1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_test_common.h"
17 #include <sstream>
18 #include "accesstoken_kit.h"
19 #include "ipc_skeleton.h"
20 #include "token_setproc.h"
21
22 namespace OHOS {
23 namespace AccountSA {
24 using namespace OHOS::AccountSA;
25 using namespace OHOS::Security::AccessToken;
26
27 namespace {
28 static uint64_t g_shellTokenID = IPCSkeleton::GetSelfTokenID();
29 }
30
GetTokenId(const AtmToolsParamInfo & info)31 static uint64_t GetTokenId(const AtmToolsParamInfo &info)
32 {
33 std::string dumpInfo;
34 AccessTokenKit::DumpTokenInfo(info, dumpInfo);
35 size_t pos = dumpInfo.find("\"tokenID\": ");
36 if (pos == std::string::npos) {
37 return 0;
38 }
39 pos += std::string("\"tokenID\": ").length();
40 std::string numStr;
41 while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) {
42 numStr += dumpInfo[pos];
43 ++pos;
44 }
45
46 std::istringstream iss(numStr);
47 uint64_t tokenID;
48 iss >> tokenID;
49 return tokenID;
50 }
51
GetTokenIdFromProcess(const std::string & process)52 uint64_t GetTokenIdFromProcess(const std::string &process)
53 {
54 auto tokenId = IPCSkeleton::GetSelfTokenID();
55 SetSelfTokenID(g_shellTokenID); // only shell can dump tokenid
56
57 AtmToolsParamInfo info;
58 info.processName = process;
59 auto res = GetTokenId(info);
60
61 SetSelfTokenID(tokenId);
62 return res;
63 }
64
GetTokenIdFromBundleName(const std::string & bundleName)65 uint64_t GetTokenIdFromBundleName(const std::string &bundleName)
66 {
67 auto tokenId = IPCSkeleton::GetSelfTokenID();
68 SetSelfTokenID(g_shellTokenID); // only shell can dump tokenid
69
70 AtmToolsParamInfo info;
71 info.bundleName = bundleName;
72 auto res = GetTokenId(info);
73
74 SetSelfTokenID(tokenId);
75 return res;
76 }
77
MockTokenId(const std::string & process)78 bool MockTokenId(const std::string &process)
79 {
80 auto mockTokenId = GetTokenIdFromProcess(process);
81 if (mockTokenId == 0) {
82 return false;
83 }
84 if (SetSelfTokenID(mockTokenId) != 0) {
85 return false;
86 }
87 return IPCSkeleton::GetSelfTokenID() != 0;
88 }
89
AllocPermission(std::vector<std::string> permissions,uint64_t & tokenID,bool isSystemApp)90 bool AllocPermission(std::vector<std::string> permissions, uint64_t &tokenID, bool isSystemApp)
91 {
92 if (!MockTokenId("foundation")) {
93 return false;
94 }
95 std::vector<PermissionStateFull> permissionStates;
96 for (const auto& permission : permissions) {
97 PermissionStateFull permissionState = {
98 .permissionName = permission,
99 .isGeneral = true,
100 .resDeviceID = {"local"},
101 .grantStatus = {PermissionState::PERMISSION_GRANTED},
102 .grantFlags = {PERMISSION_SYSTEM_FIXED}
103 };
104 permissionStates.emplace_back(permissionState);
105 }
106 HapPolicyParams hapPolicyParams = {
107 .apl = APL_NORMAL,
108 .domain = "test.domain",
109 .permList = {},
110 .permStateList = permissionStates
111 };
112
113 HapInfoParams hapInfoParams = {
114 .userID = 100,
115 .bundleName = "account_test",
116 .instIndex = 0,
117 .appIDDesc = "account_test",
118 .apiVersion = 8,
119 .isSystemApp = isSystemApp
120 };
121
122 AccessTokenIDEx tokenIdEx = {0};
123 tokenIdEx = AccessTokenKit::AllocHapToken(hapInfoParams, hapPolicyParams);
124 tokenID = tokenIdEx.tokenIDEx;
125 if (!((INVALID_TOKENID != tokenIdEx.tokenIDEx) && (0 == SetSelfTokenID(tokenIdEx.tokenIDEx)))) {
126 return false;
127 }
128 return tokenID == IPCSkeleton::GetSelfTokenID();
129 }
130
RecoveryPermission(uint64_t tokenID,uint64_t oldTokenID)131 bool RecoveryPermission(uint64_t tokenID, uint64_t oldTokenID)
132 {
133 if (!MockTokenId("foundation")) {
134 return false;
135 }
136 if (!((ERR_OK == AccessTokenKit::DeleteToken(tokenID)) && (ERR_OK == SetSelfTokenID(oldTokenID)))) {
137 return false;
138 }
139 return oldTokenID == IPCSkeleton::GetSelfTokenID();
140 }
141
GetAllAccountPermission()142 uint64_t GetAllAccountPermission()
143 {
144 if (!MockTokenId("foundation")) {
145 return 0;
146 }
147 std::vector<PermissionStateFull> permissionStates;
148 for (const auto& permission : ALL_ACCOUNT_PERMISSION_LIST) {
149 PermissionStateFull permissionState = {
150 .permissionName = permission,
151 .isGeneral = true,
152 .resDeviceID = {"local"},
153 .grantStatus = {PermissionState::PERMISSION_GRANTED},
154 .grantFlags = {PERMISSION_SYSTEM_FIXED}
155 };
156 permissionStates.emplace_back(permissionState);
157 }
158 HapPolicyParams hapPolicyParams = {
159 .apl = APL_NORMAL,
160 .domain = "account_test_setup.domain",
161 .permList = {},
162 .permStateList = permissionStates
163 };
164
165 HapInfoParams hapInfoParams = {
166 .userID = 100,
167 .bundleName = "account_test_setup",
168 .instIndex = 0,
169 .appIDDesc = "account_test_setup",
170 .apiVersion = 8,
171 .isSystemApp = true
172 };
173
174 AccessTokenIDEx tokenIdEx = {0};
175 tokenIdEx = AccessTokenKit::AllocHapToken(hapInfoParams, hapPolicyParams);
176 auto tokenID = tokenIdEx.tokenIDEx;
177 if (!((INVALID_TOKENID != tokenIdEx.tokenIDEx) && (0 == SetSelfTokenID(tokenIdEx.tokenIDEx)) &&
178 (tokenID == IPCSkeleton::GetSelfTokenID()))) {
179 return 0;
180 }
181 return tokenID;
182 }
183 } // namespace AccountSA
184 } // namespace OHOS