1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "netmanager_ext_test_security.h"
17 
18 #include "nativetoken_kit.h"
19 #include "token_setproc.h"
20 
21 namespace OHOS {
22 namespace NetManagerStandard {
23 using namespace Security::AccessToken;
24 using Security::AccessToken::AccessTokenID;
25 namespace {
26 HapInfoParams netManagerExtParms = {
27     .userID = 1,
28     .bundleName = "netmanager_ext_test",
29     .instIndex = 0,
30     .appIDDesc = "test",
31     .isSystemApp = true,
32 };
33 
34 PermissionDef connectivityInternalPermDef = {
35     .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
36     .bundleName = "netmanager_ext_test",
37     .grantMode = 1,
38     .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
39     .label = "label",
40     .labelId = 1,
41     .description = "Test ethernet connectivity internet",
42     .descriptionId = 1,
43 };
44 
45 PermissionStateFull connectivityInternalState = {
46     .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
47     .isGeneral = true,
48     .resDeviceID = { "local" },
49     .grantStatus = { PermissionState::PERMISSION_GRANTED },
50     .grantFlags = { 2 },
51 };
52 
53 PermissionDef getNetworkInfoPermDef = {
54     .permissionName = "ohos.permission.GET_NETWORK_INFO",
55     .bundleName = "netmanager_ext_test",
56     .grantMode = 1,
57     .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
58     .label = "label",
59     .labelId = 1,
60     .description = "Test ethernet maneger network info",
61     .descriptionId = 1,
62 };
63 
64 PermissionStateFull getNetworkInfoState = {
65     .permissionName = "ohos.permission.GET_NETWORK_INFO",
66     .isGeneral = true,
67     .resDeviceID = { "local" },
68     .grantStatus = { PermissionState::PERMISSION_GRANTED },
69     .grantFlags = { 2 },
70 };
71 
72 PermissionDef getMacAddressInfoPermDef = {
73     .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
74     .bundleName = "netmanager_ext_test",
75     .grantMode = 1,
76     .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
77     .label = "label",
78     .labelId = 1,
79     .description = "Test ethernet mac address info",
80     .descriptionId = 1,
81 };
82 
83 PermissionStateFull getMacAddressInfoState = {
84     .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
85     .isGeneral = true,
86     .resDeviceID = { "local" },
87     .grantStatus = { PermissionState::PERMISSION_GRANTED },
88     .grantFlags = { 2 },
89 };
90 
91 PermissionDef manageVpnPermDef = {
92     .permissionName = "ohos.permission.MANAGE_VPN",
93     .bundleName = "netmanager_ext_test",
94     .grantMode = 1,
95     .availableLevel = APL_SYSTEM_BASIC,
96     .label = "label",
97     .labelId = 1,
98     .description = "Test vpn maneger network info",
99     .descriptionId = 1,
100 };
101 
102 PermissionStateFull manageVpnState = {
103     .permissionName = "ohos.permission.MANAGE_VPN",
104     .isGeneral = true,
105     .resDeviceID = { "local" },
106     .grantStatus = { PermissionState::PERMISSION_GRANTED },
107     .grantFlags = { 2 },
108 };
109 
110 PermissionDef getNetFirewallPermDef = {
111     .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
112     .bundleName = "netmanager_ext_test",
113     .grantMode = 1,
114     .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
115     .label = "label",
116     .labelId = 1,
117     .description = "Test netfirewall maneger info",
118     .descriptionId = 1,
119 };
120 
121 PermissionStateFull getNetFirewallState = {
122     .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
123     .isGeneral = true,
124     .resDeviceID = { "local" },
125     .grantStatus = { PermissionState::PERMISSION_GRANTED },
126     .grantFlags = { 2 },
127 };
128 
129 HapPolicyParams netManagerExtPolicy = {
130     .apl = APL_SYSTEM_BASIC,
131     .domain = "test.domain",
132     .permList = { getNetworkInfoPermDef, connectivityInternalPermDef, manageVpnPermDef, getNetFirewallPermDef },
133     .permStateList = { getNetworkInfoState, connectivityInternalState, manageVpnState, getNetFirewallState },
134 };
135 
136 PermissionDef testNoPermissionDef = {
137     .permissionName = "",
138     .bundleName = "netmanager_ext_test",
139     .grantMode = 1,
140     .availableLevel = APL_SYSTEM_BASIC,
141     .label = "label",
142     .labelId = 1,
143     .description = "Test no permission",
144     .descriptionId = 1,
145 };
146 
147 PermissionStateFull testNoPermissionState = {
148     .permissionName = "",
149     .isGeneral = true,
150     .resDeviceID = { "local" },
151     .grantStatus = { PermissionState::PERMISSION_GRANTED },
152     .grantFlags = { 2 },
153 };
154 
155 HapPolicyParams testNoPermission = {
156     .apl = APL_SYSTEM_BASIC,
157     .domain = "test.domain",
158     .permList = { testNoPermissionDef },
159     .permStateList = { testNoPermissionState },
160 };
161 } // namespace
162 
NetManagerExtAccessToken()163 NetManagerExtAccessToken::NetManagerExtAccessToken() : currentID_(GetSelfTokenID())
164 {
165     AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
166     accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
167     SetSelfTokenID(tokenIdEx.tokenIDEx);
168 }
169 
~NetManagerExtAccessToken()170 NetManagerExtAccessToken::~NetManagerExtAccessToken()
171 {
172     AccessTokenKit::DeleteToken(accessID_);
173     SetSelfTokenID(currentID_);
174 }
175 
NetManagerExtNotSystemAccessToken()176 NetManagerExtNotSystemAccessToken::NetManagerExtNotSystemAccessToken() : currentID_(GetSelfTokenID())
177 {
178     AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
179     accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
180     SetSelfTokenID(accessID_);
181 }
182 
~NetManagerExtNotSystemAccessToken()183 NetManagerExtNotSystemAccessToken::~NetManagerExtNotSystemAccessToken()
184 {
185     AccessTokenKit::DeleteToken(accessID_);
186     SetSelfTokenID(currentID_);
187 }
188 
NoPermissionAccessToken()189 NoPermissionAccessToken::NoPermissionAccessToken() : currentID_(GetSelfTokenID())
190 {
191     AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, testNoPermission);
192     accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
193     SetSelfTokenID(tokenIdEx.tokenIDEx);
194 }
195 
~NoPermissionAccessToken()196 NoPermissionAccessToken::~NoPermissionAccessToken()
197 {
198     AccessTokenKit::DeleteToken(accessID_);
199     SetSelfTokenID(currentID_);
200 }
201 } // namespace NetManagerStandard
202 } // namespace OHOS
203