From 4495b3c268887e60276ce44da7ccbf6709b020f4 Mon Sep 17 00:00:00 2001 From: libing23 Date: Tue, 15 Feb 2022 20:17:24 +0800 Subject: [PATCH] add tokensync unitest Signed-off-by: libing23 --- .../innerkits/accesstoken/test/BUILD.gn | 3 + .../unittest/src/accesstoken_kit_test.cpp | 921 ++++++++++++++++++ .../include/token/accesstoken_info_manager.h | 2 + .../cpp/include/token/hap_token_info_inner.h | 1 + .../cpp/src/permission/permission_manager.cpp | 33 +- .../src/token/accesstoken_info_manager.cpp | 143 ++- .../cpp/src/token/hap_token_info_inner.cpp | 5 + services/tokensyncmanager/BUILD.gn | 2 - 8 files changed, 1044 insertions(+), 66 deletions(-) mode change 100755 => 100644 interfaces/innerkits/accesstoken/test/BUILD.gn mode change 100755 => 100644 interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp diff --git a/interfaces/innerkits/accesstoken/test/BUILD.gn b/interfaces/innerkits/accesstoken/test/BUILD.gn old mode 100755 new mode 100644 index a39d7014d..e981ea0ec --- a/interfaces/innerkits/accesstoken/test/BUILD.gn +++ b/interfaces/innerkits/accesstoken/test/BUILD.gn @@ -23,6 +23,7 @@ ohos_unittest("libaccesstoken_sdk_test") { "//third_party/googletest/include", "//base/security/access_token/interfaces/innerkits/accesstoken/include", "//base/security/access_token/interfaces/innerkits/nativetoken/include", + "//base/security/access_token/frameworks/common/include", ] sources = [ "unittest/src/accesstoken_kit_test.cpp" ] @@ -34,6 +35,8 @@ ohos_unittest("libaccesstoken_sdk_test") { "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", "//utils/native/base:utils", ] + + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] } group("unittest") { diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp old mode 100755 new mode 100644 index 5ff41acf1..c80c6301d --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -18,11 +18,14 @@ #include "accesstoken_kit.h" #include "nativetoken_kit.h" +#include "accesstoken_log.h" using namespace testing::ext; using namespace OHOS::Security::AccessToken; namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AccessTokenKitTest"}; + static PermissionStateFull g_grantPermissionReq = { .permissionName = "ohos.permission.GRANT_SENSITIVE_PERMISSIONS", .isGeneral = true, @@ -2076,3 +2079,921 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag003, TestSize.Level1) int res = AccessTokenKit::DeleteToken(tokenIdEx.tokenIdExStruct.tokenID); ASSERT_EQ(RET_SUCCESS, res); } + +/** + * @tc.name: SetRemoteHapTokenInfo001 + * @tc.desc: set remote hap token info success + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo001 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + // check local map token + HapTokenInfo resultInfo; + ret = AccessTokenKit::GetHapTokenInfo(mapID, resultInfo); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(resultInfo.apl, remoteTokenInfo.baseInfo.apl); + ASSERT_EQ(resultInfo.ver, remoteTokenInfo.baseInfo.ver); + ASSERT_EQ(resultInfo.userID, remoteTokenInfo.baseInfo.userID); + ASSERT_EQ(resultInfo.bundleName, remoteTokenInfo.baseInfo.bundleName); + ASSERT_EQ(resultInfo.instIndex, remoteTokenInfo.baseInfo.instIndex); + ASSERT_EQ(resultInfo.appID, remoteTokenInfo.baseInfo.appID); + ASSERT_EQ(resultInfo.deviceID, remoteTokenInfo.baseInfo.deviceID); + ASSERT_NE(resultInfo.tokenID, remoteTokenInfo.baseInfo.tokenID); // tokenID already is map tokenID + ASSERT_EQ(resultInfo.tokenAttr, remoteTokenInfo.baseInfo.tokenAttr); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo002 + * @tc.desc: set remote hap token info, token info is wrong + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo002 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo rightBaseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + HapTokenInfo wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.apl = (ATokenAplEnum)11; // wrong apl + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = wrongBaseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + std::string wrongStr(10241, 'x'); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.appID = wrongStr; // wrong appID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.bundleName = wrongStr; // wrong bundleName + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.deviceID = wrongStr; // wrong deviceID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); + + wrongBaseInfo = rightBaseInfo; + wrongBaseInfo.tokenID = 0; // wrong