeathRecipient" -}; -} // namespace - -void AudioMgrDeathRecipient::OnRemoteDied(const wptr& object) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - AudioManagerPrivacyClient::GetInstance().OnRemoteDiedHandle(); - PermissionRecordManager::GetInstance().OnAudioMgrRemoteDiedHandle(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp b/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp deleted file mode 100644 index 693330bbdce4f12e31a8a12420149c6876cb4519..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "audio_manager_privacy_proxy.h" - -#include "accesstoken_log.h" -#include "audio_policy_ipc_interface_code.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "AudioManagerPrivacyProxy"}; -static constexpr int32_t ERROR = -1; -} - -bool AudioManagerPrivacyProxy::GetPersistentMicMuteState() -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); - return false; - } - int32_t error = Remote()->SendRequest(static_cast( - AudioStandard::AudioPolicyInterfaceCode::GET_MICROPHONE_MUTE_PERSISTENT), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetPersistentMicMuteState failed, error: %{public}d", error); - return false; - } - bool isMute = reply.ReadBool(); - ACCESSTOKEN_LOG_INFO(LABEL, "Mic mute state: %{public}d", isMute); - return isMute; -} - -int32_t AudioManagerPrivacyProxy::SetMicrophoneMutePersistent(const bool isMute, const PolicyType type) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInterfaceToken failed"); - return ERROR; - } - data.WriteBool(isMute); - data.WriteInt32(static_cast(type)); - int32_t error = Remote()->SendRequest(static_cast( - AudioStandard::AudioPolicyInterfaceCode::SET_MICROPHONE_MUTE_PERSISTENT), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Set microphoneMute failed, error: %d", error); - return error; - } - int32_t ret = reply.ReadInt32(); - ACCESSTOKEN_LOG_INFO(LABEL, "Set mute result: %{public}d", ret); - return ret; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/privacymanager/src/sensitive/camera_manager/camera_manager_adapter.cpp b/services/privacymanager/src/sensitive/camera_manager/camera_manager_adapter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b0dde7b9bc23e3c5439ee1cd06025b405be338b9 --- /dev/null +++ b/services/privacymanager/src/sensitive/camera_manager/camera_manager_adapter.cpp @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "camera_manager_adapter.h" +#include "accesstoken_common_log.h" +#ifdef CAMERA_FRAMEWORK_ENABLE +#include "camera_service_ipc_interface_code.h" +#endif +#include +#include "iservice_registry.h" +#include "system_ability_definition.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +CameraManagerAdapter& CameraManagerAdapter::GetInstance() +{ + static CameraManagerAdapter *instance = new (std::nothrow) CameraManagerAdapter(); + return *instance; +} + +CameraManagerAdapter::CameraManagerAdapter() +{} + +CameraManagerAdapter::~CameraManagerAdapter() +{} + +bool CameraManagerAdapter::IsCameraMuted() +{ +#ifndef CAMERA_FRAMEWORK_ENABLE + LOGI(PRI_DOMAIN, PRI_TAG, "camera framework is not support."); + return false; +#else + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to GetProxy."); + return false; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + + std::u16string CAMERA_MGR_DESCRIPTOR = u"ICameraService"; + if (!data.WriteInterfaceToken(CAMERA_MGR_DESCRIPTOR)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to write WriteInterfaceToken."); + return false; + } + int32_t error = proxy->SendRequest( + static_cast(CameraStandard::CameraServiceInterfaceCode::CAMERA_SERVICE_IS_CAMERA_MUTED), + data, reply, option); + if (error != NO_ERROR) { + LOGE(PRI_DOMAIN, PRI_TAG, "SendRequest error: %{public}d", error); + return false; + } + return reply.ReadBool(); +#endif +} + +#ifdef CAMERA_FRAMEWORK_ENABLE +void CameraManagerAdapter::InitProxy() +{ + if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { + return; + } + sptr systemManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (systemManager == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to get system ability registry."); + return; + } + sptr remoteObj = systemManager->CheckSystemAbility(CAMERA_SERVICE_ID); + if (remoteObj == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Fail to connect ability manager service."); + return; + } + + deathRecipient_ = sptr(new (std::nothrow) CameraManagerDeathRecipient()); + if (deathRecipient_ == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create CameraManagerDeathRecipient!"); + return; + } + if ((remoteObj->IsProxyObject()) && (!remoteObj->AddDeathRecipient(deathRecipient_))) { + LOGE(PRI_DOMAIN, PRI_TAG, "Add death recipient to AbilityManagerService failed."); + return; + } + proxy_ = remoteObj; +} + +sptr CameraManagerAdapter::GetProxy() +{ + std::lock_guard lock(proxyMutex_); + if (proxy_ == nullptr || proxy_->IsObjectDead()) { + InitProxy(); + } + return proxy_; +} + +void CameraManagerAdapter::ReleaseProxy(const wptr& remote) +{ + std::lock_guard lock(proxyMutex_); + if ((proxy_ != nullptr) && (proxy_ == remote.promote())) { + proxy_->RemoveDeathRecipient(deathRecipient_); + proxy_ = nullptr; + deathRecipient_ = nullptr; + } +} + +void CameraManagerAdapter::CameraManagerDeathRecipient::OnRemoteDied(const wptr& remote) +{ + LOGE(PRI_DOMAIN, PRI_TAG, "CameraManagerDeathRecipient handle remote died."); + CameraManagerAdapter::GetInstance().ReleaseProxy(remote); +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_client.cpp b/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_client.cpp deleted file mode 100644 index 1cf9401f3b117fff9c413f3e6420e05133e4b2ec..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_client.cpp +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "camera_manager_privacy_client.h" - -#include "accesstoken_log.h" -#include "iservice_registry.h" -#include "system_ability_definition.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "CameraManagerPrivacyClient" -}; -std::recursive_mutex g_instanceMutex; -} // namespace - -CameraManagerPrivacyClient& CameraManagerPrivacyClient::GetInstance() -{ - static CameraManagerPrivacyClient* instance = nullptr; - if (instance == nullptr) { - std::lock_guard lock(g_instanceMutex); - if (instance == nullptr) { - instance = new CameraManagerPrivacyClient(); - } - } - return *instance; -} - -CameraManagerPrivacyClient::CameraManagerPrivacyClient() -{} - -CameraManagerPrivacyClient::~CameraManagerPrivacyClient() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -int32_t CameraManagerPrivacyClient::MuteCameraPersist(PolicyType policyType, bool muteMode) -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return -1; - } - return proxy->MuteCameraPersist(policyType, muteMode); -} - -bool CameraManagerPrivacyClient::IsCameraMuted() -{ - auto proxy = GetProxy(); - if (proxy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Proxy is null"); - return false; - } - bool muteMode = false; - proxy->IsCameraMuted(muteMode); - return muteMode; -} - -void CameraManagerPrivacyClient::InitProxy() -{ - auto sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (sam == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbilityManager is null"); - return; - } - auto cameraManagerSa = sam->GetSystemAbility(CAMERA_SERVICE_ID); - if (cameraManagerSa == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetSystemAbility %{public}d is null", - CAMERA_SERVICE_ID); - return; - } - - serviceDeathObserver_ = sptr::MakeSptr(); - if (serviceDeathObserver_ != nullptr) { - cameraManagerSa->AddDeathRecipient(serviceDeathObserver_); - } - - proxy_ = iface_cast(cameraManagerSa); - if (proxy_ == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Iface_cast get null"); - } -} - -void CameraManagerPrivacyClient::OnRemoteDiedHandle() -{ - std::lock_guard lock(proxyMutex_); - ReleaseProxy(); -} - -sptr CameraManagerPrivacyClient::GetProxy() -{ - std::lock_guard lock(proxyMutex_); - if (proxy_ == nullptr) { - InitProxy(); - } - return proxy_; -} - -void CameraManagerPrivacyClient::ReleaseProxy() -{ - if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) { - proxy_->AsObject()->RemoveDeathRecipient(serviceDeathObserver_); - } - proxy_ = nullptr; - serviceDeathObserver_ = nullptr; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp b/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp deleted file mode 100644 index d36dfc7c8f7482ee6ef4aa3b2db4045a659eb9c9..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "camera_manager_privacy_death_recipient.h" -#include "accesstoken_log.h" -#include "camera_manager_privacy_client.h" -#include "permission_record_manager.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "CameraManagerPrivacyDeathRecipient"}; -} // namespace - -void CameraManagerPrivacyDeathRecipient::OnRemoteDied(const wptr& object) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__); - CameraManagerPrivacyClient::GetInstance().OnRemoteDiedHandle(); - PermissionRecordManager::GetInstance().OnCameraMgrRemoteDiedHandle(); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp b/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp deleted file mode 100644 index 196baba4991322af2e2f83b3029e8872cf60b67d..0000000000000000000000000000000000000000 --- a/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "camera_manager_privacy_proxy.h" -#include "accesstoken_log.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -constexpr HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_PRIVACY, "CameraManagerPrivacyProxy"}; -static constexpr int32_t ERROR = -1; -} - -int32_t CameraManagerPrivacyProxy::MuteCameraPersist(PolicyType policyType, bool muteMode) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write descriptor"); - return ERROR; - } - if (!data.WriteInt32(static_cast(policyType))) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write bool"); - return ERROR; - } - if (!data.WriteBool(muteMode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write bool"); - return ERROR; - } - int32_t error = Remote()->SendRequest( - static_cast(CAMERA_SERVICE_MUTE_CAMERA_PERSIST), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, error: %{public}d", error); - } - return error; -} - -int32_t CameraManagerPrivacyProxy::IsCameraMuted(bool &muteMode) -{ - MessageParcel data; - MessageParcel reply; - MessageOption option; - if (!data.WriteInterfaceToken(GetDescriptor())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write descriptor"); - return ERROR; - } - if (!data.WriteBool(muteMode)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write bool"); - return ERROR; - } - int32_t error = Remote()->SendRequest(static_cast(CAMERA_SERVICE_IS_CAMERA_MUTED), data, reply, option); - if (error != ERR_NONE) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SendRequest failed, error: %{public}d", error); - return ERROR; - } - muteMode = reply.ReadBool(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "IsCameraMuted Read muteMode is %{public}d", muteMode); - return error; -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index d79eab810a82e5ea19670c5c1da7ac4508ed98c6..1eb81c9e76e835f8a8103157c5a89143f30cf2ef 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -19,8 +19,9 @@ #include #include "access_token.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "active_status_callback_manager.h" +#include "ipc_skeleton.h" #ifdef COMMON_EVENT_SERVICE_ENABLE #include "privacy_common_event_subscriber.h" #endif //COMMON_EVENT_SERVICE_ENABLE @@ -28,21 +29,16 @@ #include "constant.h" #include "ipc_skeleton.h" #include "permission_record_manager.h" +#include "privacy_manager_proxy_death_param.h" #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE #include "privacy_sec_comp_enhance_agent.h" #endif -#include "screenlock_manager_loader.h" #include "system_ability_definition.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerService" -}; -} const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get()); @@ -50,12 +46,12 @@ const bool REGISTER_RESULT = PrivacyManagerService::PrivacyManagerService() : SystemAbility(SA_ID_PRIVACY_MANAGER_SERVICE, true), state_(ServiceRunningState::STATE_NOT_START) { - ACCESSTOKEN_LOG_INFO(LABEL, "PrivacyManagerService()"); + LOGI(PRI_DOMAIN, PRI_TAG, "PrivacyManagerService()"); } PrivacyManagerService::~PrivacyManagerService() { - ACCESSTOKEN_LOG_INFO(LABEL, "~PrivacyManagerService()"); + LOGI(PRI_DOMAIN, PRI_TAG, "~PrivacyManagerService()"); #ifdef COMMON_EVENT_SERVICE_ENABLE PrivacyCommonEventSubscriber::UnRegisterEvent(); #endif //COMMON_EVENT_SERVICE_ENABLE @@ -64,12 +60,12 @@ PrivacyManagerService::~PrivacyManagerService() void PrivacyManagerService::OnStart() { if (state_ == ServiceRunningState::STATE_RUNNING) { - ACCESSTOKEN_LOG_INFO(LABEL, "PrivacyManagerService has already started!"); + LOGI(PRI_DOMAIN, PRI_TAG, "PrivacyManagerService has already started!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "PrivacyManagerService is starting"); + LOGI(PRI_DOMAIN, PRI_TAG, "PrivacyManagerService is starting"); if (!Initialize()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to initialize"); return; } @@ -79,51 +75,122 @@ void PrivacyManagerService::OnStart() state_ = ServiceRunningState::STATE_RUNNING; bool ret = Publish(DelayedSingleton::GetInstance().get()); if (!ret) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!"); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to publish service!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, PrivacyManagerService start successfully!"); + LOGI(PRI_DOMAIN, PRI_TAG, "Congratulations, PrivacyManagerService start successfully!"); } void PrivacyManagerService::OnStop() { - ACCESSTOKEN_LOG_INFO(LABEL, "Stop service"); + LOGI(PRI_DOMAIN, PRI_TAG, "Stop service"); state_ = ServiceRunningState::STATE_NOT_START; } int32_t PrivacyManagerService::AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel, bool asyncMode) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "id: %{public}d, perm: %{public}s, succCnt: %{public}d," + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d, perm: %{public}s, succCnt: %{public}d," " failCnt: %{public}d, type: %{public}d", infoParcel.info.tokenId, infoParcel.info.permissionName.c_str(), infoParcel.info.successCount, infoParcel.info.failCount, infoParcel.info.type); AddPermParamInfo info = infoParcel.info; return PermissionRecordManager::GetInstance().AddPermissionUsedRecord(info); } -int32_t PrivacyManagerService::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +int32_t PrivacyManagerService::SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) +{ + LOGI(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d", userID, status ? 1 : 0); + return PermissionRecordManager::GetInstance().SetPermissionUsedRecordToggleStatus(userID, status); +} + +int32_t PrivacyManagerService::GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) +{ + LOGD(PRI_DOMAIN, PRI_TAG, "userID: %{public}d, status: %{public}d", userID, status ? 1 : 0); + return PermissionRecordManager::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status); +} + +std::shared_ptr PrivacyManagerService::GetProxyDeathHandler() +{ + std::lock_guard lock(deathHandlerMutex_); + if (proxyDeathHandler_ == nullptr) { + proxyDeathHandler_ = std::make_shared(); + } + return proxyDeathHandler_; +} + +void PrivacyManagerService::ProcessProxyDeathStub(const sptr& anonyStub, int32_t callerPid) +{ + if (anonyStub == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "anonyStub is nullptr."); + return; + } + std::shared_ptr param = std::make_shared(callerPid); + if (param == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Create param failed."); + return; + } + auto handler = GetProxyDeathHandler(); + if (handler == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Handler is nullptr."); + return; + } + handler->AddProxyStub(anonyStub, param); +} + +void PrivacyManagerService::ReleaseDeathStub(int32_t callerPid) +{ + std::shared_ptr param = std::make_shared(callerPid); + if (param == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Create param failed."); + return; + } + auto handler = GetProxyDeathHandler(); + if (handler == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Handler is nullptr."); + return; + } + handler->ReleaseProxyByParam(param); +} + +int32_t PrivacyManagerService::StartUsingPermission( + const PermissionUsedTypeInfoParcel &infoParcel, const sptr& anonyStub) { - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); - return PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName); + int32_t callerPid = IPCSkeleton::GetCallingPid(); + LOGI(PRI_DOMAIN, PRI_TAG, "Caller pid = %{public}d.", callerPid); + ProcessProxyDeathStub(anonyStub, callerPid); + return PermissionRecordManager::GetInstance().StartUsingPermission(infoParcel.info, callerPid); } -int32_t PrivacyManagerService::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName, - const sptr& callback) +int32_t PrivacyManagerService::StartUsingPermission(const PermissionUsedTypeInfoParcel &infoParcel, + const sptr& callback, const sptr& anonyStub) { - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); - return PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName, callback); + int32_t callerPid = IPCSkeleton::GetCallingPid(); + LOGI(PRI_DOMAIN, PRI_TAG, "Caller pid = %{public}d.", callerPid); + ProcessProxyDeathStub(anonyStub, callerPid); + return PermissionRecordManager::GetInstance().StartUsingPermission(infoParcel.info, callback, callerPid); } -int32_t PrivacyManagerService::StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +int32_t PrivacyManagerService::StopUsingPermission( + AccessTokenID tokenId, int32_t pid, const std::string& permissionName) { - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); - return PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, permissionName); + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}u, pid: %{public}d, perm: %{public}s", + tokenId, pid, permissionName.c_str()); + int32_t callerPid = IPCSkeleton::GetCallingPid(); + int32_t ret = PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, pid, permissionName, callerPid); + if (ret != Constant::SUCCESS) { + return ret; + } + if (!PermissionRecordManager::GetInstance().HasCallerInStartList(callerPid)) { + LOGI(PRI_DOMAIN, PRI_TAG, "No permission record from caller = %{public}d", callerPid); + ReleaseDeathStub(callerPid); + } + return ret; } -int32_t PrivacyManagerService::RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID) +int32_t PrivacyManagerService::RemovePermissionUsedRecords(AccessTokenID tokenId) { - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d", tokenId); - PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId, deviceID); + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}u", tokenId); + PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId); return Constant::SUCCESS; } @@ -135,7 +202,7 @@ int32_t PrivacyManagerService::GetPermissionUsedRecords( permissionList.append(perm); permissionList.append(" "); } - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d, timestamp: [%{public}" PRId64 "-%{public}" PRId64 + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}d, timestamp: [%{public}" PRId64 "-%{public}" PRId64 "], flag: %{public}d, perm: %{public}s", request.request.tokenId, request.request.beginTimeMillis, request.request.endTimeMillis, request.request.flag, permissionList.c_str()); @@ -148,20 +215,21 @@ int32_t PrivacyManagerService::GetPermissionUsedRecords( int32_t PrivacyManagerService::GetPermissionUsedRecords( const PermissionUsedRequestParcel& request, const sptr& callback) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "id: %{public}d", request.request.tokenId); + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d", request.request.tokenId); return PermissionRecordManager::GetInstance().GetPermissionUsedRecordsAsync(request.request, callback); } int32_t PrivacyManagerService::RegisterPermActiveStatusCallback( std::vector& permList, const sptr& callback) { - return PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback); + return PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + IPCSkeleton::GetCallingTokenID(), permList, callback); } #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE int32_t PrivacyManagerService::RegisterSecCompEnhance(const SecCompEnhanceDataParcel& enhanceParcel) { - ACCESSTOKEN_LOG_INFO(LABEL, "Pid: %{public}d", enhanceParcel.enhanceData.pid); + LOGI(PRI_DOMAIN, PRI_TAG, "Pid: %{public}d", enhanceParcel.enhanceData.pid); return PrivacySecCompEnhanceAgent::GetInstance().RegisterSecCompEnhance(enhanceParcel.enhanceData); } @@ -175,7 +243,7 @@ int32_t PrivacyManagerService::GetSecCompEnhance(int32_t pid, SecCompEnhanceData SecCompEnhanceData enhanceData; int32_t res = PrivacySecCompEnhanceAgent::GetInstance().GetSecCompEnhance(pid, enhanceData); if (res != RET_SUCCESS) { - ACCESSTOKEN_LOG_WARN(LABEL, "Pid: %{public}d get enhance failed ", pid); + LOGW(PRI_DOMAIN, PRI_TAG, "Pid: %{public}d get enhance failed ", pid); return res; } @@ -241,7 +309,7 @@ int32_t PrivacyManagerService::ResponseDumpCommand(int32_t fd, const std::vector int32_t PrivacyManagerService::Dump(int32_t fd, const std::vector& args) { if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dump fd invalid value"); + LOGE(PRI_DOMAIN, PRI_TAG, "Dump fd invalid value"); return ERR_INVALID_VALUE; } int32_t ret = ERR_OK; @@ -269,29 +337,33 @@ int32_t PrivacyManagerService::UnRegisterPermActiveStatusCallback(const sptr(policyType), static_cast(callerType), isMute); + static_cast(policyType), static_cast(callerType), isMute, tokenID); } int32_t PrivacyManagerService::SetHapWithFGReminder(uint32_t tokenId, bool isAllowed) { - ACCESSTOKEN_LOG_INFO(LABEL, "id: %{public}d, isAllowed: %{public}d", tokenId, isAllowed); + LOGI(PRI_DOMAIN, PRI_TAG, "id: %{public}d, isAllowed: %{public}d", tokenId, isAllowed); return PermissionRecordManager::GetInstance().SetHapWithFGReminder(tokenId, isAllowed); } int32_t PrivacyManagerService::GetPermissionUsedTypeInfos(const AccessTokenID tokenId, const std::string& permissionName, std::vector& resultsParcel) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); + LOGD(PRI_DOMAIN, PRI_TAG, "id: %{public}d, perm: %{public}s", tokenId, permissionName.c_str()); std::vector results; int32_t res = PermissionRecordManager::GetInstance().GetPermissionUsedTypeInfos(tokenId, permissionName, results); @@ -310,7 +382,7 @@ int32_t PrivacyManagerService::GetPermissionUsedTypeInfos(const AccessTokenID to void PrivacyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) { - ACCESSTOKEN_LOG_INFO(LABEL, "saId is %{public}d", systemAbilityId); + LOGI(PRI_DOMAIN, PRI_TAG, "saId is %{public}d", systemAbilityId); #ifdef COMMON_EVENT_SERVICE_ENABLE if (systemAbilityId == COMMON_EVENT_SERVICE_ID) { PrivacyCommonEventSubscriber::RegisterEvent(); @@ -319,12 +391,8 @@ void PrivacyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const st #endif //COMMON_EVENT_SERVICE_ENABLE if (systemAbilityId == SCREENLOCK_SERVICE_ID) { - LibraryLoader loader(SCREENLOCK_MANAGER_LIBPATH); - ScreenLockManagerAccessLoaderInterface* screenlockManagerLoader = - loader.GetObject(); - if (screenlockManagerLoader != nullptr) { - PermissionRecordManager::GetInstance().SetLockScreenStatus(screenlockManagerLoader->IsScreenLocked()); - } + int32_t lockScreenStatus = PermissionRecordManager::GetInstance().GetLockScreenStatus(true); + PermissionRecordManager::GetInstance().SetLockScreenStatus(lockScreenStatus); return; } } @@ -335,7 +403,7 @@ bool PrivacyManagerService::Initialize() #ifdef EVENTHANDLER_ENABLE eventRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); if (!eventRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create eventRunner."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to create eventRunner."); return false; } eventHandler_ = std::make_shared(eventRunner_); diff --git a/services/privacymanager/src/service/privacy_manager_stub.cpp b/services/privacymanager/src/service/privacy_manager_stub.cpp index 729b4a0c5e05dbf05cdc170b36c6fa2a9730838a..2f16edfa53afbd245c261dfeb513d26bebe25d75 100644 --- a/services/privacymanager/src/service/privacy_manager_stub.cpp +++ b/services/privacymanager/src/service/privacy_manager_stub.cpp @@ -16,31 +16,24 @@ #include "privacy_manager_stub.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "ipc_skeleton.h" #include "memory_guard.h" +#include "on_permission_used_record_callback_proxy.h" #include "privacy_error.h" +#include "privacy_manager_proxy_death_param.h" #include "string_ex.h" #include "tokenid_kit.h" -#ifdef HICOLLIE_ENABLE -#include "xcollie/xcollie.h" -#endif // HICOLLIE_ENABLE namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_PRIVACY, "PrivacyManagerStub" -}; static const uint32_t PERM_LIST_SIZE_MAX = 1024; -#ifdef SECURITY_COMPONENT_ENHANCE_ENABLE -#ifdef HICOLLIE_ENABLE -static constexpr uint32_t TIMEOUT = 6; // 6s -#endif // HICOLLIE_ENABLE -#endif // SECURITY_COMPONENT_ENHANCE_ENABLE constexpr const char* PERMISSION_USED_STATS = "ohos.permission.PERMISSION_USED_STATS"; +constexpr const char* PERMISSION_RECORD_TOGGLE = "ohos.permission.PERMISSION_RECORD_TOGGLE"; constexpr const char* SET_FOREGROUND_HAP_REMINDER = "ohos.permission.SET_FOREGROUND_HAP_REMINDER"; +constexpr const char* SET_MUTE_POLICY = "ohos.permission.SET_MUTE_POLICY"; } PrivacyManagerStub::PrivacyManagerStub() @@ -86,6 +79,10 @@ void PrivacyManagerStub::SetPrivacyFuncInMap() &PrivacyManagerStub::SetMutePolicyInner; requestMap_[static_cast(PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER)] = &PrivacyManagerStub::SetHapWithFGReminderInner; + requestMap_[static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS)] = + &PrivacyManagerStub::SetPermissionUsedRecordToggleStatusInner; + requestMap_[static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS)] = + &PrivacyManagerStub::GetPermissionUsedRecordToggleStatusInner; } int32_t PrivacyManagerStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) @@ -93,7 +90,7 @@ int32_t PrivacyManagerStub::OnRemoteRequest( MemoryGuard cacheGuard; std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != IPrivacyManager::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } @@ -122,13 +119,71 @@ void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, Messa } sptr infoParcel = data.ReadParcelable(); if (infoParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } reply.WriteInt32(this->AddPermissionUsedRecord(*infoParcel)); } +void PrivacyManagerStub::SetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); + return; + } + if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_RECORD_TOGGLE)) { + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + int32_t userID = 0; + if (!data.ReadInt32(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read userId."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + if (userID != 0 && !IsPrivilegedCalling()) { + LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + bool status = true; + if (!data.ReadBool(status)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read status."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + reply.WriteInt32(this->SetPermissionUsedRecordToggleStatus(userID, status)); +} + +void PrivacyManagerStub::GetPermissionUsedRecordToggleStatusInner(MessageParcel& data, MessageParcel& reply) +{ + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); + return; + } + if (!IsPrivilegedCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + int32_t userID = 0; + if (!data.ReadInt32(userID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read userId."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + if (userID != 0 && !IsPrivilegedCalling()) { + LOGE(PRI_DOMAIN, PRI_TAG, "User version only get calling userID."); + reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); + return; + } + bool status = true; + reply.WriteInt32(this->GetPermissionUsedRecordToggleStatus(userID, status)); + reply.WriteBool(status); +} + void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageParcel& reply) { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); @@ -140,26 +195,51 @@ void PrivacyManagerStub::StartUsingPermissionInner(MessageParcel& data, MessageP reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); return; } - AccessTokenID tokenId = data.ReadUint32(); - std::string permissionName = data.ReadString(); - reply.WriteInt32(this->StartUsingPermission(tokenId, permissionName)); + sptr info = data.ReadParcelable(); + if (info == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Read parcel fail."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + sptr anonyStub = data.ReadRemoteObject(); + if (anonyStub == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + reply.WriteInt32(this->StartUsingPermission(*info, anonyStub)); } void PrivacyManagerStub::StartUsingPermissionCallbackInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); + return; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); return; } - AccessTokenID tokenId = data.ReadUint32(); - std::string permissionName = data.ReadString(); + sptr info = data.ReadParcelable(); + if (info == nullptr) { + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail"); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + sptr anonyStub = data.ReadRemoteObject(); + if (anonyStub == nullptr) { + LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } - reply.WriteInt32(this->StartUsingPermission(tokenId, permissionName, callback)); + reply.WriteInt32(this->StartUsingPermission(*info, callback, anonyStub)); } void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessageParcel& reply) @@ -174,20 +254,26 @@ void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessagePa return; } AccessTokenID tokenId = data.ReadUint32(); + int32_t pid = data.ReadInt32(); std::string permissionName = data.ReadString(); - reply.WriteInt32(this->StopUsingPermission(tokenId, permissionName)); + reply.WriteInt32(this->StopUsingPermission(tokenId, pid, permissionName)); } void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); + return; + } + if (!IsAccessTokenCalling() && !VerifyPermission(PERMISSION_USED_STATS)) { reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); return; } AccessTokenID tokenId = data.ReadUint32(); - std::string deviceID = data.ReadString(); - reply.WriteInt32(this->RemovePermissionUsedRecords(tokenId, deviceID)); + reply.WriteInt32(this->RemovePermissionUsedRecords(tokenId)); } void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) @@ -204,14 +290,14 @@ void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, Mess } sptr requestParcel = data.ReadParcelable(); if (requestParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } int32_t result = this->GetPermissionUsedRecords(*requestParcel, responseParcel); reply.WriteInt32(result); if (result != RET_SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "WriteInt32 faild"); + LOGE(PRI_DOMAIN, PRI_TAG, "WriteInt32 faild"); return; } reply.WriteParcelable(&responseParcel); @@ -219,19 +305,25 @@ void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, Mess void PrivacyManagerStub::GetPermissionUsedRecordsAsyncInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + reply.WriteInt32(PrivacyError::ERR_NOT_SYSTEM_APP); + return; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); return; } sptr requestParcel = data.ReadParcelable(); if (requestParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable failed"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable failed"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } - sptr callback = iface_cast(data.ReadRemoteObject()); + sptr callback = new OnPermissionUsedRecordCallbackProxy(data.ReadRemoteObject()); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Callback is null"); + LOGE(PRI_DOMAIN, PRI_TAG, "Callback is null"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } @@ -251,7 +343,7 @@ void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& da } uint32_t permListSize = data.ReadUint32(); if (permListSize > PERM_LIST_SIZE_MAX) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read permListSize fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "Read permListSize fail"); reply.WriteInt32(PrivacyError::ERR_OVERSIZE); return; } @@ -262,7 +354,7 @@ void PrivacyManagerStub::RegisterPermActiveStatusCallbackInner(MessageParcel& da } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read ReadRemoteObject fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "Read ReadRemoteObject fail"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } @@ -282,7 +374,7 @@ void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& } sptr callback = data.ReadRemoteObject(); if (callback == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Read scopeParcel fail"); + LOGE(PRI_DOMAIN, PRI_TAG, "Read scopeParcel fail"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } @@ -291,16 +383,25 @@ void PrivacyManagerStub::UnRegisterPermActiveStatusCallbackInner(MessageParcel& void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if ((AccessTokenKit::GetTokenTypeFlag(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) { + LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(tokenID=%{public}d)", callingTokenID); + reply.WriteBool(false); + return; + } + if (!VerifyPermission(PERMISSION_USED_STATS)) { reply.WriteBool(false); return; } - AccessTokenID tokenId = data.ReadUint32(); + AccessTokenID tokenId = data.ReadUint32(); std::string permissionName = data.ReadString(); - bool result = this->IsAllowedUsingPermission(tokenId, permissionName); + int32_t pid = data.ReadInt32(); + + bool result = this->IsAllowedUsingPermission(tokenId, permissionName, pid); if (!reply.WriteBool(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteBool(%{public}s)", permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteBool(%{public}s)", permissionName.c_str()); reply.WriteBool(false); return; } @@ -309,28 +410,13 @@ void PrivacyManagerStub::IsAllowedUsingPermissionInner(MessageParcel& data, Mess #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE void PrivacyManagerStub::RegisterSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) { -#ifdef HICOLLIE_ENABLE - std::string name = "PrivacyTimer"; - int timerId = HiviewDFX::XCollie::GetInstance().SetTimer(name, TIMEOUT, nullptr, nullptr, - HiviewDFX::XCOLLIE_FLAG_LOG); -#endif // HICOLLIE_ENABLE - sptr requestParcel = data.ReadParcelable(); if (requestParcel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild"); + LOGE(PRI_DOMAIN, PRI_TAG, "ReadParcelable faild"); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE - return; } reply.WriteInt32(this->RegisterSecCompEnhance(*requestParcel)); - -#ifdef HICOLLIE_ENABLE - HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); -#endif // HICOLLIE_ENABLE } void PrivacyManagerStub::UpdateSecCompEnhanceInner(MessageParcel& data, MessageParcel& reply) @@ -409,7 +495,7 @@ void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, Me std::vector resultsParcel; int32_t result = this->GetPermissionUsedTypeInfos(tokenId, permissionName, resultsParcel); if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32(%{public}d-%{public}s)", tokenId, permissionName.c_str()); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32(%{public}d-%{public}s)", tokenId, permissionName.c_str()); return; } reply.WriteUint32(resultsParcel.size()); @@ -420,32 +506,38 @@ void PrivacyManagerStub::GetPermissionUsedTypeInfosInner(MessageParcel& data, Me void PrivacyManagerStub::SetMutePolicyInner(MessageParcel& data, MessageParcel& reply) { - if (!VerifyPermission(PERMISSION_USED_STATS)) { + if (!VerifyPermission(SET_MUTE_POLICY)) { reply.WriteInt32(PrivacyError::ERR_PERMISSION_DENIED); return; } uint32_t policyType; if (!data.ReadUint32(policyType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read policyType."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read policyType."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } uint32_t callerType; if (!data.ReadUint32(callerType)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read callerType."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read callerType."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } bool isMute; if (!data.ReadBool(isMute)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isMute."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read isMute."); + reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); + return; + } + uint32_t tokenID; + if (!data.ReadUint32(tokenID)) { + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read tokenID."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } - int32_t result = this->SetMutePolicy(policyType, callerType, isMute); + int32_t result = this->SetMutePolicy(policyType, callerType, isMute, tokenID); if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32."); return; } } @@ -458,24 +550,35 @@ void PrivacyManagerStub::SetHapWithFGReminderInner(MessageParcel& data, MessageP } uint32_t tokenId; if (!data.ReadUint32(tokenId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read tokenId."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read tokenId."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } bool isAllowed; if (!data.ReadBool(isAllowed)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to read isAllowed."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to read isAllowed."); reply.WriteInt32(PrivacyError::ERR_READ_PARCEL_FAILED); return; } int32_t result = this->SetHapWithFGReminder(tokenId, isAllowed); if (!reply.WriteInt32(result)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to WriteInt32."); + LOGE(PRI_DOMAIN, PRI_TAG, "Failed to WriteInt32."); return; } } +bool PrivacyManagerStub::IsPrivilegedCalling() const +{ + // shell process is root in debug mode. +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + int32_t callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ROOT_UID; +#else + return false; +#endif +} + bool PrivacyManagerStub::IsAccessTokenCalling() const { int32_t callingUid = IPCSkeleton::GetCallingUid(); @@ -492,7 +595,7 @@ bool PrivacyManagerStub::VerifyPermission(const std::string& permission) const { uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); if (AccessTokenKit::VerifyAccessToken(callingTokenID, permission) == PERMISSION_DENIED) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(callingTokenID=%{public}d)", callingTokenID); + LOGE(PRI_DOMAIN, PRI_TAG, "Permission denied(callingTokenID=%{public}d)", callingTokenID); return false; } return true; diff --git a/services/privacymanager/test/coverage/BUILD.gn b/services/privacymanager/test/coverage/BUILD.gn index 4db84f5ea7342a6572a9473c3ce030c804764191..36d7efa6bf57a7d21d4bf0ee83f7690bcff45f7a 100644 --- a/services/privacymanager/test/coverage/BUILD.gn +++ b/services/privacymanager/test/coverage/BUILD.gn @@ -32,13 +32,11 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", - "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", - "${access_token_path}/services/common/power_manager/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", "${access_token_path}/services/privacymanager/include/active", @@ -46,9 +44,10 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/database", "${access_token_path}/services/privacymanager/include/record", "${access_token_path}/services/privacymanager/include/service", - "${access_token_path}/services/privacymanager/include/sensitive/app_manager", + "${access_token_path}/services/privacymanager/include/proxy", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ @@ -60,24 +59,20 @@ if (is_standard_system && ability_base_enable == true) { "../../src/database/data_translator.cpp", "../../src/database/permission_used_record_db.cpp", "../../src/database/privacy_field_const.cpp", + "../../src/proxy/privacy_manager_proxy_death_param.cpp", "../../src/record/on_permission_used_record_callback_proxy.cpp", "../../src/record/permission_record.cpp", "../../src/record/permission_record_manager.cpp", - "../../src/record/permission_record_repository.cpp", - "../../src/record/permission_used_record_cache.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_client.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_client.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp", + "../../src/record/permission_record_set.cpp", + "../../src/sensitive/audio_manager/audio_manager_adapter.cpp", + "../../src/sensitive/camera_manager/camera_manager_adapter.cpp", "../../src/service/privacy_manager_service.cpp", "../../src/service/privacy_manager_stub.cpp", "permission_record_manager_coverage_test.cpp", "sensitive_manager_coverage_test.cpp", ] - cflags_cc = [] + cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:coverage_flags" ] @@ -89,13 +84,13 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/proxy_death:proxy_death_handler", "${access_token_path}/services/privacymanager:privacy_manager_service", ] external_deps = [ "ability_base:want", "access_token:libaccesstoken_sdk", - "audio_framework:audio_client", "c_utils:utils", "googletest:gtest_main", "hilog:libhilog", @@ -106,6 +101,17 @@ if (is_standard_system && ability_base_enable == true) { "samgr:samgr_proxy", "sqlite:sqlite", ] + + if (audio_framework_enable) { + cflags_cc += [ "-DAUDIO_FRAMEWORK_ENABLE" ] + external_deps += [ "audio_framework:audio_client" ] + } + + if (camera_framework_enable) { + cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] + external_deps += [ "camera_framework:camera_framework" ] + } + if (eventhandler_enable == true) { cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] external_deps += [ "eventhandler:libeventhandler" ] @@ -120,30 +126,27 @@ if (is_standard_system && ability_base_enable == true) { external_deps += [ "screenlock_mgr:screenlock_client" ] } - if (audio_framework_enable) { - cflags_cc += [ - "-DHILOG_ENABLE", - "-DFEATURE_DTMF_TONE", - ] - } - - if (camera_framework_enable) { - cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] - external_deps += [ "camera_framework:camera_framework" ] - } - - if (ability_runtime_enable) { - cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] - external_deps += [ - "ability_runtime:ability_manager", - "ability_runtime:app_manager", - ] - } - if (window_manager_enable && access_token_camera_float_window_enable) { cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] include_dirs += [ "${access_token_path}/services/common/window_manager/include" ] + sources += [ + "${access_token_path}/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_agent.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_client.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_proxy.cpp", + ] + external_deps += [ "window_manager:libwsutils" ] + } + if (access_token_app_security_privacy_service_enable) { + cflags_cc += [ "-DAPP_SECURITY_PRIVACY_SERVICE" ] + } else { + include_dirs += + [ "${access_token_path}/services/common/ability_manager/include" ] } } } diff --git a/services/privacymanager/test/coverage/permission_record_manager_coverage_test.cpp b/services/privacymanager/test/coverage/permission_record_manager_coverage_test.cpp index eeb9ccce996b0c095f068fd70d8d0b1176a870c1..93eb24742653a37cd06d62504468e3d35e03edde 100644 --- a/services/privacymanager/test/coverage/permission_record_manager_coverage_test.cpp +++ b/services/privacymanager/test/coverage/permission_record_manager_coverage_test.cpp @@ -18,17 +18,13 @@ #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" -#include "audio_manager_privacy_client.h" -#include "camera_manager_privacy_client.h" +#include "camera_manager_adapter.h" #include "constant.h" #include "data_translator.h" #include "permission_record.h" #define private public #include "active_status_callback_manager.h" #include "permission_record_manager.h" -#include "permission_record_repository.h" -#include "permission_used_record_cache.h" #include "permission_used_record_db.h" #undef private #include "perm_active_status_change_callback_stub.h" @@ -47,17 +43,18 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static int32_t PID = -1; +static constexpr int32_t CALLER_PID = 10; static AccessTokenID g_selfTokenId = 0; static AccessTokenID g_nativeToken = 0; static constexpr int32_t MAX_DETAIL_NUM = 500; -static constexpr int32_t DEEP_COPY_NUM = 10; static constexpr int64_t ONE_SECOND = 1000; static constexpr int64_t TWO_SECOND = 2000; static constexpr int64_t THREE_SECOND = 3000; static constexpr int32_t PERMISSION_USED_TYPE_VALUE = 1; -static constexpr int32_t PICKER_TYPE_VALUE = 2; static constexpr int32_t PERMISSION_USED_TYPE_WITH_PICKER_TYPE_VALUE = 3; -static constexpr int32_t RANDOM_TOKENID = 123; +static constexpr uint32_t RANDOM_TOKENID = 123; +static constexpr int32_t TEST_USER_ID_11 = 11; static PermissionStateFull g_testState1 = { .permissionName = "ohos.permission.CAMERA", .isGeneral = true, @@ -101,53 +98,6 @@ static HapInfoParams g_InfoParms2 = { .instIndex = 0, .appIDDesc = "privacy_test.bundleB" }; - -static PermissionRecord g_recordA1 = { - .opCode = Constant::OP_CAMERA, - .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, - .timestamp = 0L, - .accessDuration = 0L, - .accessCount = 1, - .rejectCount = 0, - .lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED -}; - -static PermissionRecord g_recordA2 = { - .opCode = Constant::OP_MICROPHONE, - .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, - .timestamp = 0L, - .accessDuration = 0L, - .accessCount = 1, - .rejectCount = 0, - .lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED -}; - -static PermissionRecord g_recordB1 = { - .opCode = Constant::OP_CAMERA, - .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, - .timestamp = 0L, - .accessDuration = 0L, - .accessCount = 1, - .rejectCount = 0, - .lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED -}; - -static PermissionRecord g_recordB2 = { - .opCode = Constant::OP_MICROPHONE, - .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, - .timestamp = 0L, - .accessDuration = 0L, - .accessCount = 1, - .rejectCount = 0, - .lockScreenStatus = LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED -}; - -static PermissionRecord g_record = { - .tokenId = RANDOM_TOKENID, - .opCode = static_cast(Constant::OpCode::OP_READ_CALENDAR), - .status = static_cast(ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND), - .lockScreenStatus = static_cast(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED), -}; } class PermissionRecordManagerTest : public testing::Test { public: @@ -211,21 +161,32 @@ public: {} }; +static PermissionUsedTypeInfo MakeInfo(AccessTokenID tokenId, int32_t pid, const std::string &permission, + PermissionUsedType type = PermissionUsedType::NORMAL_TYPE) +{ + PermissionUsedTypeInfo info = { + .tokenId = tokenId, + .pid = pid, + .permissionName = permission, + .type = type + }; + return info; +} /** - * @tc.name: OnForegroundApplicationChanged001 + * @tc.name: OnAppStateChanged001 * @tc.desc: RegisterPermActiveStatusCallback with invalid parameter. * @tc.type: FUNC * @tc.require: issueI5RWX8 */ -HWTEST_F(PermissionRecordManagerTest, OnForegroundApplicationChanged001, TestSize.Level1) +HWTEST_F(PermissionRecordManagerTest, OnAppStateChanged001, TestSize.Level1) { PrivacyAppStateObserver observer; AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_FOREGROUND); - observer.OnForegroundApplicationChanged(appStateData); + observer.OnAppStateChanged(appStateData); appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); - observer.OnForegroundApplicationChanged(appStateData); + observer.OnAppStateChanged(appStateData); ASSERT_EQ(static_cast(ApplicationState::APP_STATE_BACKGROUND), appStateData.state); } @@ -244,23 +205,43 @@ HWTEST_F(PermissionRecordManagerTest, AppStatusListener001, TestSize.Level1) g_InfoParms2.instIndex); ASSERT_NE(static_cast(0), tokenId2); - g_recordA1.tokenId = tokenId1; - g_recordA2.tokenId = tokenId1; - g_recordB1.tokenId = tokenId2; - g_recordB2.tokenId = tokenId2; - PermissionRecordManager::GetInstance().startRecordList_.emplace_back(g_recordA1); - PermissionRecordManager::GetInstance().startRecordList_.emplace_back(g_recordA2); - PermissionRecordManager::GetInstance().startRecordList_.emplace_back(g_recordB1); - PermissionRecordManager::GetInstance().startRecordList_.emplace_back(g_recordB2); - - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PERM_ACTIVE_IN_FOREGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PERM_ACTIVE_IN_FOREGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PERM_ACTIVE_IN_FOREGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PERM_ACTIVE_IN_FOREGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PERM_ACTIVE_IN_BACKGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PERM_ACTIVE_IN_BACKGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PERM_ACTIVE_IN_BACKGROUND); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PERM_ACTIVE_IN_BACKGROUND); + ContinusPermissionRecord recordA1 = { + .tokenId = tokenId1, + .opCode = Constant::OP_CAMERA, + .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, + }; + + ContinusPermissionRecord recordA2 = { + .tokenId = tokenId1, + .opCode = Constant::OP_MICROPHONE, + .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, + }; + + ContinusPermissionRecord recordB1 = { + .tokenId = tokenId2, + .opCode = Constant::OP_CAMERA, + .