From 5f109228a9db58feb9d1e110f378a880aa584988 Mon Sep 17 00:00:00 2001 From: l00520400 Date: Tue, 25 Jan 2022 11:49:20 +0800 Subject: [PATCH 1/2] update dir Signed-off-by: l00520400 Change-Id: Ia34977c7ec8e306cee675ae3628e028a0f356782 --- interfaces/innerkits/nativetoken/include/nativetoken.h | 3 +-- services/accesstokenmanager/access_token.cfg | 2 +- .../main/cpp/include/token/native_token_receptor.h | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index dc036b648..6706c491d 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -33,8 +33,7 @@ extern "C" { #endif #define MAX_PROCESS_NAME_LEN 256 -#define TOKEN_ID_CFG_PATH "/data/system/access_token/nativetoken.json" -#define SOCKET_FILE "/data/system/token_unix_socket.socket" +#define TOKEN_ID_CFG_PATH "/data/access_token/nativetoken.json" #define TOKEN_NATIVE_TYPE 1 #define DEFAULT_AT_VERSION 1 #define TRANSFER_KEY_WORDS "NativeTokenInfo" diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg index 6c3deb612..a803fe1ae 100644 --- a/services/accesstokenmanager/access_token.cfg +++ b/services/accesstokenmanager/access_token.cfg @@ -2,7 +2,7 @@ "jobs" : [{ "name" : "pre-init", "cmds" : [ - "mkdir /data/system/access_token 0650 root system", + "mkdir /data/access_token 0750 root system", "load_access_token_id " ] }, { diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index 491d09dc0..cd1b899dd 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -27,7 +27,7 @@ namespace OHOS { namespace Security { namespace AccessToken { -const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/system/access_token/nativetoken.json"; +const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/access_token/nativetoken.json"; constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M constexpr size_t BUFFER_SIZE = 1024; class NativeTokenReceptor final { -- Gitee From d4e2b32371a841628b14f6b7f0a715bbd8a2986e Mon Sep 17 00:00:00 2001 From: l00520400 Date: Tue, 25 Jan 2022 14:07:19 +0800 Subject: [PATCH 2/2] Signed-off-by: l00520400 Change-Id: I1228c638fbc2618034bec2581436fe7f28e8014b Signed-off-by: l00520400 Change-Id: Ic1d46e767a4dc6176fbdf98a8949d5396ea8d49a Signed-off-by: l00520400 --- .../nativetoken/include/nativetoken.h | 3 +- .../innerkits/nativetoken/src/nativetoken.c | 42 +++++++++- .../unittest/src/nativetoken_kit_test.cpp | 82 +++++++------------ services/accesstokenmanager/access_token.cfg | 2 +- .../cpp/include/token/native_token_receptor.h | 2 +- .../cpp/src/token/native_token_receptor.cpp | 2 +- 6 files changed, 73 insertions(+), 60 deletions(-) diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index 6706c491d..71c34e2c2 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -33,7 +33,8 @@ extern "C" { #endif #define MAX_PROCESS_NAME_LEN 256 -#define TOKEN_ID_CFG_PATH "/data/access_token/nativetoken.json" +#define TOKEN_ID_CFG_FILE_PATH "/data/service/el0/access_token/nativetoken.json" +#define TOKEN_ID_CFG_DIR_PATH "/data/service/el0/access_token" #define TOKEN_NATIVE_TYPE 1 #define DEFAULT_AT_VERSION 1 #define TRANSFER_KEY_WORDS "NativeTokenInfo" diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index 5373e41a6..f39d36eef 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -230,7 +230,7 @@ int32_t AtlibInit(void) } g_tokenListHead->next = NULL; - int32_t ret = ParseTokenInfoFromCfg(TOKEN_ID_CFG_PATH); + int32_t ret = ParseTokenInfoFromCfg(TOKEN_ID_CFG_FILE_PATH); if (ret != ATRET_SUCCESS) { free(g_tokenListHead); g_tokenListHead = NULL; @@ -294,6 +294,29 @@ int32_t GetAplLevel(const char *aplStr) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); return 0; } +int32_t NeedSetUidGid(int16_t *uid, int16_t *gid, int *needSet) +{ + struct stat buf; + if (stat(TOKEN_ID_CFG_FILE_PATH, &buf) == 0) { + *needSet = 0; + return ATRET_SUCCESS; + } + if (errno != ENOENT) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.", + __func__, TOKEN_ID_CFG_FILE_PATH, errno); + return ATRET_FAILED; + } + if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat %s is invalid %d.", + __func__, TOKEN_ID_CFG_DIR_PATH, errno); + return ATRET_FAILED; + } + *uid = buf.st_uid; + *gid = buf.st_gid; + *needSet = 1; + ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:needSet is true.", __func__); + return ATRET_SUCCESS; +} void WriteToFile(const cJSON *root) { @@ -308,7 +331,14 @@ void WriteToFile(const cJSON *root) } do { - int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + int16_t uid; + int16_t gid; + int needSet = 0; + if (NeedSetUidGid(&uid, &gid, &needSet) != ATRET_SUCCESS) { + break; + } + int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); break; @@ -320,6 +350,10 @@ void WriteToFile(const cJSON *root) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); break; } + if ((needSet == 1) && chown(TOKEN_ID_CFG_FILE_PATH, uid, gid) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); + break; + } } while (0); cJSON_free(jsonStr); @@ -409,7 +443,7 @@ void SaveTokenIdToCfg(const NativeTokenList *curr) cJSON *record = NULL; int32_t ret; - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); if (ret != ATRET_SUCCESS) { return; } @@ -627,7 +661,7 @@ int32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) cJSON *record = NULL; char *fileBuff = NULL; - int32_t ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int32_t ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); if (ret != ATRET_SUCCESS) { return ret; } diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp index a6782999a..3320426c3 100644 --- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp +++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp @@ -24,16 +24,7 @@ using namespace OHOS::Security; extern