From e8cd3544e460190f16f0a150a36f4e167b56d62a Mon Sep 17 00:00:00 2001 From: zhai-peizhe Date: Sat, 13 Sep 2025 18:03:19 +0800 Subject: [PATCH] =?UTF-8?q?obs=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= =?UTF-8?q?=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhai-peizhe Change-Id: Ibb2b65327569f23a050745967203c73a03279c8d --- .../include/dataobs_mgr_interface.h | 9 + .../dataobsmgr/include/dataobs_mgr_inner.h | 12 +- .../include/dataobs_mgr_inner_common.h | 19 +- .../include/dataobs_mgr_inner_ext.h | 50 +- .../dataobsmgr/include/dataobs_mgr_service.h | 2 + services/dataobsmgr/src/dataobs_mgr_inner.cpp | 59 +- .../dataobsmgr/src/dataobs_mgr_inner_ext.cpp | 126 +++-- services/dataobsmgr/src/dataobs_mgr_proxy.cpp | 4 + .../dataobsmgr/src/dataobs_mgr_service.cpp | 506 ++++++++++-------- services/dataobsmgr/src/dataobs_mgr_stub.cpp | 108 ++-- 10 files changed, 494 insertions(+), 401 deletions(-) diff --git a/interfaces/inner_api/dataobs_manager/include/dataobs_mgr_interface.h b/interfaces/inner_api/dataobs_manager/include/dataobs_mgr_interface.h index e9fbcad2d96..af3dbfdc384 100644 --- a/interfaces/inner_api/dataobs_manager/include/dataobs_mgr_interface.h +++ b/interfaces/inner_api/dataobs_manager/include/dataobs_mgr_interface.h @@ -34,6 +34,7 @@ struct DataObsOption { private: bool isSystem = false; uint32_t firstCallerTokenID = 0; + int32_t firstCallerPid = 0; public: DataObsOption() {} DataObsOption(bool isSystem):isSystem(isSystem) {} @@ -49,6 +50,14 @@ public: { firstCallerTokenID = token; } + uint32_t FirstCallerPid() + { + return firstCallerPid; + } + void SetFirstCallerPid(int32_t pid) + { + firstCallerPid = pid; + } }; /** diff --git a/services/dataobsmgr/include/dataobs_mgr_inner.h b/services/dataobsmgr/include/dataobs_mgr_inner.h index d28b5bb87ef..04db0c7e108 100644 --- a/services/dataobsmgr/include/dataobs_mgr_inner.h +++ b/services/dataobsmgr/include/dataobs_mgr_inner.h @@ -25,21 +25,21 @@ #include "cpp/mutex.h" #include "data_ability_observer_interface.h" -#include "dataobs_mgr_inner_common.h" +#include "dataobs_mgr_inner_common.h" namespace OHOS { namespace AAFwk { class DataObsMgrInner : public std::enable_shared_from_this { public: - using ObsMapType = std::map>; + using ObsMapType = std::map>; using ObsRecipientMapType = std::map, sptr>; DataObsMgrInner(); virtual ~DataObsMgrInner(); - int HandleRegisterObserver(const Uri &uri, struct ObserverNode observerNode); - int HandleUnregisterObserver(const Uri &uri, struct ObserverNode observerNode); - int HandleNotifyChange(const Uri &uri, int32_t userId); + int HandleRegisterObserver(const Uri &uri, struct ObserverNode observerNode); + int HandleUnregisterObserver(const Uri &uri, struct ObserverNode observerNode); + int HandleNotifyChange(const Uri &uri, int32_t userId, std::string readPermission, bool isSilentUri); void OnCallBackDied(const wptr &remote); private: @@ -49,7 +49,7 @@ private: bool HaveRegistered(sptr dataObserver); static constexpr uint32_t OBS_NUM_MAX = 50; - static constexpr uint32_t OBS_ALL_NUM_MAX = OBS_NUM_MAX * OBS_NUM_MAX; + static constexpr uint32_t OBS_ALL_NUM_MAX = OBS_NUM_MAX * OBS_NUM_MAX; ffrt::mutex innerMutex_; ObsMapType observers_; ObsRecipientMapType obsRecipient_; diff --git a/services/dataobsmgr/include/dataobs_mgr_inner_common.h b/services/dataobsmgr/include/dataobs_mgr_inner_common.h index 8a53106ed7d..fe12f428de0 100644 --- a/services/dataobsmgr/include/dataobs_mgr_inner_common.h +++ b/services/dataobsmgr/include/dataobs_mgr_inner_common.h @@ -26,13 +26,16 @@ struct ObserverInfo { ObserverInfo() {} ObserverInfo(uint32_t tokenId, uint64_t fullTokenId, uint32_t firstCallerTokenId, int32_t userId, bool isExtension) : tokenId(tokenId), fullTokenId(fullTokenId), firstCallerTokenId(firstCallerTokenId), userId(userId), - isExtension(isExtension) {} + isFromExtension(isExtension) {} uint32_t tokenId = 0; uint64_t fullTokenId = 0; uint32_t firstCallerTokenId = 0; int32_t userId = -1; int32_t callingUserId = -1; - bool isExtension = false; + int32_t callingPid = 0; + int32_t firstCallerPid = 0; + bool isFromExtension = false; + bool isSilentUri = false; std::string permission; std::string errMsg; }; @@ -42,7 +45,7 @@ struct ObserverNode { int32_t userId_ = -1; uint32_t tokenId_ = 0; uint32_t firstCallerTokenID_ = 0; - bool isExtension_ = false; + bool isFromExtension_ = false; std::string permission_; ObserverNode(sptr observer, int32_t userId, uint32_t tokenId):observer_(observer), @@ -54,6 +57,16 @@ struct ObserverNode { } }; +struct ObserverVerifyInfo { + Uri uri = Uri(""); + std::string readPermission; + bool isSilentUri; + ObserverVerifyInfo(std::string readPermission, bool isSilentUri) : readPermission(readPermission), + isSilentUri(isSilentUri) {} + ObserverVerifyInfo(Uri uri, std::string readPermission, bool isSilentUri) : uri(uri), + readPermission(readPermission), isSilentUri(isSilentUri) {} +}; + } // namespace AAFwk } // namespace OHOS #endif // OHOS_ABILITY_RUNTIME_DATAOBS_MGR_INNER_COMMON_H \ No newline at end of file diff --git a/services/dataobsmgr/include/dataobs_mgr_inner_ext.h b/services/dataobsmgr/include/dataobs_mgr_inner_ext.h index b95f4932641..62c06a02c9f 100644 --- a/services/dataobsmgr/include/dataobs_mgr_inner_ext.h +++ b/services/dataobsmgr/include/dataobs_mgr_inner_ext.h @@ -29,7 +29,7 @@ #include "dataobs_mgr_inner_common.h" #include "iremote_object.h" #include "refbase.h" -#include "uri.h" +#include "uri.h" namespace OHOS { namespace AAFwk { @@ -39,11 +39,11 @@ public: DataObsMgrInnerExt(); virtual ~DataObsMgrInnerExt(); - Status HandleRegisterObserver(Uri &uri, sptr dataObserver, ObserverInfo &info, - bool isDescendants = false); + Status HandleRegisterObserver(Uri &uri, sptr dataObserver, ObserverInfo &info, + bool isDescendants = false); Status HandleUnregisterObserver(Uri &uri, sptr dataObserver); Status HandleUnregisterObserver(sptr dataObserver); - Status HandleNotifyChange(const ChangeInfo &changeInfo, int32_t userId); + Status HandleNotifyChange(const ChangeInfo &changeInfo, int32_t userId, std::vector &verifyResult); void OnCallBackDied(const wptr &remote); private: @@ -54,44 +54,42 @@ private: }; struct Entry { - Entry(sptr obs, int32_t userId, uint32_t tokenId, - std::shared_ptr deathRef, bool isDes) - : observer(obs), userId(userId), tokenId(tokenId), deathRecipientRef(deathRef), isDescendants(isDes) + Entry(sptr obs, int32_t userId, uint32_t tokenId, + std::shared_ptr deathRef, bool isDes) + : observer(obs), userId(userId), tokenId(tokenId), deathRecipientRef(deathRef), isDescendants(isDes) { } sptr observer; int32_t userId; - uint32_t tokenId = 0; + uint32_t tokenId = 0; std::shared_ptr deathRecipientRef; bool isDescendants; - std::string permission; + std::string permission; }; - struct ObsNotifyInfo { - ObsNotifyInfo() - { - tokenId = 0; - permission = ""; - uriList = std::list(); - } - uint32_t tokenId; - std::string