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, + }; + + ContinusPermissionRecord recordB2 = { + .tokenId = tokenId2, + .opCode = Constant::OP_MICROPHONE, + .status = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND, + }; + + PermissionRecordManager::GetInstance().startRecordList_.emplace(recordA1); + PermissionRecordManager::GetInstance().startRecordList_.emplace(recordA2); + PermissionRecordManager::GetInstance().startRecordList_.emplace(recordB1); + PermissionRecordManager::GetInstance().startRecordList_.emplace(recordB2); + + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PID, PERM_ACTIVE_IN_FOREGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PID, PERM_ACTIVE_IN_FOREGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PID, PERM_ACTIVE_IN_FOREGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PID, PERM_ACTIVE_IN_FOREGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PID, PERM_ACTIVE_IN_BACKGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PID, PERM_ACTIVE_IN_BACKGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId1, PID, PERM_ACTIVE_IN_BACKGROUND); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId2, PID, PERM_ACTIVE_IN_BACKGROUND); } /* @@ -278,24 +259,19 @@ HWTEST_F(PermissionRecordManagerTest, FindRecordsToUpdateAndExecutedTest001, Tes EXPECT_EQ(0, SetSelfTokenID(tokenId)); ActiveChangeType status = PERM_ACTIVE_IN_BACKGROUND; - - PermissionRecord record1 = { - .tokenId = tokenId, - .opCode = Constant::OP_CAMERA, - }; - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, false); - PermissionRecordManager::GetInstance().AddRecordToStartList(record1); + std::string permission = "ohos.permission.CAMERA"; + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::CAMERA, false, + RANDOM_TOKENID); + PermissionRecordManager::GetInstance().AddRecordToStartList(MakeInfo(tokenId, PID, permission), status, CALLER_PID); #ifdef CAMERA_FLOAT_WINDOW_ENABLE PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); #endif - PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, status); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, status); + PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, PID, status); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, PID, status); - PermissionRecord record; - PermissionRecordManager::GetInstance().GetRecordFromStartList(record1.tokenId, record1.opCode, record); - - ASSERT_EQ(record1.tokenId, tokenId); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, permission, CALLER_PID)); } /* @@ -310,22 +286,17 @@ HWTEST_F(PermissionRecordManagerTest, FindRecordsToUpdateAndExecutedTest002, Tes g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); ActiveChangeType status = PERM_ACTIVE_IN_BACKGROUND; - - PermissionRecord record1 = { - .tokenId = tokenId, - .opCode = Constant::OP_MICROPHONE, - }; - PermissionRecordManager::GetInstance().AddRecordToStartList(record1); + std::string permission = "ohos.permission.MICROPHONE"; + PermissionRecordManager::GetInstance().AddRecordToStartList(MakeInfo(tokenId, PID, permission), status, CALLER_PID); #ifdef CAMERA_FLOAT_WINDOW_ENABLE PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); #endif - PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, status); - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, status); + PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, PID, status); + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, PID, status); - PermissionRecord record; - PermissionRecordManager::GetInstance().GetRecordFromStartList(record1.tokenId, record1.opCode, record); - ASSERT_EQ(record1.tokenId, tokenId); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, permission, CALLER_PID)); } /* @@ -340,22 +311,16 @@ HWTEST_F(PermissionRecordManagerTest, FindRecordsToUpdateAndExecutedTest003, Tes g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); ActiveChangeType status = PERM_ACTIVE_IN_FOREGROUND; - - PermissionRecord record1 = { - .tokenId = tokenId, - .opCode = Constant::OP_CAMERA, - }; - PermissionRecordManager::GetInstance().AddRecordToStartList(record1); + std::string permission = "ohos.permission.CAMERA"; + PermissionRecordManager::GetInstance().AddRecordToStartList(MakeInfo(tokenId, PID, permission), status, CALLER_PID); #ifdef CAMERA_FLOAT_WINDOW_ENABLE PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); #endif - PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, status); + PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, PID, status); - PermissionRecord record; - PermissionRecordManager::GetInstance().GetRecordFromStartList(record1.tokenId, record1.opCode, record); - - ASSERT_EQ(record1.tokenId, tokenId); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, permission, CALLER_PID)); } /* @@ -370,21 +335,16 @@ HWTEST_F(PermissionRecordManagerTest, FindRecordsToUpdateAndExecutedTest004, Tes g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); ActiveChangeType status = PERM_ACTIVE_IN_BACKGROUND; - - PermissionRecord record1 = { - .tokenId = tokenId, - .opCode = Constant::OP_CAMERA, - }; - PermissionRecordManager::GetInstance().AddRecordToStartList(record1); + std::string permission = "ohos.permission.CAMERA"; + PermissionRecordManager::GetInstance().AddRecordToStartList(MakeInfo(tokenId, PID, permission), status, CALLER_PID); #ifdef CAMERA_FLOAT_WINDOW_ENABLE PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); #endif - PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, status); + PermissionRecordManager::GetInstance().ExecuteAndUpdateRecord(tokenId, PID, status); - PermissionRecord record; - PermissionRecordManager::GetInstance().GetRecordFromStartList(record1.tokenId, record1.opCode, record); - ASSERT_EQ(record1.tokenId, tokenId); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, permission, CALLER_PID)); } /* @@ -403,9 +363,9 @@ HWTEST_F(PermissionRecordManagerTest, ExecuteCameraCallbackAsyncTest001, TestSiz auto callbackWrap = new (std::nothrow) StateChangeCallback(callbackPtr); ASSERT_NE(nullptr, callbackPtr); ASSERT_NE(nullptr, callbackWrap); - PermissionRecordManager::GetInstance().ExecuteCameraCallbackAsync(tokenId); + PermissionRecordManager::GetInstance().ExecuteCameraCallbackAsync(tokenId, PID); - PermissionRecordManager::GetInstance().ExecuteCameraCallbackAsync(tokenId); + PermissionRecordManager::GetInstance().ExecuteCameraCallbackAsync(tokenId, PID); } class PermActiveStatusChangeCallbackTest : public PermActiveStatusChangeCallbackStub { @@ -414,12 +374,18 @@ public: virtual ~PermActiveStatusChangeCallbackTest() = default; void ActiveStatusChangeCallback(ActiveChangeResponse& result) override; + bool AddDeathRecipient(const sptr& deathRecipient) override; }; void PermActiveStatusChangeCallbackTest::ActiveStatusChangeCallback(ActiveChangeResponse& result) { } +bool PermActiveStatusChangeCallbackTest::AddDeathRecipient(const sptr& deathRecipient) +{ + return true; +} + class PermissionRecordManagerCoverTestCb3 : public PermActiveStatusCustomizedCbk { public: explicit PermissionRecordManagerCoverTestCb3(const std::vector &permList) @@ -438,6 +404,7 @@ public: ActiveChangeType type_ = PERM_INACTIVE; }; + /* * @tc.name: OnRemoteDied001 * @tc.desc: PermActiveStatusCallbackDeathRecipient::OnRemoteDied function test @@ -460,7 +427,7 @@ HWTEST_F(PermissionRecordManagerTest, OnRemoteDied001, TestSize.Level1) permList.emplace_back("ohos.permission.CAMERA"); wptr remote = new (std::nothrow) PermActiveStatusChangeCallbackTest(); callback = remote.promote(); - ActiveStatusCallbackManager::GetInstance().AddCallback(permList, callback); + ActiveStatusCallbackManager::GetInstance().AddCallback(GetSelfTokenID(), permList, callback); ASSERT_EQ(static_cast(1), ActiveStatusCallbackManager::GetInstance().callbackDataList_.size()); recipient->OnRemoteDied(remote); // remote is not nullptr ASSERT_EQ(static_cast(0), ActiveStatusCallbackManager::GetInstance().callbackDataList_.size()); @@ -492,7 +459,7 @@ HWTEST_F(PermissionRecordManagerTest, OnApplicationStateChanged001, TestSize.Lev AppStateData appStateData; appStateData.state = static_cast(ApplicationState::APP_STATE_TERMINATED); appStateData.accessTokenId = tokenId; - observer.OnApplicationStateChanged(appStateData); + observer.OnAppStopped(appStateData); usleep(500000); // 500000us = 0.5s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callbackPtr->type_); @@ -601,26 +568,28 @@ HWTEST_F(PermissionRecordManagerTest, RemoveRecordFromStartList001, TestSize.Lev g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); + std::string permission = "ohos.permission.READ_MEDIA"; ASSERT_EQ(Constant::SUCCESS, - PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); - PermissionRecord record; - record.tokenId = tokenId; - record.opCode = Constant::OP_READ_MEDIA; + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); // it->opcode == record.opcode && it->tokenId == record.tokenId - PermissionRecordManager::GetInstance().RemoveRecordFromStartList(record); // record in cache has delete + PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, "ohos.permission.READ_MEDIA", CALLER_PID); ASSERT_EQ(Constant::SUCCESS, - PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); - record.tokenId = RANDOM_TOKENID; + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); // it->opcode == record.opcode && it->tokenId != record.tokenId - PermissionRecordManager::GetInstance().RemoveRecordFromStartList(record); + PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + RANDOM_TOKENID, PID, "ohos.permission.READ_MEDIA", CALLER_PID); - record.opCode = Constant::OP_MICROPHONE; // it->opcode != record.opcode && it->tokenId != record.tokenId - PermissionRecordManager::GetInstance().RemoveRecordFromStartList(record); + PermissionRecordManager::GetInstance().RemoveRecordFromStartList( + tokenId, PID, "ohos.permission.MICROPHONE", CALLER_PID); ASSERT_EQ(Constant::SUCCESS, - PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); + PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, PID, "ohos.permission.READ_MEDIA", CALLER_PID)); } /* @@ -662,13 +631,13 @@ HWTEST_F(PermissionRecordManagerTest, Unregister001, TestSize.Level1) ASSERT_NE(static_cast(0), tokenId); ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( - tokenId, "ohos.permission.READ_MEDIA")); + MakeInfo(tokenId, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); PermissionRecordManager::GetInstance().Unregister(); PermissionRecordManager::GetInstance().Unregister(); ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission( - tokenId, "ohos.permission.READ_MEDIA")); + tokenId, PID, "ohos.permission.READ_MEDIA", CALLER_PID)); } /* @@ -698,198 +667,6 @@ HWTEST_F(PermissionRecordManagerTest, TranslationIntoPermissionRecord001, TestSi ASSERT_EQ(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED, record.lockScreenStatus); } -/* - * @tc.name: RecordMergeCheck001 - * @tc.desc: PermissionUsedRecordCache::RecordMergeCheck function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, RecordMergeCheck001, TestSize.Level1) -{ - AccessTokenID tokenID1 = RANDOM_TOKENID; - AccessTokenID tokenID2 = RANDOM_TOKENID + 1; // random input - int32_t opCode1 = static_cast(Constant::OpCode::OP_READ_CALENDAR); - int32_t opCode2 = static_cast(Constant::OpCode::OP_WRITE_CALENDAR); - int32_t status1 = static_cast(ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND); - int32_t status2 = static_cast(ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND); - int32_t lockScreenStatus1 = static_cast(LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); - int32_t lockScreenStatus2 = static_cast(LockScreenStatusChangeType::PERM_ACTIVE_IN_LOCKED); - - int64_t timestamp1 = AccessToken::TimeUtil::GetCurrentTimestamp(); - PermissionRecord record1 = { - .timestamp = timestamp1, - }; - int64_t timestamp2 = timestamp1 + 61 * 1000; // more than 1 min - PermissionRecord record2 = { - .timestamp = timestamp2, - }; - - // not in the same minute - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.timestamp = timestamp1; // set the same timestamp to make sure the same minute - record1.tokenId = tokenID1; - record2.tokenId = tokenID2; - // same minute + different tokenID - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.tokenId = tokenID1; - record1.opCode = opCode1; - record2.opCode = opCode2; - // same minute + same tokenID + different opcode - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.opCode = opCode1; - record1.status = status1; - record2.status = status2; - // same minute + same tokenID + same opcode + different status - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.status = status1; - record1.lockScreenStatus = lockScreenStatus1; - record2.lockScreenStatus = lockScreenStatus2; - // same minute + same tokenID + same opcode + same status + different lockScreenStatus - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); -} - -/* - * @tc.name: RecordMergeCheck002 - * @tc.desc: PermissionUsedRecordCache::RecordMergeCheck function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, RecordMergeCheck002, TestSize.Level1) -{ - int32_t accessCount1 = 10; // random input - int32_t accessCount2 = 0; - int32_t accessCount3 = 9; // random input, diff from accessCount1 - int32_t rejectCount1 = 11; // random input - int32_t rejectCount2 = 0; - int32_t rejectCount3 = 8; // random input, diff from accessCount1 - - int64_t timestamp = AccessToken::TimeUtil::GetCurrentTimestamp(); - - // same minute + same tokenID + same opcode + same status + same lockScreenStatus - PermissionRecord record1 = g_record; - record1.timestamp = timestamp; - PermissionRecord record2 = g_record; - record2.timestamp = timestamp + 1; - - record1.accessCount = accessCount1; - record2.accessCount = accessCount2; - // different accessCount type - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record1.accessCount = accessCount2; - record2.accessCount = accessCount1; - // different accessCount type - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.accessCount = accessCount2; - record1.rejectCount = rejectCount1; - record2.rejectCount = rejectCount2; - // different rejectCount type - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record1.rejectCount = rejectCount2; - record2.rejectCount = rejectCount1; - // different rejectCount type - ASSERT_EQ(false, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record2.rejectCount = rejectCount2; - // same accessCount type + same rejectCount type - ASSERT_EQ(true, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record1.accessCount = accessCount1; - record2.accessCount = accessCount3; - record1.rejectCount = rejectCount2; - record2.rejectCount = rejectCount2; - // same accessCount type + same rejectCount type - ASSERT_EQ(true, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record1.accessCount = accessCount2; - record2.accessCount = accessCount2; - record1.rejectCount = rejectCount1; - record2.rejectCount = rejectCount3; - // same accessCount type + same rejectCount type - ASSERT_EQ(true, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); - - record1.accessCount = accessCount1; - record2.accessCount = accessCount3; - record1.rejectCount = rejectCount1; - record2.rejectCount = rejectCount3; - // same accessCount type + same rejectCount type - ASSERT_EQ(true, PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); -} - -/* - * @tc.name: RecordMergeCheck003 - * @tc.desc: test merge two record one add by StartUsingPermission and another add by StopUsingPermission - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, RecordMergeCheck003, TestSize.Level1) -{ - int32_t accessCount1 = 0; - int32_t accessCount2 = 1; - int32_t rejectCount1 = 0; // random input - int32_t rejectCount2 = 0; - - int64_t timestamp = AccessToken::TimeUtil::GetCurrentTimestamp(); - - PermissionRecord record1 = g_record; - record1.timestamp = timestamp; - PermissionRecord record2 = g_record; - record2.timestamp = timestamp; - - record1.accessCount = accessCount1; - record2.accessCount = accessCount2; - record2.rejectCount = rejectCount1; - record2.rejectCount = rejectCount2; - // different accessCount type - ASSERT_TRUE(PermissionUsedRecordCache::GetInstance().RecordMergeCheck(record1, record2)); -} - -/** - * @tc.name: RemoveFromPersistQueueAndDatabaseTest001 - * @tc.desc: RemoveFromPersistQueueAndDatabase test. - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, RemoveFromPersistQueueAndDatabaseTest001, TestSize.Level1) -{ - std::shared_ptr persistPendingBufferHead = std::make_shared(); - persistPendingBufferHead->record = g_record; - persistPendingBufferHead->next = std::make_shared(); - persistPendingBufferHead->next->record = g_record; - persistPendingBufferHead->next->pre = persistPendingBufferHead; - PermissionUsedRecordCache::GetInstance().AddToPersistQueue(persistPendingBufferHead); - PermissionUsedRecordCache::GetInstance().RemoveFromPersistQueueAndDatabase(RANDOM_TOKENID); - PermissionUsedRecordCache::GetInstance().RemoveFromPersistQueueAndDatabase(RANDOM_TOKENID + 1); - sleep(1); - EXPECT_TRUE(PermissionUsedRecordCache::GetInstance().persistPendingBufferQueue_.empty()); -} - -/* - * @tc.name: GetRecords001 - * @tc.desc: PermissionUsedRecordCache::GetRecords function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, GetRecords001, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, - g_InfoParms1.instIndex); - ASSERT_NE(static_cast(0), tokenId); - g_record.tokenId = tokenId; - PermissionUsedRecordCache::GetInstance().AddRecordToBuffer(g_record); - std::vector permissionList; - GenericValues andConditionValues; - std::vector findRecordsValues; - PermissionUsedRecordCache::GetInstance().GetRecords(permissionList, andConditionValues, findRecordsValues, 0); - ASSERT_EQ(static_cast(0), findRecordsValues.size()); -} - void AddRecord(int32_t num, std::vector& values) { for (int32_t i = 0; i < num; i++) { @@ -928,10 +705,11 @@ HWTEST_F(PermissionRecordManagerTest, GetRecords002, TestSize.Level1) request.isRemote = false; request.flag = PermissionUsageFlag::FLAG_PERMISSION_USAGE_DETAIL; + std::set opCodeList; GenericValues andConditionValues; std::vector findRecordsValues; - PermissionUsedRecordCache::GetInstance().GetRecords(request.permissionList, andConditionValues, findRecordsValues, - MAX_DETAIL_NUM); + PermissionUsedRecordDb::GetInstance().FindByConditions(PermissionUsedRecordDb::DataType::PERMISSION_RECORD, + opCodeList, andConditionValues, findRecordsValues, MAX_DETAIL_NUM); EXPECT_EQ(static_cast(MAX_DETAIL_NUM), findRecordsValues.size()); PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_RECORD; @@ -1058,98 +836,6 @@ HWTEST_F(PermissionRecordManagerTest, GetRecords004, TestSize.Level1) EXPECT_EQ(ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().GetPermissionUsedRecords(request, result)); } -/* - * @tc.name: GetFromPersistQueueAndDatabase001 - * @tc.desc: PermissionUsedRecordCache::GetFromPersistQueueAndDatabase function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, GetFromPersistQueueAndDatabase001, TestSize.Level1) -{ - const std::set opCodeList; - const GenericValues andConditionValues; - std::vector findRecordsValues; - PermissionUsedRecordCache::GetInstance().GetFromPersistQueueAndDatabase( - opCodeList, andConditionValues, findRecordsValues, 0); - ASSERT_EQ(static_cast(0), findRecordsValues.size()); -} - -/* - * @tc.name: DeepCopyFromHead001 - * @tc.desc: PermissionUsedRecordCache::DeepCopyFromHead function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, DeepCopyFromHead001, TestSize.Level1) -{ - std::shared_ptr head = std::make_shared(); - std::shared_ptr node1 = std::make_shared(); - std::shared_ptr node2 = std::make_shared(); - std::shared_ptr node3 = std::make_shared(); - std::shared_ptr node4 = std::make_shared(); - - head->next = node1; - - node1->pre.lock() = head; - node1->next = node2; - node1->record = g_recordA1; - - node2->pre.lock() = node1; - node2->next = node3; - node2->record = g_recordA2; - - node3->pre.lock() = node2; - node3->next = node4; - node3->record = g_recordB1; - - node4->pre.lock() = node3; - node4->next = nullptr; - node4->record = g_recordB2; - - ASSERT_EQ(head->next->record.opCode, g_recordA1.opCode); - ASSERT_EQ(head->next->next->record.opCode, g_recordA2.opCode); - ASSERT_EQ(head->next->next->next->record.opCode, g_recordB1.opCode); - ASSERT_EQ(head->next->next->next->next->record.opCode, g_recordB2.opCode); - - std::shared_ptr copyHead = std::make_shared(); - PermissionUsedRecordCache::GetInstance().DeepCopyFromHead(nullptr, copyHead, DEEP_COPY_NUM); - ASSERT_EQ(copyHead->next, nullptr); - PermissionUsedRecordCache::GetInstance().DeepCopyFromHead(head, copyHead, 0); - ASSERT_EQ(copyHead->next, nullptr); - - PermissionUsedRecordCache::GetInstance().DeepCopyFromHead(head, copyHead, DEEP_COPY_NUM); - - ASSERT_EQ(copyHead->record.opCode, head->record.opCode); - ASSERT_EQ(copyHead->next->record.opCode, g_recordA1.opCode); - ASSERT_EQ(copyHead->next->next->record.opCode, g_recordA2.opCode); - ASSERT_EQ(copyHead->next->next->next->record.opCode, g_recordB1.opCode); - ASSERT_EQ(copyHead->next->next->next->next->record.opCode, g_recordB2.opCode); -} - -/* - * @tc.name: PermissionUsedRecordCacheTest001 - * @tc.desc: PermissionUsedRecordCache Func test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, PermissionUsedRecordCacheTest001, TestSize.Level1) -{ - std::set opCodeList; - GenericValues andConditionValues; - std::vector findRecordsValues; - int32_t cache2QueryCount = 0; // 0 is a invalid input - PermissionUsedRecordCache::GetInstance().GetFromPersistQueueAndDatabase(opCodeList, - andConditionValues, findRecordsValues, cache2QueryCount); - - opCodeList.insert(0); // 0 is a test opcode - PermissionRecord record = { - .tokenId = g_selfTokenId, - .opCode = -1, // -1 is a test opcode - }; - EXPECT_FALSE(PermissionUsedRecordCache::GetInstance().RecordCompare(g_selfTokenId, - opCodeList, andConditionValues, record)); -} - /** * @tc.name: GetRecordsFromLocalDBTest001 * @tc.desc: test GetRecordsFromLocalDB: token = 0 @@ -1184,105 +870,40 @@ HWTEST_F(PermissionRecordManagerTest, GetRecordsFromLocalDBTest002, TestSize.Lev } /* - * @tc.name: Query001 - * @tc.desc: PermissionRecordRepository::Query function test + * @tc.name: AddOrUpdateUsedStatusIfNeeded001 + * @tc.desc: PermissionRecordManager::AddOrUpdateUsedStatusIfNeeded function test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerTest, Query001, TestSize.Level1) +HWTEST_F(PermissionRecordManagerTest, AddOrUpdateUsedStatusIfNeeded001, TestSize.Level1) { - PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_USED_TYPE; - GenericValues conditionValue; - conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); - conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, - static_cast(Constant::OpCode::OP_ANSWER_CALL)); - std::vector results; - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); - for (const auto& result : results) { - // no record with token 123 before add - ASSERT_NE(RANDOM_TOKENID, result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)); - } - results.clear(); - - GenericValues value; - value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); - value.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, static_cast(Constant::OpCode::OP_ANSWER_CALL)); - value.Put(PrivacyFiledConst::FIELD_USED_TYPE, PERMISSION_USED_TYPE_VALUE); - std::vector values; - values.emplace_back(value); - // add a record: 123-0-1 - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Add(type, values)); - - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); - ASSERT_EQ(false, results.empty()); - for (const auto& result : results) { - // query result success, when tokenId is 123, permission_code is 0 and used_type is 1 - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { - ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), - result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); - ASSERT_EQ(PERMISSION_USED_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); - break; - } - } - results.clear(); + PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::DataType::PERMISSION_USED_RECORD_TOGGLE_STATUS; + bool ret = PermissionRecordManager::GetInstance().AddOrUpdateUsedStatusIfNeeded(TEST_USER_ID_11, false); + EXPECT_TRUE(ret); - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Remove(type, conditionValue)); -} - -/* - * @tc.name: Update001 - * @tc.desc: PermissionRecordRepository::Update function test - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, Update001, TestSize.Level1) -{ - PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_USED_TYPE; GenericValues conditionValue; - conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); - conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, - static_cast(Constant::OpCode::OP_ANSWER_CALL)); - - GenericValues value; - value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); - value.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, static_cast(Constant::OpCode::OP_ANSWER_CALL)); - value.Put(PrivacyFiledConst::FIELD_USED_TYPE, PERMISSION_USED_TYPE_VALUE); - std::vector values; - values.emplace_back(value); - // add a record: 123-0-1 - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Add(type, values)); - + conditionValue.Put(PrivacyFiledConst::FIELD_USER_ID, TEST_USER_ID_11); std::vector results; - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); - ASSERT_EQ(false, results.empty()); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results)); + ASSERT_FALSE(results.empty()); for (const auto& result : results) { - // query result success, when tokenId is 123, permission_code is 0 and used_type is 1 - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { - ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), - result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); - ASSERT_EQ(PERMISSION_USED_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); + if (TEST_USER_ID_11 == result.GetInt(PrivacyFiledConst::FIELD_USER_ID)) { + ASSERT_FALSE(static_cast(result.GetInt(PrivacyFiledConst::FIELD_STATUS))); break; } } results.clear(); - GenericValues modifyValue; - modifyValue.Put(PrivacyFiledConst::FIELD_USED_TYPE, PICKER_TYPE_VALUE); - // update record 123-0-1 to 123-0-2 - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Update(type, modifyValue, conditionValue)); - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); - ASSERT_EQ(false, results.empty()); + ret = PermissionRecordManager::GetInstance().AddOrUpdateUsedStatusIfNeeded(TEST_USER_ID_11, true); + EXPECT_TRUE(ret); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results)); + ASSERT_FALSE(results.empty()); for (const auto& result : results) { - // query result success, when tokenId is 123, permission_code is 0 and used_type is 2 - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { - ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), - result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); - ASSERT_EQ(PICKER_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); + if (TEST_USER_ID_11 == result.GetInt(PrivacyFiledConst::FIELD_USER_ID)) { + ASSERT_TRUE(static_cast(result.GetInt(PrivacyFiledConst::FIELD_STATUS))); break; } } - - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Remove(type, conditionValue)); } /* @@ -1293,21 +914,22 @@ HWTEST_F(PermissionRecordManagerTest, Update001, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, AddOrUpdateUsedTypeIfNeeded001, TestSize.Level1) { - int32_t tokenId = RANDOM_TOKENID; + int32_t tokenId = static_cast(RANDOM_TOKENID); int32_t opCode = static_cast(Constant::OpCode::OP_ANSWER_CALL); PermissionUsedType visitType = PermissionUsedType::NORMAL_TYPE; PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_USED_TYPE; GenericValues conditionValue; - conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + conditionValue.Put(PrivacyFiledConst::FIELD_TOKEN_ID, tokenId); conditionValue.Put(PrivacyFiledConst::FIELD_PERMISSION_CODE, opCode); // query result empty, add input type - ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded(tokenId, opCode, visitType)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded( + RANDOM_TOKENID, opCode, visitType)); std::vector results; - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results)); ASSERT_EQ(false, results.empty()); for (const auto& result : results) { - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { + if (tokenId == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); ASSERT_EQ(PERMISSION_USED_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); @@ -1317,10 +939,11 @@ HWTEST_F(PermissionRecordManagerTest, AddOrUpdateUsedTypeIfNeeded001, TestSize.L results.clear(); // uesd type exsit and same to input type, return - ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded(tokenId, opCode, visitType)); - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded( + RANDOM_TOKENID, opCode, visitType)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results)); for (const auto& result : results) { - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { + if (tokenId == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); ASSERT_EQ(PERMISSION_USED_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); @@ -1331,10 +954,11 @@ HWTEST_F(PermissionRecordManagerTest, AddOrUpdateUsedTypeIfNeeded001, TestSize.L visitType = PermissionUsedType::PICKER_TYPE; // used type exsit and diff from input type, update the type - ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded(tokenId, opCode, visitType)); - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().AddOrUpdateUsedTypeIfNeeded( + RANDOM_TOKENID, opCode, visitType)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Query(type, conditionValue, results)); for (const auto& result : results) { - if (RANDOM_TOKENID == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { + if (tokenId == result.GetInt(PrivacyFiledConst::FIELD_TOKEN_ID)) { ASSERT_EQ(static_cast(Constant::OpCode::OP_ANSWER_CALL), result.GetInt(PrivacyFiledConst::FIELD_PERMISSION_CODE)); ASSERT_EQ(PERMISSION_USED_TYPE_WITH_PICKER_TYPE_VALUE, result.GetInt(PrivacyFiledConst::FIELD_USED_TYPE)); @@ -1342,7 +966,7 @@ HWTEST_F(PermissionRecordManagerTest, AddOrUpdateUsedTypeIfNeeded001, TestSize.L } } - ASSERT_EQ(true, PermissionRecordRepository::GetInstance().Remove(type, conditionValue)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Remove(type, conditionValue)); } /** @@ -1360,8 +984,8 @@ HWTEST_F(PermissionRecordManagerTest, DeletePermissionRecord001, TestSize.Level1 AddRecord(num, values); EXPECT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().DeletePermissionRecord(1)); - EXPECT_NE(num, PermissionRecordRepository::GetInstance().CountRecordValues()); PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_RECORD; + EXPECT_NE(num, PermissionUsedRecordDb::GetInstance().Count(type)); for (const auto& value : values) { EXPECT_EQ(0, PermissionUsedRecordDb::GetInstance().Remove(type, value)); } @@ -1376,7 +1000,7 @@ HWTEST_F(PermissionRecordManagerTest, DeletePermissionRecord001, TestSize.Level1 */ HWTEST_F(PermissionRecordManagerTest, RemoveRecordFromStartListTest001, TestSize.Level1) { - std::vector startRecordList = PermissionRecordManager::GetInstance().startRecordList_; + std::set startRecordList = PermissionRecordManager::GetInstance().startRecordList_; PermissionRecordManager::GetInstance().startRecordList_.clear(); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); @@ -1384,17 +1008,11 @@ HWTEST_F(PermissionRecordManagerTest, RemoveRecordFromStartListTest001, TestSize EXPECT_EQ(0, SetSelfTokenID(tokenId)); - PermissionRecord record1 = { - .tokenId = tokenId, - .opCode = Constant::OP_CAMERA, - }; - - PermissionRecord record2 = { - .tokenId = 0, - .opCode = Constant::OP_MICROPHONE, - }; - PermissionRecordManager::GetInstance().AddRecordToStartList(record1); - PermissionRecordManager::GetInstance().AddRecordToStartList(record2); + ActiveChangeType status = PERM_ACTIVE_IN_FOREGROUND; + PermissionRecordManager::GetInstance().AddRecordToStartList( + MakeInfo(tokenId, PID, "ohos.permission.CAMERA"), status, CALLER_PID); + PermissionRecordManager::GetInstance().AddRecordToStartList( + MakeInfo(0, PID, "ohos.permission.MICROPHONE"), status, CALLER_PID); PermissionRecordManager::GetInstance().RemoveRecordFromStartListByToken(tokenId); ASSERT_EQ(1, PermissionRecordManager::GetInstance().startRecordList_.size()); PermissionRecordManager::GetInstance().startRecordList_ = startRecordList; @@ -1410,8 +1028,8 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest001, TestSize.Leve { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMuteCamera = CameraManagerPrivacyClient::GetInstance().IsCameraMuted(); - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, true); // true means close + // true means close + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::CAMERA, true, RANDOM_TOKENID); auto callbackPtr = std::make_shared(); auto callbackWrap = new (std::nothrow) StateChangeCallback(callbackPtr); @@ -1421,30 +1039,10 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest001, TestSize.Leve g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( - tokenId, "ohos.permission.CAMERA", callbackWrap->AsObject())); + MakeInfo(tokenId, PID, "ohos.permission.CAMERA"), callbackWrap->AsObject(), CALLER_PID)); sleep(3); // wait for dialog disappear - ASSERT_EQ(0, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, "ohos.permission.CAMERA")); - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, isMuteCamera); -} - -/* - * @tc.name: Abnormal001 - * @tc.desc: PermissionRecordRepository::Add | Remove | Update | Query function abnormal branch - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(PermissionRecordManagerTest, Abnormal001, TestSize.Level1) -{ - PermissionUsedRecordDb::DataType type = static_cast(9); // 9 is not exsit type - std::vector recordValues; - GenericValues conditionValue; - GenericValues modifyValue; - std::vector results; - - ASSERT_EQ(false, PermissionRecordRepository::GetInstance().Add(type, recordValues)); - ASSERT_EQ(false, PermissionRecordRepository::GetInstance().Remove(type, conditionValue)); - ASSERT_EQ(false, PermissionRecordRepository::GetInstance().Update(type, modifyValue, conditionValue)); - ASSERT_EQ(false, PermissionRecordRepository::GetInstance().Query(type, conditionValue, results)); + ASSERT_EQ(0, PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, PID, "ohos.permission.CAMERA", CALLER_PID)); } /* diff --git a/services/privacymanager/test/coverage/sensitive_manager_coverage_test.cpp b/services/privacymanager/test/coverage/sensitive_manager_coverage_test.cpp index 2d39ce266d0b1351b42737df53bcf9c7839e1caa..392eea355270287e2c08e5db1a6ce7971a12a6f4 100644 --- a/services/privacymanager/test/coverage/sensitive_manager_coverage_test.cpp +++ b/services/privacymanager/test/coverage/sensitive_manager_coverage_test.cpp @@ -18,14 +18,10 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "app_manager_access_client.h" -#include "app_manager_access_proxy.h" #include "app_state_data.h" #define private public -#include "audio_manager_privacy_client.h" -#include "camera_manager_privacy_client.h" +#include "audio_manager_adapter.h" #undef private -#include "audio_manager_privacy_proxy.h" -#include "camera_manager_privacy_proxy.h" #include "token_setproc.h" using namespace testing::ext; @@ -61,9 +57,9 @@ public: SensitiveManagerCoverageTestCb1() = default; virtual ~SensitiveManagerCoverageTestCb1() = default; - void OnForegroundApplicationChanged(const AppStateData &appStateData) + void OnAppStateChanged(const AppStateData &appStateData) { - GTEST_LOG_(INFO) << "OnForegroundApplicationChanged, state is " + GTEST_LOG_(INFO) << "OnAppStateChanged, state is " << appStateData.state; } }; @@ -85,7 +81,7 @@ HWTEST_F(SensitiveManagerCoverageTest, OnRemoteRequest001, TestSize.Level1) ASSERT_EQ(true, data.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); ASSERT_EQ(true, data.WriteParcelable(&appData)); - uint32_t code = 10; + uint32_t code = -1; ASSERT_NE(0, callback.OnRemoteRequest(code, data, reply, option)); // code default } @@ -109,7 +105,39 @@ HWTEST_F(SensitiveManagerCoverageTest, OnRemoteRequest002, TestSize.Level1) ASSERT_EQ(true, data.WriteParcelable(&appData)); // code not default + state = 3 ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( - IApplicationStateObserver::Message::TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED), data, reply, option)); + IApplicationStateObserver::Message::TRANSACT_ON_APP_STATE_CHANGED), data, reply, option)); + + OHOS::MessageParcel data2; + OHOS::MessageParcel reply2; + ASSERT_EQ(true, data2.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + ASSERT_EQ(true, data2.WriteParcelable(&appData)); + // code not default + state = 3 + ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_STATE_CHANGED), data2, reply2, option)); + + OHOS::MessageParcel data3; + OHOS::MessageParcel reply3; + ASSERT_EQ(true, data3.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + ASSERT_EQ(true, data3.WriteParcelable(&appData)); + // code not default + state = 3 + ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_DIED), data3, reply3, option)); + + OHOS::MessageParcel data4; + OHOS::MessageParcel reply4; + ASSERT_EQ(true, data4.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + ASSERT_EQ(true, data4.WriteParcelable(&appData)); + // code not default + state = 3 + ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_APP_STOPPED), data4, reply4, option)); + + OHOS::MessageParcel data5; + OHOS::MessageParcel reply5; + ASSERT_EQ(true, data5.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + ASSERT_EQ(true, data5.WriteParcelable(&appData)); + // code not default + state = 3 + ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_APP_CACHE_STATE_CHANGED), data5, reply5, option)); } /** @@ -132,31 +160,46 @@ HWTEST_F(SensitiveManagerCoverageTest, OnRemoteRequest003, TestSize.Level1) ASSERT_EQ(true, data.WriteParcelable(&appData)); // code not default + state = 5 ASSERT_EQ(0, callback.OnRemoteRequest(static_cast( - IApplicationStateObserver::Message::TRANSACT_ON_FOREGROUND_APPLICATION_CHANGED), data, reply, option)); + IApplicationStateObserver::Message::TRANSACT_ON_APP_STATE_CHANGED), data, reply, option)); } -/* - * @tc.name: AudioRemoteDiedHandle001 - * @tc.desc: test audio remote die +/** + * @tc.name: OnRemoteRequest004 + * @tc.desc: ApplicationStateObserverStub::OnRemoteRequest function test * @tc.type: FUNC - * @tc.require: issueI5RWXF + * @tc.require: */ -HWTEST_F(SensitiveManagerCoverageTest, AudioRemoteDiedHandle001, TestSize.Level1) +HWTEST_F(SensitiveManagerCoverageTest, OnRemoteRequest004, TestSize.Level1) { - AudioManagerPrivacyClient::GetInstance().OnRemoteDiedHandle(); - EXPECT_EQ(AudioManagerPrivacyClient::GetInstance().proxy_, nullptr); -} + SensitiveManagerCoverageTestCb1 callback; -/* - * @tc.name: CameraRemoteDiedHandle001 - * @tc.desc: test camera remote die - * @tc.type: FUNC - * @tc.require: issueI5RWXF - */ -HWTEST_F(SensitiveManagerCoverageTest, CameraRemoteDiedHandle001, TestSize.Level1) -{ - CameraManagerPrivacyClient::GetInstance().OnRemoteDiedHandle(); - EXPECT_EQ(CameraManagerPrivacyClient::GetInstance().proxy_, nullptr); + OHOS::MessageParcel reply; + OHOS::MessageOption option(OHOS::MessageOption::TF_SYNC); + + OHOS::MessageParcel data1; + ASSERT_EQ(true, data1.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_APP_STATE_CHANGED), data1, reply, option); + + OHOS::MessageParcel data2; + ASSERT_EQ(true, data2.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_STATE_CHANGED), data2, reply, option); + + OHOS::MessageParcel data3; + ASSERT_EQ(true, data3.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_DIED), data3, reply, option); + + OHOS::MessageParcel data4; + ASSERT_EQ(true, data4.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_APP_STOPPED), data4, reply, option); + + OHOS::MessageParcel data5; + ASSERT_EQ(true, data5.WriteInterfaceToken(IApplicationStateObserver::GetDescriptor())); + callback.OnRemoteRequest(static_cast( + IApplicationStateObserver::Message::TRANSACT_ON_APP_CACHE_STATE_CHANGED), data5, reply, option); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/test/tool/BUILD.gn b/services/privacymanager/test/tool/BUILD.gn index 54e98bf4eca9709010e9618aeb38df6d18894395..9c31d167c1eb217b37c32137be9107da1dbd5248 100644 --- a/services/privacymanager/test/tool/BUILD.gn +++ b/services/privacymanager/test/tool/BUILD.gn @@ -32,7 +32,6 @@ ohos_unittest("CreateCameraWindowTest") { external_deps = [ "ability_base:configuration", "ability_runtime:ability_context_native", - "ability_runtime:ability_manager", "ability_runtime:abilitykit_native", "ability_runtime:ui_extension", "c_utils:utils", diff --git a/services/privacymanager/test/unittest/BUILD.gn b/services/privacymanager/test/unittest/BUILD.gn index dd9e614a07baa4b04f118badb948edcf1732eaae..1520b904c6f86e5268a0809d2e973308862d5f49 100644 --- a/services/privacymanager/test/unittest/BUILD.gn +++ b/services/privacymanager/test/unittest/BUILD.gn @@ -32,13 +32,11 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", - "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", - "${access_token_path}/services/common/power_manager/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", "${access_token_path}/services/privacymanager/include/active", @@ -46,10 +44,10 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/services/privacymanager/include/database", "${access_token_path}/services/privacymanager/include/record", "${access_token_path}/services/privacymanager/include/service", - "${access_token_path}/services/privacymanager/include/sensitive/app_manager", + "${access_token_path}/services/privacymanager/include/proxy", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager", - "${audio_framework_path}/services/audio_policy/common/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] sources = [ @@ -62,26 +60,24 @@ if (is_standard_system && ability_base_enable == true) { "../../src/database/data_translator.cpp", "../../src/database/permission_used_record_db.cpp", "../../src/database/privacy_field_const.cpp", + "../../src/proxy/privacy_manager_proxy_death_param.cpp", "../../src/record/on_permission_used_record_callback_proxy.cpp", "../../src/record/permission_record.cpp", "../../src/record/permission_record_manager.cpp", - "../../src/record/permission_record_repository.cpp", - "../../src/record/permission_used_record_cache.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_client.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp", - "../../src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_client.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp", - "../../src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp", + "../../src/record/permission_record_set.cpp", + "../../src/sensitive/audio_manager/audio_manager_adapter.cpp", + "../../src/sensitive/camera_manager/camera_manager_adapter.cpp", "../../src/service/privacy_manager_service.cpp", "../../src/service/privacy_manager_stub.cpp", "permission_record_db_test.cpp", "permission_record_manager_test.cpp", + "permission_record_set_test.cpp", + "privacy_manager_proxy_death_test.cpp", "privacy_manager_service_test.cpp", "sensitive_manager_test.cpp", ] - cflags_cc = [] + cflags_cc = [ "-DHILOG_ENABLE" ] configs = [ "${access_token_path}/config:coverage_flags" ] @@ -93,6 +89,8 @@ if (is_standard_system && ability_base_enable == true) { "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/proxy_death:proxy_death_handler", + "${access_token_path}/services/common/proxy_death:proxy_death_stub", "${access_token_path}/services/privacymanager:privacy_manager_service", ] @@ -109,6 +107,17 @@ if (is_standard_system && ability_base_enable == true) { "samgr:samgr_proxy", "sqlite:sqlite", ] + + if (audio_framework_enable) { + cflags_cc += [ "-DAUDIO_FRAMEWORK_ENABLE" ] + external_deps += [ "audio_framework:audio_client" ] + } + + if (camera_framework_enable) { + cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] + external_deps += [ "camera_framework:camera_framework" ] + } + if (eventhandler_enable == true) { cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] external_deps += [ "eventhandler:libeventhandler" ] @@ -123,29 +132,28 @@ if (is_standard_system && ability_base_enable == true) { external_deps += [ "screenlock_mgr:screenlock_client" ] } - if (audio_framework_enable) { - cflags_cc += [ - "-DHILOG_ENABLE", - "-DFEATURE_DTMF_TONE", - ] - } - - if (ability_runtime_enable) { - cflags_cc += [ "-DABILITY_RUNTIME_ENABLE" ] - external_deps += [ - "ability_runtime:ability_manager", - "ability_runtime:app_manager", - ] - } - if (window_manager_enable && access_token_camera_float_window_enable) { cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] include_dirs += [ "${access_token_path}/services/common/window_manager/include" ] + sources += [ + "${access_token_path}/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_agent.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_client.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_proxy.cpp", + ] + external_deps += [ "window_manager:libwsutils" ] } if (access_token_app_security_privacy_service_enable) { cflags_cc += [ "-DAPP_SECURITY_PRIVACY_SERVICE" ] + } else { + include_dirs += + [ "${access_token_path}/services/common/ability_manager/include" ] } } } diff --git a/services/privacymanager/test/unittest/permission_record_db_test.cpp b/services/privacymanager/test/unittest/permission_record_db_test.cpp index 3eaf622e0a6b93a50c6be221c3eaa18f7fcacb11..dd740989856297f5b960b28139fd752373ca7795 100644 --- a/services/privacymanager/test/unittest/permission_record_db_test.cpp +++ b/services/privacymanager/test/unittest/permission_record_db_test.cpp @@ -243,6 +243,39 @@ HWTEST_F(PermissionRecordDBTest, CreateDeleteExpireRecordsPrepareSqlCmd001, Test ASSERT_NE("", PermissionUsedRecordDb::GetInstance().CreateDeleteExpireRecordsPrepareSqlCmd(type, andColumns)); } +/* + * @tc.name: DeleteHistoryRecordsInTables001 + * @tc.desc: PermissionUsedRecordDb::DeleteHistoryRecordsInTables function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordDBTest, DeleteHistoryRecordsInTables001, TestSize.Level1) +{ + std::vector dataTypes; + dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_RECORD); + dataTypes.emplace_back(PermissionUsedRecordDb::DataType::PERMISSION_USED_TYPE); + std::unordered_set tokenIDList; + tokenIDList.emplace(RANDOM_TOKENID); + EXPECT_EQ(0, PermissionUsedRecordDb::GetInstance().DeleteHistoryRecordsInTables(dataTypes, tokenIDList)); +} + +/* + * @tc.name: CreateDeleteHistoryRecordsPrepareSqlCmd001 + * @tc.desc: PermissionUsedRecordDb::CreateDeleteHistoryRecordsPrepareSqlCmd function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordDBTest, CreateDeleteHistoryRecordsPrepareSqlCmd001, TestSize.Level1) +{ + PermissionUsedRecordDb::DataType type = static_cast(100); // type not found + std::unordered_set tokenIDList; + EXPECT_EQ("", PermissionUsedRecordDb::GetInstance().CreateDeleteHistoryRecordsPrepareSqlCmd(type, tokenIDList)); + + type = PermissionUsedRecordDb::PERMISSION_RECORD; + tokenIDList.emplace(RANDOM_TOKENID); + EXPECT_NE("", PermissionUsedRecordDb::GetInstance().CreateDeleteHistoryRecordsPrepareSqlCmd(type, tokenIDList)); +} + /* * @tc.name: CreateDeleteExcessiveRecordsPrepareSqlCmd001 * @tc.desc: PermissionUsedRecordDb::CreateDeleteExcessiveRecordsPrepareSqlCmd function test type not found @@ -459,6 +492,47 @@ HWTEST_F(PermissionRecordDBTest, Add003, TestSize.Level1) ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Add(type, values)); } +/* + * @tc.name: Add004 + * @tc.desc: PermissionUsedRecordDb::Add function test + * @tc.type: FUNC + * @tc.require: issueI5RWXF + */ +HWTEST_F(PermissionRecordDBTest, Add004, TestSize.Level1) +{ + GenericValues value1; + value1.Put(PrivacyFiledConst::FIELD_TOKEN_ID, 0); + value1.Put(PrivacyFiledConst::FIELD_OP_CODE, Constant::OP_MICROPHONE); + value1.Put(PrivacyFiledConst::FIELD_STATUS, ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND); + value1.Put(PrivacyFiledConst::FIELD_TIMESTAMP, 123); // 123 is random input + value1.Put(PrivacyFiledConst::FIELD_ACCESS_DURATION, 123); // 123 is random input + value1.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, 1); + value1.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, 0); + value1.Put(PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS, LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); + value1.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast(PermissionUsedType::NORMAL_TYPE)); + + GenericValues value2; // only used_type diff from value1 + value2.Put(PrivacyFiledConst::FIELD_TOKEN_ID, 0); + value2.Put(PrivacyFiledConst::FIELD_OP_CODE, Constant::OP_MICROPHONE); + value2.Put(PrivacyFiledConst::FIELD_STATUS, ActiveChangeType::PERM_ACTIVE_IN_FOREGROUND); + value2.Put(PrivacyFiledConst::FIELD_TIMESTAMP, 123); // 123 is random input + value2.Put(PrivacyFiledConst::FIELD_ACCESS_DURATION, 123); // 123 is random input + value2.Put(PrivacyFiledConst::FIELD_ACCESS_COUNT, 1); + value2.Put(PrivacyFiledConst::FIELD_REJECT_COUNT, 0); + value2.Put(PrivacyFiledConst::FIELD_LOCKSCREEN_STATUS, LockScreenStatusChangeType::PERM_ACTIVE_IN_UNLOCKED); + value2.Put(PrivacyFiledConst::FIELD_USED_TYPE, static_cast(PermissionUsedType::PICKER_TYPE)); + + PermissionUsedRecordDb::DataType type = PermissionUsedRecordDb::PERMISSION_RECORD; + std::vector values; + values.emplace_back(value1); + values.emplace_back(value2); + + // if primary key do not add used_type, this place should be wrong + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Add(type, values)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Remove(type, value1)); + ASSERT_EQ(0, PermissionUsedRecordDb::GetInstance().Remove(type, value2)); +} + /* * @tc.name: FindByConditions001 * @tc.desc: PermissionUsedRecordDb::FindByConditions function test diff --git a/services/privacymanager/test/unittest/permission_record_manager_test.cpp b/services/privacymanager/test/unittest/permission_record_manager_test.cpp index 0bc5f84688ae4c9508bf4371d9edde4f57dfabb7..e35ce4354a35fe19746fc1896d53516f346b1486 100644 --- a/services/privacymanager/test/unittest/permission_record_manager_test.cpp +++ b/services/privacymanager/test/unittest/permission_record_manager_test.cpp @@ -15,13 +15,12 @@ #include #include +#include -#include "ability_manager_access_loader.h" #include "access_token.