1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "netmanager_base_test_security.h"
17
18 #include "nativetoken_kit.h"
19 #include "token_setproc.h"
20
21 namespace OHOS {
22 namespace NetManagerStandard {
23 using namespace Security::AccessToken;
24 using Security::AccessToken::AccessTokenID;
25 namespace {
26 HapInfoParams netManagerBaseParms = {
27 .userID = 1,
28 .bundleName = "netmanager_base_test",
29 .instIndex = 0,
30 .appIDDesc = "test",
31 .isSystemApp = true,
32 };
33
34 HapInfoParams netConnManagerNotSystemInfo = {
35 .userID = 1,
36 .bundleName = "netmanager_base_test",
37 .instIndex = 0,
38 .appIDDesc = "test",
39 };
40
41 HapInfoParams netDataShareInfo = {
42 .userID = 100,
43 .bundleName = "netmanager_base_test",
44 .instIndex = 0,
45 .appIDDesc = "test",
46 .isSystemApp = true,
47 };
48
49 PermissionDef testNetConnInfoPermDef = {
50 .permissionName = "ohos.permission.GET_NETWORK_INFO",
51 .bundleName = "netmanager_base_test",
52 .grantMode = 1,
53 .availableLevel = APL_SYSTEM_BASIC,
54 .label = "label",
55 .labelId = 1,
56 .description = "Test ethernet maneger network info",
57 .descriptionId = 1,
58 };
59
60 PermissionStateFull testNetConnInfoState = {
61 .permissionName = "ohos.permission.GET_NETWORK_INFO",
62 .isGeneral = true,
63 .resDeviceID = { "local" },
64 .grantStatus = { PermissionState::PERMISSION_GRANTED },
65 .grantFlags = { 2 },
66 };
67
68 PermissionDef testNetConnInternetPermDef = {
69 .permissionName = "ohos.permission.INTERNET",
70 .bundleName = "netmanager_base_test",
71 .grantMode = 1,
72 .availableLevel = APL_SYSTEM_BASIC,
73 .label = "label",
74 .labelId = 1,
75 .description = "Test net connect manager internet",
76 .descriptionId = 1,
77 };
78
79 PermissionStateFull testNetConnInternetState = {
80 .permissionName = "ohos.permission.INTERNET",
81 .isGeneral = true,
82 .resDeviceID = { "local" },
83 .grantStatus = { PermissionState::PERMISSION_GRANTED },
84 .grantFlags = { 2 },
85 };
86
87 PermissionDef testNetConnInternalPermDef = {
88 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
89 .bundleName = "netmanager_base_test",
90 .grantMode = 1,
91 .availableLevel = APL_SYSTEM_BASIC,
92 .label = "label",
93 .labelId = 1,
94 .description = "Test net connect manager internet",
95 .descriptionId = 1,
96 };
97
98 PermissionStateFull testNetConnInternalState = {
99 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
100 .isGeneral = true,
101 .resDeviceID = { "local" },
102 .grantStatus = { PermissionState::PERMISSION_GRANTED },
103 .grantFlags = { 2 },
104 };
105
106 PermissionDef testNetPolicyStrategyPermDef = {
107 .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
108 .bundleName = "netmanager_base_test",
109 .grantMode = 1,
110 .availableLevel = APL_SYSTEM_BASIC,
111 .label = "label",
112 .labelId = 1,
113 .description = "Test net policy manager",
114 .descriptionId = 1,
115 };
116
117 PermissionStateFull testManageNetStrategyState = {
118 .permissionName = "ohos.permission.MANAGE_NET_STRATEGY",
119 .isGeneral = true,
120 .resDeviceID = { "local" },
121 .grantStatus = { PermissionState::PERMISSION_GRANTED },
122 .grantFlags = { 2 },
123 };
124
125 PermissionDef testNetSysInternalDef = {
126 .permissionName = "ohos.permission.NETSYS_INTERNAL",
127 .bundleName = "netmanager_base_test",
128 .grantMode = 1,
129 .availableLevel = APL_SYSTEM_BASIC,
130 .label = "label",
131 .labelId = 1,
132 .description = "Test netsys_native_manager_test",
133 .descriptionId = 1,
134 };
135
136 PermissionStateFull testNetSysInternalState = {
137 .permissionName = "ohos.permission.NETSYS_INTERNAL",
138 .isGeneral = true,
139 .resDeviceID = { "local" },
140 .grantStatus = { PermissionState::PERMISSION_GRANTED },
141 .grantFlags = { 2 },
142 };
143
144 PermissionDef testNetConnSettingsPermDef = {
145 .permissionName = "ohos.permission.MANAGE_SECURE_SETTINGS",
146 .bundleName = "netmanager_base_test",
147 .grantMode = 1,
148 .label = "label",
149 .labelId = 1,
150 .description = "Test net data share",
151 .descriptionId = 1,
152 .availableLevel = APL_SYSTEM_BASIC,
153 };
154
155 PermissionStateFull testNetConnSettingsState = {
156 .grantFlags = { 2 },
157 .grantStatus = { PermissionState::PERMISSION_GRANTED },
158 .isGeneral = true,