tokenID + remoteTokenInfo.baseInfo = wrongBaseInfo; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo003 + * @tc.desc: set remote hap token wrong permission grant + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo003 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {11}, // wrong flags + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo004 + * @tc.desc: update remote hap token when remote exist + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo004, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo004 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + remoteTokenInfo.permStateList[0].grantStatus[0] = PermissionState::PERMISSION_GRANTED; // second granted + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo005 + * @tc.desc: add remote hap token, it can not grant by GrantPermission + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo005, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo005 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::GrantPermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_DENIED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo006 + * @tc.desc: add remote hap token, it can not revoke by RevokePermission + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo006, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo006 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, // first grant + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::RevokePermission(mapID, "ohos.permission.test1", PermissionFlag::PERMISSION_SYSTEM_FIXED); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo007 + * @tc.desc: add remote hap token, it can not delete by DeleteToken + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo007, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo007 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::DeleteToken(mapID); + ASSERT_EQ(ret, RET_FAILED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo008 + * @tc.desc: add remote hap token, it can not update by UpdateHapToken + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo008, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo008 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_SYSTEM_FIXED}, + .grantStatus = {PermissionState::PERMISSION_DENIED}, // first denied + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + HapPolicyParams policy; + + ret = AccessTokenKit::UpdateHapToken(mapID, "updateFailed", policy); + ASSERT_EQ(ret, RET_FAILED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo009 + * @tc.desc: add remote hap token, it can not clear by ClearUserGrantedPermissionState + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo009, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + // Get local map token ID + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::ClearUserGrantedPermissionState(mapID); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::VerifyAccessToken(mapID, "ohos.permission.test1"); + ASSERT_EQ(ret, PermissionState::PERMISSION_GRANTED); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); +} + +/** + * @tc.name: SetRemoteHapTokenInfo010 + * @tc.desc: tokenID is not hap token + * @tc.type: FUNC + * @tc.require:AR000GK6T5 + */ +HWTEST_F(AccessTokenKitTest, SetRemoteHapTokenInfo010, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteHapTokenInfo009 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x28100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken001 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken002 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_EQ(ret, RET_SUCCESS); + + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0); + ASSERT_NE(ret, RET_SUCCESS); + + // deviceID is wrong + std::string wrongStr(10241, 'x'); + deviceID = wrongStr; + ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceToken003 + * @tc.desc: delete exist device mapping tokenId + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceToken003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceToken003 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + + int ret = AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens001 + * @tc.desc: delete all mapping tokens of exist device + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens001 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo; + remoteTokenInfo1.baseInfo.tokenID = 0x20100001; + remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens(deviceID); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfo info; + ret = AccessTokenKit::GetHapTokenInfo(mapID, info); + ASSERT_NE(ret, RET_SUCCESS); + ret = AccessTokenKit::GetHapTokenInfo(mapID1, info); + ASSERT_NE(ret, RET_SUCCESS); +} + +/** + * @tc.name: DeleteRemoteDeviceTokens002 + * @tc.desc: delete all mapping tokens of NOT exist device + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, DeleteRemoteDeviceTokens002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "DeleteRemoteDeviceTokens002 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + HapTokenInfoForSync remoteTokenInfo1 = remoteTokenInfo; + remoteTokenInfo1.baseInfo.tokenID = 0x20100001; + remoteTokenInfo1.baseInfo.bundleName = "com.ohos.access_token1"; + ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo1); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + AccessTokenID mapID1 = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100001); + ASSERT_NE(mapID1, 0); + + ret = AccessTokenKit::DeleteRemoteDeviceTokens("1111111"); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100001); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote001 + * @tc.desc: get normal local tokenInfo + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote001, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote001 start."); + AccessTokenIDEx tokenIdEx = {0}; + tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams); + AccessTokenID localTokenID = tokenIdEx.tokenIdExStruct.tokenID; + + HapTokenInfoForSync infoSync; + int ret = AccessTokenKit::GetHapTokenInfoFromRemote(localTokenID, infoSync); + ASSERT_EQ(ret, RET_SUCCESS); + ASSERT_EQ(infoSync.baseInfo.apl, g_infoManagerTestPolicyPrams.apl); + ASSERT_EQ(infoSync.permStateList.size(), 2); + ASSERT_EQ(infoSync.permStateList[1].grantFlags.size(), 2); + + ASSERT_EQ(infoSync.permStateList[0].permissionName, g_infoManagerTestPolicyPrams.permStateList[0].permissionName); + ASSERT_EQ(infoSync.permStateList[0].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[0].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[0].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[0].grantStatus[0]); + ASSERT_EQ(infoSync.permStateList[0].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[0].resDeviceID[0]); + ASSERT_EQ(infoSync.permStateList[0].isGeneral, g_infoManagerTestPolicyPrams.permStateList[0].isGeneral); + + ASSERT_EQ(infoSync.permStateList[1].permissionName, g_infoManagerTestPolicyPrams.permStateList[1].permissionName); + ASSERT_EQ(infoSync.permStateList[1].grantFlags[0], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[0]); + ASSERT_EQ(infoSync.permStateList[1].grantStatus[0], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[0]); + ASSERT_EQ(infoSync.permStateList[1].resDeviceID[0], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[0]); + ASSERT_EQ(infoSync.permStateList[1].isGeneral, g_infoManagerTestPolicyPrams.permStateList[1].isGeneral); + + ASSERT_EQ(infoSync.permStateList[1].grantFlags[1], g_infoManagerTestPolicyPrams.permStateList[1].grantFlags[1]); + ASSERT_EQ(infoSync.permStateList[1].grantStatus[1], g_infoManagerTestPolicyPrams.permStateList[1].grantStatus[1]); + ASSERT_EQ(infoSync.permStateList[1].resDeviceID[1], g_infoManagerTestPolicyPrams.permStateList[1].resDeviceID[1]); + + ASSERT_EQ(infoSync.baseInfo.bundleName, g_infoManagerTestInfoParms.bundleName); + ASSERT_EQ(infoSync.baseInfo.userID, g_infoManagerTestInfoParms.userID); + ASSERT_EQ(infoSync.baseInfo.instIndex, g_infoManagerTestInfoParms.instIndex); + ASSERT_EQ(infoSync.baseInfo.appID, g_infoManagerTestInfoParms.appIDDesc); + ASSERT_EQ(infoSync.baseInfo.ver, 1); + ASSERT_EQ(infoSync.baseInfo.tokenID, localTokenID); + ASSERT_EQ(infoSync.baseInfo.tokenAttr, 0); + + AccessTokenKit::DeleteToken(localTokenID); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote002 + * @tc.desc: get normal mapping tokenInfo + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote002, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote002 start."); + std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2"; + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); + HapTokenInfo baseInfo = { + .apl = APL_NORMAL, + .ver = 1, + .userID = 1, + .bundleName = "com.ohos.access_token", + .instIndex = 1, + .appID = "testtesttesttest", + .deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2", + .tokenID = 0x20100000, + .tokenAttr = 0 + }; + + PermissionStateFull infoManagerTestState = { + .grantFlags = {PermissionFlag::PERMISSION_USER_SET}, + .grantStatus = {PermissionState::PERMISSION_GRANTED}, + .isGeneral = true, + .permissionName = "ohos.permission.test1", + .resDeviceID = {"local"}}; + std::vector permStateList; + permStateList.emplace_back(infoManagerTestState); + + HapTokenInfoForSync remoteTokenInfo = { + .baseInfo = baseInfo, + .permStateList =permStateList + }; + + int ret = AccessTokenKit::SetRemoteHapTokenInfo(deviceID, remoteTokenInfo); + ASSERT_EQ(ret, RET_SUCCESS); + + AccessTokenID mapID = AccessTokenKit::AllocLocalTokenID(deviceID, 0x20100000); + ASSERT_NE(mapID, 0); + + HapTokenInfoForSync infoSync; + ret = AccessTokenKit::GetHapTokenInfoFromRemote(mapID, infoSync); + ASSERT_NE(ret, RET_SUCCESS); + + AccessTokenKit::DeleteRemoteToken(deviceID, 0x20100000); +} + +/** + * @tc.name: GetHapTokenInfoFromRemote003 + * @tc.desc: get normal mapping tokenInfo + * @tc.type: FUNC + * @tc.require:AR000GK6TA + */ +HWTEST_F(AccessTokenKitTest, GetHapTokenInfoFromRemote003, TestSize.Level1) +{ + ACCESSTOKEN_LOG_INFO(LABEL, "GetHapTokenInfoFromRemote003 start."); + HapTokenInfoForSync infoSync; + int ret = AccessTokenKit::GetHapTokenInfoFromRemote(0, infoSync); + ASSERT_NE(ret, RET_SUCCESS); +} diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index 3e32c69a7..3c4329380 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -77,6 +77,8 @@ private: bool TryUpdateExistNativeToken(const std::shared_ptr& infoPtr); int AllocNativeToken(const std::shared_ptr& infoPtr); void StoreAllTokenInfo(); + int CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); + int UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync); OHOS::ThreadPool tokenDataWorker_; bool hasInited_; diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index b41808fbc..add61cb1d 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -52,6 +52,7 @@ public: std::string GetBundleName() const; int GetInstIndex() const; AccessTokenID GetTokenID() const; + void SetPermissionPolicySet(std::shared_ptr& policySet); void ToString(std::string& info) const; bool IsRemote() const; void SetRemote(bool isRemote); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 018a3f2fa..392991acc 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -196,19 +196,24 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin void PermissionManager::UpdateTokenPermissionState( AccessTokenID tokenID, const std::string& permissionName, bool isGranted, int flag) { - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return; + } + if (infoPtr->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote token can not update"); + return; + } + + std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); return; } permPolicySet->UpdatePermissionStatus(permissionName, isGranted, flag); - std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (infoPtr != nullptr && !infoPtr->IsRemote()) { - TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); - } - AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded(); + TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); } void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag) @@ -256,8 +261,17 @@ void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::strin void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID); - std::shared_ptr permPolicySet = - AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID); + std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); + return; + } + if (infoPtr->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote token can not clear."); + return; + } + + std::shared_ptr permPolicySet = infoPtr->GetHapInfoPermissionPolicySet(); if (permPolicySet == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!"); return; @@ -272,7 +286,6 @@ void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID) isGranted = (permDef.grantMode == SYSTEM_GRANT) ? true : false; permPolicySet->UpdatePermissionStatus(perm.permissionName, isGranted, DEFAULT_PERMISSION_FLAGS); } - AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded(); } std::string PermissionManager::TransferPermissionDefToString(const PermissionDef& inPermissionDef) diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 4fa86d047..c504c2c72 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -280,7 +280,6 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) return RET_FAILED; } - bool