1/* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "netmanager_ext_test_security.h" 17 18#include "nativetoken_kit.h" 19#include "token_setproc.h" 20 21namespace OHOS { 22namespace NetManagerStandard { 23using namespace Security::AccessToken; 24using Security::AccessToken::AccessTokenID; 25namespace { 26HapInfoParams netManagerExtParms = { 27 .userID = 1, 28 .bundleName = "netmanager_ext_test", 29 .instIndex = 0, 30 .appIDDesc = "test", 31 .isSystemApp = true, 32}; 33 34PermissionDef connectivityInternalPermDef = { 35 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL", 36 .bundleName = "netmanager_ext_test", 37 .grantMode = 1, 38 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC, 39 .label = "label", 40 .labelId = 1, 41 .description = "Test ethernet connectivity internet", 42 .descriptionId = 1, 43}; 44 45PermissionStateFull connectivityInternalState = { 46 .permissionName = "ohos.permission.CONNECTIVITY_INTERNAL", 47 .isGeneral = true, 48 .resDeviceID = { "local" }, 49 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 50 .grantFlags = { 2 }, 51}; 52 53PermissionDef getNetworkInfoPermDef = { 54 .permissionName = "ohos.permission.GET_NETWORK_INFO", 55 .bundleName = "netmanager_ext_test", 56 .grantMode = 1, 57 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC, 58 .label = "label", 59 .labelId = 1, 60 .description = "Test ethernet maneger network info", 61 .descriptionId = 1, 62}; 63 64PermissionStateFull getNetworkInfoState = { 65 .permissionName = "ohos.permission.GET_NETWORK_INFO", 66 .isGeneral = true, 67 .resDeviceID = { "local" }, 68 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 69 .grantFlags = { 2 }, 70}; 71 72PermissionDef getMacAddressInfoPermDef = { 73 .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC", 74 .bundleName = "netmanager_ext_test", 75 .grantMode = 1, 76 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC, 77 .label = "label", 78 .labelId = 1, 79 .description = "Test ethernet mac address info", 80 .descriptionId = 1, 81}; 82 83PermissionStateFull getMacAddressInfoState = { 84 .permissionName = "ohos.permission.GET_ETHERNET_LOCAL_MAC", 85 .isGeneral = true, 86 .resDeviceID = { "local" }, 87 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 88 .grantFlags = { 2 }, 89}; 90 91PermissionDef manageVpnPermDef = { 92 .permissionName = "ohos.permission.MANAGE_VPN", 93 .bundleName = "netmanager_ext_test", 94 .grantMode = 1, 95 .availableLevel = APL_SYSTEM_BASIC, 96 .label = "label", 97 .labelId = 1, 98 .description = "Test vpn maneger network info", 99 .descriptionId = 1, 100}; 101 102PermissionStateFull manageVpnState = { 103 .permissionName = "ohos.permission.MANAGE_VPN", 104 .isGeneral = true, 105 .resDeviceID = { "local" }, 106 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 107 .grantFlags = { 2 }, 108}; 109 110PermissionDef getNetFirewallPermDef = { 111 .permissionName = "ohos.permission.GET_NET_FIREWALL", 112 .bundleName = "netmanager_ext_test", 113 .grantMode = 1, 114 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC, 115 .label = "label", 116 .labelId = 1, 117 .description = "Test netfirewall maneger info", 118 .descriptionId = 1, 119}; 120 121PermissionStateFull getNetFirewallState = { 122 .permissionName = "ohos.permission.GET_NET_FIREWALL", 123 .isGeneral = true, 124 .resDeviceID = { "local" }, 125 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 126 .grantFlags = { 2 }, 127}; 128 129PermissionDef setNetFirewallPermDef = { 130 .permissionName = "ohos.permission.MANAGE_NET_FIREWALL", 131 .bundleName = "netmanager_ext_test", 132 .grantMode = 1, 133 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC, 134 .label = "label", 135 .labelId = 1, 136 .description = "Test netfirewall maneger info", 137 .descriptionId = 1, 138}; 139 140PermissionStateFull setNetFirewallState = { 141 .permissionName = "ohos.permission.MANAGE_NET_FIREWALL", 142 .isGeneral = true, 143 .resDeviceID = { "local" }, 144 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 145 .grantFlags = { 2 }, 146}; 147 148HapPolicyParams netManagerExtPolicy = { 149 .apl = APL_SYSTEM_BASIC, 150 .domain = "test.domain", 151 .permList = {getNetworkInfoPermDef, connectivityInternalPermDef, manageVpnPermDef, getNetFirewallPermDef, 152 setNetFirewallPermDef}, 153 .permStateList = {getNetworkInfoState, connectivityInternalState, manageVpnState, getNetFirewallState, 154 setNetFirewallState}, 155}; 156 157PermissionDef testNoPermissionDef = { 158 .permissionName = "", 159 .bundleName = "netmanager_ext_test", 160 .grantMode = 1, 161 .availableLevel = APL_SYSTEM_BASIC, 162 .label = "label", 163 .labelId = 1, 164 .description = "Test no permission", 165 .descriptionId = 1, 166}; 167 168PermissionStateFull testNoPermissionState = { 169 .permissionName = "", 170 .isGeneral = true, 171 .resDeviceID = { "local" }, 172 .grantStatus = { PermissionState::PERMISSION_GRANTED }, 173 .grantFlags = { 2 }, 174}; 175 176HapPolicyParams testNoPermission = { 177 .apl = APL_SYSTEM_BASIC, 178 .domain = "test.domain", 179 .permList = { testNoPermissionDef }, 180 .permStateList = { testNoPermissionState }, 181}; 182} // namespace 183 184NetManagerExtAccessToken::NetManagerExtAccessToken() : currentID_(GetSelfTokenID()) 185{ 186 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy); 187 accessID_ = tokenIdEx.tokenIdExStruct.tokenID; 188 SetSelfTokenID(tokenIdEx.tokenIDEx); 189} 190 191NetManagerExtAccessToken::~NetManagerExtAccessToken() 192{ 193 AccessTokenKit::DeleteToken(accessID_); 194 SetSelfTokenID(currentID_); 195} 196 197NetManagerExtNotSystemAccessToken::NetManagerExtNotSystemAccessToken() : currentID_(GetSelfTokenID()) 198{ 199 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, netManagerExtPolicy); 200 accessID_ = tokenIdEx.tokenIdExStruct.tokenID; 201 SetSelfTokenID(accessID_); 202} 203 204NetManagerExtNotSystemAccessToken::~NetManagerExtNotSystemAccessToken() 205{ 206 AccessTokenKit::DeleteToken(accessID_); 207 SetSelfTokenID(currentID_); 208} 209 210NoPermissionAccessToken::NoPermissionAccessToken() : currentID_(GetSelfTokenID()) 211{ 212 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(netManagerExtParms, testNoPermission); 213 accessID_ = tokenIdEx.tokenIdExStruct.tokenID; 214 SetSelfTokenID(tokenIdEx.tokenIDEx); 215} 216 217NoPermissionAccessToken::~NoPermissionAccessToken() 218{ 219 AccessTokenKit::DeleteToken(accessID_); 220 SetSelfTokenID(currentID_); 221} 222} // namespace NetManagerStandard 223} // namespace OHOS 224