1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "netmanager_base_test_security.h"
17
18 #include "nativetoken_kit.h"
19 #include "token_setproc.h"
20
21 namespace OHOS {
22 namespace NetManagerStandard {
23 using namespace Security::AccessToken;
24 using Security::AccessToken::AccessTokenID;
25 namespace {
26 HapInfoParams netManagerBaseParms = {
27 .userID = 1,
28 .bundleName = "netmanager_base_test",
29 .instIndex = 0,
30 .appIDDesc = "test",
31 .isSystemApp = true,
32 };
33
34 HapInfoParams netConnManagerNotSystemInfo = {
35 .userID = 1,
36 .bundleName = "netmanager_base_test",
37 .instIndex = 0,
38 .appIDDesc = "test",
39 };
40
41 HapInfoParams netDataShareInfo = {
42 .userID = 100,
43 .bundleName = "netmanager_base_test",
44 .instIndex = 0,
45 .appIDDesc = "test",
46 .isSystemApp = true,
47 };
48
49 PermissionDef testNetConnInfoPermDef = {
50 .permissionName = "ohos.permission.GET_NETWORK_INFO",
51 .bundleName = "netmanager_base_test",
52 .grantMode = 1,
53 .availableLevel = APL_SYSTEM_BASIC,
54 .label = "label",
55 .labelId = 1,
56 .description = "Test ethernet maneger network info",
57 .descriptionId = 1,
58 };
59
60 PermissionStateFull testNetConnInfoState = {
61 .permissionName = "ohos.permission.GET_NETWORK_INFO",
62 .isGeneral = true,
63 .resDeviceID = { "local" },
64 .grantStatus = { PermissionState::PERMISSION_GRANTED },
65 .grantFlags = { 2 },
66 };
67
68 PermissionDef testNetConnInternetPermDef = {
69 .permissionName = "ohos.permission.INTERNET",
70 .bundleName = "netmanager_base_test",
71 .grantMode = 1,
72 .availableLevel = APL_SYSTEM_BASIC,
73 .label = "label",
74 .labelId = 1,
75 .description = "Test net connect manager internet",
76 .descriptionId = 1,
77 };
78
79 PermissionStateFull testNetConnInternetState = {
80 .permissionName = "ohos.permission.INTERNET",
81 .isGeneral = true,
82 .resDeviceID = { "local" },
83 .grantStatus = { PermissionState::PERMISSION_GRANTED },
84 .grantFlags = { 2 },
85 };
86
87 PermissionDef testNetConnInternalPermDef = {
88 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
89 .bundleName = "netmanager_base_test",
90 .grantMode = 1,
91 .availableLevel = APL_SYSTEM_BASIC,
92 .label = "label",
93 .labelId = 1,
94 .description = "Test net connect manager internet",
95 .descriptionId = 1,
96 };
97
98 PermissionStateFull testNetConnInternalState = {
99 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
100 .isGeneral = true,
101 .resDeviceID = { "local" },
102 .grantStatus = { PermissionState::PERMISSION_GRANTED },
103 .grantFlags = { 2 },
104 };
105
106 PermissionDef testNetPolicyStrategyPermDef = {
107 .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
108 .bundleName = "netmanager_base_test",
109 .grantMode = 1,
110 .availableLevel = APL_SYSTEM_BASIC,
111 .label = "label",
112 .labelId = 1,
113 .description = "Test net policy manager",
114 .descriptionId = 1,
115 };
116
117 PermissionStateFull testManageNetStrategyState = {
118 .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
119 .isGeneral = true,
120 .resDeviceID = { "local" },
121 .grantStatus = { PermissionState::PERMISSION_GRANTED },
122 .grantFlags = { 2 },
123 };
124
125 PermissionDef testNetSysInternalDef = {
126 .permissionName = "ohos.permission.NETSYS_INTERNAL",