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" -#include "audio_manager_privacy_client.h" -#include "camera_manager_privacy_client.h" +#include "active_change_response_info.h" +#include "audio_manager_adapter.h" #include "constant.h" #include "data_translator.h" #include "permission_record.h" @@ -29,11 +28,12 @@ #include "active_status_callback_manager.h" #include "libraryloader.h" #include "permission_record_manager.h" -#include "permission_record_repository.h" -#include "permission_used_record_cache.h" #include "permission_used_record_db.h" #include "privacy_manager_service.h" +#include "privacy_manager_proxy_death_param.h" +#include "proxy_death_callback_stub.h" #undef private +#include "parameter.h" #include "perm_active_status_change_callback_stub.h" #include "privacy_error.h" #include "privacy_field_const.h" @@ -50,20 +50,27 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static int32_t PID = -1; +static int32_t TEST_PID_1 = 1; +static int32_t TEST_PID_2 = 2; +static int32_t TEST_PID_3 = 3; +static constexpr int32_t CALLER_PID = 11; +static constexpr int32_t CALLER_PID2 = 12; static AccessTokenID g_selfTokenId = 0; static AccessTokenID g_nativeToken = 0; static bool g_isMicEdmMute = false; static bool g_isMicMixMute = false; -static bool g_isMicMute = false; -constexpr const char* CAMERA_PERMISSION_NAME = "ohos.permission.CAMERA"; -constexpr const char* MICROPHONE_PERMISSION_NAME = "ohos.permission.MICROPHONE"; -constexpr const char* LOCATION_PERMISSION_NAME = "ohos.permission.LOCATION"; +static constexpr int32_t TEST_USER_ID_10 = 10; +static constexpr int32_t TEST_INVALID_USER_ID = -1; +static constexpr int32_t TEST_INVALID_USER_ID_20000 = 20000; static constexpr uint32_t MAX_CALLBACK_SIZE = 1024; -static constexpr int32_t RANDOM_TOKENID = 123; +static constexpr uint32_t RANDOM_TOKENID = 123; static constexpr int32_t FIRST_INDEX = 0; static const int32_t NORMAL_TYPE_ADD_VALUE = 1; static const int32_t PICKER_TYPE_ADD_VALUE = 2; static const int32_t SEC_COMPONENT_TYPE_ADD_VALUE = 4; +static const int32_t VALUE_MAX_LEN = 32; +static const char* EDM_MIC_MUTE_KEY = "persist.edm.mic_disable"; static PermissionStateFull g_testState1 = { .permissionName = "ohos.permission.CAMERA", .isGeneral = true, @@ -79,6 +86,7 @@ static PermissionStateFull g_testState2 = { .grantStatus = {PermissionState::PERMISSION_GRANTED}, .grantFlags = {1} }; + static PermissionStateFull g_testState3 = { .permissionName = "ohos.permission.MANAGE_AUDIO_CONFIG", .isGeneral = true, @@ -124,6 +132,8 @@ public: void SetUp(); void TearDown(); + + std::shared_ptr appStateObserver_ = nullptr; }; void PermissionRecordManagerTest::SetUpTestCase() @@ -137,7 +147,6 @@ void PermissionRecordManagerTest::SetUpTestCase() g_isMicMixMute = PermissionRecordManager::GetInstance().isMicMixMute_; PermissionRecordManager::GetInstance().isMicEdmMute_ = false; PermissionRecordManager::GetInstance().isMicMixMute_ = false; - g_isMicMute = AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState(); } void PermissionRecordManagerTest::TearDownTestCase() @@ -153,20 +162,25 @@ void PermissionRecordManagerTest::SetUp() AccessTokenKit::AllocHapToken(g_InfoParms1, g_PolicyPrams1); AccessTokenKit::AllocHapToken(g_InfoParms2, g_PolicyPrams2); - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(false, PolicyType::PRIVACY); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); + if (appStateObserver_ != nullptr) { + return; + } + appStateObserver_ = std::make_shared(); } void PermissionRecordManagerTest::TearDown() { - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(g_isMicMute, PolicyType::PRIVACY); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms2.userID, g_InfoParms2.bundleName, g_InfoParms2.instIndex); AccessTokenKit::DeleteToken(tokenId); - PrivacyKit::RemovePermissionUsedRecords(tokenId, ""); + PrivacyKit::RemovePermissionUsedRecords(tokenId); + appStateObserver_ = nullptr; EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); } @@ -178,13 +192,30 @@ public: ~PermissionRecordManagerTestCb1() {} - virtual void StateChangeNotify(AccessTokenID tokenId, bool isShow) - {} + void StateChangeNotify(AccessTokenID tokenId, bool isShow) + { + GTEST_LOG_(INFO) << "PermissionRecordManagerTestCb1 isShow" << isShow; + isShow_ = isShow; + } void Stop() {} + + bool isShow_ = true; }; +static PermissionUsedTypeInfo MakeInfo(AccessTokenID tokenId, int32_t pid, const std::string &permission, + PermissionUsedType type = PermissionUsedType::NORMAL_TYPE) +{ + PermissionUsedTypeInfo info = { + .tokenId = tokenId, + .pid = pid, + .permissionName = permission, + .type = type + }; + return info; +} + /** * @tc.name: RegisterPermActiveStatusCallback001 * @tc.desc: RegisterPermActiveStatusCallback with invalid parameter. @@ -194,8 +225,8 @@ public: HWTEST_F(PermissionRecordManagerTest, RegisterPermActiveStatusCallback001, TestSize.Level1) { std::vector permList = {"ohos.permission.CAMERA"}; - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, nullptr)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, nullptr)); } @@ -204,14 +235,16 @@ public: PermActiveStatusChangeCallback() = default; virtual ~PermActiveStatusChangeCallback() = default; - void ActiveStatusChangeCallback(ActiveChangeResponse& result) + bool AddDeathRecipient(const sptr& deathRecipient) override + { + return true; + } + + void ActiveStatusChangeCallback(ActiveChangeResponse& result) override { type_ = result.type; - GTEST_LOG_(INFO) << "PermActiveStatusChangeCallback ActiveChangeResponse"; - GTEST_LOG_(INFO) << "PermActiveStatusChangeCallback tokenid " << result.tokenID; - GTEST_LOG_(INFO) << "PermActiveStatusChangeCallback permissionName " << result.permissionName; - GTEST_LOG_(INFO) << "PermActiveStatusChangeCallback deviceId " << result.deviceId; - GTEST_LOG_(INFO) << "PermActiveStatusChangeCallback type " << result.type; + GTEST_LOG_(INFO) << "ActiveStatusChange tokenid " << result.tokenID << + ", permission " << result.permissionName << ", type " << result.type; } ActiveChangeType type_ = PERM_INACTIVE; @@ -231,15 +264,16 @@ HWTEST_F(PermissionRecordManagerTest, RegisterPermActiveStatusCallback002, TestS for (size_t i = 0; i < MAX_CALLBACK_SIZE; ++i) { sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); ASSERT_NE(nullptr, callback); - ASSERT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback->AsObject())); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); callbacks.emplace_back(callback); } sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); ASSERT_NE(nullptr, callback); ASSERT_EQ(PrivacyError::ERR_CALLBACKS_EXCEED_LIMITATION, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback->AsObject())); + PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); for (size_t i = 0; i < callbacks.size(); ++i) { ASSERT_EQ(RET_SUCCESS, @@ -256,8 +290,8 @@ HWTEST_F(PermissionRecordManagerTest, RegisterPermActiveStatusCallback002, TestS HWTEST_F(PermissionRecordManagerTest, UnRegisterPermActiveStatusCallback001, TestSize.Level1) { std::vector permList = {"ohos.permission.CAMERA"}; - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, nullptr)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, nullptr)); } /* @@ -276,8 +310,8 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest001, TestSize.Leve AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(ERR_PARAM_INVALID, - PermissionRecordManager::GetInstance().StartUsingPermission(0, permissionName, callbackWrap->AsObject())); + ASSERT_EQ(ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(0, PID, permissionName), callbackWrap->AsObject(), CALLER_PID)); } /* @@ -298,19 +332,20 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest002, TestSize.Leve g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); ASSERT_EQ(ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StartUsingPermission( - tokenId, "ohos.permission.LOCATION", callbackWrap->AsObject())); + MakeInfo(tokenId, PID, "ohos.permission.LOCATION"), callbackWrap->AsObject(), CALLER_PID)); // tokenId invaild ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StartUsingPermission( - g_nativeToken, "ohos.permission.CAMERA", nullptr)); + MakeInfo(g_nativeToken, PID, "ohos.permission.CAMERA"), nullptr, CALLER_PID)); ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( - tokenId, "ohos.permission.CAMERA", nullptr)); + MakeInfo(tokenId, PID, "ohos.permission.CAMERA"), nullptr, CALLER_PID)); ASSERT_EQ(PrivacyError::ERR_PERMISSION_ALREADY_START_USING, - PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, "ohos.permission.CAMERA", nullptr)); + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.CAMERA"), nullptr, CALLER_PID)); ASSERT_EQ(Constant::SUCCESS, - PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, "ohos.permission.CAMERA")); + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, "ohos.permission.CAMERA", CALLER_PID)); } /* @@ -322,18 +357,23 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest002, TestSize.Leve HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest003, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMicLoad = PermissionRecordManager::GetInstance().isMicLoad_; - PermissionRecordManager::GetInstance().isMicLoad_ = true; - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); + char value[VALUE_MAX_LEN] = {0}; + GetParameter(EDM_MIC_MUTE_KEY, "", value, VALUE_MAX_LEN - 1); + GTEST_LOG_(INFO) << "value:" << value; + + bool isMute = strncmp(value, "true", VALUE_MAX_LEN) == 0; + SetParameter(EDM_MIC_MUTE_KEY, "true"); + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); std::string permissionName = "ohos.permission.MICROPHONE"; ASSERT_EQ(PrivacyError::ERR_EDM_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName)); - - PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); + std::string str = isMute ? "true" : "false"; + SetParameter(EDM_MIC_MUTE_KEY, str.c_str()); } /* @@ -345,33 +385,37 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest003, TestSize.Leve HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest004, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMicLoad = PermissionRecordManager::GetInstance().isMicLoad_; - PermissionRecordManager::GetInstance().isMicLoad_ = true; - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - ASSERT_EQ(RET_SUCCESS, - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(true, PolicyType::PRIVACY)); + char value[VALUE_MAX_LEN] = {0}; + GetParameter(EDM_MIC_MUTE_KEY, "", value, VALUE_MAX_LEN - 1); + GTEST_LOG_(INFO) << "value:" << value; + + bool isMute = strncmp(value, "true", VALUE_MAX_LEN) == 0; + SetParameter(EDM_MIC_MUTE_KEY, "false"); + + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); std::vector permList = {"ohos.permission.MICROPHONE"}; sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); ASSERT_NE(nullptr, callback); - ASSERT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback->AsObject())); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); std::string permissionName = "ohos.permission.MICROPHONE"; - ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); usleep(500000); // 500000us = 0.5s -#ifndef APP_SECURITY_PRIVACY_SERVICE - ASSERT_EQ(PERM_INACTIVE, callback->type_); -#else ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); -#endif - ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, permissionName)); - PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, permissionName, CALLER_PID)); + std::string str = isMute ? "true" : "false"; + SetParameter(EDM_MIC_MUTE_KEY, str.c_str()); } /* @@ -383,27 +427,37 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest004, TestSize.Leve HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest005, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMicLoad = PermissionRecordManager::GetInstance().isMicLoad_; - PermissionRecordManager::GetInstance().isMicLoad_ = true; - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(false, PolicyType::PRIVACY); + char value[VALUE_MAX_LEN] = {0}; + GetParameter(EDM_MIC_MUTE_KEY, "", value, VALUE_MAX_LEN - 1); + GTEST_LOG_(INFO) << "value:" << value; + + bool isMute = strncmp(value, "true", VALUE_MAX_LEN) == 0; + SetParameter(EDM_MIC_MUTE_KEY, "false"); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); std::vector permList = {"ohos.permission.MICROPHONE"}; sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); ASSERT_NE(nullptr, callback); - ASSERT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback->AsObject())); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); std::string permissionName = "ohos.permission.MICROPHONE"; - ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); usleep(500000); // 500000us = 0.5s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); - ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, permissionName)); - PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, permissionName, CALLER_PID)); + + std::string str = isMute ? "true" : "false"; + SetParameter(EDM_MIC_MUTE_KEY, str.c_str()); } /* @@ -415,29 +469,239 @@ HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest005, TestSize.Leve HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest006, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMicLoad = PermissionRecordManager::GetInstance().isMicLoad_; - PermissionRecordManager::GetInstance().isMicLoad_ = true; - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(true, PolicyType::PRIVACY); + char value[VALUE_MAX_LEN] = {0}; + GetParameter(EDM_MIC_MUTE_KEY, "", value, VALUE_MAX_LEN - 1); + GTEST_LOG_(INFO) << "value:" << value; + + bool isMute = strncmp(value, "true", VALUE_MAX_LEN) == 0; + SetParameter(EDM_MIC_MUTE_KEY, "true"); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); std::vector permList = {"ohos.permission.LOCATION"}; sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); ASSERT_NE(nullptr, callback); - ASSERT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, callback->AsObject())); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); std::string permissionName = "ohos.permission.LOCATION"; - ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, permissionName)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); + + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, permissionName, CALLER_PID)); + + std::string str = isMute ? "true" : "false"; + SetParameter(EDM_MIC_MUTE_KEY, str.c_str()); +} + +/* + * @tc.name: StartUsingPermissionTest007 + * @tc.desc: PermissionRecordManager::StartUsingPermission function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest007, TestSize.Level1) +{ + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId); + + // tokenId invaild + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(g_nativeToken, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); + + ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_ALREADY_START_USING, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.READ_MEDIA"), CALLER_PID)); + + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, PID, "ohos.permission.READ_MEDIA", CALLER_PID)); +} + +/* + * @tc.name: StartUsingPermissionTest008 + * @tc.desc: Test multiple process start using permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest008, TestSize.Level1) +{ + EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); + + std::vector permList = {"ohos.permission.CAMERA"}; + sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); + ASSERT_NE(nullptr, callback); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); + + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_1, permissionName), CALLER_PID)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_3, permissionName), CALLER_PID)); + ProcessData processData; + processData.accessTokenId = tokenId; + processData.pid = TEST_PID_1; + appStateObserver_->OnProcessDied(processData); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); + + processData.pid = TEST_PID_2; + appStateObserver_->OnProcessDied(processData); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); + + processData.pid = TEST_PID_3; + appStateObserver_->OnProcessDied(processData); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(PERM_INACTIVE, callback->type_); +} + +/* + * @tc.name: StartUsingPermissionTest009 + * @tc.desc: Test multiple process start using permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest009, TestSize.Level1) +{ + EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); + + auto callbackPtr1 = std::make_shared(); + auto callbackWrap1 = new (std::nothrow) StateChangeCallback(callbackPtr1); + ASSERT_NE(nullptr, callbackPtr1); + ASSERT_NE(nullptr, callbackWrap1); + + auto callbackPtr2 = std::make_shared(); + auto callbackWrap2 = new (std::nothrow) StateChangeCallback(callbackPtr2); + ASSERT_NE(nullptr, callbackPtr2); + ASSERT_NE(nullptr, callbackWrap2); + + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId); + std::string permissionName = "ohos.permission.CAMERA"; + + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_1, permissionName), callbackWrap1->AsObject(), CALLER_PID)); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_2, permissionName), callbackWrap2->AsObject(), CALLER_PID)); + + AppStateData appStateData; + appStateData.accessTokenId = tokenId; + appStateData.state = static_cast(ApplicationState::APP_STATE_FOREGROUND); + appStateData.pid = TEST_PID_1; + appStateObserver_->OnAppStateChanged(appStateData); + appStateData.pid = TEST_PID_2; + appStateObserver_->OnAppStateChanged(appStateData); + + appStateData.state = static_cast(ApplicationState::APP_STATE_BACKGROUND); + appStateData.pid = TEST_PID_1; + appStateObserver_->OnAppStateChanged(appStateData); + usleep(500000); // 500000us = 0.5s + ASSERT_FALSE(callbackPtr1->isShow_); + ASSERT_TRUE(callbackPtr2->isShow_); + + appStateData.pid = TEST_PID_2; + appStateObserver_->OnAppStateChanged(appStateData); + usleep(500000); // 500000us = 0.5s + ASSERT_FALSE(callbackPtr2->isShow_); +} + +/* + * @tc.name: StartUsingPermissionTest010 + * @tc.desc: Test multiple process start using permission + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest010, TestSize.Level1) +{ + EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); + + std::vector permList = {"ohos.permission.CAMERA"}; + sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); + ASSERT_NE(nullptr, callback); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); + + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_1, permissionName), CALLER_PID)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, TEST_PID_2, permissionName), CALLER_PID)); + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, TEST_PID_2, "ohos.permission.CAMERA", CALLER_PID)); usleep(500000); // 500000us = 0.5s ASSERT_EQ(PERM_ACTIVE_IN_BACKGROUND, callback->type_); - ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, permissionName)); - PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; + + ASSERT_EQ(Constant::SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, TEST_PID_1, "ohos.permission.CAMERA", CALLER_PID)); + usleep(500000); // 500000us = 0.5s + ASSERT_EQ(PERM_INACTIVE, callback->type_); } +/* + * @tc.name: StartUsingPermissionTest011 + * @tc.desc: Test default pid -1 start using permission and OnProcessDied + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, StartUsingPermissionTest011, TestSize.Level1) +{ + EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); + + std::vector permList = {"ohos.permission.CAMERA"}; + sptr callback = new (std::nothrow) PermActiveStatusChangeCallback(); + ASSERT_NE(nullptr, callback); + ASSERT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, callback->AsObject())); + AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); + ASSERT_EQ(PrivacyError::ERR_PERMISSION_ALREADY_START_USING, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, permissionName), CALLER_PID)); + + // makesure callback end + usleep(500000); // 500000us = 0.5s + callback->type_ = PERM_TEMPORARY_CALL; + ProcessData processData; + processData.accessTokenId = tokenId; + processData.pid = 100; // random pid + appStateObserver_->OnProcessDied(processData); + usleep(500000); + ASSERT_EQ(PERM_TEMPORARY_CALL, callback->type_); +} + +#ifndef APP_SECURITY_PRIVACY_SERVICE /* * @tc.name: ShowGlobalDialog001 * @tc.desc: ShowGlobalDialog function test @@ -448,12 +712,13 @@ HWTEST_F(PermissionRecordManagerTest, ShowGlobalDialog001, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(CAMERA_PERMISSION_NAME)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog("ohos.permission.CAMERA")); sleep(3); // wait for dialog disappear - ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(MICROPHONE_PERMISSION_NAME)); + ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog("ohos.permission.MICROPHONE")); sleep(3); // wait for dialog disappear - ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog(LOCATION_PERMISSION_NAME)); // no dialog + ASSERT_EQ(true, PermissionRecordManager::GetInstance().ShowGlobalDialog("ohos.permission.LOCATION")); // no dialog } +#endif /* * @tc.name: AppStateChangeListener001 @@ -464,21 +729,29 @@ HWTEST_F(PermissionRecordManagerTest, ShowGlobalDialog001, TestSize.Level1) HWTEST_F(PermissionRecordManagerTest, AppStateChangeListener001, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - bool isMicLoad = PermissionRecordManager::GetInstance().isMicLoad_; + + char value[VALUE_MAX_LEN] = {0}; + GetParameter(EDM_MIC_MUTE_KEY, "", value, VALUE_MAX_LEN - 1); + GTEST_LOG_(INFO) << "value:" << value; + + bool isMute = strncmp(value, "true", VALUE_MAX_LEN) == 0; + SetParameter(EDM_MIC_MUTE_KEY, std::to_string(false).c_str()); - PermissionRecordManager::GetInstance().isMicLoad_ = true; - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - bool isMuteMic = AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState(); - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(true, PolicyType::PRIVACY); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); // status is inactive - ASSERT_EQ(0, PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId, PID, "ohos.permission.MICROPHONE"), CALLER_PID)); sleep(3); // wait for dialog disappear - PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, PERM_ACTIVE_IN_BACKGROUND); - ASSERT_EQ(0, PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME)); - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(isMuteMic, PolicyType::PRIVACY); - PermissionRecordManager::GetInstance().isMicLoad_ = isMicLoad; + PermissionRecordManager::GetInstance().NotifyAppStateChange(tokenId, PID, PERM_ACTIVE_IN_BACKGROUND); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, PID, + "ohos.permission.MICROPHONE", CALLER_PID)); + std::string str = isMute ? "true" : "false"; + SetParameter(EDM_MIC_MUTE_KEY, str.c_str()); } /* @@ -555,42 +828,66 @@ HWTEST_F(PermissionRecordManagerTest, RemovePermissionUsedRecords001, TestSize.L AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(static_cast(0), tokenId); +} - std::string deviceID; - PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId, deviceID); // deviceID is empty +/* + * @tc.name:SetPermissionUsedRecordToggleStatus001 + * @tc.desc: PermissionRecordManager::SetPermissionUsedRecordToggleStatus function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, SetPermissionUsedRecordToggleStatus001, TestSize.Level1) +{ + int32_t ret = PermissionRecordManager::GetInstance().SetPermissionUsedRecordToggleStatus( + TEST_INVALID_USER_ID, true); + EXPECT_EQ(ret, PrivacyError::ERR_PARAM_INVALID); - deviceID = "what's is"; - // deviceID is not empty, but device which deps on tokenID is empty not equals deviceID - PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(static_cast(123), deviceID); + ret = PermissionRecordManager::GetInstance().SetPermissionUsedRecordToggleStatus( + TEST_INVALID_USER_ID_20000, true); + EXPECT_EQ(ret, PrivacyError::ERR_PARAM_INVALID); +} - deviceID = "0"; - // deviceID is not empty, device which deps on tokenID is not empty and equals deviceID - PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenId, deviceID); +/* + * @tc.name:GetPermissionUsedRecordToggleStatus001 + * @tc.desc: PermissionRecordManager::GetPermissionUsedRecordToggleStatus function test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, GetPermissionUsedRecordToggleStatus001, TestSize.Level1) +{ + bool status = true; + int32_t ret = PermissionRecordManager::GetInstance().GetPermissionUsedRecordToggleStatus( + TEST_INVALID_USER_ID, status); + EXPECT_EQ(ret, PrivacyError::ERR_PARAM_INVALID); + + ret = PermissionRecordManager::GetInstance().GetPermissionUsedRecordToggleStatus( + TEST_INVALID_USER_ID_20000, status); + EXPECT_EQ(ret, PrivacyError::ERR_PARAM_INVALID); } /* - * @tc.name: StartUsingPermission001 - * @tc.desc: PermissionRecordManager::StartUsingPermission function test + * @tc.name:UpdatePermUsedRecToggleStatusMap001 + * @tc.desc: PermissionRecordManager::test UpdatePermUsedRecToggleStatusMap and CheckPermissionUsedRecordToggleStatus * @tc.type: FUNC * @tc.require: */ -HWTEST_F(PermissionRecordManagerTest, StartUsingPermission001, TestSize.Level1) +HWTEST_F(PermissionRecordManagerTest, UpdatePermUsedRecToggleStatusMap001, TestSize.Level1) { - AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, - g_InfoParms1.instIndex); - ASSERT_NE(static_cast(0), tokenId); + bool checkStatus = PermissionRecordManager::GetInstance().CheckPermissionUsedRecordToggleStatus(TEST_USER_ID_10); + EXPECT_TRUE(checkStatus); - // tokenId invaild - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StartUsingPermission( - g_nativeToken, "ohos.permission.READ_MEDIA")); + bool ret = PermissionRecordManager::GetInstance().UpdatePermUsedRecToggleStatusMap(TEST_USER_ID_10, false); + checkStatus = PermissionRecordManager::GetInstance().CheckPermissionUsedRecordToggleStatus(TEST_USER_ID_10); + EXPECT_TRUE(ret); + EXPECT_FALSE(checkStatus); - ASSERT_EQ(Constant::SUCCESS, PermissionRecordManager::GetInstance().StartUsingPermission( - tokenId, "ohos.permission.READ_MEDIA")); - ASSERT_EQ(PrivacyError::ERR_PERMISSION_ALREADY_START_USING, - PermissionRecordManager::GetInstance().StartUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); + ret = PermissionRecordManager::GetInstance().UpdatePermUsedRecToggleStatusMap(TEST_USER_ID_10, false); + EXPECT_FALSE(ret); - ASSERT_EQ(Constant::SUCCESS, - PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); + ret = PermissionRecordManager::GetInstance().UpdatePermUsedRecToggleStatusMap(TEST_USER_ID_10, true); + checkStatus = PermissionRecordManager::GetInstance().CheckPermissionUsedRecordToggleStatus(TEST_USER_ID_10); + EXPECT_TRUE(ret); + EXPECT_TRUE(checkStatus); } /* @@ -607,15 +904,16 @@ HWTEST_F(PermissionRecordManagerTest, StopUsingPermission001, TestSize.Level1) // tokenId invaild ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().StopUsingPermission( - static_cast(0), "ohos.permission.READ_MEDIA")); + static_cast(0), PID, "ohos.permission.READ_MEDIA", CALLER_PID)); // permission invaild ASSERT_EQ(PrivacyError::ERR_PERMISSION_NOT_EXIST, PermissionRecordManager::GetInstance().StopUsingPermission( - tokenId, "ohos.permission.test")); + tokenId, PID, "ohos.permission.test", CALLER_PID)); // not start using ASSERT_EQ(PrivacyError::ERR_PERMISSION_NOT_START_USING, - PermissionRecordManager::GetInstance().StopUsingPermission(tokenId, "ohos.permission.READ_MEDIA")); + PermissionRecordManager::GetInstance().StopUsingPermission( + tokenId, PID, "ohos.permission.READ_MEDIA", CALLER_PID)); } /* @@ -630,8 +928,8 @@ HWTEST_F(PermissionRecordManagerTest, RegisterPermActiveStatusCallback003, TestS permList.emplace_back("com.ohos.TEST"); // GetDefPermission != Constant::SUCCESS && listRes is empty && listSrc is not empty - ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, - PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback(permList, nullptr)); + ASSERT_EQ(PrivacyError::ERR_PARAM_INVALID, PermissionRecordManager::GetInstance().RegisterPermActiveStatusCallback( + GetSelfTokenID(), permList, nullptr)); } /* @@ -642,7 +940,7 @@ HWTEST_F(PermissionRecordManagerTest, RegisterPermActiveStatusCallback003, TestS */ HWTEST_F(PermissionRecordManagerTest, GetPermissionUsedType001, TestSize.Level1) { - int32_t tokenId = RANDOM_TOKENID; + uint32_t tokenId = RANDOM_TOKENID; std::string permissionName = "ohos.permission.PERMISSION_RECORD_MANAGER_TEST"; std::vector results; // tokenId is not exsit @@ -683,7 +981,7 @@ HWTEST_F(PermissionRecordManagerTest, Dlopen001, TestSize.Level1) HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults001, TestSize.Level1) { GenericValues value; - value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(RANDOM_TOKENID)); value.Put(PrivacyFiledConst::FIELD_USED_TYPE, NORMAL_TYPE_ADD_VALUE); std::vector results; @@ -700,7 +998,7 @@ HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults001, TestSize.Level1) HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults002, TestSize.Level1) { GenericValues value; - value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(RANDOM_TOKENID)); value.Put(PrivacyFiledConst::FIELD_USED_TYPE, PICKER_TYPE_ADD_VALUE); std::vector results; @@ -717,7 +1015,7 @@ HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults002, TestSize.Level1) HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults003, TestSize.Level1) { GenericValues value; - value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, RANDOM_TOKENID); + value.Put(PrivacyFiledConst::FIELD_TOKEN_ID, static_cast(RANDOM_TOKENID)); value.Put(PrivacyFiledConst::FIELD_USED_TYPE, SEC_COMPONENT_TYPE_ADD_VALUE); std::vector results; @@ -734,15 +1032,18 @@ HWTEST_F(PermissionRecordManagerTest, AddDataValueToResults003, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest001, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID)); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); EXPECT_EQ(ERR_PRIVACY_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID)); } /* @@ -753,15 +1054,18 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest001, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest002, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID)); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); EXPECT_EQ(ERR_PRIVACY_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID)); } /* @@ -772,15 +1076,18 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest002, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest003, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID)); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID)); } /* @@ -791,15 +1098,19 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest003, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest004, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true)); - - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); EXPECT_EQ(ERR_EDM_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false)); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID)); } /* @@ -810,15 +1121,18 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest004, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest005, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true)); - - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false)); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, false, RANDOM_TOKENID)); } /* @@ -829,15 +1143,18 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest005, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest006, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true)); - - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false)); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::PRIVACY, CallerType::MICROPHONE, false, RANDOM_TOKENID)); } /* @@ -848,17 +1165,21 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest006, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest007, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, true)); - - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(ERR_EDM_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, false)); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, true, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(ERR_EDM_POLICY_CHECK_FAILED, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, false, RANDOM_TOKENID)); } +#ifndef APP_SECURITY_PRIVACY_SERVICE /* * @tc.name: SetMutePolicyTest008 * @tc.desc: @@ -868,16 +1189,20 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest007, TestSize.Level1) HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest008, TestSize.Level1) { EXPECT_EQ(0, SetSelfTokenID(g_nativeToken)); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, true)); - - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true); - EXPECT_EQ(ERR_PRIVACY_POLICY_CHECK_FAILED, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, false)); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, true, + RANDOM_TOKENID); + EXPECT_EQ(ERR_PRIVACY_POLICY_CHECK_FAILED, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, false, RANDOM_TOKENID)); } +#endif /* * @tc.name: SetMutePolicyTest009 @@ -887,15 +1212,142 @@ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest008, TestSize.Level1) */ HWTEST_F(PermissionRecordManagerTest, SetMutePolicyTest009, TestSize.Level1) { - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, true)); + uint32_t tokenID = AccessTokenKit::GetNativeTokenId("edm"); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, true, RANDOM_TOKENID)); + + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false, tokenID); + PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false, + RANDOM_TOKENID); + EXPECT_EQ(RET_SUCCESS, PermissionRecordManager::GetInstance().SetMutePolicy( + PolicyType::TEMPORARY, CallerType::MICROPHONE, false, RANDOM_TOKENID)); +} - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::EDM, CallerType::MICROPHONE, false); - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::PRIVACY, CallerType::MICROPHONE, false); - EXPECT_EQ(RET_SUCCESS, - PermissionRecordManager::GetInstance().SetMutePolicy(PolicyType::TEMPORARY, CallerType::MICROPHONE, false)); +class DiedProxyMaker { +public: + DiedProxyMaker() + { + handler_ = std::make_shared(); + } + + void AddRecipient(int callerPid) + { + std::shared_ptr param = std::make_shared(callerPid); + auto anonyStub = sptr::MakeSptr(); + handler_->AddProxyStub(anonyStub, param); + } + + void TestDie(int32_t callerPid) + { + auto map = handler_->proxyStubAndRecipientMap_; + auto param = reinterpret_cast(new PrivacyManagerProxyDeathParam(callerPid)); + for (auto iter = map.begin(); iter != map.end(); ++iter) { + if (iter->second.second->IsEqual(param)) { + iter->second.first->OnRemoteDied(iter->first); + } + } + } + + std::shared_ptr handler_ = nullptr; +}; + +/* + * @tc.name: PermissionRecordManagerTest + * @tc.desc: ProxyDeathTest test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, ProxyDeathTest001, TestSize.Level1) +{ + DiedProxyMaker init; + init.AddRecipient(CALLER_PID); + init.TestDie(CALLER_PID); + ASSERT_EQ(0, PermissionRecordManager::GetInstance().startRecordList_.size()); + + AccessTokenID tokenId1 = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId1); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId1, TEST_PID_1, permissionName), CALLER_PID)); + + AccessTokenID tokenId2 = AccessTokenKit::GetHapTokenID(g_InfoParms2.userID, g_InfoParms2.bundleName, + g_InfoParms2.instIndex); + ASSERT_NE(static_cast(0), tokenId2); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId2, TEST_PID_2, permissionName), CALLER_PID)); + ASSERT_EQ(2, PermissionRecordManager::GetInstance().startRecordList_.size()); + + DiedProxyMaker maker; + maker.AddRecipient(CALLER_PID); + maker.TestDie(CALLER_PID); + ASSERT_EQ(0, PermissionRecordManager::GetInstance().startRecordList_.size()); +} + +/* + * @tc.name: PermissionRecordManagerTest + * @tc.desc: ProxyDeathTest test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, ProxyDeathTest002, TestSize.Level1) +{ + DiedProxyMaker init; + init.AddRecipient(CALLER_PID); + init.TestDie(CALLER_PID); + AccessTokenID tokenId1 = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId1); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId1, TEST_PID_1, permissionName), CALLER_PID)); + + AccessTokenID tokenId2 = AccessTokenKit::GetHapTokenID(g_InfoParms2.userID, g_InfoParms2.bundleName, + g_InfoParms2.instIndex); + ASSERT_NE(static_cast(0), tokenId2); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId2, TEST_PID_2, permissionName), CALLER_PID2)); + ASSERT_EQ(2, PermissionRecordManager::GetInstance().startRecordList_.size()); + + DiedProxyMaker maker; + maker.AddRecipient(CALLER_PID); + maker.TestDie(CALLER_PID); + ASSERT_EQ(1, PermissionRecordManager::GetInstance().startRecordList_.size()); + + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId2, TEST_PID_2, permissionName, CALLER_PID2)); +} + +/* + * @tc.name: PermissionRecordManagerTest + * @tc.desc: HasCallerInStartList test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordManagerTest, HasCallerInStartList001, TestSize.Level1) +{ + DiedProxyMaker init; + init.AddRecipient(CALLER_PID); + init.TestDie(CALLER_PID); + AccessTokenID tokenId1 = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(static_cast(0), tokenId1); + std::string permissionName = "ohos.permission.CAMERA"; + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StartUsingPermission( + MakeInfo(tokenId1, TEST_PID_1, permissionName), CALLER_PID)); + ASSERT_TRUE(PermissionRecordManager::GetInstance().HasCallerInStartList(CALLER_PID)); + ASSERT_FALSE(PermissionRecordManager::GetInstance().HasCallerInStartList(CALLER_PID2)); + ASSERT_EQ(RET_SUCCESS, + PermissionRecordManager::GetInstance().StopUsingPermission(tokenId1, TEST_PID_1, permissionName, CALLER_PID)); + ASSERT_FALSE(PermissionRecordManager::GetInstance().HasCallerInStartList(CALLER_PID)); } } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/test/unittest/permission_record_set_test.cpp b/services/privacymanager/test/unittest/permission_record_set_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..0bd2e7d2a32e7fb01194957c89a304398df68118 --- /dev/null +++ b/services/privacymanager/test/unittest/permission_record_set_test.cpp @@ -0,0 +1,1384 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "constant.h" +#include "permission_record_set.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t HAP_TOKEN_ID[] = {101, 102}; +static constexpr int32_t HAP_PID[] = {201, 202}; +static constexpr int32_t INACTIVE = ActiveChangeType::PERM_INACTIVE; +static constexpr int32_t ACTIVE = ActiveChangeType::PERM_ACTIVE_IN_BACKGROUND; +static constexpr int32_t CALLER_PID[] = {301, 302}; +static constexpr int32_t OPCODE[] = {Constant::OP_MICROPHONE, Constant::OP_CAMERA}; +static constexpr int32_t RECORD_ITEM_SIZE = 5; +static constexpr int32_t SECOND_PARAM = 2; +static constexpr int32_t THIRD_PARAM = 3; +static constexpr int32_t FORTH_PARAM = 4; +} + +static ContinusPermissionRecord MakeRecord(const int32_t recordArray[RECORD_ITEM_SIZE]) +{ + ContinusPermissionRecord record; + record.tokenId = recordArray[0]; + record.opCode = recordArray[1]; + record.status = recordArray[SECOND_PARAM]; + record.pid = recordArray[THIRD_PARAM]; + record.callerPid = recordArray[FORTH_PARAM]; + return record; +} + +static void MakeRecordSet(const int32_t recordArray[][RECORD_ITEM_SIZE], int32_t setSize, + std::set& recordSet) +{ + for (size_t i = 0; i < setSize; i++) { + ContinusPermissionRecord record = MakeRecord(recordArray[i]); + recordSet.emplace(record); + } +} + +static void MakeRecordList(const int32_t recordArray[][RECORD_ITEM_SIZE], int32_t setSize, + std::vector& recordList) +{ + for (size_t i = 0; i < setSize; i++) { + ContinusPermissionRecord record = MakeRecord(recordArray[i]); + recordList.emplace_back(record); + } +} + +static void RemoveRecord(std::set& recordList, + const ContinusPermissionRecord& record, std::vector& retList) +{ + return PermissionRecordSet::RemoveByKey(recordList, record, &ContinusPermissionRecord::IsEqualRecord, retList); +} + +static void RemoveTokenId(std::set& recordList, + const ContinusPermissionRecord& record, std::vector& retList) +{ + return PermissionRecordSet::RemoveByKey(recordList, record, &ContinusPermissionRecord::IsEqualTokenId, retList); +} + +static void RemoveTokenIdAndPid(std::set& recordList, + const ContinusPermissionRecord& record, std::vector& retList) +{ + return PermissionRecordSet::RemoveByKey(recordList, record, + &ContinusPermissionRecord::IsEqualTokenIdAndPid, retList); +} + +static void RemovePermCode(std::set& recordList, + const ContinusPermissionRecord& record, std::vector& retList) +{ + return PermissionRecordSet::RemoveByKey(recordList, record, &ContinusPermissionRecord::IsEqualPermCode, retList); +} + +static void RemoveCallerPid(std::set& recordList, + const ContinusPermissionRecord& record, std::vector& retList) +{ + return PermissionRecordSet::RemoveByKey(recordList, record, &ContinusPermissionRecord::IsEqualCallerPid, retList); +} + +class PermissionRecordSetTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void PermissionRecordSetTest::SetUpTestCase() +{ +} + +void PermissionRecordSetTest::TearDownTestCase() +{ +} + +void PermissionRecordSetTest::SetUp() +{ +} + +void PermissionRecordSetTest::TearDown() +{ +} + +/** + * @tc.name: PermissionRecordSetTest0001 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 1); +} + +/** + * @tc.name: PermissionRecordSetTest0002 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], INACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 1); +} + +/** + * @tc.name: PermissionRecordSetTest0003 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[1] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); +} + +/** + * @tc.name: PermissionRecordSetTest0004 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0004, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); +} + +/** + * @tc.name: PermissionRecordSetTest0005 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0005, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); +} + +/** + * @tc.name: PermissionRecordSetTest0006 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0006, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); +} + +/** + * @tc.name: PermissionRecordSetTest0007 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0007, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); +} + +/** + * @tc.name: PermissionRecordSetTest0008 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0008, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 0-3 + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, // 1-5 + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 2-2 + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[1] }, // 3-4 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 4-0 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, // 5-1 + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 6); + auto it = recordSet.begin(); + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[4]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[5]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[2]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[0]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[3]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[1]))); + ++it; + EXPECT_EQ(it, recordSet.end()); +} + + +/** + * @tc.name: PermissionRecordSetTest0009 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0009, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 0-0 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[1] }, // 1-1 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, // 2-2 + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 3-3 + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 4-4 + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 5); + auto it = recordSet.begin(); + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[0]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[1]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[2]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[3]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[4]))); + ++it; + EXPECT_EQ(it, recordSet.end()); +} + +/** + * @tc.name: PermissionRecordSetTest0010 + * @tc.desc: PermissionRecordSetTest set test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, PermissionRecordSetTest0010, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 0-4 + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 1-3 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, // 2-2 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[1] }, // 3-1 + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, // 4-0 + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 5); + auto it = recordSet.begin(); + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[4]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[3]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[2]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[1]))); + ++it; + EXPECT_TRUE(it->IsEqualRecord(MakeRecord(recordList[0]))); + ++it; + EXPECT_EQ(it, recordSet.end()); +} + +/** + * @tc.name: RemoveRecord0001 + * @tc.desc: RemoveRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveRecord0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveRecord(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveRecord0002 + * @tc.desc: RemoveRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveRecord0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], INACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveRecord(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemoveRecord0003 + * @tc.desc: RemoveRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveRecord0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveRecord(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 2); + EXPECT_EQ(retList.size(), 0); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemoveRecord0005 + * @tc.desc: RemoveRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveRecord0005, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], INACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveRecord(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveTokenId0001 + * @tc.desc: RemoveTokenId test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenId0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenId(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveTokenId0002 + * @tc.desc: RemoveTokenId test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenId0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenId(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 0); + EXPECT_EQ(retList.size(), 2); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveTokenId0003 + * @tc.desc: RemoveRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenId0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenId(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 2); + EXPECT_EQ(retList.size(), 0); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemoveTokenIdAndPid0001 + * @tc.desc: RemoveTokenIdAndPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenIdAndPid0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenIdAndPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 0); + EXPECT_EQ(retList.size(), 2); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 2); +} + +/** + * @tc.name: RemoveTokenIdAndPid0002 + * @tc.desc: RemoveTokenIdAndPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenIdAndPid0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenIdAndPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveTokenIdAndPid0003 + * @tc.desc: RemoveTokenIdAndPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenIdAndPid0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenIdAndPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 2); + EXPECT_EQ(retList.size(), 0); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemoveTokenIdAndPid0004 + * @tc.desc: RemoveTokenIdAndPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenIdAndPid0004, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenIdAndPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemoveTokenIdAndPid0005 + * @tc.desc: RemoveTokenIdAndPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveTokenIdAndPid0005, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, -1, CALLER_PID[1] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[1], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveTokenIdAndPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemovePermCode0001 + * @tc.desc: RemovePermCode test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemovePermCode0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemovePermCode(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 0); + EXPECT_EQ(retList.size(), 2); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemovePermCode0002 + * @tc.desc: RemovePermCode test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemovePermCode0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemovePermCode(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemovePermCode0003 + * @tc.desc: RemovePermCode test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemovePermCode0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemovePermCode(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 2); + EXPECT_EQ(retList.size(), 0); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: RemovePermCode0004 + * @tc.desc: RemovePermCode test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemovePermCode0004, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], INACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemovePermCode(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveCallerPid0001 + * @tc.desc: RemoveCallerPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveCallerPid0001, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveCallerPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 0); + EXPECT_EQ(retList.size(), 2); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveCallerPid0002 + * @tc.desc: RemoveCallerPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveCallerPid0002, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveCallerPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 0); + EXPECT_EQ(retList.size(), 2); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 2); +} + +/** + * @tc.name: RemoveCallerPid0003 + * @tc.desc: RemoveCallerPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveCallerPid0003, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[1] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveCallerPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 1); + EXPECT_EQ(retList.size(), 1); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: RemoveCallerPid0004 + * @tc.desc: RemoveCallerPid test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, RemoveCallerPid0004, TestSize.Level1) +{ + int32_t recordList[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[1] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[1] }, + }; + int32_t setSize = sizeof(recordList) / sizeof(recordList[0]); + std::set recordSet; + MakeRecordSet(recordList, setSize, recordSet); + EXPECT_EQ(recordSet.size(), 2); + ContinusPermissionRecord record = { + .tokenId = HAP_TOKEN_ID[0], + .opCode = OPCODE[0], + .status = ACTIVE, + .pid = HAP_PID[0], + .callerPid = CALLER_PID[0], + }; + std::vector retList; + RemoveCallerPid(recordSet, record, retList); + EXPECT_EQ(recordSet.size(), 2); + EXPECT_EQ(retList.size(), 0); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, retList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: GetUnusedCameraRecords0001 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0001, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: GetUnusedCameraRecords0002 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0002, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0003 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0003, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0004 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0004, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0005 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0005, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0006 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0006, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[1] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0007 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0007, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[1] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: GetUnusedCameraRecords0008 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0008, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[1] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetUnusedCameraRecords0009 + * @tc.desc: GetUnusedCameraRecords test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetUnusedCameraRecords0009, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, -1, CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[1] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetUnusedCameraRecords(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: GetInActiveUniqueRecord0001 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0001, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], INACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[1] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[1], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetInActiveUniqueRecord0002 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0002, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetInActiveUniqueRecord0003 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0003, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[1], OPCODE[0], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetInActiveUniqueRecord0004 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0004, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], INACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 1); +} + +/** + * @tc.name: GetInActiveUniqueRecord0005 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0005, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[0] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} + +/** + * @tc.name: GetInActiveUniqueRecord0006 + * @tc.desc: GetInActiveUniqueRecord test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PermissionRecordSetTest, GetInActiveUniqueRecord0006, TestSize.Level1) +{ + int32_t recordArray1[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], INACTIVE, HAP_PID[1], CALLER_PID[0] }, + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[1], CALLER_PID[1] }, + }; + int32_t recordArray2[][RECORD_ITEM_SIZE] = { + { HAP_TOKEN_ID[0], OPCODE[1], ACTIVE, HAP_PID[0], CALLER_PID[0] }, + }; + int32_t size1 = sizeof(recordArray1) / sizeof(recordArray1[0]); + int32_t size2 = sizeof(recordArray2) / sizeof(recordArray1[0]); + std::set recordSet; + MakeRecordSet(recordArray1, size1, recordSet); + std::vector recordList; + MakeRecordList(recordArray2, size2, recordList); + std::vector inactiveList; + PermissionRecordSet::GetInActiveUniqueRecord(recordSet, recordList, inactiveList); + EXPECT_EQ(inactiveList.size(), 0); +} +} +} +} \ No newline at end of file diff --git a/services/privacymanager/test/unittest/privacy_manager_proxy_death_test.cpp b/services/privacymanager/test/unittest/privacy_manager_proxy_death_test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f33d24075051908c57514c0c13a2695a9a9a5d5c --- /dev/null +++ b/services/privacymanager/test/unittest/privacy_manager_proxy_death_test.cpp @@ -0,0 +1,157 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#define private public +#include "proxy_death_handler.h" +#include "privacy_manager_proxy_death_param.h" +#include "proxy_death_callback_stub.h" +#undef private +#include "constant.h" +#include "permission_record_set.h" + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace AccessToken { + +class PrivacyManagerProxyDeathTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void PrivacyManagerProxyDeathTest::SetUpTestCase() +{ +} + +void PrivacyManagerProxyDeathTest::TearDownTestCase() +{ +} + +void PrivacyManagerProxyDeathTest::SetUp() +{ +} + +void PrivacyManagerProxyDeathTest::TearDown() +{ +} + +/** + * @tc.name: PrivacyManagerProxyDeathTest001 + * @tc.desc: AddProxyStub test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerProxyDeathTest, PrivacyManagerProxyDeathTest001, TestSize.Level1) +{ + auto handler = std::make_shared(); + auto anonyStub = new (std::nothrow) ProxyDeathCallBackStub(); + int32_t callerPid = 456; // 456 is random input + std::shared_ptr param = std::make_shared(callerPid); + handler->AddProxyStub(anonyStub->AsObject(), param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); + handler->AddProxyStub(anonyStub->AsObject(), param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); // has inserted + + auto anonyStub2 = new (std::nothrow) ProxyDeathCallBackStub(); + std::shared_ptr param2 = std::make_shared(callerPid); + handler->AddProxyStub(anonyStub2->AsObject(), param2); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 2); +} + +/** + * @tc.name: PrivacyManagerProxyDeathTest001 + * @tc.desc: ReleaseProxyByParam test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerProxyDeathTest, PrivacyManagerProxyDeathTest002, TestSize.Level1) +{ + auto handler = std::make_shared(); + auto anonyStub = new (std::nothrow) ProxyDeathCallBackStub(); + int32_t callerPid = 456; // 456 is random input + std::shared_ptr param = std::make_shared(callerPid); + handler->AddProxyStub(anonyStub->AsObject(), param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); + + auto anonyStub2 = new (std::nothrow) ProxyDeathCallBackStub(); + std::shared_ptr param2 = std::make_shared(callerPid); + handler->AddProxyStub(anonyStub2->AsObject(), param2); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 2); + + handler->ReleaseProxyByParam(param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 0); +} + +class TestProxyDeathParam : public ProxyDeathParam { +public: + void ProcessParam() override + { + status = true; + } + bool IsEqual(ProxyDeathParam *) override + { + return status; + } + bool status = false; +}; + +/** + * @tc.name: PrivacyManagerProxyDeathTest003 + * @tc.desc: HandleRemoteDied test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerProxyDeathTest, PrivacyManagerProxyDeathTest003, TestSize.Level1) +{ + auto handler = std::make_shared(); + auto anonyStub = new (std::nothrow) ProxyDeathCallBackStub(); + std::shared_ptr param = std::make_shared(); + handler->AddProxyStub(anonyStub->AsObject(), param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); + + handler->HandleRemoteDied(anonyStub->AsObject()); + EXPECT_TRUE(param->IsEqual(nullptr)); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 0); +} + +/** + * @tc.name: PrivacyManagerProxyDeathTest004 + * @tc.desc: HandleRemoteDied test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerProxyDeathTest, PrivacyManagerProxyDeathTest004, TestSize.Level1) +{ + auto handler = std::make_shared(); + auto anonyStub = new (std::nothrow) ProxyDeathCallBackStub(); + std::shared_ptr param = std::make_shared(); + handler->AddProxyStub(anonyStub->AsObject(), param); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); + + auto anonyStub2 = new (std::nothrow) ProxyDeathCallBackStub(); + std::shared_ptr param2 = std::make_shared(); + + handler->HandleRemoteDied(anonyStub2->AsObject()); + EXPECT_FALSE(param->IsEqual(nullptr)); + EXPECT_EQ(handler->proxyStubAndRecipientMap_.size(), 1); +} +} +} +} \ No newline at end of file diff --git a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp index 5ba63530cdd5cbab67021c897c586214dbeca73e..4c656c9eb8f4b303d4c91d3eb56fe2bb63a687cd 100644 --- a/services/privacymanager/test/unittest/privacy_manager_service_test.cpp +++ b/services/privacymanager/test/unittest/privacy_manager_service_test.cpp @@ -24,10 +24,10 @@ #undef private #include "perm_active_status_change_callback_stub.h" #include "perm_active_status_change_callback.h" -#include "power_manager_loader.h" #include "privacy_error.h" #include "privacy_field_const.h" #include "privacy_manager_service.h" +#include "proxy_death_callback_stub.h" #include "state_change_callback.h" #include "string_ex.h" #include "token_setproc.h" @@ -110,12 +110,6 @@ void PrivacyManagerServiceTest::SetUp() g_tokenID = AccessTokenKit::AllocHapToken(g_InfoParms1, g_PolicyPrams1); AccessTokenKit::AllocHapToken(g_InfoParms2, g_PolicyPrams2); selfTokenId_ = GetSelfTokenID(); - - LibraryLoader loader(POWER_MANAGER_LIBPATH); - PowerManagerLoaderInterface* powerManagerLoader = loader.GetObject(); - if (powerManagerLoader != nullptr) { - powerManagerLoader->WakeupDevice(); - } } void PrivacyManagerServiceTest::TearDown() @@ -123,11 +117,11 @@ void PrivacyManagerServiceTest::TearDown() AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); AccessTokenKit::DeleteToken(tokenId); - privacyManagerService_->RemovePermissionUsedRecords(tokenId, ""); + privacyManagerService_->RemovePermissionUsedRecords(tokenId); tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms2.userID, g_InfoParms2.bundleName, g_InfoParms2.instIndex); AccessTokenKit::DeleteToken(tokenId); - privacyManagerService_->RemovePermissionUsedRecords(tokenId, ""); + privacyManagerService_->RemovePermissionUsedRecords(tokenId); privacyManagerService_ = nullptr; EXPECT_EQ(0, SetSelfTokenID(selfTokenId_)); } @@ -186,7 +180,7 @@ HWTEST_F(PrivacyManagerServiceTest, Dump001, TestSize.Level1) */ HWTEST_F(PrivacyManagerServiceTest, Dump002, TestSize.Level1) { - int32_t fd = 123; // 123: invalid fd + int32_t fd = 1; // 1: std output std::vector args; AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); @@ -198,7 +192,7 @@ HWTEST_F(PrivacyManagerServiceTest, Dump002, TestSize.Level1) AddPermParamInfoParcel infoParcel; infoParcel.info.tokenId = tokenId; - infoParcel.info.permissionName = "ohos.permission.CAMERA"; + infoParcel.info.permissionName = "ohos.permission.READ_CONTACTS"; infoParcel.info.successCount = 1; infoParcel.info.failCount = 0; @@ -226,18 +220,18 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission001, TestSize.Level1 tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME)); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, LOCATION_PERMISSION_NAME)); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, MICROPHONE_PERMISSION_NAME, -1)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, LOCATION_PERMISSION_NAME, -1)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); #ifdef CAMERA_FLOAT_WINDOW_ENABLE // not pip PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); PermissionRecordManager::GetInstance().NotifyCameraWindowChange(false, tokenId, false); // pip PermissionRecordManager::GetInstance().NotifyCameraWindowChange(true, tokenId, false); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); #endif } @@ -251,16 +245,16 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission002, TestSize.Level1 { AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("privacy_service"); // invalid tokenId - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(0, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(0, CAMERA_PERMISSION_NAME, -1)); // native tokenId - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); // invalid permission tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, "test")); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, "test", -1)); } /* @@ -276,7 +270,7 @@ HWTEST_F(PrivacyManagerServiceTest, IsAllowedUsingPermission003, TestSize.Level1 tokenId = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, g_InfoParms1.instIndex); ASSERT_NE(INVALID_TOKENID, tokenId); - ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME)); + ASSERT_EQ(false, privacyManagerService_->IsAllowedUsingPermission(tokenId, CAMERA_PERMISSION_NAME, -1)); } class TestPrivacyManagerStub : public PrivacyManagerStub { @@ -288,20 +282,28 @@ public: { return RET_SUCCESS; } - int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName) + int32_t SetPermissionUsedRecordToggleStatus(int32_t userID, bool status) + { + return RET_SUCCESS; + } + int32_t GetPermissionUsedRecordToggleStatus(int32_t userID, bool& status) { return RET_SUCCESS; } - int32_t StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, - const sptr& callback) + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel& info, const sptr& anonyStub) { return RET_SUCCESS; } - int32_t StopUsingPermission(AccessTokenID tokenID, const std::string& permissionName) + int32_t StartUsingPermission(const PermissionUsedTypeInfoParcel& info, + const sptr& callback, const sptr& anonyStub) { return RET_SUCCESS; } - int32_t RemovePermissionUsedRecords(AccessTokenID tokenID, const std::string& deviceID) + int32_t StopUsingPermission(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) + { + return RET_SUCCESS; + } + int32_t RemovePermissionUsedRecords(AccessTokenID tokenID) { return RET_SUCCESS; } @@ -324,7 +326,7 @@ public: { return RET_SUCCESS; } - bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName) + bool IsAllowedUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) { return true; } @@ -333,7 +335,7 @@ public: { return RET_SUCCESS; } - int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) + int32_t SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute, uint32_t tokenID) { return RET_SUCCESS; } @@ -482,6 +484,112 @@ HWTEST_F(PrivacyManagerServiceTest, AddPermissionUsedRecordInner003, TestSize.Le ASSERT_EQ(PrivacyError::ERR_PERMISSION_DENIED, reply.ReadInt32()); } +/** + * @tc.name: SetPermissionUsedRecordToggleStatusInner001 + * @tc.desc: SetPermissionUsedRecordToggleStatusInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner001, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + + TestPrivacyManagerStub testStub; + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteInt32(userID)); + ASSERT_EQ(true, data.WriteBool(status)); + ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( + static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); +} + +/** + * @tc.name: SetPermissionUsedRecordToggleStatusInner002 + * @tc.desc: SetPermissionUsedRecordToggleStatusInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, SetPermissionUsedRecordToggleStatusInner002, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + + TestPrivacyManagerStub testStub; + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteInt32(userID)); + ASSERT_EQ(true, data.WriteBool(status)); + ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( + static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); +} + +/** + * @tc.name: GetPermissionUsedRecordToggleStatusInner001 + * @tc.desc: GetPermissionUsedRecordToggleStatusInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner001, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + + TestPrivacyManagerStub testStub; + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteInt32(userID)); + ASSERT_EQ(true, data.WriteBool(status)); + ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( + static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(RET_SUCCESS, reply.ReadInt32()); +} + +/** + * @tc.name: GetPermissionUsedRecordToggleStatusInner002 + * @tc.desc: GetPermissionUsedRecordToggleStatusInner test. + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PrivacyManagerServiceTest, GetPermissionUsedRecordToggleStatusInner002, TestSize.Level1) +{ + int32_t userID = 1; + bool status = true; + + TestPrivacyManagerStub testStub; + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + + AccessTokenID hapTokenID = AccessTokenKit::GetHapTokenID(g_InfoParms1.userID, g_InfoParms1.bundleName, + g_InfoParms1.instIndex); + ASSERT_NE(hapTokenID, static_cast(0)); + SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID + + ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); + ASSERT_EQ(true, data.WriteInt32(userID)); + ASSERT_EQ(true, data.WriteBool(status)); + ASSERT_EQ(RET_SUCCESS, testStub.OnRemoteRequest( + static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS), data, reply, option)); + ASSERT_EQ(PrivacyError::ERR_NOT_SYSTEM_APP, reply.ReadInt32()); +} + /** * @tc.name: StartUsingPermissionInner001 * @tc.desc: StartUsingPermissionInner test. @@ -492,6 +600,8 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner001, TestSize.Level { AccessTokenID tokenID = 123; // 123 is random input std::string permissionName = "ohos.permission.test"; + int32_t pid = 456; // 456 is random input + auto anonystub = new (std::nothrow) ProxyDeathCallBackStub(); TestPrivacyManagerStub testSub; MessageParcel data; @@ -499,8 +609,12 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner001, TestSize.Level MessageOption option(MessageOption::TF_SYNC); ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(permissionName)); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + ASSERT_EQ(true, data.WriteParcelable(&parcel)); + ASSERT_EQ(true, data.WriteRemoteObject(anonystub->AsObject())); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap @@ -529,8 +643,11 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner002, TestSize.Level SetSelfTokenID(hapTokenID); // set self tokenID to hapTokenID ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(permissionName)); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = -1; + parcel.info.permissionName = permissionName; + ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); // callingTokenID is normal hap without need permission @@ -557,8 +674,11 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionInner003, TestSize.Level SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(permissionName)); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = -1; + parcel.info.permissionName = permissionName; + ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( static_cast(PrivacyInterfaceCode::START_USING_PERMISSION), data, reply, option)); // callingTokenID is system hap without need permission @@ -586,6 +706,7 @@ public: HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner001, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input + int32_t pid = 111; std::string permissionName = "ohos.permission.test"; auto callbackPtr = std::make_shared(); ASSERT_NE(nullptr, callbackPtr); @@ -601,8 +722,11 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner001, TestSi SetSelfTokenID(g_tokenID.tokenIDEx); // set self tokenID to system app ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(permissionName)); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(true, data.WriteRemoteObject(callbackWrap->AsObject())); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK), data, reply, option)); @@ -619,11 +743,13 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner001, TestSi HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input + int32_t pid = 11; std::string permissionName = "ohos.permission.test"; auto callbackPtr = std::make_shared(); ASSERT_NE(nullptr, callbackPtr); auto callbackWrap = new (std::nothrow) StateChangeCallback(callbackPtr); ASSERT_NE(nullptr, callbackWrap); + auto anonystub = new (std::nothrow) ProxyDeathCallBackStub(); TestPrivacyManagerStub testSub; MessageParcel data; @@ -631,9 +757,13 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSi MessageOption option(MessageOption::TF_SYNC); ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); - ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(permissionName)); + PermissionUsedTypeInfoParcel parcel; + parcel.info.tokenId = tokenID; + parcel.info.pid = pid; + parcel.info.permissionName = permissionName; + ASSERT_EQ(true, data.WriteParcelable(&parcel)); ASSERT_EQ(true, data.WriteRemoteObject(callbackWrap->AsObject())); + ASSERT_EQ(true, data.WriteRemoteObject(anonystub->AsObject())); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( PrivacyInterfaceCode::START_USING_PERMISSION_CALLBACK), data, reply, option)); // callingTokenID is native token hdcd with request permission @@ -649,6 +779,7 @@ HWTEST_F(PrivacyManagerServiceTest, StartUsingPermissionCallbackInner002, TestSi HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner001, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input + int32_t pid = 11; std::string permissionName = "ohos.permission.test"; TestPrivacyManagerStub testSub; @@ -658,6 +789,7 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner001, TestSize.Level1 ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); + ASSERT_EQ(true, data.WriteInt32(pid)); ASSERT_EQ(true, data.WriteString(permissionName)); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest( static_cast(PrivacyInterfaceCode::STOP_USING_PERMISSION), data, reply, option)); @@ -732,7 +864,6 @@ HWTEST_F(PrivacyManagerServiceTest, StopUsingPermissionInner003, TestSize.Level1 HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner001, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input - std::string deviceID = "abc"; // abc is random input TestPrivacyManagerStub testSub; MessageParcel data; @@ -741,7 +872,6 @@ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner001, TestSiz ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(deviceID)); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS), data, reply, option)); // callingTokenID is native token hdcd with need permission, but input tokenID is not a real hap @@ -757,7 +887,6 @@ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner001, TestSiz HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner002, TestSize.Level1) { AccessTokenID tokenID = 123; // 123 is random input - std::string deviceID = "abc"; // abc is random input TestPrivacyManagerStub testSub; MessageParcel data; @@ -770,7 +899,6 @@ HWTEST_F(PrivacyManagerServiceTest, RemovePermissionUsedRecordsInner002, TestSiz ASSERT_EQ(true, data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())); ASSERT_EQ(true, data.WriteUint32(tokenID)); - ASSERT_EQ(true, data.WriteString(deviceID)); ASSERT_EQ(RET_SUCCESS, testSub.OnRemoteRequest(static_cast( PrivacyInterfaceCode::DELETE_PERMISSION_USED_RECORDS), data, reply, option)); // native token device_manager don't have request permission diff --git a/services/privacymanager/test/unittest/sensitive_manager_test.cpp b/services/privacymanager/test/unittest/sensitive_manager_test.cpp index 3eedfe00209cd03b32383f5b534bf4bb0ac6b0e7..cf5010c4202242e69f4f721de02679392f3a01c0 100644 --- a/services/privacymanager/test/unittest/sensitive_manager_test.cpp +++ b/services/privacymanager/test/unittest/sensitive_manager_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,21 +18,15 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "app_manager_access_client.h" -#include "app_manager_access_proxy.h" -#ifdef ABILITY_RUNTIME_ENABLE -#include "ability_manager_interface.h" -#include "app_mgr_interface.h" -#endif #include "app_state_data.h" #define private public -#include "audio_manager_privacy_client.h" +#include "audio_manager_adapter.h" #undef private -#include "audio_manager_privacy_proxy.h" #ifdef AUDIO_FRAMEWORK_ENABLE #include "audio_policy_ipc_interface_code.h" #endif -#include "camera_manager_privacy_client.h" -#include "camera_manager_privacy_proxy.h" +#include "camera_manager_adapter.h" +#include "permission_record_manager.h" #include "token_setproc.h" using namespace testing::ext; @@ -80,11 +74,19 @@ static PermissionStateFull g_testState4 = { .grantFlags = {1} }; +static PermissionStateFull g_testState5 = { + .permissionName = "ohos.permission.MICROPHONE_CONTROL", + .isGeneral = true, + .resDeviceID = {"local"}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .grantFlags = {1} +}; + static HapPolicyParams g_PolicyPrams1 = { .apl = APL_NORMAL, .domain = "test.domain.A", .permList = {}, - .permStateList = {g_testState1, g_testState2, g_testState3, g_testState4} + .permStateList = {g_testState1, g_testState2, g_testState3, g_testState4, g_testState5} }; static HapInfoParams g_InfoParms1 = { @@ -128,71 +130,6 @@ void SensitiveManagerServiceTest::TearDown() EXPECT_EQ(0, SetSelfTokenID(g_selfTokenId)); } -/* - * @tc.name: SetMicroMuteTest001 - * @tc.desc: test set/get mute staus of microphone - * @tc.type: FUNC - * @tc.require: issueI5RWXF - */ -HWTEST_F(SensitiveManagerServiceTest, SetMicroMuteTest001, TestSize.Level1) -{ - bool initMute = AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState(); - - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(false, PolicyType::PRIVACY); - EXPECT_EQ(false, AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState()); - - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(true, PolicyType::PRIVACY); - EXPECT_EQ(true, AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState()); - - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(false, PolicyType::PRIVACY); - EXPECT_EQ(false, AudioManagerPrivacyClient::GetInstance().GetPersistentMicMuteState()); - - AudioManagerPrivacyClient::GetInstance().SetMicrophoneMutePersistent(initMute, PolicyType::PRIVACY); -} - -/* - * @tc.name: SetCameraMuteTest001 - * @tc.desc: test set/get mute staus of camera - * @tc.type: FUNC - * @tc.require: issueI5RWXF - */ -HWTEST_F(SensitiveManagerServiceTest, SetCameraMuteTest001, TestSize.Level1) -{ - AccessTokenID tokenId = AccessTokenKit::GetNativeTokenId("privacy_service"); - EXPECT_EQ(0, SetSelfTokenID(tokenId)); - - bool initMute = CameraManagerPrivacyClient::GetInstance().IsCameraMuted(); - - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, false); - EXPECT_EQ(false, CameraManagerPrivacyClient::GetInstance().IsCameraMuted()); - - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, true); - EXPECT_EQ(true, CameraManagerPrivacyClient::GetInstance().IsCameraMuted()); - - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, false); - EXPECT_EQ(false, CameraManagerPrivacyClient::GetInstance().IsCameraMuted()); - - CameraManagerPrivacyClient::GetInstance().MuteCameraPersist(PolicyType::PRIVACY, initMute); -} - -#ifdef ABILITY_RUNTIME_ENABLE -/* - * @tc.name: AppManagerPrivacyCode001 - * @tc.desc: test api function - * @tc.type: FUNC - * @tc.require: - */ -HWTEST_F(SensitiveManagerServiceTest, AppManagerPrivacyCode001, TestSize.Level1) -{ - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::REGISTER_APPLICATION_STATE_OBSERVER), - static_cast(IAppMgr::Message::REGISTER_APPLICATION_STATE_OBSERVER)); // 12 - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::UNREGISTER_APPLICATION_STATE_OBSERVER), - static_cast(IAppMgr::Message::UNREGISTER_APPLICATION_STATE_OBSERVER)); // 13 - ASSERT_EQ(static_cast(OHOS::AppExecFwk::AppMgrInterfaceCode::GET_FOREGROUND_APPLICATIONS), - static_cast(IAppMgr::Message::GET_FOREGROUND_APPLICATIONS)); // 14 -} -#endif - /* * @tc.name: RegisterAppObserverTest001 * @tc.desc: test RegisterApplicationStateObserver with Callback is nullptr. diff --git a/services/test/mock/aafwk/mock_app_mgr_service.cpp b/services/test/mock/aafwk/mock_app_mgr_service.cpp index 308e246349223c5dd2032c5a26c78e0128797be5..f88431dcf6c26a98565e12c5804538e912f599b2 100644 --- a/services/test/mock/aafwk/mock_app_mgr_service.cpp +++ b/services/test/mock/aafwk/mock_app_mgr_service.cpp @@ -60,7 +60,7 @@ void MockAppMgrService::SwitchForeOrBackGround(uint32_t tokenId, int32_t flag) data.pid = 0; data.accessTokenId = tokenId; data.state = flag; - observer_->OnForegroundApplicationChanged(data); + observer_->OnAppStateChanged(data); } } } \ No newline at end of file diff --git a/services/tokensyncmanager/BUILD.gn b/services/tokensyncmanager/BUILD.gn index 5eec9e56f7ec4b614b23af747e4dfb607c69b7c8..74841d7b3435321faf4652e51e71262ab9cda127 100644 --- a/services/tokensyncmanager/BUILD.gn +++ b/services/tokensyncmanager/BUILD.gn @@ -57,7 +57,8 @@ if (token_sync_enable == true) { "${access_token_path}/frameworks/accesstoken/include", "${access_token_path}/frameworks/tokensync/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", "${access_token_path}/services/common/libraryloader/include", ] @@ -66,7 +67,6 @@ if (token_sync_enable == true) { "src/command/base_remote_command.cpp", "src/command/delete_remote_token_command.cpp", "src/command/sync_remote_hap_token_command.cpp", - "src/command/sync_remote_native_token_command.cpp", "src/command/update_remote_hap_token_command.cpp", "src/common/constant.cpp", "src/device/device_info_manager.cpp", @@ -103,24 +103,23 @@ if (token_sync_enable == true) { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", "${access_token_path}/services/tokensyncmanager:token_sync.rc", ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", "safwk:system_ability_fwk", + "samgr:samgr_proxy", "zlib:shared_libz", ] if (ohos_indep_compiler_enable) { - external_deps += [ - "bounds_checking_function:libsec_shared", - "samgr:samgr_proxy", - ] + external_deps += [ "bounds_checking_function:libsec_shared" ] } if (eventhandler_enable == true) { diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h index f8d17a79b451d07a762f2fd402ad2a64e5a4b117..94452238c6fffa98980eab67e405c4f977c7a81f 100644 --- a/services/tokensyncmanager/include/command/base_remote_command.h +++ b/services/tokensyncmanager/include/command/base_remote_command.h @@ -17,11 +17,11 @@ #include +#include "cjson_utils.h" #include "constant.h" #include "hap_token_info.h" -#include "native_token_info.h" -#include "nlohmann/json.hpp" -#include "permission_state_full.h" +#include "native_token_info_base.h" +#include "permission_status.h" #include "remote_protocol.h" namespace OHOS { @@ -45,20 +45,20 @@ public: virtual void Finish() = 0; virtual std::string ToJsonPayload() = 0; - nlohmann::json ToRemoteProtocolJson(); - void FromRemoteProtocolJson(const nlohmann::json& jsonObject); + CJsonUnique ToRemoteProtocolJson(); + void FromRemoteProtocolJson(const CJson* jsonObject); - void ToPermStateJson(nlohmann::json& permStateJson, const PermissionStateFull& state); - void FromPermStateListJson(const nlohmann::json& hapTokenJson, - std::vector& permStateList); + void ToPermStateJson(CJson* permStateJson, const PermissionStatus& state); + void FromPermStateListJson(const CJson* hapTokenJson, + std::vector& permStateList); - void FromHapTokenBasicInfoJson(const nlohmann::json& hapTokenJson, + void FromHapTokenBasicInfoJson(const CJson* hapTokenJson, HapTokenInfo& hapTokenBasicInfo); - nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); - void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo); - nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo); - void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoForSync& nativeTokenInfo); + CJsonUnique ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo); + void FromHapTokenInfoJson(const CJson* hapTokenJson, HapTokenInfoForSync& hapTokenInfo); + CJsonUnique ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo); + void FromNativeTokenInfoJson(const CJson* nativeTokenJson, NativeTokenInfoBase& nativeTokenInfo); RemoteProtocol remoteProtocol_; }; } // namespace AccessToken diff --git a/services/tokensyncmanager/include/command/sync_remote_hap_token_command.h b/services/tokensyncmanager/include/command/sync_remote_hap_token_command.h index 7fbb9b7adb121d984c9f99e77c2e790ac1fd176c..90a349d1709d676ce940000912a6d38e2a705bdf 100644 --- a/services/tokensyncmanager/include/command/sync_remote_hap_token_command.h +++ b/services/tokensyncmanager/include/command/sync_remote_hap_token_command.h @@ -21,7 +21,7 @@ #include "access_token.h" #include "base_remote_command.h" #include "hap_token_info.h" -#include "permission_state_full.h" +#include "permission_status.h" namespace OHOS { namespace Security { diff --git a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h deleted file mode 100644 index 6f700fb692d22357aceef9e99d12dd93c51c768f..0000000000000000000000000000000000000000 --- a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SYNC_REMOTE_NATIVE_TOKEN_COMMAND_H -#define SYNC_REMOTE_NATIVE_TOKEN_COMMAND_H - -#include -#include - -#include "base_remote_command.h" -#include "native_token_info.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -/** - * Command which used to get all native token info from other device. - */ -class SyncRemoteNativeTokenCommand : public BaseRemoteCommand { -public: - void Prepare() override; - - void Execute() override; - - void Finish() override; - - std::string ToJsonPayload() override; - - explicit SyncRemoteNativeTokenCommand(const std::string &json); - SyncRemoteNativeTokenCommand(const std::string &srcDeviceId, const std::string &dstDeviceId); - virtual ~SyncRemoteNativeTokenCommand() override = default; - -private: - /** - * The command name. Should be equal to class name. - */ - const std::string COMMAND_NAME = "SyncRemoteNativeTokenCommand"; - std::vector nativeTokenInfo_; -}; -} // namespace AccessToken -} // namespace Security -} // namespace OHOS -#endif diff --git a/services/tokensyncmanager/include/device/device_info_manager.h b/services/tokensyncmanager/include/device/device_info_manager.h index 53f7871449266029074ddd436ff55b90e29f0dca..6dd2bfc8808c5a1cad355aea6419d8707fb92857 100644 --- a/services/tokensyncmanager/include/device/device_info_manager.h +++ b/services/tokensyncmanager/include/device/device_info_manager.h @@ -18,7 +18,7 @@ #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "data_validator.h" #include "device_info_repository.h" #include "ipc_skeleton.h" diff --git a/services/tokensyncmanager/include/remote/remote_command_executor.h b/services/tokensyncmanager/include/remote/remote_command_executor.h index de641f5912f3f9f55a4ab160b743b0298917fc32..f5f6974f1d47ed2456af573b62e975e28e499276 100644 --- a/services/tokensyncmanager/include/remote/remote_command_executor.h +++ b/services/tokensyncmanager/include/remote/remote_command_executor.h @@ -19,7 +19,7 @@ #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "base_remote_command.h" #include "remote_command_factory.h" #include "rpc_channel.h" @@ -27,7 +27,7 @@ namespace OHOS { namespace Security { namespace AccessToken { -class RemoteCommandExecutor final { +class RemoteCommandExecutor final : public std::enable_shared_from_this { public: explicit RemoteCommandExecutor(const std::string &targetNodeId); virtual ~RemoteCommandExecutor(); diff --git a/services/tokensyncmanager/include/remote/remote_command_factory.h b/services/tokensyncmanager/include/remote/remote_command_factory.h index f9967cc208ea736051848cf3dea9c5b03fafd644..5c88b41fa1e0b8a50ee032d4d7087590b9ce02bd 100644 --- a/services/tokensyncmanager/include/remote/remote_command_factory.h +++ b/services/tokensyncmanager/include/remote/remote_command_factory.h @@ -24,7 +24,6 @@ #include "delete_remote_token_command.h" #include "hap_token_info.h" #include "sync_remote_hap_token_command.h" -#include "sync_remote_native_token_command.h" #include "update_remote_hap_token_command.h" namespace OHOS { @@ -43,9 +42,6 @@ public: std::shared_ptr NewUpdateRemoteHapTokenCommand(const std::string &srcDeviceId, const std::string &dstDeviceId, const HapTokenInfoForSync& tokenInfo); - std::shared_ptr NewSyncRemoteNativeTokenCommand(const std::string &srcDeviceId, - const std::string &dstDeviceId); - std::shared_ptr NewRemoteCommandFromJson( const std::string &commandName, const std::string &commandJsonString); diff --git a/services/tokensyncmanager/include/remote/remote_command_manager.h b/services/tokensyncmanager/include/remote/remote_command_manager.h index b94ffb870b9990cd2bb5c8c83d9744c405579869..6cad1db005745730e0de77ddfe8a2a3c331eb567 100644 --- a/services/tokensyncmanager/include/remote/remote_command_manager.h +++ b/services/tokensyncmanager/include/remote/remote_command_manager.h @@ -21,7 +21,7 @@ #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "base_remote_command.h" #include "constant.h" #include "data_validator.h" diff --git a/services/tokensyncmanager/include/remote/soft_bus_channel.h b/services/tokensyncmanager/include/remote/soft_bus_channel.h index 93567bd6d7a3251fb52449ba44a89bb8bf91f80a..f5b76756515785bc27755f175d77ae60ee5d165c 100644 --- a/services/tokensyncmanager/include/remote/soft_bus_channel.h +++ b/services/tokensyncmanager/include/remote/soft_bus_channel.h @@ -25,8 +25,8 @@ #include #include -#include "accesstoken_log.h" -#include "nlohmann/json.hpp" +#include "accesstoken_common_log.h" +#include "cjson_utils.h" #include "rpc_channel.h" #include "socket.h" #include "random.h" @@ -331,12 +331,12 @@ public: */ std::string ToJson() const { - nlohmann::json json; - json["type"] = this->type_; - json["id"] = this->id_; - json["commandName"] = this->commandName_; - json["jsonPayload"] = this->jsonPayload_; - return json.dump(); + CJsonUnique json = CreateJson(); + AddStringToJson(json, "type", this->type_); + AddStringToJson(json, "id", this->id_); + AddStringToJson(json, "commandName", this->commandName_); + AddStringToJson(json, "jsonPayload", this->jsonPayload_); + return PackJsonToString(json); } const std::string &GetType() const diff --git a/services/tokensyncmanager/include/remote/soft_bus_device_connection_listener.h b/services/tokensyncmanager/include/remote/soft_bus_device_connection_listener.h index 509deeee906840bf2b048ed804b58ebe44d8d233..4888bb47347518415e633b7bc3e895034017c034 100644 --- a/services/tokensyncmanager/include/remote/soft_bus_device_connection_listener.h +++ b/services/tokensyncmanager/include/remote/soft_bus_device_connection_listener.h @@ -20,7 +20,7 @@ #include #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "device_manager_callback.h" #include "dm_device_info.h" diff --git a/services/tokensyncmanager/include/remote/soft_bus_manager.h b/services/tokensyncmanager/include/remote/soft_bus_manager.h index 624861ec9022fb5add65aa633e0093230518a827..d53e94e62e6b8c5ca0ea575dda6500f1cd7eda62 100644 --- a/services/tokensyncmanager/include/remote/soft_bus_manager.h +++ b/services/tokensyncmanager/include/remote/soft_bus_manager.h @@ -18,6 +18,7 @@ #include #include +#include #include #include #include diff --git a/services/tokensyncmanager/include/service/token_sync_manager_service.h b/services/tokensyncmanager/include/service/token_sync_manager_service.h index 206d0b88ec94ee5bf77a63cf9b749e8a08eb5260..f0a7322487e2e1e8872d19dc57ca378facd349b0 100644 --- a/services/tokensyncmanager/include/service/token_sync_manager_service.h +++ b/services/tokensyncmanager/include/service/token_sync_manager_service.h @@ -40,6 +40,7 @@ class TokenSyncManagerService final : public SystemAbility, public TokenSyncMana public: void OnStart() override; void OnStop() override; + void OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) override; #ifdef EVENTHANDLER_ENABLE std::shared_ptr GetSendEventHandler() const; diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp index bd08ab1e3c5d75d7574087de9246b31366a17198..b78f83703cd85890920be885a92a75f31e770197 100644 --- a/services/tokensyncmanager/src/command/base_remote_command.cpp +++ b/services/tokensyncmanager/src/command/base_remote_command.cpp @@ -14,14 +14,13 @@ */ #include "base_remote_command.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "data_validator.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "BaseRemoteCommand"}; static const std::string JSON_COMMAND_NAME = "commandName"; static const std::string JSON_UNIQUEID = "uniqueId"; static const std::string JSON_REQUEST_VERSION = "requestVersion"; @@ -40,33 +39,9 @@ static const std::string JSON_USERID = "userID"; static const std::string JSON_BUNDLE_NAME = "bundleName"; static const std::string JSON_INST_INDEX = "instIndex"; static const std::string JSON_DLP_TYPE = "dlpType"; -static const std::string JSON_APPID = "appID"; -static const std::string JSON_DEVICEID = "deviceID"; } -static void GetStringFromJson(const nlohmann::json& jsonObject, const std::string& tag, std::string& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_string()) { - out = jsonObject.at(tag).get(); - } -} - -static void GetIntFromJson(const nlohmann::json& jsonObject, const std::string& tag, int32_t& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) { - out = jsonObject.at(tag).get(); - } -} - -static void GetUnSignedIntFromJson(const nlohmann::json& jsonObject, const std::string& tag, - unsigned int& out) -{ - if (jsonObject.find(tag) != jsonObject.end() && jsonObject.at(tag).is_number()) { - out = jsonObject.at(tag).get(); - } -} - -void BaseRemoteCommand::FromRemoteProtocolJson(const nlohmann::json& jsonObject) +void BaseRemoteCommand::FromRemoteProtocolJson(const CJson* jsonObject) { GetStringFromJson(jsonObject, JSON_COMMAND_NAME, remoteProtocol_.commandName); GetStringFromJson(jsonObject, JSON_UNIQUEID, remoteProtocol_.uniqueId); @@ -81,204 +56,167 @@ void BaseRemoteCommand::FromRemoteProtocolJson(const nlohmann::json& jsonObject) GetStringFromJson(jsonObject, JSON_RESPONSE_DEVICEID, remoteProtocol_.responseDeviceId); } -nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson() +CJsonUnique BaseRemoteCommand::ToRemoteProtocolJson() { - nlohmann::json j; - j["commandName"] = remoteProtocol_.commandName; - j["uniqueId"] = remoteProtocol_.uniqueId; - j["requestVersion"] = remoteProtocol_.requestVersion; - j["srcDeviceId"] = remoteProtocol_.srcDeviceId; - j["srcDeviceLevel"] = remoteProtocol_.srcDeviceLevel; - j["dstDeviceId"] = remoteProtocol_.dstDeviceId; - j["dstDeviceLevel"] = remoteProtocol_.dstDeviceLevel; - j["statusCode"] = remoteProtocol_.statusCode; - j["message"] = remoteProtocol_.message; - j["responseVersion"] = remoteProtocol_.responseVersion; - j["responseDeviceId"] = remoteProtocol_.responseDeviceId; + CJsonUnique j = CreateJson(); + AddStringToJson(j, "commandName", remoteProtocol_.commandName); + AddStringToJson(j, "uniqueId", remoteProtocol_.uniqueId); + AddIntToJson(j, "requestVersion", remoteProtocol_.requestVersion); + AddStringToJson(j, "srcDeviceId", remoteProtocol_.srcDeviceId); + AddStringToJson(j, "srcDeviceLevel", remoteProtocol_.srcDeviceLevel); + AddStringToJson(j, "dstDeviceId", remoteProtocol_.dstDeviceId); + AddStringToJson(j, "dstDeviceLevel", remoteProtocol_.dstDeviceLevel); + AddIntToJson(j, "statusCode", remoteProtocol_.statusCode); + AddStringToJson(j, "message", remoteProtocol_.message); + AddIntToJson(j, "responseVersion", remoteProtocol_.responseVersion); + AddStringToJson(j, "responseDeviceId", remoteProtocol_.responseDeviceId); return j; } -nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo) +CJsonUnique BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoBase& tokenInfo) { - nlohmann::json permStatesJson; + CJsonUnique permStatesJson = CreateJsonArray(); for (const auto& permState : tokenInfo.permStateList) { - nlohmann::json permStateJson; - ToPermStateJson(permStateJson, permState); - permStatesJson.emplace_back(permStateJson); - } - - nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap); - nlohmann::json NativeAclsJson = nlohmann::json(tokenInfo.baseInfo.nativeAcls); - nlohmann::json nativeTokenJson = nlohmann::json { - {"processName", tokenInfo.baseInfo.processName}, - {"apl", tokenInfo.baseInfo.apl}, - {"version", tokenInfo.baseInfo.ver}, - {"tokenId", tokenInfo.baseInfo.tokenID}, - {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, - {"dcaps", DcapsJson}, - {"nativeAcls", NativeAclsJson}, - {"permState", permStatesJson}, - }; + CJsonUnique permStateJson = CreateJson(); + ToPermStateJson(permStateJson.get(), permState); + AddObjToArray(permStatesJson, permStateJson); + } + CJsonUnique DcapsJson = CreateJsonArray(); + for (const auto& item : tokenInfo.dcap) { + cJSON *tmpObj = cJSON_CreateString(item.c_str()); + AddObjToArray(DcapsJson.get(), tmpObj); + cJSON_Delete(tmpObj); + tmpObj = nullptr; + } + CJsonUnique NativeAclsJson = CreateJsonArray(); + for (const auto& item : tokenInfo.nativeAcls) { + cJSON *tmpObj = cJSON_CreateString(item.c_str()); + AddObjToArray(NativeAclsJson.get(), tmpObj); + cJSON_Delete(tmpObj); + tmpObj = nullptr; + } + CJsonUnique nativeTokenJson = CreateJson(); + AddStringToJson(nativeTokenJson, "processName", tokenInfo.processName); + AddIntToJson(nativeTokenJson, "apl", tokenInfo.apl); + AddUnsignedIntToJson(nativeTokenJson, "version", tokenInfo.ver); + AddUnsignedIntToJson(nativeTokenJson, "tokenId", tokenInfo.tokenID); + AddUnsignedIntToJson(nativeTokenJson, "tokenAttr", tokenInfo.tokenAttr); + AddObjToJson(nativeTokenJson, "dcaps", DcapsJson); + AddObjToJson(nativeTokenJson, "nativeAcls", NativeAclsJson); + AddObjToJson(nativeTokenJson, "permState", permStatesJson); return nativeTokenJson; } -void BaseRemoteCommand::ToPermStateJson(nlohmann::json& permStateJson, const PermissionStateFull& state) +void BaseRemoteCommand::ToPermStateJson(cJSON* permStateJson, const PermissionStatus& state) { - if (state.resDeviceID.size() != state.grantStatus.size() || state.resDeviceID.size() != state.grantFlags.size()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "State grant config size is invalid"); - return; - } - nlohmann::json permConfigsJson; - uint32_t size = state.resDeviceID.size(); - for (uint32_t i = 0; i < size; i++) { - nlohmann::json permConfigJson = nlohmann::json { - {"resDeviceID", state.resDeviceID[i]}, - {"grantStatus", state.grantStatus[i]}, - {"grantFlags", state.grantFlags[i]}, - }; - permConfigsJson.emplace_back(permConfigJson); - } - - permStateJson["permissionName"] = state.permissionName; - permStateJson["isGeneral"] = state.isGeneral; - permStateJson["grantConfig"] = permConfigsJson; + AddStringToJson(permStateJson, "permissionName", state.permissionName); + AddIntToJson(permStateJson, "grantStatus", state.grantStatus); + AddUnsignedIntToJson(permStateJson, "grantFlag", state.grantFlag); } -nlohmann::json BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& tokenInfo) +CJsonUnique BaseRemoteCommand::ToHapTokenInfosJson(const HapTokenInfoForSync& tokenInfo) { - nlohmann::json permStatesJson; + CJsonUnique permStatesJson = CreateJsonArray(); for (const auto& permState : tokenInfo.permStateList) { - nlohmann::json permStateJson; - ToPermStateJson(permStateJson, permState); - permStatesJson.emplace_back(permStateJson); - } - - nlohmann::json hapTokensJson = nlohmann::json { - {"version", tokenInfo.baseInfo.ver}, - {"tokenID", tokenInfo.baseInfo.tokenID}, - {"tokenAttr", tokenInfo.baseInfo.tokenAttr}, - {"userID", tokenInfo.baseInfo.userID}, - {"bundleName", tokenInfo.baseInfo.bundleName}, - {"instIndex", tokenInfo.baseInfo.instIndex}, - {"dlpType", tokenInfo.baseInfo.dlpType}, - {"appID", tokenInfo.baseInfo.appID}, - {"deviceID", tokenInfo.baseInfo.deviceID}, - {"apl", tokenInfo.baseInfo.apl}, - {"permState", permStatesJson} - }; + CJsonUnique permStateJson = CreateJson(); + ToPermStateJson(permStateJson.get(), permState); + AddObjToArray(permStatesJson, permStateJson); + } + CJsonUnique hapTokensJson = CreateJson(); + AddIntToJson(hapTokensJson, JSON_VERSION, tokenInfo.baseInfo.ver); + AddUnsignedIntToJson(hapTokensJson, JSON_TOKENID, tokenInfo.baseInfo.tokenID); + AddUnsignedIntToJson(hapTokensJson, JSON_TOKEN_ATTR, tokenInfo.baseInfo.tokenAttr); + AddIntToJson(hapTokensJson, JSON_USERID, tokenInfo.baseInfo.userID); + AddStringToJson(hapTokensJson, JSON_BUNDLE_NAME, tokenInfo.baseInfo.bundleName); + AddIntToJson(hapTokensJson, JSON_INST_INDEX, tokenInfo.baseInfo.instIndex); + AddIntToJson(hapTokensJson, JSON_DLP_TYPE, tokenInfo.baseInfo.dlpType); + AddObjToJson(hapTokensJson, "permState", permStatesJson); return hapTokensJson; } -void BaseRemoteCommand::FromHapTokenBasicInfoJson(const nlohmann::json& hapTokenJson, +void BaseRemoteCommand::FromHapTokenBasicInfoJson(const cJSON* hapTokenJson, HapTokenInfo& hapTokenBasicInfo) { - if (hapTokenJson.find("version") != hapTokenJson.end() && hapTokenJson.at("version").is_number()) { - hapTokenJson.at("version").get_to(hapTokenBasicInfo.ver); - } - - GetUnSignedIntFromJson(hapTokenJson, JSON_TOKENID, hapTokenBasicInfo.tokenID); - GetUnSignedIntFromJson(hapTokenJson, JSON_TOKEN_ATTR, hapTokenBasicInfo.tokenAttr); + int32_t ver; + GetIntFromJson(hapTokenJson, JSON_VERSION, ver); + hapTokenBasicInfo.ver = (char)ver; + GetUnsignedIntFromJson(hapTokenJson, JSON_TOKENID, hapTokenBasicInfo.tokenID); + GetUnsignedIntFromJson(hapTokenJson, JSON_TOKEN_ATTR, hapTokenBasicInfo.tokenAttr); GetIntFromJson(hapTokenJson, JSON_USERID, hapTokenBasicInfo.userID); GetStringFromJson(hapTokenJson, JSON_BUNDLE_NAME, hapTokenBasicInfo.bundleName); GetIntFromJson(hapTokenJson, JSON_INST_INDEX, hapTokenBasicInfo.instIndex); GetIntFromJson(hapTokenJson, JSON_DLP_TYPE, hapTokenBasicInfo.dlpType); - GetStringFromJson(hapTokenJson, JSON_APPID, hapTokenBasicInfo.appID); - GetStringFromJson(hapTokenJson, JSON_DEVICEID, hapTokenBasicInfo.deviceID); - - if (hapTokenJson.find("apl") != hapTokenJson.end() && hapTokenJson.at("apl").is_number()) { - int apl = hapTokenJson.at("apl").get(); - if (DataValidator::IsAplNumValid(apl)) { - hapTokenBasicInfo.apl = static_cast(apl); - } - } } -void BaseRemoteCommand::FromPermStateListJson(const nlohmann::json& hapTokenJson, - std::vector& permStateList) +void BaseRemoteCommand::FromPermStateListJson(const cJSON* hapTokenJson, + std::vector& permStateList) { - if (hapTokenJson.find("permState") != hapTokenJson.end() - && hapTokenJson.at("permState").is_array() - && !hapTokenJson.at("permState").empty()) { - nlohmann::json permissionsJson = hapTokenJson.at("permState").get(); - for (const auto& permissionJson : permissionsJson) { - PermissionStateFull permission; - if (permissionJson.find("permissionName") == permissionJson.end() || - !permissionJson.at("permissionName").is_string() || - permissionJson.find("isGeneral") == permissionJson.end() || - !permissionJson.at("isGeneral").is_boolean() || - permissionJson.find("grantConfig") == permissionJson.end() || - !permissionJson.at("grantConfig").is_array() || - permissionJson.at("grantConfig").empty()) { + cJSON *jsonObjTmp = GetArrayFromJson(hapTokenJson, "permState"); + if (jsonObjTmp != nullptr) { + int len = cJSON_GetArraySize(jsonObjTmp); + for (int i = 0; i < len; i++) { + cJSON *permissionJson = cJSON_GetArrayItem(jsonObjTmp, i); + PermissionStatus permission; + if (!GetStringFromJson(permissionJson, "permissionName", permission.permissionName)) { + continue; + } + if (!GetIntFromJson(permissionJson, "grantStatus", permission.grantStatus)) { continue; } - permissionJson.at("permissionName").get_to(permission.permissionName); - permissionJson.at("isGeneral").get_to(permission.isGeneral); - nlohmann::json grantConfigsJson = permissionJson.at("grantConfig").get(); - for (const auto& grantConfigJson :grantConfigsJson) { - if (grantConfigJson.find("resDeviceID") == grantConfigJson.end() || - !grantConfigJson.at("resDeviceID").is_string() || - grantConfigJson.find("grantStatus") == grantConfigJson.end() || - !grantConfigJson.at("grantStatus").is_number() || - grantConfigJson.find("grantFlags") == grantConfigJson.end() || - !grantConfigJson.at("grantFlags").is_number()) { - continue; - } - std::string deviceID; - grantConfigJson.at("resDeviceID").get_to(deviceID); - int grantStatus; - grantConfigJson.at("grantStatus").get_to(grantStatus); - int grantFlags; - grantConfigJson.at("grantFlags").get_to(grantFlags); - permission.resDeviceID.emplace_back(deviceID); - permission.grantStatus.emplace_back(grantStatus); - permission.grantFlags.emplace_back(grantFlags); + if (!GetUnsignedIntFromJson(permissionJson, "grantFlag", permission.grantFlag)) { + continue; } permStateList.emplace_back(permission); } } } -void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, +void BaseRemoteCommand::FromHapTokenInfoJson(const cJSON* hapTokenJson, HapTokenInfoForSync& hapTokenInfo) { FromHapTokenBasicInfoJson(hapTokenJson, hapTokenInfo.baseInfo); if (hapTokenInfo.baseInfo.tokenID == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token basic info is error."); + LOGE(ATM_DOMAIN, ATM_TAG, "Hap token basic info is error."); return; } FromPermStateListJson(hapTokenJson, hapTokenInfo.permStateList); } -void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, - NativeTokenInfoForSync& nativeTokenInfo) +void BaseRemoteCommand::FromNativeTokenInfoJson(const cJSON* nativeTokenJson, + NativeTokenInfoBase& nativeTokenInfo) { - if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) { - nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get(); - } - if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) { - int apl = nativeTokenJson.at("apl").get(); - if (DataValidator::IsAplNumValid(apl)) { - nativeTokenInfo.baseInfo.apl = static_cast(apl); + GetStringFromJson(nativeTokenJson, "processName", nativeTokenInfo.processName); + int32_t apl; + GetIntFromJson(nativeTokenJson, "apl", apl); + if (DataValidator::IsAplNumValid(apl)) { + nativeTokenInfo.apl = static_cast(apl); + } + int32_t ver; + GetIntFromJson(nativeTokenJson, JSON_VERSION, ver); + nativeTokenInfo.ver = (char)ver; + GetUnsignedIntFromJson(nativeTokenJson, "tokenId", nativeTokenInfo.tokenID); + GetUnsignedIntFromJson(nativeTokenJson, "tokenAttr", nativeTokenInfo.tokenAttr); + + cJSON *dcapsJson = GetArrayFromJson(nativeTokenJson, "dcaps"); + if (dcapsJson != nullptr) { + CJson *dcap = nullptr; + std::vector dcaps; + cJSON_ArrayForEach(dcap, dcapsJson) { + std::string item = cJSON_GetStringValue(dcap); + dcaps.push_back(item); } + nativeTokenInfo.dcap = dcaps; + } + cJSON *nativeAclsJson = GetArrayFromJson(nativeTokenJson, "nativeAcls"); + if (nativeAclsJson != nullptr) { + CJson *acl = nullptr; + std::vector nativeAcls; + cJSON_ArrayForEach(acl, nativeAclsJson) { + std::string item = cJSON_GetStringValue(acl); + nativeAcls.push_back(item); + } + nativeTokenInfo.nativeAcls = nativeAcls; } - if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) { - nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get(); - } - if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) { - nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get(); - } - if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) { - nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get(); - } - if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array() - && !nativeTokenJson.at("dcaps").empty() && (nativeTokenJson.at("dcaps"))[0].is_string()) { - nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get>(); - } - if (nativeTokenJson.find("nativeAcls") != nativeTokenJson.end() && nativeTokenJson.at("nativeAcls").is_array() - && !nativeTokenJson.at("nativeAcls").empty() && (nativeTokenJson.at("nativeAcls"))[0].is_string()) { - nativeTokenInfo.baseInfo.nativeAcls = nativeTokenJson.at("nativeAcls").get>(); - } - FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList); } } // namespace AccessToken diff --git a/services/tokensyncmanager/src/command/delete_remote_token_command.cpp b/services/tokensyncmanager/src/command/delete_remote_token_command.cpp index 887de19902710712b20105708c27e5a1336c8a7d..11e3e6fea37806e8e519495279ed928c079c71b9 100644 --- a/services/tokensyncmanager/src/command/delete_remote_token_command.cpp +++ b/services/tokensyncmanager/src/command/delete_remote_token_command.cpp @@ -17,7 +17,7 @@ #include "access_token_error.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "base_remote_command.h" #include "constant_common.h" #include "device_info.h" @@ -26,10 +26,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DeleteRemoteTokenCommand"}; -} DeleteRemoteTokenCommand::DeleteRemoteTokenCommand( const std::string &srcDeviceId, const std::string &dstDeviceId, AccessTokenID deleteID) @@ -46,39 +42,39 @@ DeleteRemoteTokenCommand::DeleteRemoteTokenCommand( DeleteRemoteTokenCommand::DeleteRemoteTokenCommand(const std::string& json) { deleteTokenId_ = 0; - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonObject is invalid."); + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - - if (jsonObject.find("tokenId") != jsonObject.end() && jsonObject.at("tokenId").is_number()) { - deleteTokenId_ = (AccessTokenID)jsonObject.at("tokenId").get(); + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); + uint32_t tokenId; + if (GetUnsignedIntFromJson(jsonObject, "tokenId", tokenId)) { + deleteTokenId_ = (AccessTokenID)tokenId; } } std::string DeleteRemoteTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - if (j.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "J is invalid."); + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + if (j == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "J is invalid."); return ""; } - j["tokenId"] = deleteTokenId_; - return j.dump(); + AddUnsignedIntToJson(j, "tokenId", deleteTokenId_); + return PackJsonToString(j); } void DeleteRemoteTokenCommand::Prepare() { remoteProtocol_.statusCode = Constant::SUCCESS; remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - ACCESSTOKEN_LOG_INFO(LABEL, "End as: DeleteRemoteTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "End as: DeleteRemoteTokenCommand"); } void DeleteRemoteTokenCommand::Execute() { - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: start as: DeleteRemoteTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: start as: DeleteRemoteTokenCommand"); remoteProtocol_.responseDeviceId = ConstantCommon::GetLocalDeviceId(); remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; @@ -86,7 +82,7 @@ void DeleteRemoteTokenCommand::Execute() bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(remoteProtocol_.srcDeviceId, DeviceIdType::UNKNOWN, devInfo); if (!result) { - ACCESSTOKEN_LOG_INFO(LABEL, "Error: get remote uniqueDeviceId failed"); + LOGI(ATM_DOMAIN, ATM_TAG, "Error: get remote uniqueDeviceId failed"); remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; return; } @@ -101,13 +97,13 @@ void DeleteRemoteTokenCommand::Execute() remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; } - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: end as: DeleteRemoteTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: end as: DeleteRemoteTokenCommand"); } void DeleteRemoteTokenCommand::Finish() { remoteProtocol_.statusCode = Constant::SUCCESS; - ACCESSTOKEN_LOG_INFO(LABEL, "Finish: end as: DeleteUidPermissionCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Finish: end as: DeleteUidPermissionCommand"); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp index 23ac9c668cc03df0392d9b5f20b941af8110b9cc..2ad94ec4801725fb91f6361d1eb9be783aa23580 100644 --- a/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp +++ b/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp @@ -16,7 +16,7 @@ #include "sync_remote_hap_token_command.