NativeTokenList *g_tokenListHead; extern int32_t g_isNativeTokenInited; extern int32_t GetFileBuff(const char *cfg, char **retBuff); -namespace { -static string g_jsonStr = "[" - "{\"processName\":\"asdf\", \"tokenId\":15, \"APL\":3, \"version\":1, " - "\"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}," - "{\"processName\":\"GetAccessTokenId008\", \"tokenId\":16, \"APL\":3, \"version\":1," - " \"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}," - "{\"processName\":\"GetAccessTokenId009\", \"tokenId\":17, \"APL\":3, \"version\":1, " - "\"tokenAttr\":0, \"dcaps\":[\"AT_CAP\", \"ST_CAP\"]}" - "]"; -} + void TokenLibKitTest::SetUpTestCase() {} @@ -43,7 +34,7 @@ void TokenLibKitTest::TearDownTestCase() void TokenLibKitTest::SetUp() { g_isNativeTokenInited = 0; - ResetFile(); + (void)remove(TOKEN_ID_CFG_FILE_PATH); } void TokenLibKitTest::TearDown() @@ -56,21 +47,6 @@ void TokenLibKitTest::TearDown() } } -void TokenLibKitTest::ResetFile(void) -{ - int32_t fd = open(TOKEN_ID_CFG_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); - if (fd < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); - return; - } - int32_t strLen = strlen(g_jsonStr.c_str()); - int32_t writtenLen = write(fd, (void *)g_jsonStr.c_str(), strLen); - close(fd); - if (writtenLen != strLen) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); - } -} - int Start(const char *processName) { const char *processname = processName; @@ -253,7 +229,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1) ASSERT_EQ(tokenIdEx->tokenId, g_tokenListHead->next->tokenId); char *fileBuff = nullptr; - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, ATRET_SUCCESS); string s = "GetAccessTokenId006"; char *pos = strstr(fileBuff, s.c_str()); @@ -278,7 +254,7 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) ASSERT_NE(tokenId, 0); } char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); for (int32_t i = 0; i < 200; i++) { char *pos = strstr(fileBuff, processName[i]); @@ -296,29 +272,31 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1) HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) { char *fileBuff = nullptr; - int ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + int ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); - char *pos = strstr(fileBuff, "process1"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process2"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process3"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process4"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process5"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process6"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process7"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process8"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "process9"); - ASSERT_EQ(pos, nullptr); - pos = strstr(fileBuff, "foundation"); - ASSERT_EQ(pos, nullptr); - free(fileBuff); + if (fileBuff != nullptr) { + char *pos = strstr(fileBuff, "process1"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process2"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process3"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process4"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process5"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process6"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process7"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process8"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "process9"); + ASSERT_EQ(pos, nullptr); + pos = strstr(fileBuff, "foundation"); + ASSERT_EQ(pos, nullptr); + free(fileBuff); + } Start("process1"); Start("process2"); @@ -337,10 +315,10 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1) Start("process18"); Start("process19"); - ret = GetFileBuff(TOKEN_ID_CFG_PATH, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); ASSERT_EQ(ret, 0); GTEST_LOG_(INFO) << "fileBuff" << fileBuff; - pos = strstr(fileBuff, "process1"); + char *pos = strstr(fileBuff, "process1"); ASSERT_NE(pos, nullptr); pos = strstr(fileBuff, "process2"); ASSERT_NE(pos, nullptr); diff --git a/services/accesstokenmanager/access_token.cfg b/services/accesstokenmanager/access_token.cfg index a803fe1ae..ba4b720b8 100644 --- a/services/accesstokenmanager/access_token.cfg +++ b/services/accesstokenmanager/access_token.cfg @@ -2,7 +2,7 @@ "jobs" : [{ "name" : "pre-init", "cmds" : [ - "mkdir /data/access_token 0750 root system", + "mkdir /data/service/el0/access_token 0750 root system", "load_access_token_id " ] }, { diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h index cd1b899dd..53097f3fc 100644 --- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h +++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h @@ -27,7 +27,7 @@ namespace OHOS { namespace Security { namespace AccessToken { -const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/access_token/nativetoken.json"; +const std::string NATIVE_TOKEN_CONFIG_FILE = "/data/service/el0/access_token/nativetoken.json"; constexpr int MAX_NATIVE_CONFIG_FILE_SIZE = 5 * 1024 * 1024; // 5M constexpr size_t BUFFER_SIZE = 1024; class NativeTokenReceptor final { diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 8bb01fd82..d5ee4ac8e 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -105,7 +105,7 @@ int NativeTokenReceptor::ReadCfgFile(std::string& nativeRawData) { int32_t fd = open(NATIVE_TOKEN_CONFIG_FILE.c_str(), O_RDONLY); if (fd < 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: open failed.", __func__); + ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s: open failed errno %{public}d.", __func__, errno); return RET_FAILED; } struct stat statBuffer; -- Gitee