127 .bundleName = "netmanager_base_test",
128 .grantMode = 1,
129 .availableLevel = APL_SYSTEM_BASIC,
130 .label = "label",
131 .labelId = 1,
132 .description = "Test netsys_native_manager_test",
133 .descriptionId = 1,
134 };
135
136 PermissionStateFull testNetSysInternalState = {
137 .permissionName = "ohos.permission.NETSYS_INTERNAL",
138 .isGeneral = true,
139 .resDeviceID = { "local" },
140 .grantStatus = { PermissionState::PERMISSION_GRANTED },
141 .grantFlags = { 2 },
142 };
143
144 PermissionDef testNetConnSettingsPermDef = {
145 .permissionName = "ohos.permission.MANAGE_SECURE_SETTINGS",
146 .bundleName = "netmanager_base_test",
147 .grantMode = 1,
148 .label = "label",
149 .labelId = 1,
150 .description = "Test net data share",
151 .descriptionId = 1,
152 .availableLevel = APL_SYSTEM_BASIC,
153 };
154
155 PermissionStateFull testNetConnSettingsState = {
156 .grantFlags = { 2 },
157 .grantStatus = { PermissionState::PERMISSION_GRANTED },
158 .isGeneral = true,
159 .permissionName = "ohos.permission.MANAGE_SECURE_SETTINGS",
160 .resDeviceID = { "local" },
161 };
162
163 PermissionDef testNetStatsPermDef = {
164 .permissionName = "ohos.permission.GET_NETWORK_STATS",
165 .bundleName = "netmanager_base_test",
166 .grantMode = 1,
167 .availableLevel = APL_SYSTEM_BASIC,
168 .label = "label",
169 .labelId = 1,
170 .description = "Test net stats manager",
171 .descriptionId = 1,
172 };
173
174 PermissionStateFull testNetStatsState = {
175 .permissionName = "ohos.permission.GET_NETWORK_STATS",
176 .isGeneral = true,
177 .resDeviceID = { "local" },
178 .grantStatus = { PermissionState::PERMISSION_GRANTED },
179 .grantFlags = { 2 },
180 };
181
182 PermissionDef testNetManageSettingsDef = {
183 .permissionName = "ohos.permission.MANAGE_SETTINGS",
184 .bundleName = "netmanager_base_test",
185 .grantMode = 1,
186 .availableLevel = APL_SYSTEM_BASIC,
187 .label = "label",
188 .labelId = 1,
189 .description = "Test net stats manager",
190 .descriptionId = 1,
191 };
192
193 PermissionStateFull testNetManageSettingsState = {
194 .permissionName = "ohos.permission.MANAGE_SETTINGS",
195 .isGeneral = true,
196 .resDeviceID = { "local" },
197 .grantStatus = { PermissionState::PERMISSION_GRANTED },
198 .grantFlags = { 2 },
199 };
200
201 PermissionDef testPacUrlPermDef = {
202 .permissionName = "ohos.permission.SET_PAC_URL",
203 .bundleName = "netmanager_base_test",
204 .grantMode = 1,
205 .availableLevel = APL_SYSTEM_BASIC,
206 .label = "label",
207 .labelId = 1,
208 .description = "Test set pac url",
209 .descriptionId = 1,
210 };
211
212 PermissionStateFull testPacUrlState = {
213 .permissionName = "ohos.permission.SET_PAC_URL",
214 .isGeneral = true,
215 .resDeviceID = { "local" },
216 .grantStatus = { PermissionState::PERMISSION_GRANTED },
217 .grantFlags = { 2 },
218 };
219
220 HapPolicyParams netManagerBasePolicy = {
221 .apl = APL_SYSTEM_BASIC,
222 .domain = "test.domain",
223 .permList = { testNetConnInfoPermDef, testNetConnInternetPermDef, testNetConnInternalPermDef,
224 testNetPolicyStrategyPermDef, testNetSysInternalDef, testNetStatsPermDef, testNetManageSettingsDef,
225 testPacUrlPermDef },
226 .permStateList = { testNetConnInfoState, testNetConnInternetState, testNetConnInternalState,