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "constant_common.h" #include "base_remote_command.h" @@ -24,10 +24,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SyncRemoteHapTokenCommand"}; -} SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand( const std::string &srcDeviceId, const std::string &dstDeviceId, AccessTokenID id) : requestTokenId_(id) @@ -38,10 +34,7 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand( remoteProtocol_.dstDeviceId = dstDeviceId; remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; remoteProtocol_.requestVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; - hapTokenInfo_.baseInfo.apl = APL_NORMAL; - hapTokenInfo_.baseInfo.appID = ""; hapTokenInfo_.baseInfo.bundleName = ""; - hapTokenInfo_.baseInfo.deviceID = ""; hapTokenInfo_.baseInfo.instIndex = 0; hapTokenInfo_.baseInfo.dlpType = 0; hapTokenInfo_.baseInfo.tokenAttr = 0; @@ -53,10 +46,7 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand( SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand(const std::string &json) { requestTokenId_ = 0; - hapTokenInfo_.baseInfo.apl = APL_INVALID; - hapTokenInfo_.baseInfo.appID = ""; hapTokenInfo_.baseInfo.bundleName = ""; - hapTokenInfo_.baseInfo.deviceID = ""; hapTokenInfo_.baseInfo.instIndex = 0; hapTokenInfo_.baseInfo.dlpType = 0; hapTokenInfo_.baseInfo.tokenAttr = 0; @@ -64,40 +54,39 @@ SyncRemoteHapTokenCommand::SyncRemoteHapTokenCommand(const std::string &json) hapTokenInfo_.baseInfo.userID = 0; hapTokenInfo_.baseInfo.ver = DEFAULT_TOKEN_VERSION; - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonObject is invalid."); + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - if ((jsonObject.find("requestTokenId") != jsonObject.end()) && (jsonObject.at("requestTokenId").is_number())) { - jsonObject.at("requestTokenId").get_to(requestTokenId_); - } + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); + GetUnsignedIntFromJson(jsonObject, "requestTokenId", requestTokenId_); - if ((jsonObject.find("HapTokenInfo") != jsonObject.end()) && (jsonObject.at("HapTokenInfo").is_object())) { - nlohmann::json hapTokenJson = jsonObject.at("HapTokenInfo").get(); + CJson *hapTokenJson = GetObjFromJson(jsonObject, "HapTokenInfo"); + if (hapTokenJson != nullptr) { BaseRemoteCommand::FromHapTokenInfoJson(hapTokenJson, hapTokenInfo_); } } std::string SyncRemoteHapTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - j["requestTokenId"] = requestTokenId_; - j["HapTokenInfo"] = BaseRemoteCommand::ToHapTokenInfosJson(hapTokenInfo_); - return j.dump(); + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + AddUnsignedIntToJson(j, "requestTokenId", requestTokenId_); + CJsonUnique HapTokenInfo = BaseRemoteCommand::ToHapTokenInfosJson(hapTokenInfo_); + AddObjToJson(j, "HapTokenInfo", HapTokenInfo); + return PackJsonToString(j); } void SyncRemoteHapTokenCommand::Prepare() { remoteProtocol_.statusCode = Constant::SUCCESS; remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - ACCESSTOKEN_LOG_DEBUG(LABEL, " end as: SyncRemoteHapTokenCommand"); + LOGD(ATM_DOMAIN, ATM_TAG, " end as: SyncRemoteHapTokenCommand"); } void SyncRemoteHapTokenCommand::Execute() { - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: start as: SyncRemoteHapTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: start as: SyncRemoteHapTokenCommand"); remoteProtocol_.responseDeviceId = ConstantCommon::GetLocalDeviceId(); remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; @@ -110,18 +99,18 @@ void SyncRemoteHapTokenCommand::Execute() remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; } - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: end as: SyncRemoteHapTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: end as: SyncRemoteHapTokenCommand"); } void SyncRemoteHapTokenCommand::Finish() { if (remoteProtocol_.statusCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Finish: end as: SyncRemoteHapTokenCommand get remote result error."); + LOGE(ATM_DOMAIN, ATM_TAG, "Finish: end as: SyncRemoteHapTokenCommand get remote result error."); return; } AccessTokenKit::SetRemoteHapTokenInfo(remoteProtocol_.dstDeviceId, hapTokenInfo_); remoteProtocol_.statusCode = Constant::SUCCESS; - ACCESSTOKEN_LOG_INFO(LABEL, "Finish: end as: SyncRemoteHapTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Finish: end as: SyncRemoteHapTokenCommand"); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp deleted file mode 100644 index 72edd4f0edee9ae83ff7ea526fff6bfd32d336e7..0000000000000000000000000000000000000000 --- a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sync_remote_native_token_command.h" - -#include "accesstoken_kit.h" -#include "accesstoken_log.h" -#include "access_token_error.h" -#include "base_remote_command.h" -#include "constant_common.h" -#include "device_info_manager.h" - -namespace OHOS { -namespace Security { -namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, - SECURITY_DOMAIN_ACCESSTOKEN, "SyncRemoteNativeTokenCommand"}; -} - -SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand( - const std::string &srcDeviceId, const std::string &dstDeviceId) -{ - remoteProtocol_.commandName = COMMAND_NAME; - remoteProtocol_.uniqueId = COMMAND_NAME; - remoteProtocol_.srcDeviceId = srcDeviceId; - remoteProtocol_.dstDeviceId = dstDeviceId; - remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; - remoteProtocol_.requestVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; -} - -SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand(const std::string &json) -{ - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonObject is invalid."); - return; - } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); - - if (jsonObject.find("NativeTokenInfos") != jsonObject.end() && jsonObject.at("NativeTokenInfos").is_array()) { - nlohmann::json nativeTokenListJson = jsonObject.at("NativeTokenInfos"); - for (const auto& tokenJson : nativeTokenListJson) { - NativeTokenInfoForSync token; - BaseRemoteCommand::FromNativeTokenInfoJson(tokenJson, token); - nativeTokenInfo_.emplace_back(token); - } - } -} - -std::string SyncRemoteNativeTokenCommand::ToJsonPayload() -{ - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - nlohmann::json nativeTokensJson; - for (const auto& token : nativeTokenInfo_) { - nlohmann::json tokenJson = BaseRemoteCommand::ToNativeTokenInfoJson(token); - nativeTokensJson.emplace_back(tokenJson); - } - j["NativeTokenInfos"] = nativeTokensJson; - return j.dump(); -} - -void SyncRemoteNativeTokenCommand::Prepare() -{ - remoteProtocol_.statusCode = Constant::SUCCESS; - remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - ACCESSTOKEN_LOG_DEBUG(LABEL, "End as: SyncRemoteNativeTokenCommand"); -} - -void SyncRemoteNativeTokenCommand::Execute() -{ - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: start as: SyncRemoteNativeTokenCommand"); - remoteProtocol_.responseDeviceId = ConstantCommon::GetLocalDeviceId(); - remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; - - int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfo_); - if (ret != RET_SUCCESS) { - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - remoteProtocol_.message = Constant::COMMAND_RESULT_FAILED; - } else { - remoteProtocol_.statusCode = Constant::SUCCESS; - remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - } - - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: end as: SyncRemoteNativeTokenCommand"); -} - -void SyncRemoteNativeTokenCommand::Finish() -{ - if (remoteProtocol_.statusCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Finish: end as: SyncRemoteHapTokenCommand get remote result error."); - return; - } - - DeviceInfo devInfo; - bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(remoteProtocol_.dstDeviceId, - DeviceIdType::UNKNOWN, devInfo); - if (!result) { - ACCESSTOKEN_LOG_ERROR(LABEL, "SyncRemoteNativeTokenCommand: get remote uniqueDeviceId failed"); - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - return; - } - int ret = AccessTokenKit::SetRemoteNativeTokenInfo(devInfo.deviceId.uniqueDeviceId, nativeTokenInfo_); - if (ret == RET_SUCCESS) { - remoteProtocol_.statusCode = Constant::SUCCESS; - } else { - remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; - } - ACCESSTOKEN_LOG_INFO(LABEL, "Finish: end as: SyncRemoteNativeTokenCommand ret %{public}d", ret); -} -} // namespace AccessToken -} // namespace Security -} // namespace OHOS - diff --git a/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp b/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp index 7fec309d6b1a8a3452eb978c0bb86a621c2104c0..cd1ce38f8941efd6001146684061e8765d3fed59 100644 --- a/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp +++ b/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp @@ -16,7 +16,7 @@ #include "update_remote_hap_token_command.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "base_remote_command.h" #include "constant_common.h" @@ -25,10 +25,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "UpdateRemoteHapTokenCommand"}; -} UpdateRemoteHapTokenCommand::UpdateRemoteHapTokenCommand( const std::string &srcDeviceId, const std::string &dstDeviceId, const HapTokenInfoForSync& tokenInfo) @@ -44,36 +40,37 @@ UpdateRemoteHapTokenCommand::UpdateRemoteHapTokenCommand( UpdateRemoteHapTokenCommand::UpdateRemoteHapTokenCommand(const std::string &json) { - nlohmann::json jsonObject = nlohmann::json::parse(json, nullptr, false); - if (jsonObject.is_discarded()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "JsonObject is invalid."); + CJsonUnique jsonObject = CreateJsonFromString(json); + if (jsonObject == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "JsonObject is invalid."); return; } - BaseRemoteCommand::FromRemoteProtocolJson(jsonObject); + BaseRemoteCommand::FromRemoteProtocolJson(jsonObject.get()); - if ((jsonObject.find("HapTokenInfos") != jsonObject.end()) && (jsonObject.at("HapTokenInfos").is_object())) { - nlohmann::json hapTokenJson = jsonObject.at("HapTokenInfos").get(); + CJson *hapTokenJson = GetObjFromJson(jsonObject, "HapTokenInfos"); + if (hapTokenJson != nullptr) { BaseRemoteCommand::FromHapTokenInfoJson(hapTokenJson, updateTokenInfo_); } } std::string UpdateRemoteHapTokenCommand::ToJsonPayload() { - nlohmann::json j = BaseRemoteCommand::ToRemoteProtocolJson(); - j["HapTokenInfos"] = BaseRemoteCommand::ToHapTokenInfosJson(updateTokenInfo_); - return j.dump(); + CJsonUnique j = BaseRemoteCommand::ToRemoteProtocolJson(); + CJsonUnique HapTokenInfos = BaseRemoteCommand::ToHapTokenInfosJson(updateTokenInfo_); + AddObjToJson(j, "HapTokenInfos", HapTokenInfos); + return PackJsonToString(j); } void UpdateRemoteHapTokenCommand::Prepare() { remoteProtocol_.statusCode = Constant::SUCCESS; remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; - ACCESSTOKEN_LOG_DEBUG(LABEL, "End as: UpdateRemoteHapTokenCommand"); + LOGD(ATM_DOMAIN, ATM_TAG, "End as: UpdateRemoteHapTokenCommand"); } void UpdateRemoteHapTokenCommand::Execute() { - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: start as: UpdateRemoteHapTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: start as: UpdateRemoteHapTokenCommand"); remoteProtocol_.responseDeviceId = ConstantCommon::GetLocalDeviceId(); remoteProtocol_.responseVersion = Constant::DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION; @@ -82,7 +79,7 @@ void UpdateRemoteHapTokenCommand::Execute() bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(remoteProtocol_.srcDeviceId, DeviceIdType::UNKNOWN, devInfo); if (!result) { - ACCESSTOKEN_LOG_INFO(LABEL, "UpdateRemoteHapTokenCommand: get remote uniqueDeviceId failed"); + LOGI(ATM_DOMAIN, ATM_TAG, "UpdateRemoteHapTokenCommand: get remote uniqueDeviceId failed"); remoteProtocol_.statusCode = Constant::FAILURE_BUT_CAN_RETRY; return; } @@ -97,13 +94,13 @@ void UpdateRemoteHapTokenCommand::Execute() remoteProtocol_.message = Constant::COMMAND_RESULT_SUCCESS; } - ACCESSTOKEN_LOG_INFO(LABEL, "Execute: end as: UpdateRemoteHapTokenCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Execute: end as: UpdateRemoteHapTokenCommand"); } void UpdateRemoteHapTokenCommand::Finish() { remoteProtocol_.statusCode = Constant::SUCCESS; - ACCESSTOKEN_LOG_INFO(LABEL, "Finish: end as: DeleteUidPermissionCommand"); + LOGI(ATM_DOMAIN, ATM_TAG, "Finish: end as: DeleteUidPermissionCommand"); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/device/device_info_manager.cpp b/services/tokensyncmanager/src/device/device_info_manager.cpp index 2e98f0bbade22f2664640d6138ed5a93a4ebdc27..70be2a192c36777c36f419292271187173d736c9 100644 --- a/services/tokensyncmanager/src/device/device_info_manager.cpp +++ b/services/tokensyncmanager/src/device/device_info_manager.cpp @@ -20,7 +20,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "DeviceInfoManager"}; std::recursive_mutex g_instanceMutex; } DeviceInfoManager &DeviceInfoManager::GetInstance() @@ -29,7 +28,8 @@ DeviceInfoManager &DeviceInfoManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new DeviceInfoManager(); + DeviceInfoManager* tmp = new DeviceInfoManager(); + instance = std::move(tmp); } } return *instance; @@ -53,7 +53,7 @@ void DeviceInfoManager::AddDeviceInfo(const std::string &networkId, const std::s if (!DataValidator::IsDeviceIdValid(networkId) || !DataValidator::IsDeviceIdValid(universallyUniqueId) || !DataValidator::IsDeviceIdValid(uniqueDeviceId) || deviceName.empty() || deviceType.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AddDeviceInfo: input param is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "AddDeviceInfo: input param is invalid"); return; } DeviceInfoRepository::GetInstance().SaveDeviceInfo( @@ -74,7 +74,7 @@ void DeviceInfoManager::RemoveAllRemoteDeviceInfo() void DeviceInfoManager::RemoveRemoteDeviceInfo(const std::string &nodeId, DeviceIdType deviceIdType) { if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "RemoveDeviceInfoByNetworkId: nodeId is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "RemoveDeviceInfoByNetworkId: nodeId is invalid"); } else { DeviceInfo deviceInfo; std::string localDevice = ConstantCommon::GetLocalDeviceId(); @@ -90,7 +90,7 @@ std::string DeviceInfoManager::ConvertToUniversallyUniqueIdOrFetch(const std::st { std::string result; if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ConvertToUniversallyUniqueIdOrFetch: nodeId is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "ConvertToUniversallyUniqueIdOrFetch: nodeId is invalid."); return result; } DeviceInfo deviceInfo; @@ -113,7 +113,7 @@ std::string DeviceInfoManager::ConvertToUniqueDeviceIdOrFetch(const std::string { std::string result; if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "ConvertToUniqueDeviceIdOrFetch: nodeId is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "ConvertToUniqueDeviceIdOrFetch: nodeId is invalid."); return result; } DeviceInfo deviceInfo; @@ -124,30 +124,26 @@ std::string DeviceInfoManager::ConvertToUniqueDeviceIdOrFetch(const std::string if (!udid.empty()) { result = udid; } else { - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "FindDeviceInfo succeed, udid and local udid is empty, nodeId(%{public}s)", ConstantCommon::EncryptDevId(nodeId).c_str()); } } else { - ACCESSTOKEN_LOG_DEBUG(LABEL, + LOGD(ATM_DOMAIN, ATM_TAG, "FindDeviceInfo succeed, udid is empty, nodeId(%{public}s) ", ConstantCommon::EncryptDevId(nodeId).c_str()); result = uniqueDeviceId; } } else { - ACCESSTOKEN_LOG_DEBUG( - LABEL, "FindDeviceInfo failed, nodeId(%{public}s)", + LOGD(ATM_DOMAIN, ATM_TAG, "FindDeviceInfo failed, nodeId(%{public}s)", ConstantCommon::EncryptDevId(nodeId).c_str()); auto list = DeviceInfoRepository::GetInstance().ListDeviceInfo(); auto iter = list.begin(); for (; iter != list.end(); iter++) { DeviceInfo info = (*iter); - ACCESSTOKEN_LOG_DEBUG( - LABEL, ">>> DeviceInfoRepository device name: %{public}s", info.deviceName.c_str()); - ACCESSTOKEN_LOG_DEBUG( - LABEL, ">>> DeviceInfoRepository device type: %{public}s", info.deviceType.c_str()); - ACCESSTOKEN_LOG_DEBUG(LABEL, - ">>> DeviceInfoRepository device network id: %{public}s", + LOGD(ATM_DOMAIN, ATM_TAG, ">>> DeviceInfoRepository device name: %{public}s", info.deviceName.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, ">>> DeviceInfoRepository device type: %{public}s", info.deviceType.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, ">>> DeviceInfoRepository device network id: %{public}s", ConstantCommon::EncryptDevId(info.deviceId.networkId).c_str()); } } @@ -157,7 +153,7 @@ std::string DeviceInfoManager::ConvertToUniqueDeviceIdOrFetch(const std::string bool DeviceInfoManager::IsDeviceUniversallyUniqueId(const std::string &nodeId) const { if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "IsDeviceUniversallyUniqueId: nodeId is invalid"); + LOGE(ATM_DOMAIN, ATM_TAG, "IsDeviceUniversallyUniqueId: nodeId is invalid"); return false; } DeviceInfo deviceInfo; diff --git a/services/tokensyncmanager/src/device/device_info_repository.cpp b/services/tokensyncmanager/src/device/device_info_repository.cpp index 932e69144f1e506191895e2f174670de461ec8cf..e90690b0308089d3ca1b8187b6a62a7f3c013219 100644 --- a/services/tokensyncmanager/src/device/device_info_repository.cpp +++ b/services/tokensyncmanager/src/device/device_info_repository.cpp @@ -27,7 +27,8 @@ DeviceInfoRepository &DeviceInfoRepository::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new DeviceInfoRepository(); + DeviceInfoRepository* tmp = new DeviceInfoRepository(); + instance = std::move(tmp); } } return *instance; diff --git a/services/tokensyncmanager/src/remote/remote_command_executor.cpp b/services/tokensyncmanager/src/remote/remote_command_executor.cpp index dea25b1d3fa9a8a33dde7b8a75cbdaa1ccf8b626..a1685574f43fabf1b83a7fee637b4a3a0e1626e6 100644 --- a/services/tokensyncmanager/src/remote/remote_command_executor.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_executor.cpp @@ -28,24 +28,23 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "RemoteCommandExecutor"}; static const std::string TASK_NAME = "RemoteCommandExecutor::ProcessBufferedCommandsWithThread"; } // namespace RemoteCommandExecutor::RemoteCommandExecutor(const std::string &targetNodeId) : targetNodeId_(targetNodeId), ptrChannel_(nullptr), mutex_(), commands_(), running_(false) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RemoteCommandExecutor()"); + LOGD(ATM_DOMAIN, ATM_TAG, "RemoteCommandExecutor()"); } RemoteCommandExecutor::~RemoteCommandExecutor() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "~RemoteCommandExecutor() begin"); + LOGD(ATM_DOMAIN, ATM_TAG, "~RemoteCommandExecutor() begin"); running_ = false; } const std::shared_ptr RemoteCommandExecutor::CreateChannel(const std::string &targetNodeId) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "CreateChannel: targetNodeId=%{public}s", + LOGD(ATM_DOMAIN, ATM_TAG, "CreateChannel: targetNodeId=%{public}s", ConstantCommon::EncryptDevId(targetNodeId).c_str()); // only consider SoftBusChannel std::shared_ptr ptrChannel = std::make_shared(targetNodeId); @@ -58,18 +57,18 @@ const std::shared_ptr RemoteCommandExecutor::CreateChannel(const std int RemoteCommandExecutor::ProcessOneCommand(const std::shared_ptr& ptrCommand) { if (ptrCommand == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "TargetNodeId %{public}s, attempt to process on null command.", + LOGW(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, attempt to process on null command.", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::SUCCESS; } const std::string uniqueId = ptrCommand->remoteProtocol_.uniqueId; - ACCESSTOKEN_LOG_INFO(LABEL, "TargetNodeId %{public}s, process one command start, uniqueId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, process one command start, uniqueId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str()); ptrCommand->Prepare(); int status = ptrCommand->remoteProtocol_.statusCode; if (status != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "targetNodeId %{public}s, process one command error, uniqueId: %{public}s, message: " "prepare failure code %{public}d", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str(), status); @@ -84,12 +83,12 @@ int RemoteCommandExecutor::ProcessOneCommand(const std::shared_ptrBuildConnection() != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TargetNodeId %{public}s, channel is not ready.", + LOGE(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, channel is not ready.", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::FAILURE; } @@ -103,13 +102,13 @@ int RemoteCommandExecutor::ProcessOneCommand(const std::shared_ptr& ptrCommand) { if (ptrCommand == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "TargetNodeId %{public}s, attempt to add an empty command.", + LOGD(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, attempt to add an empty command.", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::INVALID_COMMAND; } const std::string uniqueId = ptrCommand->remoteProtocol_.uniqueId; - ACCESSTOKEN_LOG_DEBUG(LABEL, "TargetNodeId %{public}s, add uniqueId %{public}s", + LOGD(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, add uniqueId %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str()); std::unique_lock lock(mutex_); @@ -117,7 +116,7 @@ int RemoteCommandExecutor::AddCommand(const std::shared_ptr& // make sure do not have the same command in the command buffer if (std::any_of(commands_.begin(), commands_.end(), [uniqueId](const auto& buffCommand) {return buffCommand->remoteProtocol_.uniqueId == uniqueId; })) { - ACCESSTOKEN_LOG_WARN(LABEL, + LOGW(ATM_DOMAIN, ATM_TAG, "targetNodeId %{public}s, add uniqueId %{public}s, already exist in the buffer, skip", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str()); @@ -133,13 +132,13 @@ int RemoteCommandExecutor::AddCommand(const std::shared_ptr& */ int RemoteCommandExecutor::ProcessBufferedCommands(bool standalone) { - ACCESSTOKEN_LOG_INFO(LABEL, "Begin, targetNodeId: %{public}s, standalone: %{public}d", + LOGI(ATM_DOMAIN, ATM_TAG, "Begin, targetNodeId: %{public}s, standalone: %{public}d", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), standalone); std::unique_lock lock(mutex_); if (commands_.empty()) { - ACCESSTOKEN_LOG_WARN(LABEL, "No command, targetNodeId %{public}s", + LOGW(ATM_DOMAIN, ATM_TAG, "No command, targetNodeId %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); running_ = false; return Constant::SUCCESS; @@ -149,14 +148,14 @@ int RemoteCommandExecutor::ProcessBufferedCommands(bool standalone) while (true) { // interrupt if (!running_) { - ACCESSTOKEN_LOG_INFO(LABEL, "End with running flag == false, targetNodeId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "End with running flag == false, targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::FAILURE; } // end if (commands_.empty()) { running_ = false; - ACCESSTOKEN_LOG_INFO(LABEL, "End, no command left, targetNodeId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "End, no command left, targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::SUCCESS; } @@ -168,7 +167,7 @@ int RemoteCommandExecutor::ProcessBufferedCommands(bool standalone) commands_.pop_front(); continue; } else if (status == Constant::FAILURE_BUT_CAN_RETRY) { - ACCESSTOKEN_LOG_WARN(LABEL, + LOGW(ATM_DOMAIN, ATM_TAG, "execute failed and wait to retry, targetNodeId: %{public}s, message: %{public}s, and will retry ", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), bufferedCommand->remoteProtocol_.message.c_str()); @@ -181,7 +180,7 @@ int RemoteCommandExecutor::ProcessBufferedCommands(bool standalone) } else { // this command failed, move on to execute next command commands_.pop_front(); - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "execute failed, targetNodeId: %{public}s, commandName: %{public}s, message: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), bufferedCommand->remoteProtocol_.commandName.c_str(), @@ -195,39 +194,46 @@ int RemoteCommandExecutor::ProcessBufferedCommands(bool standalone) */ void RemoteCommandExecutor::ProcessBufferedCommandsWithThread() { - ACCESSTOKEN_LOG_INFO(LABEL, "Begin, targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Begin, targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); std::unique_lock lock(mutex_); if (commands_.empty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "No buffered commands. targetNodeId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "No buffered commands. targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return; } if (running_) { // task is running, do not need to start one more - ACCESSTOKEN_LOG_WARN(LABEL, "Task busy. targetNodeId: %{public}s", + LOGW(ATM_DOMAIN, ATM_TAG, "Task busy. targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return; } running_ = true; - const std::function runner = [this]() {this->ProcessBufferedCommands(true);}; + const std::function runner = [weak = weak_from_this()]() { + auto self = weak.lock(); + if (self == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "RemoteCommandExecutor is nullptr"); + return; + } + self->ProcessBufferedCommands(true); + }; #ifdef EVENTHANDLER_ENABLE std::shared_ptr handler = DelayedSingleton::GetInstance()->GetSendEventHandler(); if (handler == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return; } bool result = handler->ProxyPostTask(runner, TASK_NAME); if (!result) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Post task failed, targetNodeId: %{public}s", + LOGE(ATM_DOMAIN, ATM_TAG, "Post task failed, targetNodeId: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); } #endif - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "post task succeed, targetNodeId: %{public}s, taskName: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), TASK_NAME.c_str()); @@ -237,7 +243,7 @@ int RemoteCommandExecutor::ExecuteRemoteCommand( const std::shared_ptr& ptrCommand, const bool isRemote) { std::string uniqueId = ptrCommand->remoteProtocol_.uniqueId; - ACCESSTOKEN_LOG_INFO(LABEL, "TargetNodeId %{public}s, uniqueId %{public}s, remote %{public}d: start to execute.", + LOGI(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, uniqueId %{public}s, remote %{public}d: start to execute.", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str(), isRemote); ptrCommand->remoteProtocol_.statusCode = Constant::STATUS_CODE_BEFORE_RPC; @@ -246,12 +252,12 @@ int RemoteCommandExecutor::ExecuteRemoteCommand( // Local device, play myself. ptrCommand->Execute(); int code = ClientProcessResult(ptrCommand); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Command finished with status: %{public}d, message: %{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "Command finished with status: %{public}d, message: %{public}s.", ptrCommand->remoteProtocol_.statusCode, ptrCommand->remoteProtocol_.message.c_str()); return code; } - ACCESSTOKEN_LOG_INFO(LABEL, "Command executed uniqueId %{public}s.", uniqueId.c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Command executed uniqueId %{public}s.", uniqueId.c_str()); std::string responseString; int32_t repeatTimes = SoftBusManager::GetInstance().GetRepeatTimes(); // repeat 5 times if responseString empty @@ -262,7 +268,7 @@ int RemoteCommandExecutor::ExecuteRemoteCommand( break; // when responseString is not empty, break the loop } - ACCESSTOKEN_LOG_WARN(LABEL, + LOGW(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, uniqueId %{public}s, execute remote command error, response is empty.", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str()); } @@ -278,7 +284,7 @@ int RemoteCommandExecutor::ExecuteRemoteCommand( RemoteCommandFactory::GetInstance().NewRemoteCommandFromJson( ptrCommand->remoteProtocol_.commandName, responseString); if (ptrResponseCommand == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "TargetNodeId %{public}s, get null response command!", + LOGE(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, get null response command!", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return Constant::FAILURE; } @@ -286,7 +292,7 @@ int RemoteCommandExecutor::ExecuteRemoteCommand( if (commands_.empty()) { ptrChannel_->CloseConnection(); } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Command finished with status: %{public}d, message: %{public}s.", + LOGD(ATM_DOMAIN, ATM_TAG, "Command finished with status: %{public}d, message: %{public}s.", ptrResponseCommand->remoteProtocol_.statusCode, ptrResponseCommand->remoteProtocol_.message.c_str()); return result; } @@ -295,7 +301,7 @@ void RemoteCommandExecutor::CreateChannelIfNeeded() { std::unique_lock lock(mutex_); if (ptrChannel_ != nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "TargetNodeId %{public}s, channel is exist.", + LOGI(ATM_DOMAIN, ATM_TAG, "TargetNodeId %{public}s, channel is exist.", ConstantCommon::EncryptDevId(targetNodeId_).c_str()); return; } @@ -307,7 +313,7 @@ int RemoteCommandExecutor::ClientProcessResult(const std::shared_ptrremoteProtocol_.uniqueId; if (ptrCommand->remoteProtocol_.statusCode == Constant::STATUS_CODE_BEFORE_RPC) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "targetNodeId %{public}s, uniqueId %{public}s, status code after RPC is same as before, the remote side " "may not " "support this command", @@ -319,13 +325,13 @@ int RemoteCommandExecutor::ClientProcessResult(const std::shared_ptrFinish(); int status = ptrCommand->remoteProtocol_.statusCode; if (status != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "targetNodeId %{public}s, uniqueId %{public}s, execute failed, message: %{public}s", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str(), ptrCommand->remoteProtocol_.message.c_str()); } else { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "targetNodeId %{public}s, uniqueId %{public}s, execute succeed.", ConstantCommon::EncryptDevId(targetNodeId_).c_str(), uniqueId.c_str()); diff --git a/services/tokensyncmanager/src/remote/remote_command_factory.cpp b/services/tokensyncmanager/src/remote/remote_command_factory.cpp index 31a0ced8ee5bc78202ec840af7b2380eea75406e..f485ed8059a50e8e82d4719d084497a59a1f8b1c 100644 --- a/services/tokensyncmanager/src/remote/remote_command_factory.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_factory.cpp @@ -15,7 +15,7 @@ #include "remote_command_factory.h" -#include "nlohmann/json.hpp" +#include namespace OHOS { namespace Security { @@ -30,7 +30,8 @@ RemoteCommandFactory &RemoteCommandFactory::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new RemoteCommandFactory(); + RemoteCommandFactory* tmp = new RemoteCommandFactory(); + instance = std::move(tmp); } } return *instance; @@ -54,19 +55,12 @@ std::shared_ptr RemoteCommandFactory::NewUpdateRemo return std::make_shared(srcDeviceId, dstDeviceId, tokenInfo); } -std::shared_ptr RemoteCommandFactory::NewSyncRemoteNativeTokenCommand( - const std::string &srcDeviceId, const std::string &dstDeviceId) -{ - return std::make_shared(srcDeviceId, dstDeviceId); -} - std::shared_ptr RemoteCommandFactory::NewRemoteCommandFromJson( const std::string &commandName, const std::string &commandJsonString) { const std::string SYNC_HAP_COMMAND_NAME = "SyncRemoteHapTokenCommand"; const std::string DELETE_TOKEN_COMMAND_NAME = "DeleteRemoteTokenCommand"; const std::string UPDATE_HAP_COMMAND_NAME = "UpdateRemoteHapTokenCommand"; - const std::string SYNC_NATIVE_COMMAND_NAME = "SyncRemoteNativeTokenCommand"; if (commandName == SYNC_HAP_COMMAND_NAME) { return std::make_shared(commandJsonString); @@ -77,9 +71,6 @@ std::shared_ptr RemoteCommandFactory::NewRemoteCommandFromJso if (commandName == UPDATE_HAP_COMMAND_NAME) { return std::make_shared(commandJsonString); } - if (commandName == SYNC_NATIVE_COMMAND_NAME) { - return std::make_shared(commandJsonString); - } return nullptr; } } // namespace AccessToken diff --git a/services/tokensyncmanager/src/remote/remote_command_manager.cpp b/services/tokensyncmanager/src/remote/remote_command_manager.cpp index 149b0370c9dfa42cdc069965e8bc963c34f202c0..e104068c0c3bc3a88e86cfc2545c2352c44fc5bb 100644 --- a/services/tokensyncmanager/src/remote/remote_command_manager.cpp +++ b/services/tokensyncmanager/src/remote/remote_command_manager.cpp @@ -19,7 +19,6 @@ #include "access_event_handler.h" #endif #include "device_info_manager.h" -#include "sync_remote_native_token_command.h" #include "remote_command_factory.h" #include "token_sync_manager_service.h" #include "accesstoken_kit.h" @@ -29,17 +28,16 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "RemoteCommandManager"}; std::recursive_mutex g_instanceMutex; } RemoteCommandManager::RemoteCommandManager() : executors_(), mutex_() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "RemoteCommandManager()"); + LOGD(ATM_DOMAIN, ATM_TAG, "RemoteCommandManager()"); } RemoteCommandManager::~RemoteCommandManager() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "~RemoteCommandManager()"); + LOGD(ATM_DOMAIN, ATM_TAG, "~RemoteCommandManager()"); } RemoteCommandManager &RemoteCommandManager::GetInstance() @@ -48,7 +46,8 @@ RemoteCommandManager &RemoteCommandManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new RemoteCommandManager(); + RemoteCommandManager* tmp = new RemoteCommandManager(); + instance = std::move(tmp); } } return *instance; @@ -56,89 +55,89 @@ RemoteCommandManager &RemoteCommandManager::GetInstance() void RemoteCommandManager::Init() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Init()"); + LOGD(ATM_DOMAIN, ATM_TAG, "Init()"); } int RemoteCommandManager::AddCommand(const std::string &udid, const std::shared_ptr& command) { if (udid.empty() || command == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Invalid udid, or null command"); + LOGW(ATM_DOMAIN, ATM_TAG, "Invalid udid, or null command"); return Constant::FAILURE; } - ACCESSTOKEN_LOG_INFO(LABEL, "Add uniqueId"); + LOGI(ATM_DOMAIN, ATM_TAG, "Add uniqueId"); std::shared_ptr executor = GetOrCreateRemoteCommandExecutor(udid); if (executor == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get or create remote command executor"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get or create remote command executor"); return Constant::FAILURE; } int result = executor->AddCommand(command); - ACCESSTOKEN_LOG_INFO(LABEL, "Add command result: %{public}d ", result); + LOGI(ATM_DOMAIN, ATM_TAG, "Add command result: %{public}d ", result); return result; } void RemoteCommandManager::RemoveCommand(const std::string &udid) { - ACCESSTOKEN_LOG_INFO(LABEL, "Remove command"); + LOGI(ATM_DOMAIN, ATM_TAG, "Remove command"); executors_.erase(udid); } int RemoteCommandManager::ExecuteCommand(const std::string &udid, const std::shared_ptr& command) { if (udid.empty() || command == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Invalid udid: %{public}s, or null command", + LOGW(ATM_DOMAIN, ATM_TAG, "Invalid udid: %{public}s, or null command", ConstantCommon::EncryptDevId(udid).c_str()); return Constant::FAILURE; } std::string uniqueId = command->remoteProtocol_.uniqueId; - ACCESSTOKEN_LOG_INFO(LABEL, "Start with udid: %{public}s , uniqueId: %{public}s ", + LOGI(ATM_DOMAIN, ATM_TAG, "Start with udid: %{public}s , uniqueId: %{public}s ", ConstantCommon::EncryptDevId(udid).c_str(), ConstantCommon::EncryptDevId(uniqueId).c_str()); std::shared_ptr executor = GetOrCreateRemoteCommandExecutor(udid); if (executor == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get or create remote command executor"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get or create remote command executor"); return Constant::FAILURE; } int result = executor->ProcessOneCommand(command); - ACCESSTOKEN_LOG_INFO(LABEL, "RemoteCommandExecutor processOneCommand result:%{public}d ", result); + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteCommandExecutor processOneCommand result:%{public}d ", result); return result; } int RemoteCommandManager::ProcessDeviceCommandImmediately(const std::string &udid) { if (udid.empty()) { - ACCESSTOKEN_LOG_WARN(LABEL, "Invalid udid: %{public}s", ConstantCommon::EncryptDevId(udid).c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Invalid udid: %{public}s", ConstantCommon::EncryptDevId(udid).c_str()); return Constant::FAILURE; } - ACCESSTOKEN_LOG_INFO(LABEL, "Start with udid:%{public}s ", ConstantCommon::EncryptDevId(udid).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Start with udid:%{public}s ", ConstantCommon::EncryptDevId(udid).c_str()); std::unique_lock lock(mutex_); auto executorIt = executors_.find(udid); if (executorIt == executors_.end()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No executor found, udid:%{public}s", ConstantCommon::EncryptDevId(udid).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "No executor found, udid:%{public}s", ConstantCommon::EncryptDevId(udid).c_str()); return Constant::FAILURE; } auto executor = executorIt->second; if (executor == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "RemoteCommandExecutor is null for udid %{public}s ", + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteCommandExecutor is null for udid %{public}s ", ConstantCommon::EncryptDevId(udid).c_str()); return Constant::FAILURE; } int result = executor->ProcessBufferedCommands(); - ACCESSTOKEN_LOG_INFO(LABEL, "ProcessBufferedCommands result: %{public}d", result); + LOGI(ATM_DOMAIN, ATM_TAG, "ProcessBufferedCommands result: %{public}d", result); return result; } int RemoteCommandManager::Loop() { - ACCESSTOKEN_LOG_INFO(LABEL, "Start"); + LOGI(ATM_DOMAIN, ATM_TAG, "Start"); std::unique_lock lock(mutex_); for (auto it = executors_.begin(); it != executors_.end(); it++) { - ACCESSTOKEN_LOG_INFO(LABEL, "Udid:%{public}s", ConstantCommon::EncryptDevId(it->first).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Udid:%{public}s", ConstantCommon::EncryptDevId(it->first).c_str()); (*it).second->ProcessBufferedCommandsWithThread(); } return Constant::SUCCESS; @@ -149,7 +148,7 @@ int RemoteCommandManager::Loop() */ void RemoteCommandManager::Clear() { - ACCESSTOKEN_LOG_INFO(LABEL, "Remove all remote command executors."); + LOGI(ATM_DOMAIN, ATM_TAG, "Remove all remote command executors."); std::map> dummy; std::unique_lock lock(mutex_); @@ -163,23 +162,23 @@ void RemoteCommandManager::Clear() int RemoteCommandManager::NotifyDeviceOnline(const std::string &nodeId) { if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Invalid nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Invalid nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); return Constant::FAILURE; } - ACCESSTOKEN_LOG_INFO(LABEL, "Operation start with nodeId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Operation start with nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); auto executor = GetOrCreateRemoteCommandExecutor(nodeId); std::unique_lock lock(mutex_); if (executor == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Cannot get or create remote command executor"); + LOGE(ATM_DOMAIN, ATM_TAG, "Cannot get or create remote command executor"); return Constant::FAILURE; } if (executor->GetChannel() == nullptr) { auto channel = RemoteCommandExecutor::CreateChannel(nodeId); if (channel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create channel failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Create channel failed."); return Constant::FAILURE; } executor->SetChannel(channel); @@ -196,10 +195,10 @@ int RemoteCommandManager::NotifyDeviceOnline(const std::string &nodeId) int RemoteCommandManager::NotifyDeviceOffline(const std::string &nodeId) { if (!DataValidator::IsDeviceIdValid(nodeId)) { - ACCESSTOKEN_LOG_INFO(LABEL, "Invalid nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "Invalid nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); return Constant::FAILURE; } - ACCESSTOKEN_LOG_INFO(LABEL, "Operation start with nodeId: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Operation start with nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); auto channel = GetExecutorChannel(nodeId); @@ -214,11 +213,11 @@ int RemoteCommandManager::NotifyDeviceOffline(const std::string &nodeId) DeviceInfo devInfo; bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(nodeId, DeviceIdType::UNKNOWN, devInfo); if (!result) { - ACCESSTOKEN_LOG_INFO(LABEL, "Get remote networkId failed"); + LOGI(ATM_DOMAIN, ATM_TAG, "Get remote networkId failed"); return Constant::FAILURE; } std::string uniqueDeviceId = devInfo.deviceId.uniqueDeviceId; - std::function delayed = ([=]() { + std::function delayed = ([uniqueDeviceId]() { AccessTokenKit::DeleteRemoteDeviceTokens(uniqueDeviceId); }); @@ -226,19 +225,19 @@ int RemoteCommandManager::NotifyDeviceOffline(const std::string &nodeId) std::shared_ptr handler = DelayedSingleton::GetInstance()->GetSendEventHandler(); if (handler == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return Constant::FAILURE; } handler->ProxyPostTask(delayed, "HandleDeviceOffline"); #endif - ACCESSTOKEN_LOG_INFO(LABEL, "Complete"); + LOGI(ATM_DOMAIN, ATM_TAG, "Complete"); return Constant::SUCCESS; } std::shared_ptr RemoteCommandManager::GetOrCreateRemoteCommandExecutor(const std::string &nodeId) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Begin, nodeId %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Begin, nodeId %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); std::unique_lock lock(mutex_); auto executorIter = executors_.find(nodeId); @@ -248,7 +247,7 @@ std::shared_ptr RemoteCommandManager::GetOrCreateRemoteCo auto executor = std::make_shared(nodeId); executors_.insert(std::pair>(nodeId, executor)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Executor added, nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Executor added, nodeId: %{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); return executor; } @@ -257,23 +256,23 @@ std::shared_ptr RemoteCommandManager::GetOrCreateRemoteCo */ std::shared_ptr RemoteCommandManager::GetExecutorChannel(const std::string &nodeId) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Convert udid start, nodeId:%{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Convert udid start, nodeId:%{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); std::string udid = DeviceInfoManager::GetInstance().ConvertToUniqueDeviceIdOrFetch(nodeId); if (!DataValidator::IsDeviceIdValid(udid)) { - ACCESSTOKEN_LOG_WARN( - LABEL, "Converted udid is invalid, nodeId:%{public}s", ConstantCommon::EncryptDevId(nodeId).c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Converted udid is invalid, nodeId:%{public}s", + ConstantCommon::EncryptDevId(nodeId).c_str()); return nullptr; } std::unique_lock lock(mutex_); std::map>::iterator iter = executors_.find(udid); if (iter == executors_.end()) { - ACCESSTOKEN_LOG_INFO(LABEL, "Executor not found"); + LOGI(ATM_DOMAIN, ATM_TAG, "Executor not found"); return nullptr; } std::shared_ptr executor = iter->second; if (executor == nullptr) { - ACCESSTOKEN_LOG_INFO(LABEL, "Executor is null"); + LOGI(ATM_DOMAIN, ATM_TAG, "Executor is null"); return nullptr; } return executor->GetChannel(); diff --git a/services/tokensyncmanager/src/remote/soft_bus_channel.cpp b/services/tokensyncmanager/src/remote/soft_bus_channel.cpp index dea89ffaa6c5f70130122bbf5b311d7988d34b46..439da17929b20ea76ab95972a7e2a92dc66e24f7 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_channel.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_channel.cpp @@ -29,9 +29,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SoftBusChannel"}; -} -namespace { static const std::string REQUEST_TYPE = "request"; static const std::string RESPONSE_TYPE = "response"; static const std::string TASK_NAME_CLOSE_SESSION = "atm_soft_bus_channel_close_session"; @@ -45,7 +42,7 @@ static const int RPC_TRANSFER_BYTES_MAX_LENGTH = 1024 * 1024; SoftBusChannel::SoftBusChannel(const std::string &deviceId) : deviceId_(deviceId), mutex_(), callbacks_(), responseResult_(""), loadedCond_() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "SoftBusChannel(deviceId)"); + LOGD(ATM_DOMAIN, ATM_TAG, "SoftBusChannel(deviceId)"); isDelayClosing_ = false; socketFd_ = Constant::INVALID_SOCKET_FD; isSocketUsing_ = false; @@ -53,7 +50,7 @@ SoftBusChannel::SoftBusChannel(const std::string &deviceId) SoftBusChannel::~SoftBusChannel() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "~SoftBusChannel()"); + LOGD(ATM_DOMAIN, ATM_TAG, "~SoftBusChannel()"); } int SoftBusChannel::BuildConnection() @@ -62,16 +59,16 @@ int SoftBusChannel::BuildConnection() std::unique_lock lock(socketMutex_); if (socketFd_ != Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket is exist, no need open again."); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket is exist, no need open again."); return Constant::SUCCESS; } if (socketFd_ == Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_INFO(LABEL, "Bind service with device: %{public}s", + LOGI(ATM_DOMAIN, ATM_TAG, "Bind service with device: %{public}s", ConstantCommon::EncryptDevId(deviceId_).c_str()); int socket = SoftBusManager::GetInstance().BindService(deviceId_); if (socket == Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Bind service failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Bind service failed."); return Constant::FAILURE; } socketFd_ = socket; @@ -81,7 +78,7 @@ int SoftBusChannel::BuildConnection() void SoftBusChannel::CloseConnection() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Close connection"); + LOGD(ATM_DOMAIN, ATM_TAG, "Close connection"); std::unique_lock lock(mutex_); if (isDelayClosing_) { return; @@ -91,25 +88,30 @@ void SoftBusChannel::CloseConnection() std::shared_ptr handler = DelayedSingleton::GetInstance()->GetSendEventHandler(); if (handler == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return; } #endif - auto thisPtr = shared_from_this(); - std::function delayed = ([thisPtr]() { - std::unique_lock lock(thisPtr->socketMutex_); - if (thisPtr->isSocketUsing_) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Socket is in using, cancel close socket"); + std::weak_ptr weakPtr = shared_from_this(); + std::function delayed = ([weakPtr]() { + auto self = weakPtr.lock(); + if (self == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "SoftBusChannel is nullptr"); + return; + } + std::unique_lock lock(self->socketMutex_); + if (self->isSocketUsing_) { + LOGD(ATM_DOMAIN, ATM_TAG, "Socket is in using, cancel close socket"); } else { - SoftBusManager::GetInstance().CloseSocket(thisPtr->socketFd_); - thisPtr->socketFd_ = Constant::INVALID_SESSION; - ACCESSTOKEN_LOG_INFO(LABEL, "Close socket for device: %{public}s", - ConstantCommon::EncryptDevId(thisPtr->deviceId_).c_str()); + SoftBusManager::GetInstance().CloseSocket(self->socketFd_); + self->socketFd_ = Constant::INVALID_SESSION; + LOGI(ATM_DOMAIN, ATM_TAG, "Close socket for device: %{public}s", + ConstantCommon::EncryptDevId(self->deviceId_).c_str()); } - thisPtr->isDelayClosing_ = false; + self->isDelayClosing_ = false; }); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Close socket after %{public}d ms", WAIT_SESSION_CLOSE_MILLISECONDS); + LOGD(ATM_DOMAIN, ATM_TAG, "Close socket after %{public}d ms", WAIT_SESSION_CLOSE_MILLISECONDS); #ifdef EVENTHANDLER_ENABLE handler->ProxyPostTask(delayed, TASK_NAME_CLOSE_SESSION, WAIT_SESSION_CLOSE_MILLISECONDS); #endif @@ -123,7 +125,7 @@ void SoftBusChannel::Release() std::shared_ptr handler = DelayedSingleton::GetInstance()->GetSendEventHandler(); if (handler == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return; } handler->ProxyRemoveTask(TASK_NAME_CLOSE_SESSION); @@ -137,7 +139,7 @@ std::string SoftBusChannel::GetUuid() char uuidbuf[uuidStrLen]; RandomUuid(uuidbuf, uuidStrLen); std::string uuid(uuidbuf); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Generated message uuid: %{public}s", ConstantCommon::EncryptDevId(uuid).c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "Generated message uuid: %{public}s", ConstantCommon::EncryptDevId(uuid).c_str()); return uuid; } @@ -148,7 +150,7 @@ void SoftBusChannel::InsertCallback(int result, std::string &uuid) std::function callback = [this](const std::string &result) { responseResult_ = std::string(result); loadedCond_.notify_all(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "OnResponse called end"); + LOGD(ATM_DOMAIN, ATM_TAG, "OnResponse called end"); }; callbacks_.insert(std::pair>(uuid, callback)); @@ -159,7 +161,7 @@ void SoftBusChannel::InsertCallback(int result, std::string &uuid) std::string SoftBusChannel::ExecuteCommand(const std::string &commandName, const std::string &jsonPayload) { if (commandName.empty() || jsonPayload.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params, commandName: %{public}s", commandName.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid params, commandName: %{public}s", commandName.c_str()); return ""; } @@ -168,7 +170,7 @@ std::string SoftBusChannel::ExecuteCommand(const std::string &commandName, const int len = static_cast(RPC_TRANSFER_HEAD_BYTES_LENGTH + jsonPayload.length()); unsigned char *buf = new (std::nothrow) unsigned char[len + 1]; if (buf == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No enough memory: %{public}d", len); + LOGE(ATM_DOMAIN, ATM_TAG, "No enough memory: %{public}d", len); return ""; } (void)memset_s(buf, len + 1, 0, len + 1); @@ -186,15 +188,15 @@ std::string SoftBusChannel::ExecuteCommand(const std::string &commandName, const std::unique_lock lock2(socketMutex_); if (retCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Send request data failed: %{public}d ", retCode); + LOGE(ATM_DOMAIN, ATM_TAG, "Send request data failed: %{public}d ", retCode); callbacks_.erase(uuid); isSocketUsing_ = false; return ""; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Wait command response"); + LOGD(ATM_DOMAIN, ATM_TAG, "Wait command response"); if (loadedCond_.wait_for(lock2, std::chrono::milliseconds(EXECUTE_COMMAND_TIME_OUT)) == std::cv_status::timeout) { - ACCESSTOKEN_LOG_WARN(LABEL, "Time out to wait response."); + LOGW(ATM_DOMAIN, ATM_TAG, "Time out to wait response."); callbacks_.erase(uuid); isSocketUsing_ = false; return ""; @@ -206,40 +208,45 @@ std::string SoftBusChannel::ExecuteCommand(const std::string &commandName, const void SoftBusChannel::HandleDataReceived(int socket, const unsigned char *bytes, int length) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "HandleDataReceived"); + LOGD(ATM_DOMAIN, ATM_TAG, "HandleDataReceived"); #ifdef DEBUG_API_PERFORMANCE - ACCESSTOKEN_LOG_INFO(LABEL, "Api_performance:recieve message from softbus"); + LOGI(ATM_DOMAIN, ATM_TAG, "Api_performance:recieve message from softbus"); #endif if (socket <= 0 || length <= 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid params: socket: %{public}d, data length: %{public}d", socket, length); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid params: socket: %{public}d, data length: %{public}d", socket, length); return; } std::string receiveData = Decompress(bytes, length); if (receiveData.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid parameter bytes"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid parameter bytes"); return; } std::shared_ptr message = SoftBusMessage::FromJson(receiveData); if (message == nullptr) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Invalid json string"); + LOGD(ATM_DOMAIN, ATM_TAG, "Invalid json string"); return; } if (!message->IsValid()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Invalid data, has empty field"); + LOGD(ATM_DOMAIN, ATM_TAG, "Invalid data, has empty field"); return; } std::string type = message->GetType(); if (REQUEST_TYPE == (type)) { - std::function delayed = ([=]() { - HandleRequest(socket, message->GetId(), message->GetCommandName(), message->GetJsonPayload()); + std::function delayed = ([weak = weak_from_this(), socket, message]() { + auto self = weak.lock(); + if (self == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "SoftBusChannel is nullptr"); + return; + } + self->HandleRequest(socket, message->GetId(), message->GetCommandName(), message->GetJsonPayload()); }); #ifdef EVENTHANDLER_ENABLE std::shared_ptr handler = DelayedSingleton::GetInstance()->GetRecvEventHandler(); if (handler == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to get EventHandler"); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler"); return; } handler->ProxyPostTask(delayed, "HandleDataReceived_HandleRequest"); @@ -247,7 +254,7 @@ void SoftBusChannel::HandleDataReceived(int socket, const unsigned char *bytes, } else if (RESPONSE_TYPE == (type)) { HandleResponse(message->GetId(), message->GetJsonPayload()); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid type: %{public}s ", type.c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid type: %{public}s ", type.c_str()); } } @@ -264,7 +271,7 @@ int SoftBusChannel::Compress(const std::string &json, const unsigned char *compr uLong len = compressBound(json.size()); // length will not so that long if (compressedLength > 0 && static_cast(len) > compressedLength) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "compress error. data length overflow, bound length: %{public}d, buffer length: %{public}d", static_cast(len), compressedLength); return Constant::FAILURE; @@ -273,10 +280,10 @@ int SoftBusChannel::Compress(const std::string &json, const unsigned char *compr int result = compress(const_cast(compressedBytes), &len, reinterpret_cast(const_cast(json.c_str())), json.size() + 1); if (result != Z_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Compress failed! error code: %{public}d", result); + LOGE(ATM_DOMAIN, ATM_TAG, "Compress failed! error code: %{public}d", result); return result; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Compress complete. compress %{public}d bytes to %{public}d", compressedLength, + LOGD(ATM_DOMAIN, ATM_TAG, "Compress complete. compress %{public}d bytes to %{public}d", compressedLength, static_cast(len)); compressedLength = static_cast(len); return Constant::SUCCESS; @@ -284,17 +291,17 @@ int SoftBusChannel::Compress(const std::string &json, const unsigned char *compr std::string SoftBusChannel::Decompress(const unsigned char *bytes, const int length) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Input length: %{public}d", length); + LOGD(ATM_DOMAIN, ATM_TAG, "Input length: %{public}d", length); uLong len = RPC_TRANSFER_BYTES_MAX_LENGTH; unsigned char *buf = new (std::nothrow) unsigned char[len + 1]; if (buf == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No enough memory!"); + LOGE(ATM_DOMAIN, ATM_TAG, "No enough memory!"); return ""; } (void)memset_s(buf, len + 1, 0, len + 1); int result = uncompress(buf, &len, const_cast(bytes), length); if (result != Z_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "uncompress failed, error code: %{public}d, bound length: %{public}d, buffer length: %{public}d", result, static_cast(len), length); delete[] buf; @@ -309,26 +316,26 @@ std::string SoftBusChannel::Decompress(const unsigned char *bytes, const int len int SoftBusChannel::SendRequestBytes(const unsigned char *bytes, const int bytesLength) { if (bytesLength == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Bytes data is invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Bytes data is invalid."); return Constant::FAILURE; } std::unique_lock lock(socketMutex_); if (CheckSessionMayReopenLocked() != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Socket invalid and reopen failed!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Socket invalid and reopen failed!"); return Constant::FAILURE; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send len (after compress len)= %{public}d", bytesLength); + LOGD(ATM_DOMAIN, ATM_TAG, "Send len (after compress len)= %{public}d", bytesLength); #ifdef DEBUG_API_PERFORMANCE - ACCESSTOKEN_LOG_INFO(LABEL, "Api_performance:send command to softbus"); + LOGI(ATM_DOMAIN, ATM_TAG, "Api_performance:send command to softbus"); #endif int result = ::SendBytes(socketFd_, bytes, bytesLength); if (result != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to send! result= %{public}d", result); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to send! result= %{public}d", result); return Constant::FAILURE; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send successfully."); + LOGD(ATM_DOMAIN, ATM_TAG, "Send successfully."); return Constant::SUCCESS; } @@ -357,7 +364,7 @@ void SoftBusChannel::CancelCloseConnectionIfNeeded() if (!isDelayClosing_) { return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Cancel close connection"); + LOGD(ATM_DOMAIN, ATM_TAG, "Cancel close connection"); Release(); isDelayClosing_ = false; @@ -370,12 +377,12 @@ void SoftBusChannel::HandleRequest(int socket, const std::string &id, const std: RemoteCommandFactory::GetInstance().NewRemoteCommandFromJson(commandName, jsonPayload); if (command == nullptr) { // send result back directly - ACCESSTOKEN_LOG_WARN(LABEL, "Command %{public}s cannot get from json", commandName.c_str()); + LOGW(ATM_DOMAIN, ATM_TAG, "Command %{public}s cannot get from json", commandName.c_str()); int sendlen = static_cast(RPC_TRANSFER_HEAD_BYTES_LENGTH + jsonPayload.length()); unsigned char *sendbuf = new (std::nothrow) unsigned char[sendlen + 1]; if (sendbuf == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No enough memory: %{public}d", sendlen); + LOGE(ATM_DOMAIN, ATM_TAG, "No enough memory: %{public}d", sendlen); return; } (void)memset_s(sendbuf, sendlen + 1, 0, sendlen + 1); @@ -389,13 +396,13 @@ void SoftBusChannel::HandleRequest(int socket, const std::string &id, const std: } int sendResultCode = SendResponseBytes(socket, sendbuf, info.bytesLength); delete[] sendbuf; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send response result= %{public}d ", sendResultCode); + LOGD(ATM_DOMAIN, ATM_TAG, "Send response result= %{public}d ", sendResultCode); return; } // execute command command->Execute(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Command uniqueId: %{public}s, finish with status: %{public}d, message: %{public}s", + LOGD(ATM_DOMAIN, ATM_TAG, "Command uniqueId: %{public}s, finish with status: %{public}d, message: %{public}s", ConstantCommon::EncryptDevId(command->remoteProtocol_.uniqueId).c_str(), command->remoteProtocol_.statusCode, command->remoteProtocol_.message.c_str()); @@ -404,7 +411,7 @@ void SoftBusChannel::HandleRequest(int socket, const std::string &id, const std: int len = static_cast(RPC_TRANSFER_HEAD_BYTES_LENGTH + resultJsonPayload.length()); unsigned char *buf = new (std::nothrow) unsigned char[len + 1]; if (buf == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "No enough memory: %{public}d", len); + LOGE(ATM_DOMAIN, ATM_TAG, "No enough memory: %{public}d", len); return; } (void)memset_s(buf, len + 1, 0, len + 1); @@ -418,7 +425,7 @@ void SoftBusChannel::HandleRequest(int socket, const std::string &id, const std: } int retCode = SendResponseBytes(socket, buf, info.bytesLength); delete[] buf; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send response result= %{public}d", retCode); + LOGD(ATM_DOMAIN, ATM_TAG, "Send response result= %{public}d", retCode); } void SoftBusChannel::HandleResponse(const std::string &id, const std::string &jsonPayload) @@ -433,25 +440,21 @@ void SoftBusChannel::HandleResponse(const std::string &id, const std::string &js int SoftBusChannel::SendResponseBytes(int socket, const unsigned char *bytes, const int bytesLength) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send len (after compress len)= %{public}d", bytesLength); + LOGD(ATM_DOMAIN, ATM_TAG, "Send len (after compress len)= %{public}d", bytesLength); int result = ::SendBytes(socket, bytes, bytesLength); if (result != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Fail to send! result= %{public}d", result); + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to send! result= %{public}d", result); return Constant::FAILURE; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Send successfully."); + LOGD(ATM_DOMAIN, ATM_TAG, "Send successfully."); return Constant::SUCCESS; } std::shared_ptr SoftBusMessage::FromJson(const std::string &jsonString) { - nlohmann::json json; - if (!json.accept(jsonString)) { - return nullptr; - } - json = json.parse(jsonString, nullptr, false); - if (json.is_discarded() || (!json.is_object())) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to parse jsonString"); + CJsonUnique json = CreateJsonFromString(jsonString); + if (json == nullptr || cJSON_IsObject(json.get()) == false) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to parse jsonString"); return nullptr; } @@ -459,22 +462,10 @@ std::shared_ptr SoftBusMessage::FromJson(const std::string &json std::string id; std::string commandName; std::string jsonPayload; - if (json.find("type") != json.end() && json.at("type").is_string()) { - json.at("type").get_to(type); - } - if (json.find("id") != json.end() && json.at("id").is_string()) { - json.at("id").get_to(id); - } - if (json.find("commandName") != json.end() && json.at("commandName").is_string()) { - json.at("commandName").get_to(commandName); - } - if (json.find("jsonPayload") != json.end() && json.at("jsonPayload").is_string()) { - json.at("jsonPayload").get_to(jsonPayload); - } - if (type.empty() || id.empty() || commandName.empty() || jsonPayload.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to get json string(json format error)"); - return nullptr; - } + GetStringFromJson(json.get(), "type", type); + GetStringFromJson(json.get(), "id", id); + GetStringFromJson(json.get(), "commandName", commandName); + GetStringFromJson(json.get(), "jsonPayload", jsonPayload); std::shared_ptr message = std::make_shared(type, id, commandName, jsonPayload); return message; } diff --git a/services/tokensyncmanager/src/remote/soft_bus_device_connection_listener.cpp b/services/tokensyncmanager/src/remote/soft_bus_device_connection_listener.cpp index 71014729ed79c741428b12cc8df6e91e76c4f3b3..a649a44497d7b02bba5eb4ed36bbd05c0a026dcd 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_device_connection_listener.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_device_connection_listener.cpp @@ -23,26 +23,21 @@ #include "soft_bus_socket_listener.h" #include "system_ability_definition.h" #include "constant_common.h" -#include "device_manager.h" #include "dm_device_info.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { - LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SoftBusDeviceConnectionListener"}; -} const std::string ACCESSTOKEN_PACKAGE_NAME = "ohos.security.distributed_access_token"; SoftBusDeviceConnectionListener::SoftBusDeviceConnectionListener() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "SoftBusDeviceConnectionListener()"); + LOGD(ATM_DOMAIN, ATM_TAG, "SoftBusDeviceConnectionListener()"); } SoftBusDeviceConnectionListener::~SoftBusDeviceConnectionListener() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "~SoftBusDeviceConnectionListener()"); + LOGD(ATM_DOMAIN, ATM_TAG, "~SoftBusDeviceConnectionListener()"); } void SoftBusDeviceConnectionListener::OnDeviceOnline(const DistributedHardware::DmDeviceInfo &info) @@ -51,7 +46,7 @@ void SoftBusDeviceConnectionListener::OnDeviceOnline(const DistributedHardware:: std::string uuid = SoftBusManager::GetInstance().GetUniversallyUniqueIdByNodeId(networkId); std::string udid = SoftBusManager::GetInstance().GetUniqueDeviceIdByNodeId(networkId); - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "networkId: %{public}s, uuid: %{public}s, udid: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str(), ConstantCommon::EncryptDevId(uuid).c_str(), @@ -62,7 +57,7 @@ void SoftBusDeviceConnectionListener::OnDeviceOnline(const DistributedHardware:: networkId, uuid, udid, info.deviceName, std::to_string(info.deviceTypeId)); RemoteCommandManager::GetInstance().NotifyDeviceOnline(udid); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Uuid or udid is empty, online failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Uuid or udid is empty, online failed."); } // no need to load local permissions by now. } @@ -71,12 +66,12 @@ void SoftBusDeviceConnectionListener::UnloadTokensyncService() { auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (samgr == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get samgr failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Get samgr failed."); return ; } int32_t ret = samgr->UnloadSystemAbility(TOKEN_SYNC_MANAGER_SERVICE_ID); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Remove system ability failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Remove system ability failed."); } } @@ -86,11 +81,11 @@ void SoftBusDeviceConnectionListener::OnDeviceOffline(const DistributedHardware: std::string uuid = DeviceInfoManager::GetInstance().ConvertToUniversallyUniqueIdOrFetch(networkId); std::string udid = DeviceInfoManager::GetInstance().ConvertToUniqueDeviceIdOrFetch(networkId); if ((uuid == "") || (udid == "")) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Uuid or udid is empty, offline failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Uuid or udid is empty, offline failed."); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "NetworkId: %{public}s, uuid: %{public}s, udid: %{public}s.", + LOGI(ATM_DOMAIN, ATM_TAG, "NetworkId: %{public}s, uuid: %{public}s, udid: %{public}s.", ConstantCommon::EncryptDevId(networkId).c_str(), ConstantCommon::EncryptDevId(uuid).c_str(), ConstantCommon::EncryptDevId(udid).c_str()); @@ -106,12 +101,12 @@ void SoftBusDeviceConnectionListener::OnDeviceOffline(const DistributedHardware: int32_t ret = DistributedHardware::DeviceManager::GetInstance().GetTrustedDeviceList(packageName, extra, deviceList); if (ret != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetTrustedDeviceList error, result: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "GetTrustedDeviceList error, result: %{public}d", ret); return; } if (deviceList.empty()) { - ACCESSTOKEN_LOG_INFO(LABEL, "There is no remote decice online, exit tokensync process"); + LOGI(ATM_DOMAIN, ATM_TAG, "There is no remote decice online, exit tokensync process"); UnloadTokensyncService(); } @@ -120,13 +115,13 @@ void SoftBusDeviceConnectionListener::OnDeviceOffline(const DistributedHardware: void SoftBusDeviceConnectionListener::OnDeviceReady(const DistributedHardware::DmDeviceInfo &info) { std::string networkId = std::string(info.networkId); - ACCESSTOKEN_LOG_INFO(LABEL, "NetworkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "NetworkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); } void SoftBusDeviceConnectionListener::OnDeviceChanged(const DistributedHardware::DmDeviceInfo &info) { std::string networkId = std::string(info.networkId); - ACCESSTOKEN_LOG_INFO(LABEL, "NetworkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); + LOGI(ATM_DOMAIN, ATM_TAG, "NetworkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); } } // namespace AccessToken } // namespace Security diff --git a/services/tokensyncmanager/src/remote/soft_bus_manager.cpp b/services/tokensyncmanager/src/remote/soft_bus_manager.cpp index b77c85276924140edaaaf51dce557e79d7727eb2..c89da2c5ec1e9bb5fd874a310462e6a452b229f5 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_manager.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_manager.cpp @@ -18,13 +18,13 @@ #include #include -#include "accesstoken_log.h" -#include "config_policy_loader.h" +#include "accesstoken_common_log.h" #include "constant.h" #include "constant_common.h" #include "device_info_manager.h" #include "device_manager.h" #include "ipc_skeleton.h" +#include "json_parse_loader.h" #include "libraryloader.h" #include "remote_command_manager.h" #include "soft_bus_device_connection_listener.h" @@ -35,7 +35,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SoftBusManager"}; static constexpr int32_t DEFAULT_SEND_REQUEST_REPEAT_TIMES = 5; } namespace { @@ -62,12 +61,12 @@ std::recursive_mutex g_instanceMutex; SoftBusManager::SoftBusManager() : isSoftBusServiceBindSuccess_(false), inited_(false), mutex_(), fulfillMutex_() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "SoftBusManager()"); + LOGD(ATM_DOMAIN, ATM_TAG, "SoftBusManager()"); } SoftBusManager::~SoftBusManager() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "~SoftBusManager()"); + LOGD(ATM_DOMAIN, ATM_TAG, "~SoftBusManager()"); } SoftBusManager &SoftBusManager::GetInstance() @@ -76,7 +75,8 @@ SoftBusManager &SoftBusManager::GetInstance() if (instance == nullptr) { std::lock_guard lock(g_instanceMutex); if (instance == nullptr) { - instance = new SoftBusManager(); + SoftBusManager* tmp = new SoftBusManager(); + instance = std::move(tmp); } } return *instance; @@ -91,7 +91,7 @@ int SoftBusManager::AddTrustedDeviceInfo() int32_t ret = DistributedHardware::DeviceManager::GetInstance().GetTrustedDeviceList(packageName, extra, deviceList); if (ret != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "AddTrustedDeviceInfo: GetTrustedDeviceList error, result: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "AddTrustedDeviceInfo: GetTrustedDeviceList error, result: %{public}d", ret); return Constant::FAILURE; } @@ -103,7 +103,7 @@ int SoftBusManager::AddTrustedDeviceInfo() DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TOKEN_SYNC_PACKAGE_NAME, device.networkId, udid); if (uuid.empty() || udid.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Uuid = %{public}s, udid = %{public}s, uuid or udid is empty, abort.", + LOGE(ATM_DOMAIN, ATM_TAG, "Uuid = %{public}s, udid = %{public}s, uuid or udid is empty, abort.", ConstantCommon::EncryptDevId(uuid).c_str(), ConstantCommon::EncryptDevId(udid).c_str()); continue; } @@ -123,13 +123,13 @@ int SoftBusManager::DeviceInit() int ret = DistributedHardware::DeviceManager::GetInstance().InitDeviceManager(packageName, ptrDmInitCallback); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: InitDeviceManager error, result: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Initialize: InitDeviceManager error, result: %{public}d", ret); return ret; } ret = AddTrustedDeviceInfo(); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: AddTrustedDeviceInfo error, result: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Initialize: AddTrustedDeviceInfo error, result: %{public}d", ret); return ret; } @@ -139,7 +139,7 @@ int SoftBusManager::DeviceInit() ret = DistributedHardware::DeviceManager::GetInstance().RegisterDevStateCallback(packageName, extra, ptrDeviceStateCallback); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Initialize: RegisterDevStateCallback error, result: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Initialize: RegisterDevStateCallback error, result: %{public}d", ret); return ret; } @@ -149,11 +149,11 @@ int SoftBusManager::DeviceInit() bool SoftBusManager::CheckAndCopyStr(char* dest, uint32_t destLen, const std::string& src) { if (destLen < src.length() + 1) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid src length"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid src length"); return false; } if (strcpy_s(dest, destLen, src.c_str()) != EOK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid src"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid src"); return false; } return true; @@ -179,11 +179,11 @@ int32_t SoftBusManager::ServiceSocketInit() }; int32_t ret = ::Socket(info); // create service socket id if (ret <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create service socket faild, ret is %{public}d.", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Create service socket faild, ret is %{public}d.", ret); return ERROR_CREATE_SOCKET_FAIL; } else { socketFd_ = ret; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Create service socket[%{public}d] success.", socketFd_); + LOGD(ATM_DOMAIN, ATM_TAG, "Create service socket[%{public}d] success.", socketFd_); } // set service qos, no need to regist OnQos now, regist it @@ -200,10 +200,10 @@ int32_t SoftBusManager::ServiceSocketInit() ret = ::Listen(socketFd_, serverQos, QOS_LEN, &listener); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create listener failed, ret is %{public}d.", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "Create listener failed, ret is %{public}d.", ret); return ERROR_CREATE_LISTENER_FAIL; } else { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Create listener success."); + LOGD(ATM_DOMAIN, ATM_TAG, "Create listener success."); } return ERR_OK; @@ -217,17 +217,17 @@ int32_t SoftBusManager::GetRepeatTimes() void SoftBusManager::SetDefaultConfigValue() { - ACCESSTOKEN_LOG_INFO(LABEL, "No config file or config file is not valid, use default values"); + LOGI(ATM_DOMAIN, ATM_TAG, "No config file or config file is not valid, use default values"); sendRequestRepeatTimes_ = DEFAULT_SEND_REQUEST_REPEAT_TIMES; } void SoftBusManager::GetConfigValue() { - LibraryLoader loader(CONFIG_POLICY_LIBPATH); + LibraryLoader loader(CONFIG_PARSE_LIBPATH); ConfigPolicyLoaderInterface* policy = loader.GetObject(); if (policy == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Dlopen libaccesstoken_config_policy failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen libaccesstoken_json_parse failed."); return; } AccessTokenConfigValue value; @@ -238,7 +238,7 @@ void SoftBusManager::GetConfigValue() SetDefaultConfigValue(); } - ACCESSTOKEN_LOG_INFO(LABEL, "SendRequestRepeatTimes_ is %{public}d.", sendRequestRepeatTimes_); + LOGI(ATM_DOMAIN, ATM_TAG, "SendRequestRepeatTimes_ is %{public}d.", sendRequestRepeatTimes_); } void SoftBusManager::Initialize() @@ -246,7 +246,7 @@ void SoftBusManager::Initialize() bool inited = false; // cas failed means already inited. if (!inited_.compare_exchange_strong(inited, true)) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Already initialized, skip"); + LOGD(ATM_DOMAIN, ATM_TAG, "Already initialized, skip"); return; } @@ -255,46 +255,41 @@ void SoftBusManager::Initialize() std::function runner = [this]() { std::string name = "SoftBusMagInit"; pthread_setname_np(pthread_self(), name.substr(0, MAX_PTHREAD_NAME_LEN).c_str()); - auto sleepTime = std::chrono::milliseconds(1000); - while (1) { - std::unique_lock lock(mutex_); - - int ret = DeviceInit(); - if (ret != ERR_OK) { - std::this_thread::sleep_for(sleepTime); - continue; - } - - ret = ServiceSocketInit(); - if (ret != ERR_OK) { - std::this_thread::sleep_for(sleepTime); - continue; - } - - isSoftBusServiceBindSuccess_ = true; - this->FulfillLocalDeviceInfo(); + std::unique_lock lock(mutex_); + + int ret = DeviceInit(); + if (ret != ERR_OK) { + LOGE(ATM_DOMAIN, ATM_TAG, "Initialize thread started"); return; } + + ret = ServiceSocketInit(); + if (ret != ERR_OK) { + return; + } + + isSoftBusServiceBindSuccess_ = true; + this->FulfillLocalDeviceInfo(); }; std::thread initThread(runner); initThread.detach(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Initialize thread started"); + LOGD(ATM_DOMAIN, ATM_TAG, "Initialize thread started"); } void SoftBusManager::Destroy() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Destroy, init: %{public}d, isSoftBusServiceBindSuccess: %{public}d", inited_.load(), + LOGD(ATM_DOMAIN, ATM_TAG, "Destroy, init: %{public}d, isSoftBusServiceBindSuccess: %{public}d", inited_.load(), isSoftBusServiceBindSuccess_); if (!inited_.load()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Not inited, skip"); + LOGD(ATM_DOMAIN, ATM_TAG, "Not inited, skip"); return; } std::unique_lock lock(mutex_); if (!inited_.load()) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Not inited, skip"); + LOGD(ATM_DOMAIN, ATM_TAG, "Not inited, skip"); return; } @@ -303,11 +298,11 @@ void SoftBusManager::Destroy() ::Shutdown(socketFd_); } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Destroy service socket."); + LOGD(ATM_DOMAIN, ATM_TAG, "Destroy service socket."); SoftBusSocketListener::CleanUpAllBindSocket(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Destroy client socket."); + LOGD(ATM_DOMAIN, ATM_TAG, "Destroy client socket."); isSoftBusServiceBindSuccess_ = false; } @@ -315,16 +310,16 @@ void SoftBusManager::Destroy() std::string packageName = TOKEN_SYNC_PACKAGE_NAME; int ret = DistributedHardware::DeviceManager::GetInstance().UnRegisterDevStateCallback(packageName); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnRegisterDevStateCallback failed, code: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "UnRegisterDevStateCallback failed, code: %{public}d", ret); } ret = DistributedHardware::DeviceManager::GetInstance().UnInitDeviceManager(packageName); if (ret != ERR_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "UnInitDeviceManager failed, code: %{public}d", ret); + LOGE(ATM_DOMAIN, ATM_TAG, "UnInitDeviceManager failed, code: %{public}d", ret); } inited_.store(false); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Destroy, done"); + LOGD(ATM_DOMAIN, ATM_TAG, "Destroy, done"); } int32_t SoftBusManager::InitSocketAndListener(const std::string& networkId, ISocketListener& listener) @@ -369,13 +364,13 @@ int32_t SoftBusManager::InitSocketAndListener(const std::string& networkId, ISoc int32_t SoftBusManager::BindService(const std::string &deviceId) { #ifdef DEBUG_API_PERFORMANCE - ACCESSTOKEN_LOG_INFO(LABEL, "Api_performance:start bind service"); + LOGI(ATM_DOMAIN, ATM_TAG, "Api_performance:start bind service"); #endif DeviceInfo info; bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(deviceId, DeviceIdType::UNKNOWN, info); if (!result) { - ACCESSTOKEN_LOG_WARN(LABEL, "Device info not found for deviceId %{public}s", + LOGW(ATM_DOMAIN, ATM_TAG, "Device info not found for deviceId %{public}s", ConstantCommon::EncryptDevId(deviceId).c_str()); return Constant::FAILURE; } @@ -384,7 +379,7 @@ int32_t SoftBusManager::BindService(const std::string &deviceId) ISocketListener listener; int32_t socketFd = InitSocketAndListener(networkId, listener); if (socketFd_ <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Create client socket faild."); + LOGE(ATM_DOMAIN, ATM_TAG, "Create client socket faild."); return ERROR_CREATE_SOCKET_FAIL; } @@ -394,7 +389,7 @@ int32_t SoftBusManager::BindService(const std::string &deviceId) if (iter == clientSocketMap_.end()) { clientSocketMap_.insert(std::pair(socketFd, networkId)); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Client socket has bind already"); + LOGE(ATM_DOMAIN, ATM_TAG, "Client socket has bind already"); return ERROR_CLIENT_HAS_BIND_ALREADY; } } @@ -407,7 +402,7 @@ int32_t SoftBusManager::BindService(const std::string &deviceId) AccessTokenID firstCaller = IPCSkeleton::GetFirstTokenID(); SetFirstCallerTokenID(firstCaller); - ACCESSTOKEN_LOG_INFO(LABEL, "Bind service and setFirstCaller %{public}u.", firstCaller); + LOGI(ATM_DOMAIN, ATM_TAG, "Bind service and setFirstCaller %{public}u.", firstCaller); // retry 10 times or bind success int32_t retryTimes = 0; @@ -422,14 +417,14 @@ int32_t SoftBusManager::BindService(const std::string &deviceId) break; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "Bind service succeed, socketFd is %{public}d.", socketFd); + LOGD(ATM_DOMAIN, ATM_TAG, "Bind service succeed, socketFd is %{public}d.", socketFd); return socketFd; } int SoftBusManager::CloseSocket(int socketFd) { if (socketFd <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket is invalid"); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket is invalid"); return Constant::FAILURE; } @@ -441,7 +436,7 @@ int SoftBusManager::CloseSocket(int socketFd) clientSocketMap_.erase(iter); } - ACCESSTOKEN_LOG_INFO(LABEL, "Close socket"); + LOGI(ATM_DOMAIN, ATM_TAG, "Close socket"); return Constant::SUCCESS; } @@ -460,21 +455,21 @@ bool SoftBusManager::GetNetworkIdBySocket(const int32_t socket, std::string& net std::string SoftBusManager::GetUniversallyUniqueIdByNodeId(const std::string &networkId) { if (!DataValidator::IsDeviceIdValid(networkId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid networkId, empty or size extends 256"); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid networkId, empty or size extends 256"); return ""; } std::string uuid; DistributedHardware::DeviceManager::GetInstance().GetUuidByNetworkId(TOKEN_SYNC_PACKAGE_NAME, networkId, uuid); if (uuid.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Softbus return null or empty string"); + LOGE(ATM_DOMAIN, ATM_TAG, "Softbus return null or empty string"); return ""; } DeviceInfo info; bool result = DeviceInfoManager::GetInstance().GetDeviceInfo(uuid, DeviceIdType::UNIVERSALLY_UNIQUE_ID, info); if (!result) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "Local device info not found for uuid %{public}s", + LOGD(ATM_DOMAIN, ATM_TAG, "Local device info not found for uuid %{public}s", ConstantCommon::EncryptDevId(uuid).c_str()); } else { std::string dimUuid = info.deviceId.universallyUniqueId; @@ -492,13 +487,13 @@ std::string SoftBusManager::GetUniversallyUniqueIdByNodeId(const std::string &ne std::string SoftBusManager::GetUniqueDeviceIdByNodeId(const std::string &networkId) { if (!DataValidator::IsDeviceIdValid(networkId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Invalid networkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Invalid networkId: %{public}s", ConstantCommon::EncryptDevId(networkId).c_str()); return ""; } std::string udid; DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TOKEN_SYNC_PACKAGE_NAME, networkId, udid); if (udid.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Softbus return null or empty string: %{public}s", + LOGE(ATM_DOMAIN, ATM_TAG, "Softbus return null or empty string: %{public}s", ConstantCommon::EncryptDevId(udid).c_str()); return ""; } @@ -516,7 +511,7 @@ int SoftBusManager::FulfillLocalDeviceInfo() { // repeated task will just skip if (!fulfillMutex_.try_lock()) { - ACCESSTOKEN_LOG_INFO(LABEL, "FulfillLocalDeviceInfo already running, skip."); + LOGI(ATM_DOMAIN, ATM_TAG, "FulfillLocalDeviceInfo already running, skip."); return Constant::SUCCESS; } @@ -524,28 +519,26 @@ int SoftBusManager::FulfillLocalDeviceInfo() int32_t res = DistributedHardware::DeviceManager::GetInstance().GetLocalDeviceInfo(TOKEN_SYNC_PACKAGE_NAME, deviceInfo); if (res != Constant::SUCCESS) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetLocalDeviceInfo error"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetLocalDeviceInfo error"); fulfillMutex_.unlock(); return Constant::FAILURE; } std::string networkId = std::string(deviceInfo.networkId); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Call softbus finished, type:%{public}d", deviceInfo.deviceTypeId); - std::string uuid; std::string udid; DistributedHardware::DeviceManager::GetInstance().GetUuidByNetworkId(TOKEN_SYNC_PACKAGE_NAME, networkId, uuid); DistributedHardware::DeviceManager::GetInstance().GetUdidByNetworkId(TOKEN_SYNC_PACKAGE_NAME, networkId, udid); if (uuid.empty() || udid.empty()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "FulfillLocalDeviceInfo: uuid or udid is empty, abort."); + LOGE(ATM_DOMAIN, ATM_TAG, "FulfillLocalDeviceInfo: uuid or udid is empty, abort."); fulfillMutex_.unlock(); return Constant::FAILURE; } DeviceInfoManager::GetInstance().AddDeviceInfo(networkId, uuid, udid, std::string(deviceInfo.deviceName), std::to_string(deviceInfo.deviceTypeId)); - ACCESSTOKEN_LOG_DEBUG(LABEL, "AddDeviceInfo finished"); + LOGD(ATM_DOMAIN, ATM_TAG, "AddDeviceInfo finished"); fulfillMutex_.unlock(); return Constant::SUCCESS; diff --git a/services/tokensyncmanager/src/remote/soft_bus_socket_listener.cpp b/services/tokensyncmanager/src/remote/soft_bus_socket_listener.cpp index 62ca8080a5a861c9e1d3cdbe21cb1f6b3c775ec5..e0d119d05741503729297bef8392dfa4abf6b793 100644 --- a/services/tokensyncmanager/src/remote/soft_bus_socket_listener.cpp +++ b/services/tokensyncmanager/src/remote/soft_bus_socket_listener.cpp @@ -15,7 +15,7 @@ #include "soft_bus_socket_listener.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "constant.h" #include "remote_command_manager.h" #include "socket.h" @@ -25,9 +25,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SoftBusSocketListener"}; -} -namespace { static const int32_t MAX_ONBYTES_RECEIVED_DATA_LEN = 1024 * 1024 * 10; } // namespace @@ -36,10 +33,10 @@ std::map SoftBusSocketListener::socketBindMap_; void SoftBusSocketListener::OnBind(int32_t socket, PeerSocketInfo info) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket fd is %{public}d.", socket); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket fd is %{public}d.", socket); if (socket <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Socket fb invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Socket fd invalid."); return; } @@ -55,10 +52,10 @@ void SoftBusSocketListener::OnBind(int32_t socket, PeerSocketInfo info) void SoftBusSocketListener::OnShutdown(int32_t socket, ShutdownReason reason) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket fd %{public}d shutdown because %{public}u.", socket, reason); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket fd %{public}d shutdown because %{public}u.", socket, reason); if (socket <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Socket fb invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Socket fd invalid."); return; } @@ -73,7 +70,7 @@ void SoftBusSocketListener::OnShutdown(int32_t socket, ShutdownReason reason) bool SoftBusSocketListener::GetNetworkIdBySocket(const int32_t socket, std::string& networkId) { if (socket <= Constant::INVALID_SOCKET_FD) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Socket fb invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Socket fd invalid."); return false; } @@ -88,24 +85,24 @@ bool SoftBusSocketListener::GetNetworkIdBySocket(const int32_t socket, std::stri void SoftBusSocketListener::OnClientBytes(int32_t socket, const void *data, uint32_t dataLen) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket fd %{public}d, recv len %{public}d.", socket, dataLen); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket fd %{public}d, recv len %{public}d.", socket, dataLen); if ((socket <= Constant::INVALID_SOCKET_FD) || (data == nullptr) || (dataLen == 0) || (dataLen > MAX_ONBYTES_RECEIVED_DATA_LEN)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Params invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Params invalid."); return; } std::string networkId; if (!GetNetworkIdBySocket(socket, networkId)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Socket invalid, bind service first."); + LOGE(ATM_DOMAIN, ATM_TAG, "Socket invalid, bind service first."); return; } // channel create in SoftBusDeviceConnectionListener::OnDeviceOnline->RemoteCommandManager::NotifyDeviceOnline auto channel = RemoteCommandManager::GetInstance().GetExecutorChannel(networkId); if (channel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetExecutorChannel failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetExecutorChannel failed"); return; } channel->HandleDataReceived(socket, static_cast(const_cast(data)), dataLen); @@ -113,11 +110,11 @@ void SoftBusSocketListener::OnClientBytes(int32_t socket, const void *data, uint void SoftBusSocketListener::OnServiceBytes(int32_t socket, const void *data, uint32_t dataLen) { - ACCESSTOKEN_LOG_INFO(LABEL, "Socket fd %{public}d, recv len %{public}d.", socket, dataLen); + LOGI(ATM_DOMAIN, ATM_TAG, "Socket fd %{public}d, recv len %{public}d.", socket, dataLen); if ((socket <= Constant::INVALID_SOCKET_FD) || (data == nullptr) || (dataLen == 0) || (dataLen > MAX_ONBYTES_RECEIVED_DATA_LEN)) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Params invalid."); + LOGE(ATM_DOMAIN, ATM_TAG, "Params invalid."); return; } @@ -126,12 +123,12 @@ void SoftBusSocketListener::OnServiceBytes(int32_t socket, const void *data, uin // channel create in SoftBusDeviceConnectionListener::OnDeviceOnline->RemoteCommandManager::NotifyDeviceOnline auto channel = RemoteCommandManager::GetInstance().GetExecutorChannel(networkId); if (channel == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "GetExecutorChannel failed"); + LOGE(ATM_DOMAIN, ATM_TAG, "GetExecutorChannel failed"); return; } channel->HandleDataReceived(socket, static_cast(const_cast(data)), dataLen); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "Unkonow socket."); + LOGE(ATM_DOMAIN, ATM_TAG, "Unkonow socket."); } } diff --git a/services/tokensyncmanager/src/service/token_sync_manager_service.cpp b/services/tokensyncmanager/src/service/token_sync_manager_service.cpp index a3c6e84f25e00caafd6ed569c5ad8a1d1d247e9f..db421db0a97460d2b440966d527e962fb625e617 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_service.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_service.cpp @@ -17,19 +17,17 @@ #include -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "constant_common.h" #include "device_info_repository.h" #include "device_info.h" #include "remote_command_manager.h" #include "soft_bus_manager.h" +#include "system_ability_definition.h" namespace OHOS { namespace Security { namespace AccessToken { -namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerService"}; -} const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get()); @@ -37,41 +35,49 @@ const bool REGISTER_RESULT = TokenSyncManagerService::TokenSyncManagerService() : SystemAbility(SA_ID_TOKENSYNC_MANAGER_SERVICE, false), state_(ServiceRunningState::STATE_NOT_START) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenSyncManagerService()"); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenSyncManagerService()"); } TokenSyncManagerService::~TokenSyncManagerService() { - ACCESSTOKEN_LOG_INFO(LABEL, "~TokenSyncManagerService()"); + LOGI(ATM_DOMAIN, ATM_TAG, "~TokenSyncManagerService()"); } void TokenSyncManagerService::OnStart() { if (state_ == ServiceRunningState::STATE_RUNNING) { - ACCESSTOKEN_LOG_INFO(LABEL, "TokenSyncManagerService has already started!"); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenSyncManagerService has already started!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "TokenSyncManagerService is starting"); + LOGI(ATM_DOMAIN, ATM_TAG, "TokenSyncManagerService is starting"); if (!Initialize()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to initialize"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to initialize"); return; } state_ = ServiceRunningState::STATE_RUNNING; bool ret = Publish(DelayedSingleton::GetInstance().get()); if (!ret) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to publish service!"); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to publish service!"); return; } - ACCESSTOKEN_LOG_INFO(LABEL, "Congratulations, TokenSyncManagerService start successfully!"); + (void)AddSystemAbilityListener(DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID); + LOGI(ATM_DOMAIN, ATM_TAG, "Congratulations, TokenSyncManagerService start successfully!"); } void TokenSyncManagerService::OnStop() { - ACCESSTOKEN_LOG_INFO(LABEL, "Stop service"); + LOGI(ATM_DOMAIN, ATM_TAG, "Stop service"); state_ = ServiceRunningState::STATE_NOT_START; SoftBusManager::GetInstance().Destroy(); } +void TokenSyncManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId) +{ + if (systemAbilityId == DISTRIBUTED_HARDWARE_DEVICEMANAGER_SA_ID) { + SoftBusManager::GetInstance().Initialize(); + } +} + #ifdef EVENTHANDLER_ENABLE std::shared_ptr TokenSyncManagerService::GetSendEventHandler() const { @@ -87,13 +93,13 @@ std::shared_ptr TokenSyncManagerService::GetRecvEventHandler int TokenSyncManagerService::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) { if (!DataValidator::IsDeviceIdValid(deviceID) || tokenID == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Params is wrong."); + LOGI(ATM_DOMAIN, ATM_TAG, "Params is wrong."); return TOKEN_SYNC_PARAMS_INVALID; } DeviceInfo devInfo; bool result = DeviceInfoRepository::GetInstance().FindDeviceInfo(deviceID, DeviceIdType::UNKNOWN, devInfo); if (!result) { - ACCESSTOKEN_LOG_INFO(LABEL, "FindDeviceInfo failed"); + LOGI(ATM_DOMAIN, ATM_TAG, "FindDeviceInfo failed"); return TOKEN_SYNC_REMOTE_DEVICE_INVALID; } std::string udid = devInfo.deviceId.uniqueDeviceId; @@ -103,18 +109,18 @@ int TokenSyncManagerService::GetRemoteHapTokenInfo(const std::string& deviceID, const int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand(udid, syncRemoteHapTokenCommand); if (resultCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteExecutorManager executeCommand SyncRemoteHapTokenCommand failed, return %{public}d", resultCode); return TOKEN_SYNC_COMMAND_EXECUTE_FAILED; } - ACCESSTOKEN_LOG_INFO(LABEL, "Get resultCode: %{public}d", resultCode); + LOGI(ATM_DOMAIN, ATM_TAG, "Get resultCode: %{public}d", resultCode); return TOKEN_SYNC_SUCCESS; } int TokenSyncManagerService::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) { if (tokenID == 0) { - ACCESSTOKEN_LOG_INFO(LABEL, "Params is wrong, token id is invalid."); + LOGI(ATM_DOMAIN, ATM_TAG, "Params is wrong, token id is invalid."); return TOKEN_SYNC_PARAMS_INVALID; } @@ -122,7 +128,7 @@ int TokenSyncManagerService::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) std::string localUdid = ConstantCommon::GetLocalDeviceId(); for (const DeviceInfo& device : devices) { if (device.deviceId.uniqueDeviceId == localUdid) { - ACCESSTOKEN_LOG_INFO(LABEL, "No need notify local device"); + LOGI(ATM_DOMAIN, ATM_TAG, "No need notify local device"); continue; } const std::shared_ptr deleteRemoteTokenCommand = @@ -132,11 +138,11 @@ int TokenSyncManagerService::DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand( device.deviceId.uniqueDeviceId, deleteRemoteTokenCommand); if (resultCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteExecutorManager executeCommand DeleteRemoteTokenCommand failed, return %{public}d", resultCode); continue; } - ACCESSTOKEN_LOG_INFO(LABEL, "Get resultCode: %{public}d", resultCode); + LOGI(ATM_DOMAIN, ATM_TAG, "Get resultCode: %{public}d", resultCode); } return TOKEN_SYNC_SUCCESS; } @@ -147,7 +153,7 @@ int TokenSyncManagerService::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& std::string localUdid = ConstantCommon::GetLocalDeviceId(); for (const DeviceInfo& device : devices) { if (device.deviceId.uniqueDeviceId == localUdid) { - ACCESSTOKEN_LOG_INFO(LABEL, "No need notify local device"); + LOGI(ATM_DOMAIN, ATM_TAG, "No need notify local device"); continue; } @@ -158,12 +164,12 @@ int TokenSyncManagerService::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& const int32_t resultCode = RemoteCommandManager::GetInstance().ExecuteCommand( device.deviceId.uniqueDeviceId, updateRemoteHapTokenCommand); if (resultCode != Constant::SUCCESS) { - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "RemoteExecutorManager executeCommand updateRemoteHapTokenCommand failed, return %{public}d", resultCode); continue; } - ACCESSTOKEN_LOG_INFO(LABEL, "Get resultCode: %{public}d", resultCode); + LOGI(ATM_DOMAIN, ATM_TAG, "Get resultCode: %{public}d", resultCode); } return TOKEN_SYNC_SUCCESS; @@ -174,20 +180,19 @@ bool TokenSyncManagerService::Initialize() #ifdef EVENTHANDLER_ENABLE sendRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); if (!sendRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a sendRunner."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create a sendRunner."); return false; } sendHandler_ = std::make_shared(sendRunner_); recvRunner_ = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); if (!recvRunner_) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to create a recvRunner."); + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create a recvRunner."); return false; } recvHandler_ = std::make_shared(recvRunner_); #endif - SoftBusManager::GetInstance().Initialize(); return true; } } // namespace AccessToken diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp index 21852cc91dd336e59e0e1ff1b606f6545efe3a42..9c1ab2fd90d927557bb49d2d17fb12be066f2dc9 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp @@ -15,18 +15,16 @@ #include "token_sync_manager_stub.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "hap_token_info_for_sync_parcel.h" #include "ipc_skeleton.h" -#include "native_token_info_for_sync_parcel.h" #include "string_ex.h" namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncManagerStub"}; #ifndef ATM_BUILD_VARIANT_USER_ENABLE static const int32_t ROOT_UID = 0; #endif @@ -35,10 +33,10 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ int32_t TokenSyncManagerStub::OnRemoteRequest( uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option) { - ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, code: %{public}d", __func__, code); + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called, code: %{public}d", __func__, code); std::u16string descriptor = data.ReadInterfaceToken(); if (descriptor != ITokenSyncManager::GetDescriptor()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); + LOGE(ATM_DOMAIN, ATM_TAG, "Get unexpect descriptor: %{public}s", Str16ToStr8(descriptor).c_str()); return ERROR_IPC_REQUEST_FAIL; } switch (code) { @@ -61,7 +59,7 @@ bool TokenSyncManagerStub::IsNativeProcessCalling() const { AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); uint32_t type = (reinterpret_cast(&tokenCaller))->type; - ACCESSTOKEN_LOG_DEBUG(LABEL, "Calling type: %{public}d", type); + LOGD(ATM_DOMAIN, ATM_TAG, "Calling type: %{public}d", type); return type == TOKEN_NATIVE; } @@ -69,7 +67,7 @@ bool TokenSyncManagerStub::IsRootCalling() const { #ifndef ATM_BUILD_VARIANT_USER_ENABLE int callingUid = IPCSkeleton::GetCallingUid(); - ACCESSTOKEN_LOG_DEBUG(LABEL, "Calling uid: %{public}d", callingUid); + LOGD(ATM_DOMAIN, ATM_TAG, "Calling uid: %{public}d", callingUid); return callingUid == ROOT_UID; #else return false; @@ -79,7 +77,7 @@ bool TokenSyncManagerStub::IsRootCalling() const void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsRootCalling() && !IsNativeProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } @@ -95,7 +93,7 @@ void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, Messa void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsRootCalling() && !IsNativeProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } @@ -107,7 +105,7 @@ void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, Me void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { if (!IsRootCalling() && !IsNativeProcessCalling()) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); + LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s called, permission denied", __func__); reply.WriteInt32(ERR_IDENTITY_CHECK_FAILED); return; } diff --git a/services/tokensyncmanager/test/coverage/BUILD.gn b/services/tokensyncmanager/test/coverage/BUILD.gn index beaa58cf035b4582a51466d9b67a362e9e1a3c30..5ddfb2d6f65e75f7571edd5316615e6ff6099d97 100644 --- a/services/tokensyncmanager/test/coverage/BUILD.gn +++ b/services/tokensyncmanager/test/coverage/BUILD.gn @@ -29,7 +29,6 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "../../src/command/base_remote_command.cpp", "../../src/command/delete_remote_token_command.cpp", "../../src/command/sync_remote_hap_token_command.cpp", - "../../src/command/sync_remote_native_token_command.cpp", "../../src/command/update_remote_hap_token_command.cpp", "../../src/device/device_info_manager.cpp", "../../src/device/device_info_repository.cpp", @@ -61,7 +60,8 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", ] @@ -71,6 +71,7 @@ ohos_unittest("libtoken_sync_service_coverage_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtoken_setproc", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -78,11 +79,11 @@ ohos_unittest("libtoken_sync_service_coverage_test") { configs = [ "${access_token_path}/config:coverage_flags" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", "safwk:system_ability_fwk", "zlib:libz", ] diff --git a/services/tokensyncmanager/test/coverage/token_sync_service_coverage_test.cpp b/services/tokensyncmanager/test/coverage/token_sync_service_coverage_test.cpp index 779d32238c8d4caaffe6ee758e407c34a35a66d5..057c63a00289c9f74c60f2a17f3a0ca2d2c9dc7c 100644 --- a/services/tokensyncmanager/test/coverage/token_sync_service_coverage_test.cpp +++ b/services/tokensyncmanager/test/coverage/token_sync_service_coverage_test.cpp @@ -25,11 +25,12 @@ #include "remote_command_executor.h" #include "token_sync_manager_service.h" #include "soft_bus_manager.h" +#include "soft_bus_channel.h" #undef private #include "gtest/gtest.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "base_remote_command.h" #include "constant_common.h" @@ -54,8 +55,6 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncServiceTest"}; - static DistributedHardware::DmDeviceInfo g_devInfo = { // udid = deviceid-1:udid-001 uuid = deviceid-1:uuid-001 .deviceId = "deviceid-1", @@ -114,7 +113,7 @@ void TokenSyncServiceTest::SetUp() } void TokenSyncServiceTest::TearDown() { - ACCESSTOKEN_LOG_INFO(LABEL, "TearDown start."); + LOGI(ATM_DOMAIN, ATM_TAG, "TearDown start."); tokenSyncManagerService_ = nullptr; for (auto it = threads_.begin(); it != threads_.end(); it++) { it->join(); @@ -133,7 +132,7 @@ void TokenSyncServiceTest::OnDeviceOffline(const DistributedHardware::DmDeviceIn std::string uuid = DeviceInfoManager::GetInstance().ConvertToUniversallyUniqueIdOrFetch(networkId); std::string udid = DeviceInfoManager::GetInstance().ConvertToUniqueDeviceIdOrFetch(networkId); - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "networkId: %{public}s, uuid: %{public}s, udid: %{public}s", networkId.c_str(), uuid.c_str(), @@ -144,7 +143,7 @@ void TokenSyncServiceTest::OnDeviceOffline(const DistributedHardware::DmDeviceIn RemoteCommandManager::GetInstance().NotifyDeviceOffline(udid); DeviceInfoManager::GetInstance().RemoveRemoteDeviceInfo(networkId, DeviceIdType::NETWORK_ID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "uuid or udid is empty, offline failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "uuid or udid is empty, offline failed."); } } @@ -182,9 +181,28 @@ HWTEST_F(TokenSyncServiceTest, CloseSocket001, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetUniversallyUniqueIdByNodeId001, TestSize.Level1) { + SoftBusManager::GetInstance().Initialize(); + SoftBusManager::GetInstance().SetDefaultConfigValue(); ASSERT_EQ("", SoftBusManager::GetInstance().GetUniversallyUniqueIdByNodeId("")); ASSERT_EQ("", SoftBusManager::GetInstance().GetUniqueDeviceIdByNodeId("")); } + +/** + * @tc.name: InsertCallbackAndExcute001 + * @tc.desc: Ond + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(TokenSyncServiceTest, InsertCallbackAndExcute001, TestSize.Level1) +{ + SoftBusDeviceConnectionListener listener; + listener.OnDeviceOffline(g_devInfo); + SoftBusChannel channel("test"); + std::string test("test"); + channel.InsertCallback(0, test); + ASSERT_EQ(true, channel.isSocketUsing_); + ASSERT_EQ("", channel.ExecuteCommand("test", "test")); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/tokensyncmanager/test/mock/src/soft_bus_socket_mock.cpp b/services/tokensyncmanager/test/mock/src/soft_bus_socket_mock.cpp index 955800a8707a334c037e97c9ad7ab77836e6ae40..9cffe85ef94b3c1c4a66693d199bf01f6db05411 100644 --- a/services/tokensyncmanager/test/mock/src/soft_bus_socket_mock.cpp +++ b/services/tokensyncmanager/test/mock/src/soft_bus_socket_mock.cpp @@ -16,13 +16,12 @@ #include "socket.h" #include "constant.h" #include "soft_bus_manager.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "soft_bus_socket_listener.h" #include "soft_bus_channel.h" using namespace OHOS::Security::AccessToken; namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "SoftBusSocketMock"}; static const int SERVER_COUNT_LIMIT = 10; static int g_serverCount = -1; static bool g_sendMessFlag = false; @@ -38,7 +37,7 @@ bool IsServerCountOK() int SendBytes(int sessionId, const void *data, unsigned int len) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "len: %{public}d", len); + LOGD(ATM_DOMAIN, ATM_TAG, "len: %{public}d", len); if (sessionId == Constant::INVALID_SESSION) { return Constant::FAILURE; } @@ -49,17 +48,17 @@ int SendBytes(int sessionId, const void *data, unsigned int len) void DecompressMock(const unsigned char *bytes, const int length) { - ACCESSTOKEN_LOG_DEBUG(LABEL, "input length: %{public}d", length); + LOGD(ATM_DOMAIN, ATM_TAG, "input length: %{public}d", length); uLong len = 1048576; unsigned char *buf = static_cast(malloc(len + 1)); if (buf == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "no enough memory!"); + LOGE(ATM_DOMAIN, ATM_TAG, "no enough memory!"); return; } (void)memset_s(buf, len + 1, 0, len + 1); int result = uncompress(buf, &len, const_cast(bytes), length); if (result != Z_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "uncompress failed, error code: %{public}d, bound length: %{public}d, buffer length: %{public}d", result, static_cast(len), length); free(buf); @@ -68,13 +67,13 @@ void DecompressMock(const unsigned char *bytes, const int length) buf[len] = '\0'; std::string str(reinterpret_cast(buf)); free(buf); - ACCESSTOKEN_LOG_DEBUG(LABEL, "done, output: %{public}s", str.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "done, output: %{public}s", str.c_str()); std::size_t id_post = str.find("\"id\":"); std::string id_string = str.substr(id_post + 6, 9); g_uuid = id_string; - ACCESSTOKEN_LOG_DEBUG(LABEL, "id_string: %{public}s", id_string.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "id_string: %{public}s", id_string.c_str()); return; } @@ -83,7 +82,7 @@ void CompressMock(const std::string &json, const unsigned char *compressedBytes, uLong len = compressBound(json.size()); // length will not so that long if (compressedLength > 0 && (int) len > compressedLength) { - ACCESSTOKEN_LOG_ERROR(LABEL, + LOGE(ATM_DOMAIN, ATM_TAG, "compress error. data length overflow, bound length: %{public}d, buffer length: %{public}d", (int) len, compressedLength); return ; @@ -92,10 +91,10 @@ void CompressMock(const std::string &json, const unsigned char *compressedBytes, int result = compress(const_cast(compressedBytes), &len, reinterpret_cast(const_cast(json.c_str())), json.size() + 1); if (result != Z_OK) { - ACCESSTOKEN_LOG_ERROR(LABEL, "compress failed! error code: %{public}d", result); + LOGE(ATM_DOMAIN, ATM_TAG, "compress failed! error code: %{public}d", result); return; } - ACCESSTOKEN_LOG_DEBUG(LABEL, "compress complete. compress %{public}d bytes to %{public}d", compressedLength, + LOGD(ATM_DOMAIN, ATM_TAG, "compress complete. compress %{public}d bytes to %{public}d", compressedLength, (int) len); compressedLength = len; return ; @@ -103,7 +102,7 @@ void CompressMock(const std::string &json, const unsigned char *compressedBytes, std::string GetUuidMock() { - ACCESSTOKEN_LOG_DEBUG(LABEL, "GetUuidMock called uuid: %{public}s", g_uuid.c_str()); + LOGD(ATM_DOMAIN, ATM_TAG, "GetUuidMock called uuid: %{public}s", g_uuid.c_str()); return g_uuid; } diff --git a/services/tokensyncmanager/test/unittest/BUILD.gn b/services/tokensyncmanager/test/unittest/BUILD.gn index 692949315817b6dec84f3268ba2c25dfa27f4e23..7c224502045d6d3317806caf54dfa81dd849c2a9 100644 --- a/services/tokensyncmanager/test/unittest/BUILD.gn +++ b/services/tokensyncmanager/test/unittest/BUILD.gn @@ -29,7 +29,6 @@ ohos_unittest("libtoken_sync_service_standard_test") { "../../src/command/base_remote_command.cpp", "../../src/command/delete_remote_token_command.cpp", "../../src/command/sync_remote_hap_token_command.cpp", - "../../src/command/sync_remote_native_token_command.cpp", "../../src/command/update_remote_hap_token_command.cpp", "../../src/device/device_info_manager.cpp", "../../src/device/device_info_repository.cpp", @@ -61,7 +60,8 @@ ohos_unittest("libtoken_sync_service_standard_test") { "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/interfaces/innerkits/nativetoken/include", "${access_token_path}/interfaces/innerkits/token_setproc/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/handler/include", ] @@ -71,6 +71,7 @@ ohos_unittest("libtoken_sync_service_standard_test") { "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", ] cflags_cc = [ "-DHILOG_ENABLE" ] @@ -82,11 +83,11 @@ ohos_unittest("libtoken_sync_service_standard_test") { configs = [ "${access_token_path}/config:coverage_flags" ] external_deps = [ + "cJSON:cjson", "c_utils:utils", "dsoftbus:softbus_client", "hilog:libhilog", - "ipc:ipc_core", - "json:nlohmann_json_static", + "ipc:ipc_single", "safwk:system_ability_fwk", "zlib:libz", ] diff --git a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp index f8b493ef4a9cb366b7f4de4f1bcb538cd653d1d0..be54f37349f40a7bb3fb2e3cf4164699fe4dedf2 100644 --- a/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp +++ b/services/tokensyncmanager/test/unittest/token_sync_service_test.cpp @@ -28,7 +28,7 @@ #include "gtest/gtest.h" #include "accesstoken_kit.h" -#include "accesstoken_log.h" +#include "accesstoken_common_log.h" #include "access_token_error.h" #include "base_remote_command.h" #include "constant_common.h" @@ -84,7 +84,6 @@ static DistributedHardware::DmDeviceInfo g_devInfo = { }; namespace { -static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "TokenSyncServiceTest"}; static constexpr int MAX_RETRY_TIMES = 10; static constexpr int32_t DEVICEID_MAX_LEN = 256; } @@ -119,7 +118,7 @@ void TokenSyncServiceTest::SetUp() } void TokenSyncServiceTest::TearDown() { - ACCESSTOKEN_LOG_INFO(LABEL, "TearDown start."); + LOGI(ATM_DOMAIN, ATM_TAG, "TearDown start."); tokenSyncManagerService_ = nullptr; for (auto it = threads_.begin(); it != threads_.end(); it++) { it->join(); @@ -138,7 +137,7 @@ void TokenSyncServiceTest::OnDeviceOffline(const DistributedHardware::DmDeviceIn std::string uuid = DeviceInfoManager::GetInstance().ConvertToUniversallyUniqueIdOrFetch(networkId); std::string udid = DeviceInfoManager::GetInstance().ConvertToUniqueDeviceIdOrFetch(networkId); - ACCESSTOKEN_LOG_INFO(LABEL, + LOGI(ATM_DOMAIN, ATM_TAG, "networkId: %{public}s, uuid: %{public}s, udid: %{public}s", networkId.c_str(), uuid.c_str(), @@ -149,7 +148,7 @@ void TokenSyncServiceTest::OnDeviceOffline(const DistributedHardware::DmDeviceIn RemoteCommandManager::GetInstance().NotifyDeviceOffline(udid); DeviceInfoManager::GetInstance().RemoveRemoteDeviceInfo(networkId, DeviceIdType::NETWORK_ID); } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "uuid or udid is empty, offline failed."); + LOGE(ATM_DOMAIN, ATM_TAG, "uuid or udid is empty, offline failed."); } } @@ -436,14 +435,13 @@ HWTEST_F(TokenSyncServiceTest, ClientProcessResult002, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, ToNativeTokenInfoJson001, TestSize.Level1) { - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = "token_sync_test", - .baseInfo.dcap = {"AT_CAP"}, - .baseInfo.tokenID = 1, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {}, + NativeTokenInfoBase native1 = { + .ver = 1, + .processName = "token_sync_test", + .dcap = {"AT_CAP"}, + .tokenID = 1, + .tokenAttr = 0, + .nativeAcls = {}, }; auto cmd = std::make_shared(); EXPECT_NE(nullptr, cmd->ToNativeTokenInfoJson(native1)); @@ -458,57 +456,47 @@ HWTEST_F(TokenSyncServiceTest, ToNativeTokenInfoJson001, TestSize.Level1) HWTEST_F(TokenSyncServiceTest, FromPermStateListJson001, TestSize.Level1) { HapTokenInfo baseInfo = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, .bundleName = "com.ohos.access_token", .instIndex = 1, - .appID = "testtesttesttest", - .deviceID = "id", .tokenID = 0x20100000, .tokenAttr = 0 }; - PermissionStateFull infoManagerTestState = { + PermissionStatus infoManagerTestState = { .