isRemote = false; // make sure that RemoveDefPermissions is called outside of the lock to avoid deadlocks. PermissionManager::GetInstance().RemoveDefPermissions(id); { @@ -295,22 +294,21 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x is null.", id); return RET_FAILED; } - isRemote = info->IsRemote(); - if (!info->IsRemote()) { - std::string HapUniqueKey = GetHapUniqueStr(info); - if (hapTokenIdMap_.count(HapUniqueKey) != 0) { - hapTokenIdMap_.erase(HapUniqueKey); - } + if (info->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}x can not delete.", id); + return RET_FAILED; + } + std::string HapUniqueKey = GetHapUniqueStr(info); + if (hapTokenIdMap_.count(HapUniqueKey) != 0) { + hapTokenIdMap_.erase(HapUniqueKey); } hapTokenInfoMap_.erase(id); } AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}x ok!", id); - if (!isRemote) { - RefreshTokenInfoIfNeeded(); - TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); - } + RefreshTokenInfoIfNeeded(); + TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); return RET_SUCCESS; } @@ -328,18 +326,18 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(id) == 0) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "native token %{public}x is null.", id); + ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}x is null.", id); return RET_FAILED; } std::shared_ptr info = nativeTokenInfoMap_[id]; - isRemote = info->IsRemote(); - if (!isRemote) { - std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); - if (nativeTokenIdMap_.count(processName) != 0) { - nativeTokenIdMap_.erase(processName); - } + if (info->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}x can not delete.", id); + return RET_FAILED; + } + std::string processName = nativeTokenInfoMap_[id]->GetProcessName(); + if (nativeTokenIdMap_.count(processName) != 0) { + nativeTokenIdMap_.erase(processName); } nativeTokenInfoMap_.erase(id); } @@ -499,6 +497,11 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, return RET_FAILED; } + if (infoPtr->IsRemote()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}x can not update!", tokenID); + return RET_FAILED; + } + { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); infoPtr->Update(appIDDesc, policy); @@ -508,9 +511,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, } PermissionManager::GetInstance().AddDefPermissions(infoPtr, true); - if (!infoPtr->IsRemote()) { - TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); - } + TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); RefreshTokenInfoIfNeeded(); return RET_SUCCESS; } @@ -518,7 +519,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, int AccessTokenInfoManager::GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync) { std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); - if (infoPtr == nullptr) { + if (infoPtr == nullptr || infoPtr->IsRemote()) { ACCESSTOKEN_LOG_ERROR( LABEL, "token %{public}x is invalid.", tokenID); return RET_FAILED; @@ -557,11 +558,57 @@ void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector& return; } +int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync) +{ + std::shared_ptr infoPtr = GetHapTokenInfoInner(mapID); + if (infoPtr == nullptr) { + ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null, can not update!", mapID); + return RET_FAILED; + } + + std::vector permList = {}; + std::shared_ptr newPermPolicySet = + PermissionPolicySet::BuildPermissionPolicySet(mapID, permList, hapSync.permStateList); + + { + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + infoPtr->SetPermissionPolicySet(newPermPolicySet); + } + return RET_SUCCESS; +} + +int AccessTokenInfoManager::CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTokenInfoForSync& hapSync) +{ + // update remote token mapping id + hapSync.baseInfo.tokenID = mapID; + std::shared_ptr hap = std::make_shared(mapID, + hapSync.baseInfo, hapSync.permStateList); + if (hap == nullptr) { + ACCESSTOKEN_LOG_ERROR(LABEL, "alloc local token failed."); + return RET_FAILED; + } + hap->SetRemote(true); + + int ret = AddHapTokenInfo(hap); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "add local token failed."); + return RET_FAILED; + } + + return RET_SUCCESS; +} + int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync) { if (!DataValidator::IsDeviceIdValid(deviceID) || !DataValidator::IsUserIdValid(hapSync.baseInfo.userID) - || !DataValidator::IsBundleNameValid(hapSync.baseInfo.bundleName)) { + || !DataValidator::IsBundleNameValid(hapSync.baseInfo.bundleName) + || !DataValidator::IsAplNumValid(hapSync.baseInfo.apl) + || !DataValidator::IsTokenIDValid(hapSync.baseInfo.tokenID) + || !DataValidator::IsAppIDDescValid(hapSync.baseInfo.appID) + || !DataValidator::IsDeviceIdValid(hapSync.baseInfo.deviceID) + || hapSync.baseInfo.ver != DEFAULT_TOKEN_VERSION + || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(hapSync.baseInfo.tokenID) != TOKEN_HAP) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str()); return RET_FAILED; } @@ -571,13 +618,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H if (mapID != 0) { ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x update exist remote hap token %{public}x.", deviceID.c_str(), remoteID, mapID); - HapPolicyParams policy = { - .apl = hapSync.baseInfo.apl, - .domain = "", // domain not used - .permList = {}, // permission define list never sync. - .permStateList = hapSync.permStateList - }; - return UpdateHapToken(mapID, hapSync.baseInfo.appID, policy); + return UpdateRemoteHapTokenInfo(mapID, hapSync); } mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID); @@ -586,31 +627,14 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H LABEL, "device %{public}s token %{public}x map failed.", deviceID.c_str(), remoteID); return RET_FAILED; } - hapSync.baseInfo.tokenID = mapID; - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x.", - deviceID.c_str(), remoteID, mapID); - - // update remote token mapping id - hapSync.baseInfo.tokenID = mapID; - std::shared_ptr hap = std::make_shared(mapID, - hapSync.baseInfo, hapSync.permStateList); - if (hap == nullptr) { - AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x alloc local token failed.", - deviceID.c_str(), remoteID); - return RET_FAILED; - } - hap->SetRemote(true); - int ret = AddHapTokenInfo(hap); - if (ret != RET_SUCCESS) { + if (CreateRemoteHapTokenInfo(mapID, hapSync) == RET_FAILED) { AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID); - ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x add local token failed.", - deviceID.c_str(), remoteID); + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x failed.", + deviceID.c_str(), remoteID, mapID); return RET_FAILED; } - - ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x new map token %{public}x.", + ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x success.", deviceID.c_str(), remoteID, mapID); return RET_SUCCESS; } @@ -685,9 +709,20 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(mapID); if (type == TOKEN_HAP) { - RemoveHapTokenInfo(mapID); + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + if (hapTokenInfoMap_.count(mapID) == 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", mapID); + return RET_FAILED; + } + hapTokenInfoMap_.erase(mapID); } else if (type == TOKEN_NATIVE) { - RemoveNativeTokenInfo(mapID); + Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); + if (nativeTokenInfoMap_.count(mapID) == 0) { + ACCESSTOKEN_LOG_ERROR( + LABEL, "native token %{public}x is null.", mapID); + return RET_FAILED; + } + nativeTokenInfoMap_.erase(mapID); } else { ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}x type is unknown", mapID); } diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index ead8e42fb..bb2ab3d95 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -209,6 +209,11 @@ HapTokenInfo HapTokenInfoInner::GetHapInfoBasic() const return tokenInfoBasic_; } +void HapTokenInfoInner::SetPermissionPolicySet(std::shared_ptr& policySet) +{ + permPolicySet_ = policySet; +} + bool HapTokenInfoInner::IsRemote() const { return isRemote_; diff --git a/services/tokensyncmanager/BUILD.gn b/services/tokensyncmanager/BUILD.gn index 599f6f026..ef99ca14c 100644 --- a/services/tokensyncmanager/BUILD.gn +++ b/services/tokensyncmanager/BUILD.gn @@ -76,8 +76,6 @@ ohos_shared_library("token_sync_manager_service") { "//base/security/access_token/services/tokensyncmanager:token_sync.rc", "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara", "//foundation/aafwk/standard/interfaces/innerkits/base:base", - "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base", - "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core", "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler:libeventhandler", "//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp:devicemanagersdk", "//third_party/zlib:libz", -- Gitee