permission; - std::list uriList; - }; - - using ObsMap = std::map, ObsNotifyInfo>; + struct ObsNotifyInfo { + ObsNotifyInfo() + { + tokenId = 0; + uriList = std::list(); + } + uint32_t tokenId; + std::list uriList; + }; + + using ObsMap = std::map, ObsNotifyInfo>; using EntryList = std::list; class Node { public: Node(const std::string &name); - void GetObs(const std::vector &path, uint32_t index, Uri &uri, int32_t userId, ObsMap &obsMap); + void GetObs(const std::vector &path, uint32_t index, ObserverVerifyInfo &info, int32_t userId, ObsMap &obsMap); bool AddObserver(const std::vector &path, uint32_t index, const Entry &entry); bool RemoveObserver(const std::vector &path, uint32_t index, sptr dataObserver); inline bool RemoveObserver(sptr dataObserver); bool RemoveObserver(sptr dataObserver); - bool IsLimit(const Entry &entry); + bool IsLimit(const Entry &entry); private: std::string name_; @@ -101,9 +99,11 @@ private: std::shared_ptr AddObsDeathRecipient(const sptr &dataObserver); void RemoveObsDeathRecipient(const sptr &dataObserver, bool isForce = false); + void NotifyOberserver(const ChangeInfo &changeInfo, sptr obs, + ObsNotifyInfo &info); static constexpr uint32_t OBS_NUM_MAX = 50; - static constexpr uint32_t OBS_ALL_NUM_MAX = OBS_NUM_MAX * OBS_NUM_MAX; + static constexpr uint32_t OBS_ALL_NUM_MAX = OBS_NUM_MAX * OBS_NUM_MAX; ffrt::mutex nodeMutex_; std::shared_ptr root_; diff --git a/services/dataobsmgr/include/dataobs_mgr_service.h b/services/dataobsmgr/include/dataobs_mgr_service.h index 58989498601..b6fd35544a0 100644 --- a/services/dataobsmgr/include/dataobs_mgr_service.h +++ b/services/dataobsmgr/include/dataobs_mgr_service.h @@ -99,6 +99,8 @@ private: static bool IsDataMgrService(uint32_t tokenId, int32_t uid); int32_t RegisterObserverInner(const Uri &uri, sptr dataObserver, int32_t userId, DataObsOption opt, bool isExtension); + std::pair GetUriPermission(Uri &uri, bool isRead, ObserverInfo &info); + int32_t VerifyDataShareExtension(Uri &uri, ObserverInfo &info); int32_t VerifyDataSharePermission(Uri &uri, bool isRead, ObserverInfo &info); int32_t VerifyDataSharePermissionInner(Uri &uri, bool isRead, ObserverInfo &info); int32_t NotifyChangeInner(Uri &uri, int32_t userId, diff --git a/services/dataobsmgr/src/dataobs_mgr_inner.cpp b/services/dataobsmgr/src/dataobs_mgr_inner.cpp index b49b4b2cb77..73a9e8e92ba 100644 --- a/services/dataobsmgr/src/dataobs_mgr_inner.cpp +++ b/services/dataobsmgr/src/dataobs_mgr_inner.cpp @@ -15,12 +15,13 @@ #include "dataobs_mgr_inner.h" #include "data_ability_observer_stub.h" -#include "data_share_permission.h" +#include "data_share_permission.h" #include "dataobs_mgr_errors.h" -#include "datashare_errno.h" +#include "datashare_errno.h" #include "hilog_tag_wrapper.h" #include "common_utils.h" -#include +#include +#include namespace OHOS { namespace AAFwk { @@ -33,28 +34,28 @@ int DataObsMgrInner::HandleRegisterObserver(const Uri &uri, struct ObserverNode std::lock_guard lock(innerMutex_); auto [obsPair, flag] = observers_.try_emplace(uri.ToString(), std::list()); - if (!flag && obsPair->second.size() >= OBS_ALL_NUM_MAX) { + if (!flag && obsPair->second.size() >= OBS_ALL_NUM_MAX) { TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num:%{public}s maxed", CommonUtils::Anonymous(uri.ToString()).c_str()); return DATAOBS_SERVICE_OBS_LIMMIT; } - uint32_t tokenCount = 0; + uint32_t tokenCount = 0; for (auto obs = obsPair->second.begin(); obs != obsPair->second.end(); obs++) { if ((*obs).observer_->AsObject() == observerNode.observer_->AsObject()) { TAG_LOGE(AAFwkTag::DBOBSMGR, "obs registered:%{public}s", CommonUtils::Anonymous(uri.ToString()).c_str()); return OBS_EXIST; } - if ((*obs).tokenId_ == observerNode.tokenId_) { - tokenCount++; - if (tokenCount > OBS_NUM_MAX) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num:%{public}s maxed, token:%{public}d", - CommonUtils::Anonymous(uri.ToString()).c_str(), observerNode.tokenId_); - return DATAOBS_SERVICE_OBS_LIMMIT; - } - } + if ((*obs).tokenId_ == observerNode.tokenId_) { + tokenCount++; + if (tokenCount > OBS_NUM_MAX) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num:%{public}s maxed, token:%{public}d", + CommonUtils::Anonymous(uri.ToString()).c_str(), observerNode.tokenId_); + return DATAOBS_SERVICE_OBS_LIMMIT; + } + } } obsPair->second.push_back(observerNode); @@ -100,16 +101,16 @@ int DataObsMgrInner::HandleUnregisterObserver(const Uri &uri, struct ObserverNod return NO_ERROR; } -int DataObsMgrInner::HandleNotifyChange(const Uri &uri, int32_t userId) +int DataObsMgrInner::HandleNotifyChange(const Uri &uri, int32_t userId, std::string readPermission, bool isSilentUri) { - std::string uriStr = uri.ToString(); + std::string uriStr = uri.ToString(); std::list obsList; std::lock_guard lock(innerMutex_); { - auto obsPair = observers_.find(uriStr); + auto obsPair = observers_.find(uriStr); if (obsPair == observers_.end()) { TAG_LOGD(AAFwkTag::DBOBSMGR, "uri no obs:%{public}s", - CommonUtils::Anonymous(uriStr).c_str()); + CommonUtils::Anonymous(uriStr).c_str()); return NO_OBS_FOR_URI; } obsList = obsPair->second; @@ -121,20 +122,20 @@ int DataObsMgrInner::HandleNotifyChange(const Uri &uri, int32_t userId) } if (obs.userId_ != 0 && userId != 0 && obs.userId_ != userId) { TAG_LOGW(AAFwkTag::DBOBSMGR, "Not allow across user notify, %{public}d to %{public}d, %{public}s", - userId, obs.userId_, CommonUtils::Anonymous(uriStr).c_str()); + userId, obs.userId_, CommonUtils::Anonymous(uriStr).c_str()); continue; } - uint32_t token = obs.isExtension_ ? obs.firstCallerTokenID_ : obs.tokenId_; - std::string permission = obs.permission_; - if (!permission.empty() && !DataShare::DataSharePermission::VerifyPermission(token, - permission)) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "HandleNotifyChange permission denied, token %{public}d permission " - "%{public}s uri %{public}s", token, permission.c_str(), CommonUtils::Anonymous(uriStr).c_str()); - // just hisysevent now - std::string msg = __FUNCTION__; - DataShare::DataSharePermission::ReportExtensionFault(DataShare::E_DATASHARE_PERMISSION_DENIED, token, - uriStr, msg); - } + uint32_t token = obs.isFromExtension_ ? obs.firstCallerTokenID_ : obs.tokenId_; + Uri uriTemp(uriStr); + if (!DataShare::DataSharePermission::VerifyPermission(uriTemp, token, readPermission, isSilentUri)) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "HandleNotifyChange permission denied, token %{public}d permission " + "%{public}s uri %{public}s", token, readPermission.c_str(), CommonUtils::Anonymous(uriStr).c_str()); + // just hisysevent now + std::string msg = __FUNCTION__; + DataShare::DataSharePermission::ReportExtensionFault(DataShare::E_DATASHARE_PERMISSION_DENIED, token, + uriStr, msg); + // todo:return + } obs.observer_->OnChange(); } diff --git a/services/dataobsmgr/src/dataobs_mgr_inner_ext.cpp b/services/dataobsmgr/src/dataobs_mgr_inner_ext.cpp