* Copyright (c) 2024 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "netmanager_ext_test_security.h"
#include "nativetoken_kit.h"
#include "token_setproc.h"
namespace OHOS {
namespace NetManagerStandard {
using namespace Security::AccessToken;
using Security::AccessToken::AccessTokenID;
namespace {
HapInfoParams netManagerExtParms = {
.userID = 1,
.bundleName = "netmanager_ext_test",
.instIndex = 0,
.appIDDesc = "test",
.isSystemApp = true,
};
PermissionDef connectivityInternalPermDef = {
.permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test ethernet connectivity internet",
.descriptionId = 1,
};
PermissionStateFull connectivityInternalState = {
.permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
PermissionDef getNetworkInfoPermDef = {
.permissionName = "ohos.permission.GET_NETWORK_INFO",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test ethernet maneger network info",
.descriptionId = 1,
};
PermissionStateFull getNetworkInfoState = {
.permissionName = "ohos.permission.GET_NETWORK_INFO",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
PermissionDef getMacAddressInfoPermDef = {
.permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test ethernet mac address info",
.descriptionId = 1,
};
PermissionStateFull getMacAddressInfoState = {
.permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
PermissionDef manageVpnPermDef = {
.permissionName = "ohos.permission.MANAGE_VPN",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test vpn maneger network info",
.descriptionId = 1,
};
PermissionStateFull manageVpnState = {
.permissionName = "ohos.permission.MANAGE_VPN",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
PermissionDef getNetFirewallPermDef = {
.permissionName = "ohos.permission.GET_NET_FIREWALL",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test netfirewall maneger info",
.descriptionId = 1,
};
PermissionStateFull getNetFirewallState = {
.permissionName = "ohos.permission.GET_NET_FIREWALL",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
PermissionDef setNetFirewallPermDef = {
.permissionName = "ohos.permission.MANAGE_NET_FIREWALL",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test netfirewall maneger info",
.descriptionId = 1,
};
PermissionStateFull setNetFirewallState = {
.permissionName = "ohos.permission.MANAGE_NET_FIREWALL",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
HapPolicyParams netManagerExtPolicy = {
.apl = APL_SYSTEM_BASIC,
.domain = "test.domain",
.permList = {getNetworkInfoPermDef, connectivityInternalPermDef, manageVpnPermDef, getNetFirewallPermDef,
setNetFirewallPermDef},
.permStateList = {getNetworkInfoState, connectivityInternalState, manageVpnState, getNetFirewallState,
setNetFirewallState},
};
PermissionDef testNoPermissionDef = {
.permissionName = "",
.bundleName = "netmanager_ext_test",
.grantMode = 1,
.availableLevel = APL_SYSTEM_BASIC,
.label = "label",
.labelId = 1,
.description = "Test no permission",
.descriptionId = 1,
};
PermissionStateFull testNoPermissionState = {
.permissionName = "",
.isGeneral = true,
.resDeviceID = { "local" },
.grantStatus = { PermissionState::PERMISSION_GRANTED },
.grantFlags = { 2 },
};
HapPolicyParams testNoPermission = {
.apl = APL_SYSTEM_BASIC,
.domain = "test.domain",
.permList = { testNoPermissionDef },
.permStateList = { testNoPermissionState },
};
}
NetManagerExtAccessToken::NetManagerExtAccessToken() : currentID_(GetSelfTokenID())
{
AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
SetSelfTokenID(tokenIdEx.tokenIDEx);
}
NetManagerExtAccessToken::~NetManagerExtAccessToken()
{
AccessTokenKit::DeleteToken(accessID_);
SetSelfTokenID(currentID_);
}
NetManagerExtNotSystemAccessToken::NetManagerExtNotSystemAccessToken() : currentID_(GetSelfTokenID())
{
AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
SetSelfTokenID(accessID_);
}
NetManagerExtNotSystemAccessToken::~NetManagerExtNotSystemAccessToken()
{
AccessTokenKit::DeleteToken(accessID_);
SetSelfTokenID(currentID_);
}
NoPermissionAccessToken::NoPermissionAccessToken() : currentID_(GetSelfTokenID())
{
AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, testNoPermission);
accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
SetSelfTokenID(tokenIdEx.tokenIDEx);
}
NoPermissionAccessToken::~NoPermissionAccessToken()
{
AccessTokenKit::DeleteToken(accessID_);
SetSelfTokenID(currentID_);
}
}
}