1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "netmanager_ext_test_security.h"
17
18 #include "nativetoken_kit.h"
19 #include "token_setproc.h"
20
21 namespace OHOS {
22 namespace NetManagerStandard {
23 using namespace Security::AccessToken;
24 using Security::AccessToken::AccessTokenID;
25 namespace {
26 HapInfoParams netManagerExtParms = {
27 .userID = 1,
28 .bundleName = "netmanager_ext_test",
29 .instIndex = 0,
30 .appIDDesc = "test",
31 .isSystemApp = true,
32 };
33
34 PermissionDef connectivityInternalPermDef = {
35 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
36 .bundleName = "netmanager_ext_test",
37 .grantMode = 1,
38 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
39 .label = "label",
40 .labelId = 1,
41 .description = "Test ethernet connectivity internet",
42 .descriptionId = 1,
43 };
44
45 PermissionStateFull connectivityInternalState = {
46 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
47 .isGeneral = true,
48 .resDeviceID = { "local" },
49 .grantStatus = { PermissionState::PERMISSION_GRANTED },
50 .grantFlags = { 2 },
51 };
52
53 PermissionDef getNetworkInfoPermDef = {
54 .permissionName = "ohos.permission.GET_NETWORK_INFO",
55 .bundleName = "netmanager_ext_test",
56 .grantMode = 1,
57 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
58 .label = "label",
59 .labelId = 1,
60 .description = "Test ethernet maneger network info",
61 .descriptionId = 1,
62 };
63
64 PermissionStateFull getNetworkInfoState = {
65 .permissionName = "ohos.permission.GET_NETWORK_INFO",
66 .isGeneral = true,
67 .resDeviceID = { "local" },
68 .grantStatus = { PermissionState::PERMISSION_GRANTED },
69 .grantFlags = { 2 },
70 };
71
72 PermissionDef getMacAddressInfoPermDef = {
73 .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
74 .bundleName = "netmanager_ext_test",
75 .grantMode = 1,
76 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
77 .label = "label",
78 .labelId = 1,
79 .description = "Test ethernet mac address info",
80 .descriptionId = 1,
81 };
82
83 PermissionStateFull getMacAddressInfoState = {
84 .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC",
85 .isGeneral = true,
86 .resDeviceID = { "local" },
87 .grantStatus = { PermissionState::PERMISSION_GRANTED },
88 .grantFlags = { 2 },
89 };
90
91 PermissionDef manageVpnPermDef = {
92 .permissionName = "ohos.permission.MANAGE_VPN",
93 .bundleName = "netmanager_ext_test",
94 .grantMode = 1,
95 .availableLevel = APL_SYSTEM_BASIC,
96 .label = "label",
97 .labelId = 1,
98 .description = "Test vpn maneger network info",
99 .descriptionId = 1,
100 };
101
102 PermissionStateFull manageVpnState = {
103 .permissionName = "ohos.permission.MANAGE_VPN",
104 .isGeneral = true,
105 .resDeviceID = { "local" },
106 .grantStatus = { PermissionState::PERMISSION_GRANTED },
107 .grantFlags = { 2 },
108 };
109
110 PermissionDef getNetFirewallPermDef = {
111 .permissionName = "ohos.permission.GET_NET_FIREWALL",
112 .bundleName = "netmanager_ext_test",
113 .grantMode = 1,
114 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
115 .label = "label",
116 .labelId = 1,
117 .description = "Test netfirewall maneger info",
118 .descriptionId = 1,
119 };
120
121 PermissionStateFull getNetFirewallState = {
122 .permissionName = "ohos.permission.GET_NET_FIREWALL",
123 .isGeneral = true,
124 .resDeviceID = { "local" },
125 .grantStatus = { PermissionState::PERMISSION_GRANTED },
126 .grantFlags = { 2 },
127 };
128
129 PermissionDef setNetFirewallPermDef = {
130 .permissionName = "ohos.permission.MANAGE_NET_FIREWALL",
131 .bundleName = "netmanager_ext_test",
132 .grantMode = 1,
133 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
134 .label = "label",
135 .labelId = 1,
136 .description = "Test netfirewall maneger info",
137 .descriptionId = 1,
138 };
139
140 PermissionStateFull setNetFirewallState = {
141 .permissionName = "ohos.permission.MANAGE_NET_FIREWALL",
142 .isGeneral = true,
143 .resDeviceID = { "local" },
144 .grantStatus = { PermissionState::PERMISSION_GRANTED },
145 .grantFlags = { 2 },
146 };
147
148 HapPolicyParams netManagerExtPolicy = {
149 .apl = APL_SYSTEM_BASIC,
150 .domain = "test.domain",
151 .permList = {getNetworkInfoPermDef, connectivityInternalPermDef, manageVpnPermDef, getNetFirewallPermDef,
152 setNetFirewallPermDef},
153 .permStateList = {getNetworkInfoState, connectivityInternalState, manageVpnState, getNetFirewallState,
154 setNetFirewallState},
155 };
156
157 PermissionDef testNoPermissionDef = {
158 .permissionName = "",
159 .bundleName = "netmanager_ext_test",
160 .grantMode = 1,
161 .availableLevel = APL_SYSTEM_BASIC,
162 .label = "label",
163 .labelId = 1,
164 .description = "Test no permission",
165 .descriptionId = 1,
166 };
167
168 PermissionStateFull testNoPermissionState = {
169 .permissionName = "",
170 .isGeneral = true,
171 .resDeviceID = { "local" },
172 .grantStatus = { PermissionState::PERMISSION_GRANTED },
173 .grantFlags = { 2 },
174 };
175
176 HapPolicyParams testNoPermission = {
177 .apl = APL_SYSTEM_BASIC,
178 .domain = "test.domain",
179 .permList = { testNoPermissionDef },
180 .permStateList = { testNoPermissionState },
181 };
182 } // namespace
183
NetManagerExtAccessToken()184 NetManagerExtAccessToken::NetManagerExtAccessToken() : currentID_(GetSelfTokenID())
185 {
186 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
187 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
188 SetSelfTokenID(tokenIdEx.tokenIDEx);
189 }
190
~NetManagerExtAccessToken()191 NetManagerExtAccessToken::~NetManagerExtAccessToken()
192 {
193 AccessTokenKit::DeleteToken(accessID_);
194 SetSelfTokenID(currentID_);
195 }
196
NetManagerExtNotSystemAccessToken()197 NetManagerExtNotSystemAccessToken::NetManagerExtNotSystemAccessToken() : currentID_(GetSelfTokenID())
198 {
199 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy);
200 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
201 SetSelfTokenID(accessID_);
202 }
203
~NetManagerExtNotSystemAccessToken()204 NetManagerExtNotSystemAccessToken::~NetManagerExtNotSystemAccessToken()
205 {
206 AccessTokenKit::DeleteToken(accessID_);
207 SetSelfTokenID(currentID_);
208 }
209
NoPermissionAccessToken()210 NoPermissionAccessToken::NoPermissionAccessToken() : currentID_(GetSelfTokenID())
211 {
212 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, testNoPermission);
213 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
214 SetSelfTokenID(tokenIdEx.tokenIDEx);
215 }
216
~NoPermissionAccessToken()217 NoPermissionAccessToken::~NoPermissionAccessToken()
218 {
219 AccessTokenKit::DeleteToken(accessID_);
220 SetSelfTokenID(currentID_);
221 }
222 } // namespace NetManagerStandard
223 } // namespace OHOS
224