227 testManageNetStrategyState, testNetSysInternalState, testNetStatsState, testNetManageSettingsState,
228 testPacUrlState },
229 };
230
231 PermissionDef testNoPermissionDef = {
232 .permissionName = "",
233 .bundleName = "netmanager_base_test",
234 .grantMode = 1,
235 .availableLevel = APL_SYSTEM_BASIC,
236 .label = "label",
237 .labelId = 1,
238 .description = "Test no permission",
239 .descriptionId = 1,
240 };
241
242 PermissionStateFull testNoPermissionState = {
243 .permissionName = "",
244 .isGeneral = true,
245 .resDeviceID = { "local" },
246 .grantStatus = { PermissionState::PERMISSION_GRANTED },
247 .grantFlags = { 2 },
248 };
249
250 HapPolicyParams testNoPermission = {
251 .apl = APL_SYSTEM_BASIC,
252 .domain = "test.domain",
253 .permList = { testNoPermissionDef },
254 .permStateList = { testNoPermissionState },
255 };
256
257 HapPolicyParams netDataSharePolicy = {
258 .apl = APL_SYSTEM_BASIC,
259 .domain = "test.domain",
260 .permList = { testNetConnSettingsPermDef },
261 .permStateList = { testNetConnSettingsState },
262 };
263 } // namespace
264
NetManagerBaseAccessToken()265 NetManagerBaseAccessToken::NetManagerBaseAccessToken() : currentID_(GetSelfTokenID())
266 {
267 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerBaseParms, netManagerBasePolicy);
268 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
269 SetSelfTokenID(tokenIdEx.tokenIDEx);
270 }
271
~NetManagerBaseAccessToken()272 NetManagerBaseAccessToken::~NetManagerBaseAccessToken()
273 {
274 AccessTokenKit::DeleteToken(accessID_);
275 SetSelfTokenID(currentID_);
276 }
277
NetManagerBaseNotSystemToken()278 NetManagerBaseNotSystemToken::NetManagerBaseNotSystemToken() : currentID_(GetSelfTokenID())
279 {
280 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netConnManagerNotSystemInfo, netManagerBasePolicy);
281 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
282 SetSelfTokenID(accessID_);
283 }
284
~NetManagerBaseNotSystemToken()285 NetManagerBaseNotSystemToken::~NetManagerBaseNotSystemToken()
286 {
287 AccessTokenKit::DeleteToken(accessID_);
288 SetSelfTokenID(currentID_);
289 }
290
NetManagerBaseNoPermissionToken()291 NetManagerBaseNoPermissionToken::NetManagerBaseNoPermissionToken() : currentID_(GetSelfTokenID())
292 {
293 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerBaseParms, testNoPermission);
294 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
295 SetSelfTokenID(tokenIdEx.tokenIDEx);
296 }
297
~NetManagerBaseNoPermissionToken()298 NetManagerBaseNoPermissionToken::~NetManagerBaseNoPermissionToken()
299 {
300 AccessTokenKit::DeleteToken(accessID_);
301 SetSelfTokenID(currentID_);
302 }
303
NetManagerBaseDataShareToken()304 NetManagerBaseDataShareToken::NetManagerBaseDataShareToken() : currentID_(GetSelfTokenID())
305 {
306 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netDataShareInfo, netDataSharePolicy);
307 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
308 SetSelfTokenID(tokenIdEx.tokenIDEx);
309 }
310
~NetManagerBaseDataShareToken()311 NetManagerBaseDataShareToken::~NetManagerBaseDataShareToken()
312 {
313 AccessTokenKit::DeleteToken(accessID_);
314 SetSelfTokenID(currentID_);
315 }
316 } // namespace NetManagerStandard
317 } // namespace OHOS
318