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - std::vector permStateList; + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + std::vector permStateList; permStateList.emplace_back(infoManagerTestState); HapTokenInfoForSync remoteTokenInfo = { .baseInfo = baseInfo, .permStateList = permStateList }; - nlohmann::json hapTokenJson; + CJsonUnique hapTokenJson; auto cmd = std::make_shared(); hapTokenJson = cmd->ToHapTokenInfosJson(remoteTokenInfo); HapTokenInfoForSync hap; - cmd->FromHapTokenBasicInfoJson(hapTokenJson, hap.baseInfo); - cmd->FromPermStateListJson(hapTokenJson, hap.permStateList); + cmd->FromHapTokenBasicInfoJson(hapTokenJson.get(), hap.baseInfo); + cmd->FromPermStateListJson(hapTokenJson.get(), hap.permStateList); - PermissionStateFull state1 = { + PermissionStatus state1 = { .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local", "local1"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - nlohmann::json permStateJson; - cmd->ToPermStateJson(permStateJson, state1); - - PermissionStateFull state2 = { + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + CJsonUnique permStateJson = CreateJson(); + cmd->ToPermStateJson(permStateJson.get(), state1); + + PermissionStatus state2 = { .permissionName = "ohos.permission.test1", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED, PermissionFlag::PERMISSION_SYSTEM_FIXED}}; - cmd->ToPermStateJson(permStateJson, state2); + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED}; + cmd->ToPermStateJson(permStateJson.get(), state2); EXPECT_EQ(hap.baseInfo.tokenID, remoteTokenInfo.baseInfo.tokenID); - EXPECT_EQ(hap.baseInfo.apl, remoteTokenInfo.baseInfo.apl); } /** @@ -521,28 +509,29 @@ HWTEST_F(TokenSyncServiceTest, FromNativeTokenInfoJson001, TestSize.Level1) { auto cmd = std::make_shared(); - nlohmann::json nativeTokenListJsonNull; - NativeTokenInfoForSync tokenNull; - cmd->FromNativeTokenInfoJson(nativeTokenListJsonNull, tokenNull); + CJsonUnique nativeTokenListJsonNull = CreateJson(); + NativeTokenInfoBase tokenNull; + cmd->FromNativeTokenInfoJson(nativeTokenListJsonNull.get(), tokenNull); - nlohmann::json hapTokenJsonNull; + CJsonUnique hapTokenJsonNull = CreateJson(); HapTokenInfo hapTokenBasicInfoNull; - cmd->FromHapTokenBasicInfoJson(hapTokenJsonNull, hapTokenBasicInfoNull); - - NativeTokenInfoForSync native1 = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 2, - .baseInfo.processName = "token_sync_test", - .baseInfo.dcap = {"AT_CAP"}, - .baseInfo.tokenID = 1, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {}, + cmd->FromHapTokenBasicInfoJson(hapTokenJsonNull.get(), hapTokenBasicInfoNull); + + NativeTokenInfoBase native1 = { + .apl = APL_NORMAL, + .ver = 2, + .processName = "token_sync_test", + .dcap = {"AT_CAP"}, + .tokenID = 1, + .tokenAttr = 0, + .nativeAcls = {}, }; - nlohmann::json nativeTokenListJson = cmd->ToNativeTokenInfoJson(native1); - NativeTokenInfoForSync token; - cmd->FromNativeTokenInfoJson(nativeTokenListJson, token); - EXPECT_EQ(token.baseInfo.processName, "token_sync_test"); - EXPECT_EQ(token.baseInfo.apl, ATokenAplEnum::APL_NORMAL); + + CJsonUnique nativeTokenListJson = cmd->ToNativeTokenInfoJson(native1); + NativeTokenInfoBase token; + cmd->FromNativeTokenInfoJson(nativeTokenListJson.get(), token); + EXPECT_EQ(token.processName, "token_sync_test"); + EXPECT_EQ(token.apl, ATokenAplEnum::APL_NORMAL); } /** @@ -555,35 +544,32 @@ HWTEST_F(TokenSyncServiceTest, FromPermStateListJson002, TestSize.Level1) { auto cmd = std::make_shared(); - nlohmann::json hapTokenJsonNull = "{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " - "\\\"grantConfig\\\":[{\\\"resDeviceID\\\":\\\"device\\\", " - "\\\"grantStatus\\\":0, \\\"grantFlags\\\":0}]}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - std::vector permStateListNull; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + CJsonUnique hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " + "\\\"grantStatus\\\":0, \\\"grantFlag\\\":0}],\\\"tokenAttr\\\":0," + "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + + std::vector permStateListNull; + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " - "\\\"isGeneral\\\":1}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\"}]," + "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " - "\\\"isGeneral\\\":1}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\"}]," + "\\\"tokenAttr\\\":0,\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); - hapTokenJsonNull = "{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " - "\\\"isGeneral\\\":1, \\\"grantConfig\\\":[{" - "\\\"grantStatus\\\":0, \\\"grantFlags\\\":0}]}],\\\"tokenAttr\\\":0," - "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"; - cmd->FromPermStateListJson(hapTokenJsonNull, permStateListNull); + hapTokenJsonNull = CreateJsonFromString("{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":[{\\\"permissionName\\\":\\\"TEST\\\", " + "\\\"grantStatus\\\":0, \\\"grantFlag\\\":0}],\\\"tokenAttr\\\":0," + "\\\"tokenID\\\":111,\\\"userID\\\":0,\\\"version\\\":1}"); + cmd->FromPermStateListJson(hapTokenJsonNull.get(), permStateListNull); EXPECT_EQ(permStateListNull.size(), 0); } @@ -595,7 +581,7 @@ HWTEST_F(TokenSyncServiceTest, FromPermStateListJson002, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo002, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo002 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo002 start."); ResetUuidMock(); @@ -604,8 +590,8 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo002, TestSize.Level1) std::string jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\",\"id\":\"0065e65f-\",\"jsonPayload\":" - "\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0," + "\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"tokenID\\\":0,\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"local:udid-001\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," "\\\"requestTokenId\\\":"; @@ -650,13 +636,12 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo002, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo003, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo003 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo003 start."); g_jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\", \"id\":\""; // apl is error g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":11,\\\"appID\\\":" - "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":" - "\\\"111111\\\",\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488," + "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"mock_token_sync\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0,\\\"tokenID\\\":537919488," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"deviceid-1:udid-001\\\"," "\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," @@ -683,13 +668,12 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo003, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo004, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo004 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo004 start."); g_jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\", \"id\":\""; // lost tokenID g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":" - "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":" - "\\\"111111\\\",\\\"permState\\\":null,\\\"tokenAttr\\\":0," + "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"mock_token_sync\\\"," + "\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"deviceid-1:udid-001\\\"," "\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," @@ -716,13 +700,12 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo004, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo005, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo005 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo005 start."); g_jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\", \"id\":\""; // instIndex is not number g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":" - "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":" - "\\\"111111\\\",\\\"instIndex\\\":1,\\\"permState\\\":null,\\\"tokenAttr\\\":0," + "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"mock_token_sync\\\"," + "\\\"instIndex\\\":1,\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"tokenID\\\":\\\"aaa\\\"," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"deviceid-1:udid-001\\\"," @@ -750,12 +733,11 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo005, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo006, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo006 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo006 start."); g_jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\", \"id\":\""; // mock_token_sync lost \\\" g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":" - "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync,\\\"deviceID\\\":" + "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"mock_token_sync," "\\\"111111\\\",\\\"instIndex\\\":1,\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"tokenID\\\":537919488," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," @@ -785,13 +767,12 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo006, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo007, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo007 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo007 start."); g_jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\", \"id\":\""; // statusCode error g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":11,\\\"appID\\\":" - "\\\"test\\\",\\\"bundleName\\\":\\\"mock_token_sync\\\",\\\"deviceID\\\":" - "\\\"111111\\\",\\\"instIndex\\\":1,\\\"permState\\\":null,\\\"tokenAttr\\\":0," + "\",\"jsonPayload\":\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"mock_token_sync\\\"," + "\\\"instIndex\\\":1,\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"tokenID\\\":537919488," "\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," @@ -819,7 +800,7 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo007, TestSize.Level1) */ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo008, TestSize.Level1) { - ACCESSTOKEN_LOG_INFO(LABEL, "GetRemoteHapTokenInfo008 start."); + LOGI(ATM_DOMAIN, ATM_TAG, "GetRemoteHapTokenInfo008 start."); // create local token AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(g_infoManagerTestInfoParms.userID, g_infoManagerTestInfoParms.bundleName, @@ -829,8 +810,8 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo008, TestSize.Level1) // tokenID is not exist std::string jsonBefore = "{\"commandName\":\"SyncRemoteHapTokenCommand\",\"id\":\"0065e65f-\",\"jsonPayload\":" - "\"{\\\"HapTokenInfo\\\":{\\\"apl\\\":1,\\\"appID\\\":\\\"\\\",\\\"bundleName\\\":\\\"\\\"," - "\\\"deviceID\\\":\\\"\\\",\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0," + "\"{\\\"HapTokenInfo\\\":{\\\"bundleName\\\":\\\"\\\"," + "\\\"instIndex\\\":0,\\\"permState\\\":null,\\\"tokenAttr\\\":0," "\\\"tokenID\\\":0,\\\"userID\\\":0,\\\"version\\\":1},\\\"commandName\\\":\\\"SyncRemoteHapTokenCommand\\\"," "\\\"dstDeviceId\\\":\\\"local:udid-001\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," "\\\"requestTokenId\\\":"; @@ -860,166 +841,6 @@ HWTEST_F(TokenSyncServiceTest, GetRemoteHapTokenInfo008, TestSize.Level1) ASSERT_EQ(mapID, static_cast(0)); } -/** - * @tc.name: SyncNativeTokens001 - * @tc.desc: when device is online, sync remote nativetoken which has no dcaps - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens001, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens001 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - // 0x28000001 token has no dcaps - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":3,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":3,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":0,\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\"," - "\"type\":\"response\"}"; - - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - sleep(3); - - ResetSendMessFlagMock(); - threads_.emplace_back(std::thread(SendTaskThread)); - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - int ret = AccessTokenKit::CheckNativeDCap(mapID, "SYSDCAP"); - ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); - ret = AccessTokenKit::CheckNativeDCap(mapID, "DMSDCAP"); - ASSERT_EQ(ret, AccessTokenError::ERR_PARAM_INVALID); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens002 - * @tc.desc: when device is online, sync remote nativetokens status failed - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens002, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens002 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":3,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":3,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":-2," - "\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\",\"type\":\"response\"}"; - - - threads_.emplace_back(std::thread(SendTaskThread)); - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens003 - * @tc.desc: when device is online, sync remote nativetokens which parameter is wrong - * @tc.type: FUNC - * @tc.require:AR000GK6T6 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens003, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens003 start."); - g_jsonBefore = "{\"commandName\":\"SyncRemoteNativeTokenCommand\", \"id\":\""; - // apl is error - g_jsonAfter = - "\",\"jsonPayload\":\"{\\\"NativeTokenInfos\\\":[{\\\"apl\\\":11,\\\"processName\\\":\\\"attest\\\"," - "\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088640,\\\"version\\\":1," - "\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}," - "{\\\"apl\\\":11,\\\"processName\\\":\\\"attest1\\\",\\\"tokenAttr\\\":0,\\\"tokenId\\\":671088641," - "\\\"version\\\":1,\\\"dcaps\\\":[\\\"SYSDCAP\\\",\\\"DMSDCAP\\\"]}]," - "\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"deviceid-1\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"deviceid-1:udid-001\\\"," - "\\\"responseVersion\\\":2,\\\"srcDeviceId\\\":\\\"local:udid-001\\\"," - "\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":0,\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\"," - "\"type\":\"response\"}"; - - threads_.emplace_back(std::thread(SendTaskThread)); - - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - - sleep(6); - - AccessTokenID mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000000); - ASSERT_EQ(mapID, static_cast(0)); - - mapID = AccessTokenKit::GetRemoteNativeTokenID(g_udid, 0x28000001); - ASSERT_EQ(mapID, static_cast(0)); -} - -/** - * @tc.name: SyncNativeTokens004 - * @tc.desc: test remote hap recv func - * @tc.type: FUNC - * @tc.require:AR000GK6T5 - */ -HWTEST_F(TokenSyncServiceTest, SyncNativeTokens004, TestSize.Level1) -{ - ACCESSTOKEN_LOG_INFO(LABEL, "SyncNativeTokens004 start."); - - ResetUuidMock(); - - std::string recvJson = - "{\"commandName\":\"SyncRemoteNativeTokenCommand\",\"id\":\"ec23cd2d-\",\"jsonPayload\":" - "\"{\\\"NativeTokenInfos\\\":null,\\\"commandName\\\":\\\"SyncRemoteNativeTokenCommand\\\"," - "\\\"dstDeviceId\\\":\\\"local:udid-001\\\",\\\"dstDeviceLevel\\\":\\\"\\\",\\\"message\\\":\\\"success\\\"," - "\\\"requestTokenId\\\":,\\\"requestVersion\\\":2,\\\"responseDeviceId\\\":\\\"\\\",\\\"responseVersion\\\":2," - "\\\"srcDeviceId\\\":\\\"deviceid-1\\\",\\\"srcDeviceLevel\\\":\\\"\\\",\\\"statusCode\\\":100001," - "\\\"uniqueId\\\":\\\"SyncRemoteNativeTokenCommand\\\"}\",\"type\":\"request\"}"; - - unsigned char *recvBuffer = (unsigned char *)malloc(0x1000); - int recvLen = 0x1000; - CompressMock(recvJson, recvBuffer, recvLen); - - ResetSendMessFlagMock(); - g_ptrDeviceStateCallback->OnDeviceOnline(g_devInfo); - char networkId[DEVICEID_MAX_LEN + 1]; - strcpy_s(networkId, DEVICEID_MAX_LEN, "deviceid-1:udid-001"); - - PeerSocketInfo info = { - .networkId = networkId, - }; - SoftBusSocketListener::OnBind(1, info); - SoftBusSocketListener::OnClientBytes(1, recvBuffer, recvLen); - int count = 0; - while (!GetSendMessFlagMock() && count < MAX_RETRY_TIMES) { - sleep(1); - count++; - } - free(recvBuffer); - - std::string uuidMessage = GetUuidMock(); - ASSERT_EQ(uuidMessage, "ec23cd2d-"); -} - /** * @tc.name: DeleteRemoteTokenCommand001 * @tc.desc: test delete remote token command @@ -1049,34 +870,6 @@ HWTEST_F(TokenSyncServiceTest, DeleteRemoteTokenCommand001, TestSize.Level1) ASSERT_EQ(deleteRemoteTokenCommand->remoteProtocol_.statusCode, Constant::SUCCESS); } -/** - * @tc.name: NewSyncRemoteNativeTokenCommand001 - * @tc.desc: test delete remote token command - * @tc.type: FUNC - * @tc.require: Issue Number - */ -HWTEST_F(TokenSyncServiceTest, NewSyncRemoteNativeTokenCommand001, TestSize.Level1) -{ - std::string srcDeviceId = "001"; - std::string dstDeviceId = "002"; - std::shared_ptr nativeTokenCommand = - RemoteCommandFactory::GetInstance().NewSyncRemoteNativeTokenCommand(srcDeviceId, dstDeviceId); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.commandName, "SyncRemoteNativeTokenCommand"); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.uniqueId, "SyncRemoteNativeTokenCommand"); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.srcDeviceId, srcDeviceId); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.dstDeviceId, dstDeviceId); - ASSERT_EQ( - // 2 is DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION - nativeTokenCommand->remoteProtocol_.responseVersion, 2); - ASSERT_EQ( - // 2 is DISTRIBUTED_ACCESS_TOKEN_SERVICE_VERSION - nativeTokenCommand->remoteProtocol_.requestVersion, 2); - nativeTokenCommand->Finish(); - nativeTokenCommand->Prepare(); - ASSERT_EQ(nativeTokenCommand->remoteProtocol_.statusCode, Constant::SUCCESS); - nativeTokenCommand->Finish(); -} - /** * @tc.name: NewUpdateRemoteHapTokenCommand001 * @tc.desc: test delete remote token command @@ -1634,30 +1427,23 @@ HWTEST_F(TokenSyncServiceTest, ProcessBufferedCommandsWithThread001, TestSize.Le } namespace { -PermissionStateFull g_infoManagerTestUpdateState1 = { +PermissionStatus g_infoManagerTestUpdateState1 = { .permissionName = "ohos.permission.CAMERA", - .isGeneral = true, - .resDeviceID = {"local"}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .grantFlags = {1} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = 1 }; -PermissionStateFull g_infoManagerTestUpdateState2 = { +PermissionStatus g_infoManagerTestUpdateState2 = { .permissionName = "ohos.permission.ANSWER_CALL", - .isGeneral = false, - .resDeviceID = {"device 1", "device 2"}, - .grantStatus = {PermissionState::PERMISSION_DENIED, PermissionState::PERMISSION_DENIED}, - .grantFlags = {1, 2} + .grantStatus = PermissionState::PERMISSION_DENIED, + .grantFlag = 1 }; HapTokenInfo g_remoteHapInfoBasic = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, .bundleName = "accesstoken_test", .instIndex = 1, - .appID = "testtesttesttest", - .deviceID = "0", .tokenID = 0x20000001, .tokenAttr = 0 }; diff --git a/test/fuzztest/common/accesstoken_fuzzdata.h b/test/fuzztest/common/accesstoken_fuzzdata.h index d081cf5071138bf5a0c282aa87145a06f15f4425..8502c135813a884cb97d3d5574e1f6c40228b6cb 100644 --- a/test/fuzztest/common/accesstoken_fuzzdata.h +++ b/test/fuzztest/common/accesstoken_fuzzdata.h @@ -47,7 +47,7 @@ public: return object; } - std::string GenerateRandomString() + std::string GenerateStochasticString() { uint8_t strlen = GetData(); @@ -65,13 +65,13 @@ public: return str; } - template T GenerateRandomEnmu(T enmuMax) + template T GenerateStochasticEnmu(T enmuMax) { T enmuData = static_cast(GetData() % (static_cast(enmuMax) + 1)); return enmuData; } - bool GenerateRandomBool() + bool GenerateStochasticBool() { return (GetData() % BOOL_MODULO_NUM) == 0; } diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index 4b9ab856c59355e84620e26e6704d2b0cdfe1182..ddeecb6867d36b02697e8893df071d2ad1018f2c 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -20,13 +20,11 @@ group("fuzztest") { # deps file "allochaptoken_fuzzer:AllocHapTokenFuzzTest", "alloclocaltokenid_fuzzer:AllocLocalTokenIDFuzzTest", - "checknativedcap_fuzzer:CheckNativeDCapFuzzTest", "clearusergrantedpermissionstate_fuzzer:ClearUserGrantedPermissionStateFuzzTest", "deleteremotedevicetokens_fuzzer:DeleteRemoteDeviceTokensFuzzTest", "deleteremotetoken_fuzzer:DeleteRemoteTokenFuzzTest", "deletetoken_fuzzer:DeleteTokenFuzzTest", "dumptokeninfo_fuzzer:DumpTokenInfoFuzzTest", - "getallnativetokeninfo_fuzzer:GetAllNativeTokenInfoFuzzTest", "getdefpermission_fuzzer:GetDefPermissionFuzzTest", "getdefpermissions_fuzzer:GetDefPermissionsFuzzTest", "gethapdlpflag_fuzzer:GetHapDlpFlagFuzzTest", @@ -35,30 +33,32 @@ group("fuzztest") { "gethaptokeninfofromremote_fuzzer:GetHapTokenInfoFromRemoteFuzzTest", "getnativetokenid_fuzzer:GetNativeTokenIdFuzzTest", "getnativetokeninfo_fuzzer:GetNativeTokenInfoFuzzTest", - "getnativetokenname_fuzzer:GetNativeTokenNameFuzzTest", "getpermissionflags_fuzzer:GetPermissionFlagsFuzzTest", "getpermissionrequesttogglestatus_fuzzer:GetPermissionRequestToggleStatusFuzzTest", "getpermissionsstatus_fuzzer:GetPermissionsStatusFuzzTest", + "getpermissionusedtype_fuzzer:GetPermissionUsedTypeFuzzTest", "getremotenativetokenid_fuzzer:GetRemoteNativeTokenIDFuzzTest", "getrendertokenid_fuzzer:GetRenderTokenIdFuzzTest", "getreqpermissions_fuzzer:GetReqPermissionsFuzzTest", "getselfpermissionsstate_fuzzer:GetSelfPermissionsStateFuzzTest", + "gettokenidbyuserid_fuzzer:GetTokenIDByUserIDFuzzTest", "gettokentype_fuzzer:GetTokenTypeFuzzTest", "gettokentypeflag_fuzzer:GetTokenTypeFlagFuzzTest", - "getusergrantedpermissionusedtype_fuzzer:GetUserGrantedPermissionUsedTypeFuzzTest", "grantpermission_fuzzer:GrantPermissionFuzzTest", + "grantpermissionforspecifiedtime_fuzzer:GrantPermissionForSpecifiedTimeFuzzTest", "inithaptoken_fuzzer:InitHapTokenFuzzTest", "registerpermstatechangecallback_fuzzer:RegisterPermStateChangeCallbackFuzzTest", "registertokensynccallback_fuzzer:RegisterTokenSyncCallbackFuzzTest", + "requestapppermonsetting_fuzzer:RequestAppPermOnSettingFuzzTest", "revokeusergrantedpermission_fuzzer:RevokeUserGrantedPermissionFuzzTest", "setpermdialogcap_fuzzer:SetPermDialogCapFuzzTest", "setpermissionrequesttogglestatus_fuzzer:SetPermissionRequestToggleStatusFuzzTest", "setremotehaptokeninfo_fuzzer:SetRemoteHapTokenInfoFuzzTest", - "setremotenativetokeninfo_fuzzer:SetRemoteNativeTokenInfoFuzzTest", "unregisterpermstatechangecallback_fuzzer:UnRegisterPermStateChangeCallbackFuzzTest", "unregistertokensynccallback_fuzzer:UnRegisterTokenSyncCallbackFuzzTest", "updatehaptoken_fuzzer:UpdateHapTokenFuzzTest", "verifyaccesstoken001_fuzzer:VerifyAccessToken001FuzzTest", "verifyaccesstoken_fuzzer:VerifyAccessTokenFuzzTest", + "verifyaccesstokenwithlist_fuzzer:VerifyAccessTokenWithListFuzzTest", ] } diff --git a/test/fuzztest/innerkits/accesstoken/allochaptoken_fuzzer/allochaptoken_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/allochaptoken_fuzzer/allochaptoken_fuzzer.cpp index 7faa917fe60ab427b25d88d7b4ae08b50ad076d7..5bcdf5a3453cc35bea1ccdf62f19ffa02f0130ef 100644 --- a/test/fuzztest/innerkits/accesstoken/allochaptoken_fuzzer/allochaptoken_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/allochaptoken_fuzzer/allochaptoken_fuzzer.cpp @@ -36,33 +36,33 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); - std::string permissionName(fuzzData.GenerateRandomString()); - std::string bundleName(fuzzData.GenerateRandomString()); + std::string permissionName(fuzzData.GenerateStochasticString()); + std::string bundleName(fuzzData.GenerateStochasticString()); PermissionDef testPermDef; testPermDef.permissionName = permissionName; testPermDef.bundleName = bundleName; testPermDef.grantMode = 1; testPermDef.availableLevel = APL_NORMAL; - testPermDef.label = fuzzData.GenerateRandomString(); + testPermDef.label = fuzzData.GenerateStochasticString(); testPermDef.labelId = 1; - testPermDef.description = fuzzData.GenerateRandomString(); + testPermDef.description = fuzzData.GenerateStochasticString(); testPermDef.descriptionId = 1; PermissionStateFull testState; testState.permissionName = permissionName; testState.isGeneral = true; - testState.resDeviceID = {fuzzData.GenerateRandomString()}; + testState.resDeviceID = {fuzzData.GenerateStochasticString()}; testState.grantStatus = {PermissionState::PERMISSION_GRANTED}; testState.grantFlags = {1}; HapInfoParams TestInfoParms = { .userID = 1, .bundleName = bundleName, .instIndex = 0, - .appIDDesc = fuzzData.GenerateRandomString() + .appIDDesc = fuzzData.GenerateStochasticString() }; HapPolicyParams TestPolicyPrams = { .apl = APL_NORMAL, - .domain = fuzzData.GenerateRandomString(), + .domain = fuzzData.GenerateStochasticString(), .permList = {testPermDef}, .permStateList = {testState} }; diff --git a/test/fuzztest/innerkits/accesstoken/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp index d53fa4d4ddbec3dda3ebfb8f72c161ee81ccda7f..6044b6613fea89035f10ca251d7c5c954b38b0d1 100644 --- a/test/fuzztest/innerkits/accesstoken/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp @@ -34,7 +34,8 @@ namespace OHOS { } AccessTokenFuzzData fuzzData(data, size); - tokenId = AccessTokenKit::AllocLocalTokenID(fuzzData.GenerateRandomString(), fuzzData.GetData()); + tokenId = AccessTokenKit::AllocLocalTokenID(fuzzData.GenerateStochasticString(), + fuzzData.GetData()); return tokenId != 0; } diff --git a/test/fuzztest/innerkits/accesstoken/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp index cfb834c79ae9a74f2d732fbfc17477333bee7af0..3b539d1b59ea9173e990aeb471624e3c1a965494 100644 --- a/test/fuzztest/innerkits/accesstoken/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { } AccessTokenFuzzData fuzzData(data, size); - int32_t result = AccessTokenKit::DeleteRemoteDeviceTokens(fuzzData.GenerateRandomString()); + int32_t result = AccessTokenKit::DeleteRemoteDeviceTokens(fuzzData.GenerateStochasticString()); return result == RET_SUCCESS; #else return true; diff --git a/test/fuzztest/innerkits/accesstoken/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp index 87e8c6c121aa4ced780b1be09cfd436ac27e3ace..f56dda35a462d7b22a2507da817c2ce7dafc13df 100644 --- a/test/fuzztest/innerkits/accesstoken/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); int32_t result = AccessTokenKit::DeleteRemoteToken( - fuzzData.GenerateRandomString(), fuzzData.GetData()); + fuzzData.GenerateStochasticString(), fuzzData.GetData()); return result == RET_SUCCESS; #else return true; diff --git a/test/fuzztest/innerkits/accesstoken/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp index 64e5eba19b9b1f31af0368b26c15caef944ab069..5aa9066cbb801c3178676b24dfd8dd38d9da18d6 100644 --- a/test/fuzztest/innerkits/accesstoken/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp @@ -36,7 +36,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); PermissionDef PERMISSIONDEF; - int32_t result = AccessTokenKit::GetDefPermission(fuzzData.GenerateRandomString(), PERMISSIONDEF); + int32_t result = AccessTokenKit::GetDefPermission(fuzzData.GenerateStochasticString(), PERMISSIONDEF); return result == RET_SUCCESS; } diff --git a/test/fuzztest/innerkits/accesstoken/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp index eadf7f4172d3c581eec42b378c6ed485b42b5b43..c94d55d239b2c221cfe2d87681f65bd1ea0b27bf 100644 --- a/test/fuzztest/innerkits/accesstoken/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp @@ -32,7 +32,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); int32_t result = AccessTokenKit::GetHapTokenID( - fuzzData.GetData(), fuzzData.GenerateRandomString(), fuzzData.GetData()); + fuzzData.GetData(), fuzzData.GenerateStochasticString(), fuzzData.GetData()); return result == RET_SUCCESS; } diff --git a/test/fuzztest/innerkits/accesstoken/getnativetokenid_fuzzer/getnativetokenid_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getnativetokenid_fuzzer/getnativetokenid_fuzzer.cpp index 35121290fc8cb6ea339235ca0d775b880e56e760..49b86531c9b77ad4a1514d135b98472811dcd6f7 100644 --- a/test/fuzztest/innerkits/accesstoken/getnativetokenid_fuzzer/getnativetokenid_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getnativetokenid_fuzzer/getnativetokenid_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { } AccessTokenFuzzData fuzzData(data, size); - tokenId = AccessTokenKit::GetNativeTokenId(fuzzData.GenerateRandomString()); + tokenId = AccessTokenKit::GetNativeTokenId(fuzzData.GenerateStochasticString()); return tokenId != 0; } diff --git a/test/fuzztest/innerkits/accesstoken/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp index 60008ffd7d97f60b92ec4d4e88e6ed1dd3c11fe6..e3027cfb7d519e9278824bfb1235f14723f74824 100644 --- a/test/fuzztest/innerkits/accesstoken/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); uint32_t flag; int32_t result = AccessTokenKit::GetPermissionFlag( - fuzzData.GetData(), fuzzData.GenerateRandomString(), flag); + fuzzData.GetData(), fuzzData.GenerateStochasticString(), flag); return result == RET_SUCCESS; } diff --git a/test/fuzztest/innerkits/accesstoken/getpermissionrequesttogglestatus_fuzzer/getpermissionrequesttogglestatus_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getpermissionrequesttogglestatus_fuzzer/getpermissionrequesttogglestatus_fuzzer.cpp index 8bb605a1cefea55927ccf1da594540d95ac4359d..b7dab91bf3561ac6c51956d827e7270adf9ec5b6 100644 --- a/test/fuzztest/innerkits/accesstoken/getpermissionrequesttogglestatus_fuzzer/getpermissionrequesttogglestatus_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getpermissionrequesttogglestatus_fuzzer/getpermissionrequesttogglestatus_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); uint32_t status; int32_t result = AccessTokenKit::GetPermissionRequestToggleStatus( - fuzzData.GenerateRandomString(), status, fuzzData.GetData()); + fuzzData.GenerateStochasticString(), status, fuzzData.GetData()); return result == RET_SUCCESS; } diff --git a/test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn similarity index 92% rename from test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/BUILD.gn rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn index 36062c778adf23018777cfe9ac1b7e8551e49ccc..df46aa9d81c21281459de8ce73b1b2372f3d0298 100644 --- a/test/fuzztest/innerkits/accesstoken/getnativetokenname_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/BUILD.gn @@ -15,9 +15,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") -ohos_fuzztest("GetNativeTokenNameFuzzTest") { +ohos_fuzztest("GetPermissionUsedTypeFuzzTest") { module_out_path = module_output_path_interface_access_token fuzz_config_file = "." + include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/test/fuzztest/common", @@ -28,7 +29,8 @@ ohos_fuzztest("GetNativeTokenNameFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "getnativetokenname_fuzzer.cpp" ] + sources = [ "getpermissionusedtype_fuzzer.cpp" ] + deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", ] diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/corpus/init rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/corpus/init diff --git a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp similarity index 76% rename from test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp index 1d022a93994a814d7d29e20afec9234b4b62502b..683cda6d04d5d7076d0246052845005a0c406f9a 100644 --- a/test/fuzztest/innerkits/accesstoken/getusergrantedpermissionusedtype_fuzzer/getusergrantedpermissionusedtype_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "getusergrantedpermissionusedtype_fuzzer.h" +#include "getpermissionusedtype_fuzzer.h" #include #include @@ -27,14 +27,14 @@ using namespace std; using namespace OHOS::Security::AccessToken; namespace OHOS { -bool GetUserGrantedPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) +bool GetPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } AccessTokenFuzzData fuzzData(data, size); - PermUsedTypeEnum type = AccessTokenKit::GetUserGrantedPermissionUsedType( - fuzzData.GetData(), fuzzData.GenerateRandomString()); + PermUsedTypeEnum type = AccessTokenKit::GetPermissionUsedType( + fuzzData.GetData(), fuzzData.GenerateStochasticString()); return type != PermUsedTypeEnum::PERM_USED_TYPE_BUTT; } @@ -44,6 +44,6 @@ bool GetUserGrantedPermissionUsedTypeFuzzTest(const uint8_t* data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::GetUserGrantedPermissionUsedTypeFuzzTest(data, size); + OHOS::GetPermissionUsedTypeFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h similarity index 73% rename from test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.h rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h index b08c14b1284d4372e9a211ebd54848723c5e0ae7..367274a05515483bd60d5ed51007d0326fab9df1 100644 --- a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.h +++ b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/getpermissionusedtype_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_GETNATIVETOKENNAMESTUB_FUZZER_H -#define TEST_FUZZTEST_GETNATIVETOKENNAMESTUB_FUZZER_H +#ifndef TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H +#define TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H -#define FUZZ_PROJECT_NAME "getnativetokennamestub_fuzzer" +#define FUZZ_PROJECT_NAME "getpermissionusedtype_fuzzer" -#endif // TEST_FUZZTEST_GETNATIVETOKENNAMESTUB_FUZZER_H +#endif // TEST_FUZZTEST_GETPERMISSIONUSEDTYPE_FUZZER_H diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/project.xml similarity index 100% rename from test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/getpermissionusedtype_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/accesstoken/getremotenativetokenid_fuzzer/getremotenativetokenid_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getremotenativetokenid_fuzzer/getremotenativetokenid_fuzzer.cpp index 810a8e6fb5bdbce2d5a0bf5da22f63c7083f7963..38279a593dc79be796a14110b11b2d05541a0cb1 100644 --- a/test/fuzztest/innerkits/accesstoken/getremotenativetokenid_fuzzer/getremotenativetokenid_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getremotenativetokenid_fuzzer/getremotenativetokenid_fuzzer.cpp @@ -37,7 +37,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); tokenId = AccessTokenKit::GetRemoteNativeTokenID( - fuzzData.GenerateRandomString(), fuzzData.GetData()); + fuzzData.GenerateStochasticString(), fuzzData.GetData()); #endif return tokenId != 0; } diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp index 799e05ed926b2fbc7737b57792e12c47ae2fa6ea..50e9442e4dda024b28b920b677ffd7014dd65b21 100644 --- a/test/fuzztest/innerkits/accesstoken/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); std::vector permsList1; PermissionListState perm1 = { - .permissionName = fuzzData.GenerateRandomString(), + .permissionName = fuzzData.GenerateStochasticString(), .state = SETTING_OPER, }; permsList1.emplace_back(perm1); diff --git a/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..23e3bcb9c24d710cc229e2835369a04ec003af43 --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/BUILD.gn @@ -0,0 +1,39 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../../access_token.gni") + +ohos_fuzztest("GetTokenIDByUserIDFuzzTest") { + module_out_path = module_output_path_interface_access_token + fuzz_config_file = "." + include_dirs = [ + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/test/fuzztest/common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "gettokenidbyuserid_fuzzer.cpp" ] + + deps = [ + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = [ "c_utils:utils" ] +} diff --git a/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2aea1356e3c3b3ee6e12ad3f72640897d769d02e --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ diff --git a/test/fuzztest/innerkits/accesstoken/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.cpp similarity index 72% rename from test/fuzztest/innerkits/accesstoken/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp rename to test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.cpp index 31bc4d960412dce6604e3f3c4193d6874054e265..81386931bd6a82f731e59448de3cd73de21fce76 100644 --- a/test/fuzztest/innerkits/accesstoken/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,11 +13,9 @@ * limitations under the License. */ -#include "checknativedcap_fuzzer.h" +#include "gettokenidbyuserid_fuzzer.h" -#include -#include -#include +#include #include "accesstoken_fuzzdata.h" #undef private #include "accesstoken_kit.h" @@ -26,15 +24,15 @@ using namespace std; using namespace OHOS::Security::AccessToken; namespace OHOS { - bool CheckNativeDCapFuzzTest(const uint8_t* data, size_t size) + bool GetTokenIDByUserIDFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } AccessTokenFuzzData fuzzData(data, size); - int32_t result = AccessTokenKit::CheckNativeDCap( - fuzzData.GetData(), fuzzData.GenerateRandomString()); + std::unordered_set tokenIdList; + int32_t result = AccessTokenKit::GetTokenIDByUserID(fuzzData.GetData(), tokenIdList); return result == RET_SUCCESS; } @@ -44,6 +42,6 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::CheckNativeDCapFuzzTest(data, size); + OHOS::GetTokenIDByUserIDFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.h b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..b652ef25a9a1db4aaabc58ee8a541067e38219da --- /dev/null +++ b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/gettokenidbyuserid_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETTOKENIDBYUSERID_FUZZER_H +#define TEST_FUZZTEST_GETTOKENIDBYUSERID_FUZZER_H + +#define FUZZ_PROJECT_NAME "gettokenidbyuserid_fuzzer" + +#endif // TEST_FUZZTEST_GETTOKENIDBYUSERID_FUZZER_H diff --git a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/project.xml similarity index 95% rename from test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml rename to test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/project.xml index 6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec..66e1dcac475475fb101b6f8670ec699e6e9696aa 100644 --- a/test/fuzztest/innerkits/accesstoken/setremotenativetokeninfo_fuzzer/project.xml +++ b/test/fuzztest/innerkits/accesstoken/gettokenidbyuserid_fuzzer/project.xml @@ -1,5 +1,5 @@ - + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn similarity index 84% rename from test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn index 82a680291c812f84174f03bb8f6b18930bc6f893..ac370e1470d1cf836016e8874f98dd016eb1c678 100644 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,11 +16,11 @@ import("//build/test.gni") import("../../../../../access_token.gni") import("../access_token_service_fuzz.gni") -ohos_fuzztest("GetAllNativeTokenInfoStubFuzzTest") { +ohos_fuzztest("InitUserPolicyStubFuzzTest") { module_out_path = module_output_path_service_access_token fuzz_config_file = "." - sources = [ "getallnativetokeninfostub_fuzzer.cpp" ] + sources = [ "inituserpolicystub_fuzzer.cpp" ] cflags = [ "-g", @@ -32,11 +32,11 @@ ohos_fuzztest("GetAllNativeTokenInfoStubFuzzTest") { include_dirs = access_token_include_dirs deps = access_token_deps + deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] configs = [ "${access_token_path}/config:coverage_flags" ] external_deps = access_token_external_deps - external_deps += [ "openssl:libcrypto_shared" ] include_dirs += access_token_impl_include_dirs diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/corpus/init similarity index 92% rename from test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init rename to test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/corpus/init index e4ceac1bcd4e3b3427eb63cea0c28304064333cc..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 100644 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/corpus/init +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/corpus/init @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp similarity index 41% rename from test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp index 0ae25fef92485735d04ac6974a737daac34c98e4..1184c309aad13fde07a8a13900a9de0c3e0b5778 100644 --- a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,75 +13,98 @@ * limitations under the License. */ -#include "registertokensynccallbackstub_fuzzer.h" +#include "inituserpolicystub_fuzzer.h" +#include +#include +#include #undef private -#include "accesstoken_callback_stubs.h" +#include "access_token.h" +#include "accesstoken_fuzzdata.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" #include "i_accesstoken_manager.h" +#include "nativetoken_kit.h" #include "token_setproc.h" -#include "token_sync_kit_interface.h" using namespace std; using namespace OHOS::Security::AccessToken; -namespace { -class TokenSyncCallbackImpl : public TokenSyncCallbackStub { -public: - TokenSyncCallbackImpl() = default; - virtual ~TokenSyncCallbackImpl() = default; +static AccessTokenID g_selfTokenId = 0; +static uint64_t g_mockTokenId = 0; +const int32_t CONSTANTS_NUMBER_TWO = 2; - int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override +namespace OHOS { + void GetNativeToken() { - return TokenSyncError::TOKEN_SYNC_OPENSOURCE_DEVICE; - }; + if (g_mockTokenId != 0) { + SetSelfTokenID(g_mockTokenId); + return; + } + const char **perms = new const char *[1]; + perms[0] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; - int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override - { - return TokenSyncError::TOKEN_SYNC_SUCCESS; - }; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "inituserpolicystub_fuzzer_test", + .aplStr = "system_core", + }; - int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override - { - return TokenSyncError::TOKEN_SYNC_SUCCESS; - }; -}; - -bool NativeTokenGet() -{ - AccessTokenID token = AccessTokenKit::GetNativeTokenId("token_sync_service"); - if (token == 0) { - return false; + g_mockTokenId = GetAccessTokenId(&infoInstance); + g_selfTokenId = GetSelfTokenID(); + SetSelfTokenID(g_mockTokenId); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; } - SetSelfTokenID(token); - return true; -} -}; -namespace OHOS { - bool RegisterTokenSyncCallbackStubFuzzTest(const uint8_t* data, size_t size) + bool InitUserPolicyStubFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } - #ifdef TOKEN_SYNC_ENABLE - sptr callback = new (std::nothrow) TokenSyncCallbackImpl(); - if (callback == nullptr) { - return false; - } + + AccessTokenFuzzData fuzzData(data, size); + std::string testName(fuzzData.GenerateStochasticString()); + + UserState userList; + userList.userId = fuzzData.GetData(); + userList.isActive = fuzzData.GenerateStochasticBool(); MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteRemoteObject(callback->AsObject())) { + if (!datas.WriteUint32(1)) { + return false; + } + if (!datas.WriteUint32(1)) { + return false; + } + if (!datas.WriteInt32(userList.userId)) { + return false; + } + if (!datas.WriteBool(userList.isActive)) { + return false; + } + if (!datas.WriteString(testName)) { return false; } + uint32_t code = static_cast( - AccessTokenInterfaceCode::REGISTER_TOKEN_SYNC_CALLBACK); - + AccessTokenInterfaceCode::INIT_USER_POLICY); + MessageParcel reply; MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + GetNativeToken(); + } else { + SetSelfTokenID(g_selfTokenId); + } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - #endif // TOKEN_SYNC_ENABLE + return true; } } // namespace OHOS @@ -90,11 +113,6 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ -#ifdef TOKEN_SYNC_ENABLE - if (!NativeTokenGet()) { - return 0; - } -#endif - OHOS::RegisterTokenSyncCallbackStubFuzzTest(data, size); + OHOS::InitUserPolicyStubFuzzTest(data, size); return 0; -} \ No newline at end of file +} diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.h b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..42f895cb0ebb8cd400ec32a7df0cc788ff9db5d7 --- /dev/null +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_INITUSERPOLICYSTUB_FUZZER_H +#define TEST_FUZZTEST_INITUSERPOLICYSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "inituserpolicystub_fuzzer" + +#endif // TEST_FUZZTEST_INITUSERPOLICYSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp index 1578e84968d5e5e86d0837370efd655948247f5b..251cfd7d90fbb90a31252ad2ae1ce5ae917e2e98 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp @@ -54,7 +54,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); - std::string testName(fuzzData.GenerateRandomString()); + std::string testName(fuzzData.GenerateStochasticString()); PermStateChangeScope scopeInfo; scopeInfo.permList = { testName }; diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..cdb19e0afb3eaa63eee042980cbc88ff762e4be1 --- /dev/null +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("RegisterSelfPermStateChangeCallbackStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "registerselfpermstatechangecallbackstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources + + include_dirs += + [ "${access_token_path}/interfaces/innerkits/accesstoken/src" ] +} diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..946e7fa59c3976efa2b6236405742a702ca7e315 --- /dev/null +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "registerselfpermstatechangecallbackstub_fuzzer.h" + +#include +#include +#include +#undef private +#include "access_token.h" +#include "accesstoken_fuzzdata.h" +#define private public +#include "accesstoken_id_manager.h" +#include "accesstoken_kit.h" +#include "accesstoken_manager_client.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +static uint64_t g_selfTokenId = 0; +static uint64_t g_mockTokenId = 0; +const int32_t CONSTANTS_NUMBER_TWO = 2; + +class CbCustomizeTest2 : public PermStateChangeCallbackCustomize { +public: + explicit CbCustomizeTest2(const PermStateChangeScope &scopeInfo) + : PermStateChangeCallbackCustomize(scopeInfo) + { + } + + ~CbCustomizeTest2() + {} + + virtual void PermStateChangeCallback(PermStateChangeInfo& result) + { + ready_ = true; + } + + bool ready_ = false; +}; + +namespace OHOS { + void GetHapToken() + { + if (g_mockTokenId != 0) { + SetSelfTokenID(g_mockTokenId); + return; + } + HapInfoParams infoParams = { + .userID = 0, + .bundleName = "registerselfpermstatechangecallbackstub.fuzzer", + .instIndex = 0, + .appIDDesc = "fuzzer", + .apiVersion = 8 + }; + + HapPolicyParams policyParams = { + .apl = APL_SYSTEM_CORE, + .domain = "test_domain" + }; + + AccessTokenIDEx fullTokenId = AccessTokenKit::AllocHapToken(infoParams, policyParams); + g_mockTokenId = fullTokenId.tokenIDEx; + SetSelfTokenID(g_mockTokenId); + AccessTokenIDManager::GetInstance().tokenIdSet_.insert(fullTokenId.tokenIdExStruct.tokenID); + } + + bool RegisterSelfPermStateChangeCallbackStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string testName(fuzzData.GenerateStochasticString()); + + PermStateChangeScope scopeInfo; + scopeInfo.permList = { testName }; + scopeInfo.tokenIDs = { tokenId }; + auto callbackPtr = std::make_shared(scopeInfo); + + PermStateChangeScopeParcel scopeParcel; + scopeParcel.scope = scopeInfo; + + sptr callback; + callback = new (std::nothrow) PermissionStateChangeCallback(callbackPtr); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteParcelable(&scopeParcel)) { + return false; + } + if (!datas.WriteRemoteObject(callback->AsObject())) { + return false; + } + + uint32_t code = static_cast( + AccessTokenInterfaceCode::REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + GetHapToken(); + } else { + SetSelfTokenID(g_selfTokenId); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::RegisterSelfPermStateChangeCallbackStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/unregisterpermstatechangecallbackstub_fuzzer.h b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.h similarity index 63% rename from test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/unregisterpermstatechangecallbackstub_fuzzer.h rename to test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.h index b73799d0af055c1f895364a8583dc51e43909f7f..79d11a16cae22a9344a75a49d406db84d30a89ce 100644 --- a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/unregisterpermstatechangecallbackstub_fuzzer.h +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACKSTUB_FUZZER_H -#define TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACKSTUB_FUZZER_H +#ifndef TEST_FUZZTEST_REGISTERSELFPERMSTATECHANGECALLBACKSTUB_FUZZER_H +#define TEST_FUZZTEST_REGISTERSELFPERMSTATECHANGECALLBACKSTUB_FUZZER_H -#define FUZZ_PROJECT_NAME "unregisterpermstatechangecallbackstub_fuzzer" +#define FUZZ_PROJECT_NAME "registerselfpermstatechangecallbackstub_fuzzer" -#endif // TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACKSTUB_FUZZER_H +#endif // TEST_FUZZTEST_REGISTERSELFPERMSTATECHANGECALLBACKSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bcd4e3b3427eb63cea0c28304064333cc..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.h b/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.h deleted file mode 100644 index beb6c9423d77ce6346289c8fe9f6a9354beef1f9..