1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "netmanager_ext_test_security.h"
17
18 #include "nativetoken_kit.h"
19 #include "token_setproc.h"
20
21 namespace OHOS {
22 namespace NetManagerStandard {
23 using namespace Security::AccessToken;
24 using Security::AccessToken::AccessTokenID;
25 namespace {
26 HapInfoParams netManagerExtParms = {
27 .userID = 1,
28 .bundleName = "netmanager_ext_test",
29 .instIndex = 0,
30 .appIDDesc = "test",
31 .isSystemApp = true,
32 };
33
34 PermissionDef connectivityInternalPermDef = {
35 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
36 .bundleName = "netmanager_ext_test",
37 .grantMode = 1,
38 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
39 .label = "label",
40 .labelId = 1,
41 .description = "Test ethernet connectivity internet",
42 .descriptionId = 1,
43 };
44
45 PermissionStateFull connectivityInternalState = {
46 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
47 .isGeneral = true,
48 .resDeviceID = { "local" },
49 .grantStatus = { PermissionState::PERMISSION_GRANTED },
50 .grantFlags = { 2 },
51 };
52
53 PermissionDef getNetworkInfoPermDef = {
54 .permissionName = "ohos.permission.GET_NETWORK_INFO",
55 .bundleName = "netmanager_ext_test",
56 .grantMode = 1,
57 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
58 .label = "label",
59 .labelId = 1,
60 .description = "Test ethernet maneger network info",
61 .descriptionId = 1,
62 };
63
64 PermissionStateFull getNetworkInfoState = {
65 .permissionName = "ohos.permission.GET_NETWORK_INFO",
66 .isGeneral = true,
67 .resDeviceID = { "local" },
68 .grantStatus = { PermissionState::PERMISSION_GRANTED },
69 .grantFlags = { 2 },
70 };
71
72 PermissionDef manageVpnPermDef = {
73 .permissionName = "ohos.permission.MANAGE_VPN",
74 .bundleName = "netmanager_ext_test",
75 .grantMode = 1,
76 .availableLevel = APL_SYSTEM_BASIC,
77 .label = "label",
78 .labelId = 1,
79 .description = "Test vpn maneger network info",
80 .descriptionId = 1,
81 };
82
83 PermissionStateFull manageVpnState = {
84 .permissionName = "ohos.permission.MANAGE_VPN",
85 .isGeneral = true,
86 .resDeviceID = { "local" },
87 .grantStatus = { PermissionState::PERMISSION_GRANTED },
88 .grantFlags = { 2 },
89 };
90
91 HapPolicyParams netManagerExtPolicy = {
92 .apl = APL_SYSTEM_BASIC,
93 .domain = "test.domain",
94 .permList = { getNetworkInfoPermDef, connectivityInternalPermDef, manageVpnPermDef },
95 .permStateList = { getNetworkInfoState, connectivityInternalState, manageVpnState },
96 };
97
98 PermissionDef testNoPermissionDef = {
99 .permissionName = "",
100 .bundleName = "netmanager_ext_test",
101 .grantMode = 1,
102 .availableLevel = APL_SYSTEM_BASIC,
103 .label = "label",
104 .labelId = 1,
105 .description = "Test no permission",
106 .descriptionId = 1,
107 };
108
109 PermissionStateFull testNoPermissionState = {
110 .permissionName = "",
111 .isGeneral = true,
112 .resDeviceID = { "local" },
113 .grantStatus = { PermissionState::PERMISSION_GRANTED },
114 .grantFlags = { 2 },
115 };
116
117 HapPolicyParams testNoPermission = {
118 .apl = APL_SYSTEM_BASIC,
119 .domain = "test.domain",
120 .permList = { testNoPermissionDef },
121 .permStateList = { testNoPermissionState },
122 };
123 } // namespace
124
NetManagerExtAccessToken()125 NetManagerExtAccessToken::NetManagerExtAccessToken() : currentID_(GetSelfTokenID())
126 {
127 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
128 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
129 SetSelfTokenID(tokenIdEx.tokenIDEx);
130 }
131
~NetManagerExtAccessToken()132 NetManagerExtAccessToken::~NetManagerExtAccessToken()
133 {
134 AccessTokenKit::DeleteToken(accessID_);
135 SetSelfTokenID(currentID_);
136 }
137
NetManagerExtNotSystemAccessToken()138 NetManagerExtNotSystemAccessToken::NetManagerExtNotSystemAccessToken() : currentID_(GetSelfTokenID())
139 {
140 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
141 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
142 SetSelfTokenID(accessID_);
143 }
144
~NetManagerExtNotSystemAccessToken()145 NetManagerExtNotSystemAccessToken::~NetManagerExtNotSystemAccessToken()
146 {
147 AccessTokenKit::DeleteToken(accessID_);
148 SetSelfTokenID(currentID_);
149 }
150
NoPermissionAccessToken()151 NoPermissionAccessToken::NoPermissionAccessToken() : currentID_(GetSelfTokenID())
152 {
153 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, testNoPermission);
154 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
155 SetSelfTokenID(tokenIdEx.tokenIDEx);
156 }
157
~NoPermissionAccessToken()158 NoPermissionAccessToken::~NoPermissionAccessToken()
159 {
160 AccessTokenKit::DeleteToken(accessID_);
161 SetSelfTokenID(currentID_);
162 }
163 } // namespace NetManagerStandard
164 } // namespace OHOS
165