159 .permissionName = "ohos.permission.MANAGE_SECURE_SETTINGS",
160 .resDeviceID = { "local" },
161 };
162
163 PermissionDef testNetStatsPermDef = {
164 .permissionName = "ohos.permission.GET_NETWORK_STATS",
165 .bundleName = "netmanager_base_test",
166 .grantMode = 1,
167 .availableLevel = APL_SYSTEM_BASIC,
168 .label = "label",
169 .labelId = 1,
170 .description = "Test net stats manager",
171 .descriptionId = 1,
172 };
173
174 PermissionStateFull testNetStatsState = {
175 .permissionName = "ohos.permission.GET_NETWORK_STATS",
176 .isGeneral = true,
177 .resDeviceID = { "local" },
178 .grantStatus = { PermissionState::PERMISSION_GRANTED },
179 .grantFlags = { 2 },
180 };
181
182 HapPolicyParams netManagerBasePolicy = {
183 .apl = APL_SYSTEM_BASIC,
184 .domain = "test.domain",
185 .permList = { testNetConnInfoPermDef, testNetConnInternetPermDef, testNetConnInternalPermDef,
186 testNetPolicyStrategyPermDef, testNetSysInternalDef, testNetStatsPermDef },
187 .permStateList = { testNetConnInfoState, testNetConnInternetState, testNetConnInternalState,
188 testManageNetStrategyState, testNetSysInternalState, testNetStatsState },
189 };
190
191 PermissionDef testNoPermissionDef = {
192 .permissionName = "",
193 .bundleName = "netmanager_base_test",
194 .grantMode = 1,
195 .availableLevel = APL_SYSTEM_BASIC,
196 .label = "label",
197 .labelId = 1,
198 .description = "Test no permission",
199 .descriptionId = 1,
200 };
201
202 PermissionStateFull testNoPermissionState = {
203 .permissionName = "",
204 .isGeneral = true,
205 .resDeviceID = { "local" },
206 .grantStatus = { PermissionState::PERMISSION_GRANTED },
207 .grantFlags = { 2 },
208 };
209
210 HapPolicyParams testNoPermission = {
211 .apl = APL_SYSTEM_BASIC,
212 .domain = "test.domain",
213 .permList = { testNoPermissionDef },
214 .permStateList = { testNoPermissionState },
215 };
216
217 HapPolicyParams netDataSharePolicy = {
218 .apl = APL_SYSTEM_BASIC,
219 .domain = "test.domain",
220 .permList = { testNetConnSettingsPermDef },
221 .permStateList = { testNetConnSettingsState },
222 };
223 } // namespace
224
NetManagerBaseAccessToken()225 NetManagerBaseAccessToken::NetManagerBaseAccessToken() : currentID_(GetSelfTokenID())
226 {
227 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerBaseParms, netManagerBasePolicy);
228 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
229 SetSelfTokenID(tokenIdEx.tokenIDEx);
230 }
231
~NetManagerBaseAccessToken()232 NetManagerBaseAccessToken::~NetManagerBaseAccessToken()
233 {
234 AccessTokenKit::DeleteToken(accessID_);
235 SetSelfTokenID(currentID_);
236 }
237
NetManagerBaseNotSystemToken()238 NetManagerBaseNotSystemToken::NetManagerBaseNotSystemToken() : currentID_(GetSelfTokenID())
239 {
240 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netConnManagerNotSystemInfo, netManagerBasePolicy);
241 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
242 SetSelfTokenID(accessID_);
243 }
244
~NetManagerBaseNotSystemToken()245 NetManagerBaseNotSystemToken::~NetManagerBaseNotSystemToken()
246 {
247 AccessTokenKit::DeleteToken(accessID_);
248 SetSelfTokenID(currentID_);
249 }
250
NetManagerBaseNoPermissionToken()251 NetManagerBaseNoPermissionToken::NetManagerBaseNoPermissionToken() : currentID_(GetSelfTokenID())
252 {
253 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerBaseParms, testNoPermission);
254 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
255 SetSelfTokenID(tokenIdEx.tokenIDEx);
256 }
257
~NetManagerBaseNoPermissionToken()258 NetManagerBaseNoPermissionToken::~NetManagerBaseNoPermissionToken()
259 {
260 AccessTokenKit::DeleteToken(accessID_);
261 SetSelfTokenID(currentID_);
262 }
263
NetManagerBaseDataShareToken()264 NetManagerBaseDataShareToken::NetManagerBaseDataShareToken() : currentID_(GetSelfTokenID())
265 {
266 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netDataShareInfo, netDataSharePolicy);
267 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
268 SetSelfTokenID(tokenIdEx.tokenIDEx);
269 }
270
~NetManagerBaseDataShareToken()271 NetManagerBaseDataShareToken::~NetManagerBaseDataShareToken()
272 {
273 AccessTokenKit::DeleteToken(accessID_);
274 SetSelfTokenID(currentID_);
275 }
276 } // namespace NetManagerStandard
277 } // namespace OHOS
278