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_RELOADNATIVETOKENINFOSTUB_FUZZER_H -#define TEST_FUZZTEST_RELOADNATIVETOKENINFOSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "reloadnativetokeninfostub_fuzzer" - -#endif // TEST_FUZZTEST_RELOADNATIVETOKENINFOSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn similarity index 91% rename from test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn index e737e96cee2183006370b272ea6e202ec7c13b2b..7972f3712181095e28fa4ef5e5d80b53663ff13a 100644 --- a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/BUILD.gn @@ -16,11 +16,11 @@ import("//build/test.gni") import("../../../../../access_token.gni") import("../access_token_service_fuzz.gni") -ohos_fuzztest("RegisterTokenSyncCallbackStubFuzzTest") { +ohos_fuzztest("RequestAppPermOnSettingStubFuzzTest") { module_out_path = module_output_path_service_access_token fuzz_config_file = "." - sources = [ "registertokensynccallbackstub_fuzzer.cpp" ] + sources = [ "requestapppermonsettingstub_fuzzer.cpp" ] cflags = [ "-g", diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp similarity index 64% rename from test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp index 87c9c87a2bd37f4bdf6b8993e7bf4fc3f2757d37..4c65417afa86030ece0cec5ba6ee0d4a04639713 100644 --- a/test/fuzztest/services/accesstoken/reloadnativetokeninfostub_fuzzer/reloadnativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,53 +13,49 @@ * limitations under the License. */ -#include "reloadnativetokeninfostub_fuzzer.h" +#include "requestapppermonsettingstub_fuzzer.h" -#include -#include -#include -#include #include #include #include #undef private -#include "service/accesstoken_manager_service.h" +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" using namespace std; using namespace OHOS::Security::AccessToken; -const int CONSTANTS_NUMBER_TWO = 2; -static const int32_t ROOT_UID = 0; namespace OHOS { - bool ReloadNativeTokenInfoStubFuzzTest(const uint8_t* data, size_t size) + bool RequestAppPermOnSettingStubFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } - + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - - uint32_t code = static_cast( - AccessTokenInterfaceCode::RELOAD_NATIVE_TOKEN_INFO); + if (!datas.WriteUint32(tokenId)) { + return false; + } + + uint32_t code = static_cast(AccessTokenInterfaceCode::REQUEST_APP_PERM_ON_SETTING); MessageParcel reply; MessageOption option; - bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); - if (enable) { - setuid(CONSTANTS_NUMBER_TWO); - } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - setuid(ROOT_UID); return true; } -} +} // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::ReloadNativeTokenInfoStubFuzzTest(data, size); + OHOS::RequestAppPermOnSettingStubFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.h b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..b50838b32bdbd4990cee1d66d2af9e817795bc86 --- /dev/null +++ b/test/fuzztest/services/accesstoken/requestapppermonsettingstub_fuzzer/requestapppermonsettingstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_REQUESTAPPPERMONSETTINGSTUB_FUZZER_H +#define TEST_FUZZTEST_REQUESTAPPPERMONSETTINGSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "requestapppermonsettingstub_fuzzer" + +#endif // TEST_FUZZTEST_REQUESTAPPPERMONSETTINGSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp index 4637030ac7f11c14596198ec9a4a0ebfa66c34d5..aab7e2a752c3a758ded5c089ec32d3c86892abeb 100644 --- a/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/revokepermissionstub_fuzzer/revokepermissionstub_fuzzer.cpp @@ -39,7 +39,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); - std::string testName(fuzzData.GenerateRandomString()); + std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); diff --git a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp index 740580c60f5d6352d64deb78b03abbbd19b312cc..153e3bbd22af5ec34ce1b0757348a9fc8d87b288 100644 --- a/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermdialogcap_fuzzer/setpermdialogcap_fuzzer.cpp @@ -64,7 +64,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); HapBaseInfoParcel baseInfoParcel; baseInfoParcel.hapBaseInfo.userID = fuzzData.GetData(); - baseInfoParcel.hapBaseInfo.bundleName = fuzzData.GenerateRandomString(); + baseInfoParcel.hapBaseInfo.bundleName = fuzzData.GenerateStochasticString(); baseInfoParcel.hapBaseInfo.instIndex = fuzzData.GetData(); MessageParcel datas; diff --git a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp index a2a61d7c849fbdfc4dcf245febb0ac861984fb87..c2934d01648a974c8cb78b5da67847a07de8758b 100644 --- a/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setpermissionrequesttogglestatusstub_fuzzer/setpermissionrequesttogglestatusstub_fuzzer.cpp @@ -38,7 +38,7 @@ namespace OHOS { } AccessTokenFuzzData fuzzData(data, size); - std::string testName(fuzzData.GenerateRandomString()); + std::string testName(fuzzData.GenerateStochasticString()); uint32_t status = fuzzData.GetData(); int32_t userID = fuzzData.GetData(); MessageParcel sendData; diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp index 4913dbdd308c77c4ae42f2722eab7f7a6d5d0125..8cda4c996b4890eaa1120f6087f36ebc238a9ad0 100644 --- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp @@ -39,31 +39,24 @@ namespace OHOS { void ConstructorParam( AccessTokenFuzzData& fuzzData, AccessTokenID tokenId, HapTokenInfoForSyncParcel& hapSyncParcel) { - std::string permissionName(fuzzData.GenerateRandomString()); + std::string permissionName(fuzzData.GenerateStochasticString()); HapTokenInfo baseInfo = { - .apl = APL_NORMAL, .ver = 1, .userID = 1, - .bundleName = fuzzData.GenerateRandomString(), + .bundleName = fuzzData.GenerateStochasticString(), .instIndex = 1, - .appID = fuzzData.GenerateRandomString(), - .deviceID = fuzzData.GenerateRandomString(), .tokenID = tokenId, .tokenAttr = 0 }; - PermissionStateFull infoManagerTestState = { - .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .isGeneral = true, - .permissionName = permissionName, - .resDeviceID = {fuzzData.GenerateRandomString()}}; - PermissionStateFull infoManagerTestState2 = { - .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, - .grantStatus = {PermissionState::PERMISSION_DENIED}, - .isGeneral = true, - .permissionName = permissionName, - .resDeviceID = {fuzzData.GenerateRandomString()}}; - std::vector permStateList; + PermissionStatus infoManagerTestState = { + .grantFlag = PermissionFlag::PERMISSION_SYSTEM_FIXED, + .grantStatus = PermissionState::PERMISSION_GRANTED, + .permissionName = permissionName}; + PermissionStatus infoManagerTestState2 = { + .grantFlag = PermissionFlag::PERMISSION_USER_SET, + .grantStatus = PermissionState::PERMISSION_DENIED, + .permissionName = permissionName}; + std::vector permStateList; permStateList.emplace_back(infoManagerTestState); HapTokenInfoForSync remoteTokenInfo = { .baseInfo = baseInfo, @@ -87,7 +80,7 @@ namespace OHOS { MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } if (!datas.WriteParcelable(&hapSyncParcel)) { diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn deleted file mode 100644 index aba3ef43e5ebb1f34b9658d7bef6696899b0336b..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") -import("../access_token_service_fuzz.gni") - -ohos_fuzztest("SetRemoteNativeTokenInfoStubFuzzTest") { - module_out_path = module_output_path_service_access_token - fuzz_config_file = "." - - sources = [ "setremotenativetokeninfostub_fuzzer.cpp" ] - - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - include_dirs = access_token_include_dirs - - deps = access_token_deps - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = access_token_external_deps - - include_dirs += access_token_impl_include_dirs - - cflags_cc = access_token_cflags_cc - - sources += access_token_sources - - sources += access_token_impl_sources -} diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bcd4e3b3427eb63cea0c28304064333cc..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f205680885fa42663163b5c987f123a6..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h b/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h deleted file mode 100644 index ed6c271be07262732ff28b946c19c39e95ddc265..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H -#define TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "setremotenativetokeninfostub_fuzzer" - -#endif // TEST_FUZZTEST_SETREMOTENATIVETOKENINFOSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bcd4e3b3427eb63cea0c28304064333cc..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f205680885fa42663163b5c987f123a6..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/unregisterpermstatechangecallbackstub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/BUILD.gn deleted file mode 100644 index 9230f8e4b763939f3507a53d73ca9ff261098e5c..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") -import("../access_token_service_fuzz.gni") - -ohos_fuzztest("UnRegisterTokenSyncCallbackStubFuzzTest") { - module_out_path = module_output_path_service_access_token - fuzz_config_file = "." - - sources = [ "unregistertokensynccallbackstub_fuzzer.cpp" ] - - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - include_dirs = access_token_include_dirs - - deps = access_token_deps - - configs = [ "${access_token_path}/config:coverage_flags" ] - - external_deps = access_token_external_deps - - include_dirs += access_token_impl_include_dirs - - cflags_cc = access_token_cflags_cc - - sources += access_token_sources - - sources += access_token_impl_sources -} diff --git a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f205680885fa42663163b5c987f123a6..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/unregistertokensynccallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/unregistertokensynccallbackstub_fuzzer.cpp deleted file mode 100644 index 77c0548be88d826275169516deabcce814e8f71a..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/unregistertokensynccallbackstub_fuzzer/unregistertokensynccallbackstub_fuzzer.cpp +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "unregistertokensynccallbackstub_fuzzer.h" - -#undef private -#include "accesstoken_callback_stubs.h" -#include "accesstoken_kit.h" -#include "accesstoken_manager_service.h" -#include "i_accesstoken_manager.h" -#include "token_setproc.h" -#include "token_sync_kit_interface.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; -namespace { -class TokenSyncCallbackImpl : public TokenSyncCallbackStub { -public: - TokenSyncCallbackImpl() = default; - virtual ~TokenSyncCallbackImpl() = default; - - int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override - { - return TokenSyncError::TOKEN_SYNC_OPENSOURCE_DEVICE; - }; - - int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override - { - return TokenSyncError::TOKEN_SYNC_SUCCESS; - }; - - int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override - { - return TokenSyncError::TOKEN_SYNC_SUCCESS; - }; -}; - -bool NativeTokenGet() -{ - AccessTokenID token = AccessTokenKit::GetNativeTokenId("token_sync_service"); - if (token == 0) { - return false; - } - SetSelfTokenID(token); - return true; -} -}; - -namespace OHOS { - bool RegisterTokenSyncCallbackStubFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - #ifdef TOKEN_SYNC_ENABLE - sptr callback = new (std::nothrow) TokenSyncCallbackImpl(); - if (callback == nullptr) { - return false; - } - - MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - uint32_t code = static_cast( - AccessTokenInterfaceCode::UNREGISTER_TOKEN_SYNC_CALLBACK); - - MessageParcel reply; - MessageOption option; - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - #endif // TOKEN_SYNC_ENABLE - return true; - } -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ -#ifdef TOKEN_SYNC_ENABLE - if (!NativeTokenGet()) { - return 0; - } -#endif - OHOS::RegisterTokenSyncCallbackStubFuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp index c82f03aaacda84a59d13ac9e9bfb92a2a79a17f3..939f5f390799ccbce13b60cb6b3fca280a81c7af 100644 --- a/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updatehaptokenstub_fuzzer/updatehaptokenstub_fuzzer.cpp @@ -34,25 +34,23 @@ static const int32_t ROOT_UID = 0; namespace OHOS { void ConstructorParam(AccessTokenFuzzData& fuzzData, HapPolicyParcel& hapPolicyParcel) { - std::string permissionName(fuzzData.GenerateRandomString()); + std::string permissionName(fuzzData.GenerateStochasticString()); PermissionDef testPermDef = {.permissionName = permissionName, - .bundleName = fuzzData.GenerateRandomString(), + .bundleName = fuzzData.GenerateStochasticString(), .grantMode = 1, .availableLevel = APL_NORMAL, - .label = fuzzData.GenerateRandomString(), + .label = fuzzData.GenerateStochasticString(), .labelId = 1, - .description = fuzzData.GenerateRandomString(), + .description = fuzzData.GenerateStochasticString(), .descriptionId = 1}; - PermissionStateFull testState = {.permissionName = permissionName, - .isGeneral = true, - .resDeviceID = {fuzzData.GenerateRandomString()}, - .grantStatus = {PermissionState::PERMISSION_GRANTED}, - .grantFlags = {1}}; - HapPolicyParams policy = {.apl = APL_NORMAL, - .domain = fuzzData.GenerateRandomString(), + PermissionStatus testState = {.permissionName = permissionName, + .grantStatus = PermissionState::PERMISSION_GRANTED, + .grantFlag = 1}; + HapPolicy policy = {.apl = APL_NORMAL, + .domain = fuzzData.GenerateStochasticString(), .permList = {testPermDef}, .permStateList = {testState}}; - hapPolicyParcel.hapPolicyParameter = policy; + hapPolicyParcel.hapPolicy = policy; } bool UpdateHapTokenStubFuzzTest(const uint8_t* data, size_t size) { @@ -73,7 +71,7 @@ namespace OHOS { if (!datas.WriteBool(false)) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } if (!datas.WriteInt32(apiVersion)) { diff --git a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/BUILD.gn deleted file mode 100644 index 3e4d6d208e7c3737ed109066758d05e4cbf53c10..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/BUILD.gn +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/config/features.gni") -import("//build/test.gni") -import("../../../../../access_token.gni") -import("../access_token_service_fuzz.gni") - -ohos_fuzztest("UpdateRemoteHapTokenInfoStubFuzzTest") { - module_out_path = module_output_path_service_access_token - fuzz_config_file = "." - - sources = [ "updateremotehaptokeninfostub_fuzzer.cpp" ] - - cflags = [ - "-g", - "-O0", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - configs = [ "${access_token_path}/config:coverage_flags" ] - - include_dirs = access_token_include_dirs - - sources += token_sync_sources - - cflags_cc = access_token_cflags_cc - cflags_cc += [ "-DDEBUG_API_PERFORMANCE" ] - - deps = access_token_deps - - external_deps = access_token_external_deps - - if (token_sync_enable == true) { - external_deps += [ "device_manager:devicemanagersdk" ] - } -} diff --git a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/corpus/init deleted file mode 100644 index e4ceac1bcd4e3b3427eb63cea0c28304064333cc..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/corpus/init +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/project.xml deleted file mode 100644 index 4fdbc407f205680885fa42663163b5c987f123a6..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - diff --git a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.cpp deleted file mode 100644 index 6904680d2ead2d98a00f4c226d5c41daed1072b5..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "updateremotehaptokeninfostub_fuzzer.h" - -#include -#include -#include -#undef private -#include "hap_token_info_for_sync_parcel.h" -#include "i_token_sync_manager.h" -#include "token_sync_manager_service.h" - -using namespace std; -using namespace OHOS::Security::AccessToken; - -namespace OHOS { - bool UpdateRemoteHapTokenInfoStubFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - MessageParcel datas; - datas.WriteInterfaceToken(ITokenSyncManager::GetDescriptor()); - - HapTokenInfoForSyncParcel tokenInfoParcel; - if (!datas.WriteParcelable(&tokenInfoParcel)) { - return false; - } - - uint32_t code = static_cast( - TokenSyncInterfaceCode::UPDATE_REMOTE_HAP_TOKEN_INFO); - - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - - return true; - } -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::UpdateRemoteHapTokenInfoStubFuzzTest(data, size); - return 0; -} diff --git a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.h b/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.h deleted file mode 100644 index 7d69bf55f4a340794a373e5f7aa8a8a296e77556..0000000000000000000000000000000000000000 --- a/test/fuzztest/services/accesstoken/updateremotehaptokeninfostub_fuzzer/updateremotehaptokeninfostub_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_FUZZTEST_UPDATEREMOTEHAPTOKENINFOSTUB_FUZZER_H -#define TEST_FUZZTEST_UPDATEREMOTEHAPTOKENINFOSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "updateremotehaptokeninfostub_fuzzer" - -#endif // TEST_FUZZTEST_UPDATEREMOTEHAPTOKENINFOSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..3d21d687f7d335c0a2e445b1ce8a8cba0985a484 --- /dev/null +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("UpdateUserPolicyStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "updateuserpolicystub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp similarity index 52% rename from test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp index 3c9668e5bcce5c80d44e6d9a29cd69f185b8d0a0..c0a8edc5d11725c62c29741e9c52847ce803943f 100644 --- a/test/fuzztest/services/accesstoken/setremotenativetokeninfostub_fuzzer/setremotenativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,77 +13,91 @@ * limitations under the License. */ -#include "setremotenativetokeninfostub_fuzzer.h" +#include "updateuserpolicystub_fuzzer.h" #include #include #include #undef private +#include "access_token.h" #include "accesstoken_fuzzdata.h" -#include "accesstoken_info_manager.h" #include "accesstoken_kit.h" #include "accesstoken_manager_service.h" #include "i_accesstoken_manager.h" +#include "nativetoken_kit.h" #include "token_setproc.h" using namespace std; using namespace OHOS::Security::AccessToken; -#ifdef TOKEN_SYNC_ENABLE -const int CONSTANTS_NUMBER_TWO = 2; -#endif +static AccessTokenID g_selfTokenId = 0; +static uint64_t g_mockTokenId = 0; +const int32_t CONSTANTS_NUMBER_TWO = 2; namespace OHOS { - bool SetRemoteNativeTokenInfoStubFuzzTest(const uint8_t* data, size_t size) + void GetNativeToken() + { + if (g_mockTokenId != 0) { + SetSelfTokenID(g_mockTokenId); + return; + } + const char **perms = new const char *[1]; + perms[0] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "updateuserpolicystub_fuzzer_test", + .aplStr = "system_core", + }; + + g_mockTokenId = GetAccessTokenId(&infoInstance); + g_selfTokenId = GetSelfTokenID(); + SetSelfTokenID(g_mockTokenId); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; + } + bool UpdateUserPolicyStubFuzzTest(const uint8_t* data, size_t size) { - #ifdef TOKEN_SYNC_ENABLE if ((data == nullptr) || (size == 0)) { return false; } AccessTokenFuzzData fuzzData(data, size); - AccessTokenID tokenId = fuzzData.GetData(); - NativeTokenInfoForSync native = { - .baseInfo.apl = APL_NORMAL, - .baseInfo.ver = 1, - .baseInfo.processName = fuzzData.GenerateRandomString(), - .baseInfo.dcap = {fuzzData.GenerateRandomString(), fuzzData.GenerateRandomString(), "xxxx"}, - .baseInfo.tokenID = tokenId, - .baseInfo.tokenAttr = 0, - .baseInfo.nativeAcls = {fuzzData.GenerateRandomString()}, - }; - NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel; - nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native; + + UserState userList; + userList.userId = fuzzData.GetData(); + userList.isActive = fuzzData.GenerateStochasticBool(); MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteUint32(1)) { return false; } - if (!datas.WriteUint32(1)) { + if (!datas.WriteInt32(userList.userId)) { return false; } - if (!datas.WriteParcelable(&nativeTokenInfoForSyncParcel)) { + if (!datas.WriteBool(userList.isActive)) { return false; } - uint32_t code = static_cast(AccessTokenInterfaceCode::SET_REMOTE_NATIVE_TOKEN_INFO); + uint32_t code = static_cast( + AccessTokenInterfaceCode::UPDATE_USER_POLICY); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); if (enable) { - AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); - SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + GetNativeToken(); + } else { + SetSelfTokenID(g_selfTokenId); } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); - SetSelfTokenID(hdcd); return true; - #else - return true; - #endif } } // namespace OHOS @@ -91,6 +105,6 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::SetRemoteNativeTokenInfoStubFuzzTest(data, size); + OHOS::UpdateUserPolicyStubFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.h b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e5cf1ff98722fd9de203b61b5f5ff4b98ab95c4e --- /dev/null +++ b/test/fuzztest/services/accesstoken/updateuserpolicystub_fuzzer/updateuserpolicystub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UPDATEUSERPOLICYSTUB_FUZZER_H +#define TEST_FUZZTEST_UPDATEUSERPOLICYSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "updateuserpolicystub_fuzzer" + +#endif // TEST_FUZZTEST_UPDATEUSERPOLICYSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp index b4bb7a12ac26a161b26bccc952b95d56d95e2129..d0c51459545a6a64387e88e9f89c9db129c2e8f3 100644 --- a/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenstub_fuzzer/verifyaccesstokenstub_fuzzer.cpp @@ -35,7 +35,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); AccessTokenID tokenId = fuzzData.GetData(); - std::string testName(fuzzData.GenerateRandomString()); + std::string testName(fuzzData.GenerateStochasticString()); MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); diff --git a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn similarity index 88% rename from test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/BUILD.gn rename to test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn index 619aa83def05d4c786290a28d10700d4b8cf3c6e..1d6648b8f3d42ce858ead87907d451001ede81b2 100644 --- a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. +# Copyright (c) 2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,11 +16,11 @@ import("//build/test.gni") import("../../../../../access_token.gni") import("../access_token_service_fuzz.gni") -ohos_fuzztest("GetNativeTokenNameStubFuzzTest") { +ohos_fuzztest("VerifyAccessTokenWithListStubFuzzTest") { module_out_path = module_output_path_service_access_token fuzz_config_file = "." - sources = [ "getnativetokennamestub_fuzzer.cpp" ] + sources = [ "verifyaccesstokenwithliststub_fuzzer.cpp" ] cflags = [ "-g", diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp similarity index 66% rename from test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.cpp rename to test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp index e7f7a1c53add7b6787ba1d4124c58d10e3f00e8e..af153efffd06dae2c5b37cfed1f0c2086787c84c 100644 --- a/test/fuzztest/services/accesstoken/getnativetokennamestub_fuzzer/getnativetokennamestub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.cpp @@ -13,10 +13,8 @@ * limitations under the License. */ -#include "getnativetokennamestub_fuzzer.h" +#include "verifyaccesstokenwithliststub_fuzzer.h" -#include -#include #include #include #include @@ -24,50 +22,46 @@ #include "accesstoken_fuzzdata.h" #include "accesstoken_manager_service.h" #include "i_accesstoken_manager.h" -#include "permission_def_parcel.h" using namespace std; -using namespace OHOS; using namespace OHOS::Security::AccessToken; -const int CONSTANTS_NUMBER_TWO = 2; -static const int32_t ROOT_UID = 0; +const int32_t MAX_PERMISSION_SIZE = 1100; namespace OHOS { - bool GetNativeTokenNameStubFuzzTest(const uint8_t* data, size_t size) + bool VerifyAccessTokenWithListStubFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { return false; } + AccessTokenFuzzData fuzzData(data, size); - std::string testName(fuzzData.GenerateRandomString()); - + AccessTokenID tokenId = fuzzData.GetData(); + + int permSize = fuzzData.GetData() % MAX_PERMISSION_SIZE; + std::vector permissionList; + for (int i = 0; i < permSize; i++) { + permissionList.emplace_back(fuzzData.GenerateStochasticString()); + } MessageParcel datas; datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteUint32(fuzzData.GetData())) { + if (!datas.WriteUint32(tokenId) || !datas.WriteStringVector(permissionList)) { return false; } - uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_NATIVE_TOKEN_NAME); + uint32_t code = static_cast(AccessTokenInterfaceCode::VERIFY_ACCESSTOKEN_WITH_LIST); MessageParcel reply; MessageOption option; - bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); - if (enable) { - setuid(CONSTANTS_NUMBER_TWO); - } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - setuid(ROOT_UID); return true; } -} +} // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::GetNativeTokenNameStubFuzzTest(data, size); + OHOS::VerifyAccessTokenWithListStubFuzzTest(data, size); return 0; } - diff --git a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.h b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.h similarity index 71% rename from test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.h rename to test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.h index e5d21eb1a600074436f0576a8057abbb2eb9493d..acdc2357c4414d35e8519eb5f10feb19429d3b6a 100644 --- a/test/fuzztest/services/accesstoken/registertokensynccallbackstub_fuzzer/registertokensynccallbackstub_fuzzer.h +++ b/test/fuzztest/services/accesstoken/verifyaccesstokenwithliststub_fuzzer/verifyaccesstokenwithliststub_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef TEST_FUZZTEST_REGISTERTOKENSYNCCALLBACKSTUB_FUZZER_H -#define TEST_FUZZTEST_REGISTERTOKENSYNCCALLBACKSTUB_FUZZER_H +#ifndef TEST_FUZZTEST_VERIFYACCESSTOKENWITHLISTSTUB_FUZZER_H +#define TEST_FUZZTEST_VERIFYACCESSTOKENWITHLISTSTUB_FUZZER_H -#define FUZZ_PROJECT_NAME "registertokensynccallbackstub_fuzzer" +#define FUZZ_PROJECT_NAME "verifyaccesstokenwithliststub_fuzzer" -#endif // TEST_FUZZTEST_REGISTERTOKENSYNCCALLBACKSTUB_FUZZER_H \ No newline at end of file +#endif // TEST_FUZZTEST_VERIFYACCESSTOKENWITHLISTSTUB_FUZZER_H diff --git a/test/fuzztest/services/privacy/BUILD.gn b/test/fuzztest/services/privacy/BUILD.gn index 51c901c8048f536c427c4acb538148aee5ef541a..c27efe960861af886aa2232d32c3447a9912e777 100644 --- a/test/fuzztest/services/privacy/BUILD.gn +++ b/test/fuzztest/services/privacy/BUILD.gn @@ -21,11 +21,14 @@ group("fuzztest") { "addpermissionusedrecordstub_fuzzer:AddPermissionUsedRecordStubFuzzTest", "getpermissionusedrecordsasyncstub_fuzzer:GetPermissionUsedRecordsAsyncStubFuzzTest", "getpermissionusedrecordsstub_fuzzer:GetPermissionUsedRecordsStubFuzzTest", + "getpermissionusedrecordtogglestatusstub_fuzzer:GetPermissionUsedRecordToggleStatusStubFuzzTest", "getpermissionusedtypeinfosstub_fuzzer:GetPermissionUsedTypeInfosStubFuzzTest", "isallowedusingpermissionstub_fuzzer:IsAllowedUsingPermissionStubFuzzTest", "registerpermactivestatuscallbackstub_fuzzer:RegisterPermActiveStatusCallbackStubFuzzTest", "removepermissionusedrecordsstub_fuzzer:RemovePermissionUsedRecordsStubFuzzTest", + "sethapwithfgreminderstub_fuzzer:SetHapWithFGReminderStubFuzzTest", "setmutepolicystub_fuzzer:SetMutePolicyStubFuzzTest", + "setpermissionusedrecordtogglestatusstub_fuzzer:SetPermissionUsedRecordToggleStatusStubFuzzTest", "startusingpermissioncallbackstub_fuzzer:StartUsingPermissionCallbackStubFuzzTest", "startusingpermissionstub_fuzzer:StartUsingPermissionStubFuzzTest", "stopusingpermissionstub_fuzzer:StopUsingPermissionStubFuzzTest", diff --git a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp index 100aee308fb078155bf7423973b703fc27fffdb0..37db718d6c550ac6a8e9227a43df5b92e19fa559 100644 --- a/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/addpermissionusedrecordstub_fuzzer/addpermissionusedrecordstub_fuzzer.cpp @@ -41,7 +41,7 @@ namespace OHOS { AddPermParamInfoParcel infoParcel; infoParcel.info.tokenId = static_cast(fuzzData.GetData()); - infoParcel.info.permissionName = fuzzData.GenerateRandomString(); + infoParcel.info.permissionName = fuzzData.GenerateStochasticString(); infoParcel.info.successCount = fuzzData.GetData(); infoParcel.info.failCount = fuzzData.GetData(); if (!datas.WriteParcelable(&infoParcel)) { diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp index b6d387076d8394080a9edf709d2bd966dd6aecf3..61b96f6480885dc831dac6a27fd9d287dd9a1f63 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsasyncstub_fuzzer/getpermissionusedrecordsasyncstub_fuzzer.cpp @@ -48,17 +48,18 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); - std::vector permissionList = {fuzzData.GenerateRandomString()}; + std::vector permissionList = {fuzzData.GenerateStochasticString()}; PermissionUsedRequest request = { .tokenId = static_cast(fuzzData.GetData()), - .isRemote = fuzzData.GenerateRandomBool(), - .deviceId = fuzzData.GenerateRandomString(), - .bundleName = fuzzData.GenerateRandomString(), + .isRemote = fuzzData.GenerateStochasticBool(), + .deviceId = fuzzData.GenerateStochasticString(), + .bundleName = fuzzData.GenerateStochasticString(), .permissionList = permissionList, .beginTimeMillis = fuzzData.GetData(), .endTimeMillis = fuzzData.GetData(), - .flag = fuzzData.GenerateRandomEnmu(FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND) + .flag = fuzzData.GenerateStochasticEnmu( + FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND) }; PermissionUsedRequestParcel requestParcel; requestParcel.request = request; diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp index cd263be468bde0b31ed71ef8ce24b4fe848052c4..3565d7b1191544c7c9b6cc5750f05e26a9d5626a 100644 --- a/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordsstub_fuzzer/getpermissionusedrecordsstub_fuzzer.cpp @@ -38,17 +38,18 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); - std::vector permissionList = {fuzzData.GenerateRandomString()}; + std::vector permissionList = {fuzzData.GenerateStochasticString()}; PermissionUsedRequest request = { .tokenId = static_cast(fuzzData.GetData()), - .isRemote = fuzzData.GenerateRandomBool(), - .deviceId = fuzzData.GenerateRandomString(), - .bundleName = fuzzData.GenerateRandomString(), + .isRemote = fuzzData.GenerateStochasticBool(), + .deviceId = fuzzData.GenerateStochasticString(), + .bundleName = fuzzData.GenerateStochasticString(), .permissionList = permissionList, .beginTimeMillis = fuzzData.GetData(), .endTimeMillis = fuzzData.GetData(), - .flag = fuzzData.GenerateRandomEnmu(FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND) + .flag = fuzzData.GenerateStochasticEnmu( + FLAG_PERMISSION_USAGE_SUMMARY_IN_APP_FOREGROUND) }; PermissionUsedRequestParcel requestParcel; requestParcel.request = request; diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..3990a43f59d092ff6393badf3d5c139275c2ae5b --- /dev/null +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn @@ -0,0 +1,44 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../privacy_service_fuzz.gni") + +ohos_fuzztest("GetPermissionUsedRecordToggleStatusStubFuzzTest") { + module_out_path = module_output_path_service_privacy + fuzz_config_file = "." + + sources = [ "getpermissionusedrecordtogglestatusstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + include_dirs = privacy_include_dirs + + sources += privacy_sources + + defines = privacy_defines + + cflags_cc = privacy_cflags_cc + + deps = privacy_deps + + external_deps = privacy_external_deps +} diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/corpus/init b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp similarity index 50% rename from test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp rename to test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp index 27dcebe7d0391797ccc44ad943408a89663efb73..e9609ed9c825c7c88f7cfe183413cbd6b17ec23d 100644 --- a/test/fuzztest/services/accesstoken/getallnativetokeninfostub_fuzzer/getallnativetokeninfostub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,61 +13,54 @@ * limitations under the License. */ -#include "getallnativetokeninfostub_fuzzer.h" +#include "getpermissionusedrecordtogglestatusstub_fuzzer.h" -#include -#include -#include +#include "accesstoken_fuzzdata.h" #undef private -#include "accesstoken_info_manager.h" -#include "accesstoken_kit.h" -#include "i_accesstoken_manager.h" -#include "service/accesstoken_manager_service.h" -#include "token_setproc.h" +#include "i_privacy_manager.h" +#include "privacy_manager_service.h" using namespace std; using namespace OHOS::Security::AccessToken; -#ifdef TOKEN_SYNC_ENABLE const int CONSTANTS_NUMBER_TWO = 2; -#endif +static const int32_t ROOT_UID = 0; namespace OHOS { - bool GetAllNativeTokenInfoFuzzTest(const uint8_t* data, size_t size) + bool GetPermissionUsedRecordToggleStatusStubFuzzTest(const uint8_t* data, size_t size) { -#ifdef TOKEN_SYNC_ENABLE if ((data == nullptr) || (size == 0)) { return false; } + AccessTokenFuzzData fuzzData(data, size); + MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); + + int32_t userID = fuzzData.GetData(); + if (!datas.WriteInt32(userID)) { + return false; + } - uint32_t code = static_cast( - AccessTokenInterfaceCode::GET_ALL_NATIVE_TOKEN_FROM_REMOTE); + uint32_t code = static_cast(PrivacyInterfaceCode::GET_PERMISSION_USED_RECORD_TOGGLE_STATUS); MessageParcel reply; MessageOption option; bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); if (enable) { - AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service"); - SetSelfTokenID(accesstoken); - AccessTokenInfoManager::GetInstance().Init(); + setuid(CONSTANTS_NUMBER_TWO); } - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); - SetSelfTokenID(hdcd); + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); return true; -#else - return true; -#endif } -} +} // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::GetAllNativeTokenInfoFuzzTest(data, size); + OHOS::GetPermissionUsedRecordToggleStatusStubFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.h b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..7f8ac51193d5f950e900e3f9079450ed48c319e8 --- /dev/null +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/getpermissionusedrecordtogglestatusstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H +#define TEST_FUZZTEST_GETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "getpermissionusedrecordtogglestatusstub_fuzzer" + +#endif // TEST_FUZZTEST_GETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H diff --git a/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/project.xml b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/privacy/getpermissionusedrecordtogglestatusstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp index 28a8daf5e591436363e8c5a88aa533a5d05d4f69..3b50ce6039ed539cfba82540e8f64a0dc54d7a4a 100644 --- a/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getpermissionusedtypeinfosstub_fuzzer/getpermissionusedtypeinfosstub_fuzzer.cpp @@ -41,7 +41,7 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } diff --git a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp index e49d8230b1771af98535e3a19b5790b185578114..542ab9e678068dc281e0a5bb956598ca8e2e433d 100644 --- a/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/getspecialseccompenhancestub_fuzzer/getspecialseccompenhancestub_fuzzer.cpp @@ -42,7 +42,7 @@ namespace OHOS { MessageParcel datas; datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } diff --git a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp index aae1474626ee3d261a5c4cfc4218c4dddce1e38e..1eca6c5a89e42e0df12a50fd95fb03900e5722e1 100644 --- a/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/isallowedusingpermissionstub_fuzzer/isallowedusingpermissionstub_fuzzer.cpp @@ -41,7 +41,10 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { + return false; + } + if (!datas.WriteInt32(fuzzData.GetData())) { return false; } diff --git a/test/fuzztest/services/privacy/privacy_service_fuzz.gni b/test/fuzztest/services/privacy/privacy_service_fuzz.gni index 371cadaf43081f1d439d1d66537353850fb6aaf7..1e574a97edba9a3a0b240834ea8ec59c5ae873cf 100644 --- a/test/fuzztest/services/privacy/privacy_service_fuzz.gni +++ b/test/fuzztest/services/privacy/privacy_service_fuzz.gni @@ -27,18 +27,18 @@ privacy_include_dirs = [ "${access_token_path}/services/privacymanager/include/record", "${access_token_path}/services/privacymanager/include/seccomp", "${access_token_path}/services/privacymanager/include/service", + "${access_token_path}/services/privacymanager/include/proxy", "${access_token_path}/services/privacymanager/include/sensitive", "${access_token_path}/services/privacymanager/include/sensitive/audio_manager/", "${access_token_path}/services/privacymanager/include/sensitive/camera_manager/", - "${access_token_path}/services/common/ability_manager/include", "${access_token_path}/services/common/app_manager/include", - "${access_token_path}/services/common/config_policy/include", + "${access_token_path}/services/common/json_parse/include", "${access_token_path}/services/common/database/include", "${access_token_path}/services/common/libraryloader/include", - "${access_token_path}/services/common/power_manager/include", "${access_token_path}/services/common/screenlock_manager/include", "${access_token_path}/services/common/utils/include", "${access_token_path}/test/fuzztest/common", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", ] privacy_deps = [ @@ -48,11 +48,11 @@ privacy_deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/proxy_death:proxy_death_handler", ] privacy_external_deps = [ "ability_base:want", - "audio_framework:audio_client", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", @@ -65,8 +65,6 @@ privacy_external_deps = [ privacy_sources = [ "${access_token_path}/services/common/app_manager/src/app_manager_access_client.cpp", - "${access_token_path}/services/common/app_manager/src/app_manager_access_proxy.cpp", - "${access_token_path}/services/common/app_manager/src/app_manager_death_recipient.cpp", "${access_token_path}/services/common/app_manager/src/app_state_data.cpp", "${access_token_path}/services/common/app_manager/src/app_status_change_callback.cpp", "${access_token_path}/services/common/app_manager/src/process_data.cpp", @@ -79,17 +77,13 @@ privacy_sources = [ "${access_token_path}/services/privacymanager/src/database/data_translator.cpp", "${access_token_path}/services/privacymanager/src/database/permission_used_record_db.cpp", "${access_token_path}/services/privacymanager/src/database/privacy_field_const.cpp", + "${access_token_path}/services/privacymanager/src/proxy/privacy_manager_proxy_death_param.cpp", "${access_token_path}/services/privacymanager/src/record/on_permission_used_record_callback_proxy.cpp", "${access_token_path}/services/privacymanager/src/record/permission_record.cpp", "${access_token_path}/services/privacymanager/src/record/permission_record_manager.cpp", - "${access_token_path}/services/privacymanager/src/record/permission_record_repository.cpp", - "${access_token_path}/services/privacymanager/src/record/permission_used_record_cache.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_client.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_death_recipient.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/audio_manager/audio_manager_privacy_proxy.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_client.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_death_recipient.cpp", - "${access_token_path}/services/privacymanager/src/sensitive/camera_manager/camera_manager_privacy_proxy.cpp", + "${access_token_path}/services/privacymanager/src/record/permission_record_set.cpp", + "${access_token_path}/services/privacymanager/src/sensitive/audio_manager/audio_manager_adapter.cpp", + "${access_token_path}/services/privacymanager/src/sensitive/camera_manager/camera_manager_adapter.cpp", "${access_token_path}/services/privacymanager/src/service/privacy_manager_service.cpp", "${access_token_path}/services/privacymanager/src/service/privacy_manager_stub.cpp", ] @@ -102,7 +96,7 @@ privacy_cflags_cc = [ privacy_defines = [] if (use_musl) { - if (use_jemalloc && use_jemalloc_dfx_intf) { + if (musl_use_jemalloc && musl_use_jemalloc_dfx_intf) { privacy_defines += [ "CONFIG_USE_JEMALLOC_DFX_INTF" ] } } @@ -117,6 +111,17 @@ if (window_manager_enable && access_token_camera_float_window_enable) { privacy_cflags_cc += [ "-DCAMERA_FLOAT_WINDOW_ENABLE" ] privacy_include_dirs += [ "${access_token_path}/services/common/window_manager/include" ] + privacy_sources += [ + "${access_token_path}/services/common/window_manager/src/privacy_mock_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_lite_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_scene_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_session_manager_proxy.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_agent.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_client.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_death_recipient.cpp", + "${access_token_path}/services/common/window_manager/src/privacy_window_manager_proxy.cpp", + ] + privacy_external_deps += [ "window_manager:libwsutils" ] } if (theme_screenlock_mgr_enable) { @@ -128,3 +133,20 @@ if (eventhandler_enable == true) { privacy_cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] privacy_external_deps += [ "eventhandler:libeventhandler" ] } + +if (access_token_app_security_privacy_service_enable) { + privacy_cflags_cc += [ "-DAPP_SECURITY_PRIVACY_SERVICE" ] +} else { + privacy_include_dirs += + [ "${access_token_path}/services/common/ability_manager/include" ] +} + +if (audio_framework_enable) { + privacy_cflags_cc += [ "-DAUDIO_FRAMEWORK_ENABLE" ] + privacy_external_deps += [ "audio_framework:audio_client" ] +} + +if (camera_framework_enable) { + privacy_cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ] + privacy_external_deps += [ "camera_framework:camera_framework" ] +} diff --git a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp index e7af3ffa746d25b0cebd503e65930dea04918c56..47fc2f21d1fba91d808cdba817e5f17619547240 100644 --- a/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/registerpermactivestatuscallbackstub_fuzzer/registerpermactivestatuscallbackstub_fuzzer.cpp @@ -56,7 +56,7 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); - std::vector permList = {fuzzData.GenerateRandomString()}; + std::vector permList = {fuzzData.GenerateStochasticString()}; auto callback = std::make_shared(permList); callback->type_ = PERM_INACTIVE; sptr callbackWrap = nullptr; diff --git a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp index f3cca7e16865b441fd411c677931225858b83915..d3c3b8510dfbacb74a3ae7c33373325bb3cb8f2e 100644 --- a/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/removepermissionusedrecordsstub_fuzzer/removepermissionusedrecordsstub_fuzzer.cpp @@ -41,7 +41,7 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } diff --git a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn similarity index 64% rename from test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn rename to test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn index 1362287d38ead00495dae89ee2fd6c02378b1a97..b6c38befc5450777429770c0add2a447f5258f2f 100644 --- a/test/fuzztest/innerkits/accesstoken/getallnativetokeninfo_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/BUILD.gn @@ -14,32 +14,33 @@ import("//build/config/features.gni") import("//build/test.gni") import("../../../../../access_token.gni") +import("../privacy_service_fuzz.gni") -ohos_fuzztest("GetAllNativeTokenInfoFuzzTest") { - module_out_path = module_output_path_interface_access_token +ohos_fuzztest("SetHapWithFGReminderStubFuzzTest") { + module_out_path = module_output_path_service_privacy fuzz_config_file = "." - include_dirs = - [ "${access_token_path}/interfaces/innerkits/accesstoken/include" ] + + sources = [ "sethapwithfgreminderstub_fuzzer.cpp" ] + cflags = [ "-g", "-O0", "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "getallnativetokeninfo_fuzzer.cpp" ] - deps = [ - "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", - ] + configs = [ "${access_token_path}/config:coverage_flags" ] - if (token_sync_enable == true) { - cflags_cc = [ "-DTOKEN_SYNC_ENABLE" ] - } + include_dirs = privacy_include_dirs - configs = [ "${access_token_path}/config:coverage_flags" ] + sources += privacy_sources - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - ] + defines = privacy_defines + + cflags_cc = privacy_cflags_cc + + deps = privacy_deps + deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] + + external_deps = privacy_external_deps } diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/corpus/init b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/project.xml b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f06a4c5a928fee23b8e1d62620e2fad2c23a3960 --- /dev/null +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.cpp @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sethapwithfgreminderstub_fuzzer.h" + +#include +#include +#include + +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_kit.h" +#include "i_privacy_manager.h" +#include "privacy_manager_service.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TWO = 2; +static const int32_t ROOT_UID = 0; + +namespace OHOS { +const uint8_t *g_baseFuzzData = nullptr; +size_t g_baseFuzzSize = 0; +size_t g_baseFuzzPos = 0; + void GetNativeToken() + { + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[0] = "ohos.permission.SET_FOREGROUND_HAP_REMINDER"; // 3 means the third permission + + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "sethapwithfgreminderstub_fuzzer_test", + .aplStr = "system_core", + }; + + tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; + } + + bool SetHapWithFGReminderStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + GetNativeToken(); + AccessTokenFuzzData fuzzData(data, size); + + if (size > sizeof(uint32_t) + sizeof(bool)) { + uint32_t tokenId = fuzzData.GetData(); + bool isAllowed = fuzzData.GenerateStochasticBool(); + + MessageParcel datas; + datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId)) { + return false; + } + if (!datas.WriteBool(isAllowed)) { + return false; + } + + uint32_t code = static_cast( + PrivacyInterfaceCode::SET_HAP_WITH_FOREGROUND_REMINDER); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TWO); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + } + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetHapWithFGReminderStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.h b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..bb07b41ce4c8b6606e8348176fbfcf19cd51e3dc --- /dev/null +++ b/test/fuzztest/services/privacy/sethapwithfgreminderstub_fuzzer/sethapwithfgreminderstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETHAPWITHFGREMINDERSTUB_FUZZER_H +#define TEST_FUZZTEST_SETHAPWITHFGREMINDERSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "sethapwithfgreminderstub_fuzzer" + +#endif // TEST_FUZZTEST_SETHAPWITHFGREMINDERSTUB_FUZZER_H diff --git a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp index 609ecda3447a7b108a5ca3462e6a4e3d80c0879e..69c220f5580fa08f8496c1cf730584086b4b9179 100644 --- a/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/setmutepolicystub_fuzzer/setmutepolicystub_fuzzer.cpp @@ -67,10 +67,11 @@ size_t g_baseFuzzPos = 0; GetNativeToken(); AccessTokenFuzzData fuzzData(data, size); - if (size > sizeof(uint32_t) + sizeof(bool)) { + if (size > sizeof(uint32_t) + sizeof(bool) + sizeof(uint32_t)) { uint32_t policyType = fuzzData.GetData(); uint32_t callerType = fuzzData.GetData(); - bool isMute = fuzzData.GenerateRandomBool(); + bool isMute = fuzzData.GenerateStochasticBool(); + uint32_t tokenID = fuzzData.GetData(); MessageParcel datas; datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); @@ -83,6 +84,9 @@ size_t g_baseFuzzPos = 0; if (!datas.WriteBool(isMute)) { return false; } + if (!datas.WriteUint32(tokenID)) { + return false; + } uint32_t code = static_cast( PrivacyInterfaceCode::SET_MUTE_POLICY); diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6feddd9aca4f4d86ea8a4d6644188b3bca891919 --- /dev/null +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/BUILD.gn @@ -0,0 +1,44 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../privacy_service_fuzz.gni") + +ohos_fuzztest("SetPermissionUsedRecordToggleStatusStubFuzzTest") { + module_out_path = module_output_path_service_privacy + fuzz_config_file = "." + + sources = [ "setpermissionusedrecordtogglestatusstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + include_dirs = privacy_include_dirs + + sources += privacy_sources + + defines = privacy_defines + + cflags_cc = privacy_cflags_cc + + deps = privacy_deps + + external_deps = privacy_external_deps +} diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/corpus/init b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/project.xml b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9b5c47a88ca8182ae4afc090af90b4b66d371fc7 --- /dev/null +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setpermissionusedrecordtogglestatusstub_fuzzer.h" + +#include "accesstoken_fuzzdata.h" +#undef private +#include "i_privacy_manager.h" +#include "privacy_manager_service.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TWO = 2; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + bool SetPermissionUsedRecordToggleStatusStubFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + + MessageParcel datas; + datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); + + int32_t userID = fuzzData.GetData(); + bool status = fuzzData.GenerateStochasticBool(); + if (!datas.WriteInt32(userID) || !datas.WriteBool(status)) { + return false; + } + + uint32_t code = static_cast(PrivacyInterfaceCode::SET_PERMISSION_USED_RECORD_TOGGLE_STATUS); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TWO); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetPermissionUsedRecordToggleStatusStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.h b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..c5fa7f2b85ea4bdb87e4e43285de34e6e1355177 --- /dev/null +++ b/test/fuzztest/services/privacy/setpermissionusedrecordtogglestatusstub_fuzzer/setpermissionusedrecordtogglestatusstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H +#define TEST_FUZZTEST_SETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "setpermissionusedrecordtogglestatusstub_fuzzer" + +#endif // TEST_FUZZTEST_SETPERMISSIONUSEDRECORDTOGGLESTATUSSTUB_FUZZER_H diff --git a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp index c0398d3a89acd5ce6e092ba5cb51f5e710f0567a..85b7bfcf6288bdc97750b15417278a2edaacb1ec 100644 --- a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp @@ -38,7 +38,7 @@ public: ~CbCustomizeTest() {} - virtual void StateChangeNotify(AccessTokenID tokenId, bool isShowing) + virtual void StateChangeNotify(AccessTokenID tokenId, bool isShowing) { isShowing_ = true; } @@ -64,7 +64,10 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteInt32(fuzzData.GetData())) { + return false; + } + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } if (!datas.WriteRemoteObject(callbackWrap->AsObject())) { diff --git a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp index 2815ac16044f64d2302cea0783f5ae3595d61b83..e9fb147ffbb83f1da94865088d359b9be5bfe0d9 100644 --- a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp @@ -41,7 +41,10 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteInt32(fuzzData.GetData())) { + return false; + } + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } diff --git a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp index 2d74468bb864c5daf844e151563307efca39c4c9..afce9afa09bf85e59da19ea6d31b8e1fb67a9d1a 100644 --- a/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/stopusingpermissionstub_fuzzer/stopusingpermissionstub_fuzzer.cpp @@ -41,7 +41,10 @@ namespace OHOS { if (!datas.WriteUint32(static_cast(fuzzData.GetData()))) { return false; } - if (!datas.WriteString(fuzzData.GenerateRandomString())) { + if (!datas.WriteInt32(fuzzData.GetData())) { + return false; + } + if (!datas.WriteString(fuzzData.GenerateStochasticString())) { return false; } diff --git a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp index 3be98d098fb7c012c4864866632350fb45c56b54..14d23c014771b01a1889e9c17098cc8666e9fab6 100644 --- a/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/unregisterpermactivestatuscallbackstub_fuzzer/unregisterpermactivestatuscallbackstub_fuzzer.cpp @@ -59,7 +59,7 @@ namespace OHOS { MessageParcel datas; datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - std::vector permList = {fuzzData.GenerateRandomString()}; + std::vector permList = {fuzzData.GenerateStochasticString()}; auto callback = std::make_shared(permList); callback->type_ = PERM_INACTIVE; diff --git a/tools/accesstoken/BUILD.gn b/tools/accesstoken/BUILD.gn index 8497b00b5d8fb42e6166719e990086eb83e6e022..68c2c700a6a857e23ed800d95de2a5e10da6a277 100644 --- a/tools/accesstoken/BUILD.gn +++ b/tools/accesstoken/BUILD.gn @@ -19,7 +19,10 @@ ohos_executable("atm") { subsystem_name = "security" part_name = "access_token" - include_dirs = [ "include" ] + include_dirs = [ + "${access_token_path}/interfaces/innerkits/privacy/include", + "include", + ] sources = [ "src/atm_command.cpp", @@ -35,6 +38,10 @@ ohos_executable("atm") { cflags = [] + if (build_variant == "user") { + cflags_cc = [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + if (target_cpu == "arm") { cflags += [ "-DBINDER_IPC_32BIT" ] } diff --git a/tools/accesstoken/include/atm_command.h b/tools/accesstoken/include/atm_command.h index f271fa888560237e1352275c111098df20ab0196..20433c5a21f7b571a3a56f85d407a3f1d9c23247 100644 --- a/tools/accesstoken/include/atm_command.h +++ b/tools/accesstoken/include/atm_command.h @@ -50,6 +50,15 @@ private: const std::string& helpMsg); int32_t SetToggleStatus(int32_t userID, const std::string& permissionName, const uint32_t& status); int32_t GetToggleStatus(int32_t userID, const std::string& permissionName, std::string& statusInfo); + void RunToggleCommandExistentOptionArgument(const int32_t& option, AtmToolsParamInfo& info); + int32_t HandleToggleCommand(const std::string& shortOption, const struct option longOption[], + const std::string& helpMsg); + int32_t RunToggleCommandByOperationType(const AtmToolsParamInfo& info); + int32_t HandleToggleRequest(const AtmToolsParamInfo& info, std::string& dumpInfo); + int32_t HandleToggleRecord(const AtmToolsParamInfo& info, std::string& dumpInfo); + int32_t SetRecordToggleStatus(int32_t userID, const uint32_t& recordStatus, std::string& statusInfo); + int32_t GetRecordToggleStatus(int32_t userID, std::string& statusInfo); + bool IsNumericString(const char* string); int32_t RunAsHelpCommand(); int32_t RunAsCommonCommand(); diff --git a/tools/accesstoken/src/atm_command.cpp b/tools/accesstoken/src/atm_command.cpp index 8df6f5ba4b62856870af6c58e4839f7f0f44fb2b..52ce16b239217b1176a262c0dc5d3b72008259cf 100644 --- a/tools/accesstoken/src/atm_command.cpp +++ b/tools/accesstoken/src/atm_command.cpp @@ -27,48 +27,62 @@ namespace OHOS { namespace Security { namespace AccessToken { namespace { +static constexpr int32_t MAX_COUNTER = 1000; static constexpr int32_t MIN_ARGUMENT_NUMBER = 2; static constexpr int32_t MAX_ARGUMENT_NUMBER = 4096; static const std::string HELP_MSG_NO_OPTION = "error: you must specify an option at least.\n"; -static const std::string SHORT_OPTIONS_DUMP = "hd::t::r::v::i:p:b:n:"; +static const std::string SHORT_OPTIONS_DUMP = "h::t::r::v::i:p:b:n:"; static const std::string TOOLS_NAME = "atm"; static const std::string HELP_MSG = "usage: atm