index 25f2016cb70..0364eaee838 100644 --- a/services/dataobsmgr/src/dataobs_mgr_inner_ext.cpp +++ b/services/dataobsmgr/src/dataobs_mgr_inner_ext.cpp @@ -15,8 +15,8 @@ #include "dataobs_mgr_inner_ext.h" #include "data_ability_observer_stub.h" -#include "data_share_permission.h" -#include "datashare_errno.h" +#include "data_share_permission.h" +#include "datashare_errno.h" #include "dataobs_mgr_errors.h" #include "hilog_tag_wrapper.h" #include "common_utils.h" @@ -29,7 +29,7 @@ DataObsMgrInnerExt::DataObsMgrInnerExt() : root_(std::make_shared("root")) DataObsMgrInnerExt::~DataObsMgrInnerExt() {} Status DataObsMgrInnerExt::HandleRegisterObserver(Uri &uri, sptr dataObserver, - ObserverInfo &info, bool isDescendants) + ObserverInfo &info, bool isDescendants) { if (dataObserver->AsObject() == nullptr) { return DATA_OBSERVER_IS_NULL; @@ -42,8 +42,8 @@ Status DataObsMgrInnerExt::HandleRegisterObserver(Uri &uri, sptr path = { uri.GetScheme(), uri.GetAuthority() }; uri.GetPathSegments(path); - Entry entry = Entry(dataObserver, info.userId, info.tokenId, deathRecipientRef, isDescendants); - if (root_ != nullptr && !root_->AddObserver(path, 0, entry)) { + Entry entry = Entry(dataObserver, info.userId, info.tokenId, deathRecipientRef, isDescendants); + if (root_ != nullptr && !root_->AddObserver(path, 0, entry)) { TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers:%{public}s num maxed", CommonUtils::Anonymous(uri.ToString()).c_str()); @@ -84,45 +84,57 @@ Status DataObsMgrInnerExt::HandleUnregisterObserver(sptr d return SUCCESS; } -Status DataObsMgrInnerExt::HandleNotifyChange(const ChangeInfo &changeInfo, int32_t userId) +void DataObsMgrInnerExt::NotifyOberserver(const ChangeInfo &changeInfo, sptr obs, + ObsNotifyInfo &info) +{ + std::list sendUriList = std::list(); + for (auto verifyInfo : info.uriList) { + int32_t ret = DataShare::DataSharePermission::VerifyPermission(verifyInfo.uri, info.tokenId, + verifyInfo.readPermission, verifyInfo.isSilentUri); + if (ret != DataShare::E_OK) { + // todo:continue; + } + sendUriList.push_back(verifyInfo.uri); + } + if (sendUriList.empty()) { + TAG_LOGD(AAFwkTag::DBOBSMGR, "NotifyOberserver denied, uri %{public}s permission %{public}s", + info.uriList.front().uri.ToString().c_str(), info.uriList.front().readPermission.c_str()); // todo:add pid + // todo:return; + } + obs->OnChangeExt( + { changeInfo.changeType_, move(sendUriList), + changeInfo.data_, changeInfo.size_, changeInfo.valueBuckets_ }); +} + +Status DataObsMgrInnerExt::HandleNotifyChange(const ChangeInfo &changeInfo, int32_t userId, + std::vector &verifyInfo) { ObsMap changeRes; std::vector path; { std::lock_guard lock(nodeMutex_); + int32_t count = 0; for (auto &uri : changeInfo.uris_) { path.clear(); path.emplace_back(uri.GetScheme()); path.emplace_back(uri.GetAuthority()); uri.GetPathSegments(path); - root_->GetObs(path, 0, uri, userId, changeRes); + verifyInfo[count].uri = uri; + root_->GetObs(path, 0, verifyInfo[count], userId, changeRes); + count++; } } if (changeRes.empty()) { TAG_LOGD(AAFwkTag::DBOBSMGR, - "uris no obs, changeType:%{public}ud, uris num:%{public}zu," - "null data:%{public}d, size:%{public}ud", + "uris no obs, changeType:%{public}ud, uris num:%{public}zu, null data:%{public}d, size:%{public}ud", changeInfo.changeType_, changeInfo.uris_.size(), changeInfo.data_ == nullptr, changeInfo.size_); return NO_OBS_FOR_URI; } - for (const auto &[obs, value] : changeRes) { - if (obs == nullptr || value.uriList.empty()) { - continue; + for (auto &[obs, value] : changeRes) { + if (obs == nullptr || value.uriList.empty()) { + continue; } - std::string permission = value.permission; - if (!permission.empty() && - !DataShare::DataSharePermission::VerifyPermission(value.tokenId, permission)) { - std::string uriStr = value.uriList.front().ToString(); - TAG_LOGW(AAFwkTag::DBOBSMGR, "permission deny, uri:%{public}s, token %{public}d permission %{public}s", - CommonUtils::Anonymous(uriStr).c_str(), value.tokenId, permission.c_str()); - // just hisysevent now - std::string msg = __FUNCTION__; - DataShare::DataSharePermission::ReportExtensionFault(DataShare::E_DATASHARE_PERMISSION_DENIED, - value.tokenId, uriStr, msg); - } - obs->OnChangeExt( - { changeInfo.changeType_, move(value.uriList), - changeInfo.data_, changeInfo.size_, changeInfo.valueBuckets_ }); + NotifyOberserver(changeInfo, obs, value); } return SUCCESS; @@ -187,19 +199,18 @@ void DataObsMgrInnerExt::OnCallBackDied(const wptr &remote) DataObsMgrInnerExt::Node::Node(const std::string &name) : name_(name) {} void DataObsMgrInnerExt::Node::GetObs(const std::vector &path, uint32_t index, - Uri &uri, int32_t userId, ObsMap &obsRes) + ObserverVerifyInfo &info, int32_t userId, ObsMap &obsRes) { if (path.size() == index) { for (auto entry : entrys_) { if (entry.userId != userId && entry.userId != 0 && userId != 0) { TAG_LOGW(AAFwkTag::DBOBSMGR, "Not allow across user notify, uri:%{public}s, from %{public}d to" - "%{public}d", CommonUtils::Anonymous(uri.ToString()).c_str(), userId, entry.userId); + "%{public}d", CommonUtils::Anonymous(info.uri.ToString()).c_str(), userId, entry.userId); continue; } - ObsNotifyInfo ¬ifyInfo = obsRes.try_emplace(entry.observer, ObsNotifyInfo()).first->second; - notifyInfo.uriList.push_back(uri); - notifyInfo.tokenId = entry.tokenId; - notifyInfo.permission = entry.permission; + ObsNotifyInfo ¬ifyInfo = obsRes.try_emplace(entry.observer, ObsNotifyInfo()).first->second; + notifyInfo.uriList.push_back(info); + notifyInfo.tokenId = entry.tokenId; } return; } @@ -208,13 +219,12 @@ void DataObsMgrInnerExt::Node::GetObs(const std::vector &path, uint if (entry.isDescendants) { if (entry.userId != userId && entry.userId != 0 && userId != 0) { TAG_LOGW(AAFwkTag::DBOBSMGR, "Not allow across user notify, uri:%{public}s, from %{public}d to" - "%{public}d", CommonUtils::Anonymous(uri.ToString()).c_str(), userId, entry.userId); + "%{public}d", CommonUtils::Anonymous(info.uri.ToString()).c_str(), userId, entry.userId); continue; } - ObsNotifyInfo ¬ifyInfo = obsRes.try_emplace(entry.observer, ObsNotifyInfo()).first->second; - notifyInfo.uriList.push_back(uri); - notifyInfo.tokenId = entry.tokenId; - notifyInfo.permission = entry.permission; + ObsNotifyInfo ¬ifyInfo = obsRes.try_emplace(entry.observer, ObsNotifyInfo()).first->second; + notifyInfo.uriList.push_back(info); + notifyInfo.tokenId = entry.tokenId; } } @@ -222,34 +232,34 @@ void DataObsMgrInnerExt::Node::GetObs(const std::vector &path, uint if (it == childrens_.end()) { return; } - it->second->GetObs(path, ++index, uri, userId, obsRes); + it->second->GetObs(path, ++index, info, userId, obsRes); return; } -bool DataObsMgrInnerExt::Node::IsLimit(const Entry &entry) -{ - if (entrys_.size() >= OBS_ALL_NUM_MAX) { - return true; - } - uint32_t count = 0; - for (Entry& existEntry : entrys_) { - if (existEntry.tokenId == entry.tokenId) { - count++; - if (count > OBS_NUM_MAX) { - return true; - } - } - } - TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num :%{public}d", count); - return false; -} - +bool DataObsMgrInnerExt::Node::IsLimit(const Entry &entry) +{ + if (entrys_.size() >= OBS_ALL_NUM_MAX) { + return true; + } + uint32_t count = 0; + for (Entry& existEntry : entrys_) { + if (existEntry.tokenId == entry.tokenId) { + count++; + if (count > OBS_NUM_MAX) { + return true; + } + } + } + TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num :%{public}d", count); + return false; +} + bool DataObsMgrInnerExt::Node::AddObserver(const std::vector &path, uint32_t index, const Entry &entry) { if (path.size() == index) { - if (IsLimit(entry)) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num maxed, token:%{public}d", entry.tokenId); + if (IsLimit(entry)) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "subscribers num maxed, token:%{public}d", entry.tokenId); return false; } entry.deathRecipientRef->ref++; diff --git a/services/dataobsmgr/src/dataobs_mgr_proxy.cpp b/services/dataobsmgr/src/dataobs_mgr_proxy.cpp index 368bba052be..2781353c8a7 100644 --- a/services/dataobsmgr/src/dataobs_mgr_proxy.cpp +++ b/services/dataobsmgr/src/dataobs_mgr_proxy.cpp @@ -61,6 +61,10 @@ bool DataObsManagerProxy::WriteObsOpt(MessageParcel &data, DataObsOption opt) TAG_LOGE(AAFwkTag::DBOBSMGR, "write opt error"); return false; } + if (!data.WriteInt32(opt.FirstCallerPid())) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "write opt error"); + return false; + } return true; } diff --git a/services/dataobsmgr/src/dataobs_mgr_service.cpp b/services/dataobsmgr/src/dataobs_mgr_service.cpp index 60f2725d1e1..befa81f4620 100644 --- a/services/dataobsmgr/src/dataobs_mgr_service.cpp +++ b/services/dataobsmgr/src/dataobs_mgr_service.cpp @@ -16,6 +16,7 @@ #include #include +#include #include #include @@ -24,16 +25,16 @@ #include "ability_manager_proxy.h" #include "accesstoken_kit.h" #include "dataobs_mgr_errors.h" -#include "data_share_permission.h" -#include "datashare_log.h" -#include "dataobs_mgr_inner_common.h" -#include "datashare_errno.h" +#include "data_share_permission.h" +#include "datashare_log.h" +#include "dataobs_mgr_inner_common.h" +#include "datashare_errno.h" #include "hilog_tag_wrapper.h" #include "if_system_ability_manager.h" #include "in_process_call_wrapper.h" #include "ipc_skeleton.h" #include "iservice_registry.h" -#include "os_account_manager.h" +#include "os_account_manager.h" #include "system_ability_definition.h" #include "tokenid_kit.h" #include "common_utils.h" @@ -46,12 +47,12 @@ namespace OHOS { namespace AAFwk { -using namespace DataShare; +using namespace DataShare; static constexpr const char *DIALOG_APP = "com.ohos.pasteboarddialog"; static constexpr const char *PROGRESS_ABILITY = "PasteboardProgressAbility"; static constexpr const char *PROMPT_TEXT = "PromptText_PasteBoard_Local"; -static constexpr const char *NO_PERMISSION = "noPermission"; -static const int32_t DATA_MANAGER_SERVICE_UID = 3012; +static constexpr const char *NO_PERMISSION = "noPermission"; +static const int32_t DATA_MANAGER_SERVICE_UID = 3012; const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get()); @@ -123,10 +124,10 @@ DataObsServiceRunningState DataObsMgrService::QueryServiceState() const } std::pair DataObsMgrService::ConstructObserverNode(sptr dataObserver, - int32_t userId, uint32_t tokenId) + int32_t userId, uint32_t tokenId) { if (userId == -1) { - userId = GetCallingUserId(tokenId); + userId = GetCallingUserId(tokenId); } if (userId == -1) { // return false, tokenId default 0 @@ -135,7 +136,7 @@ std::pair DataObsMgrService::ConstructObserverNode(sp return std::make_pair(true, ObserverNode(dataObserver, userId, tokenId)); } -int32_t DataObsMgrService::GetCallingUserId(uint32_t tokenId) +int32_t DataObsMgrService::GetCallingUserId(uint32_t tokenId) { auto type = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); if (type == Security::AccessToken::TOKEN_NATIVE || type == Security::AccessToken::TOKEN_SHELL) { @@ -151,12 +152,12 @@ int32_t DataObsMgrService::GetCallingUserId(uint32_t tokenId) } } -bool DataObsMgrService::IsSystemApp(uint32_t tokenId, uint64_t fullTokenId) -{ +bool DataObsMgrService::IsSystemApp(uint32_t tokenId, uint64_t fullTokenId) +{ Security::AccessToken::ATokenTypeEnum tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); - if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { - return false; + if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { + return false; } // IsSystemAppByFullTokenID here is not IPC if (!Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId)) { @@ -166,141 +167,163 @@ bool DataObsMgrService::IsSystemApp(uint32_t tokenId, uint64_t fullTokenId) return true; } -bool DataObsMgrService::IsDataMgrService(uint32_t tokenId, int32_t uid) -{ - Security::AccessToken::ATokenTypeEnum tokenType = - Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); - if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - return false; - } - if (uid != DATA_MANAGER_SERVICE_UID) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "request not from DataMgr, uid %{public}d, DataMgr %{public}d", - uid, DATA_MANAGER_SERVICE_UID); - return false; - } - return true; -} - -bool DataObsMgrService::IsCallingPermissionValid(DataObsOption &opt) -{ - if (opt.IsSystem()) { - uint32_t tokenId = IPCSkeleton::GetCallingTokenID(); - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - bool isValid = IsSystemApp(tokenId, fullTokenId); - if (!isValid) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "CallingPermission invalid, token %{public}d", tokenId); - return false; - } - } - return true; -} - -bool DataObsMgrService::IsCallingPermissionValid(DataObsOption &opt, int32_t userId, int32_t callingUserId) -{ - if (callingUserId < 0) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid userId %{public}d", callingUserId); - return false; - } - bool acrossUser = false; - if (userId == DATAOBS_DEFAULT_CURRENT_USER || userId == callingUserId) { - acrossUser = false; - } else { - acrossUser = true; - } - - uint32_t tokenId = IPCSkeleton::GetCallingTokenID(); - uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - int32_t uid = IPCSkeleton::GetCallingUid(); - bool isValid = true; - if (acrossUser) { - isValid = IsSystemApp(tokenId, fullTokenId) || IsDataMgrService(tokenId, uid); - } else if (opt.IsSystem()) { - isValid = IsSystemApp(tokenId, fullTokenId); - } - if (!isValid) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "CallingPermission invalid, token %{public}d, from %{public}d to %{public}d", - tokenId, callingUserId, userId); - return false; - } - return true; -} - -std::string FormatUri(const std::string &uri) -{ - auto pos = uri.find_last_of('?'); - if (pos == std::string::npos) { - return uri; - } - - return uri.substr(0, pos); -} - -int32_t DataObsMgrService::RegisterObserver(const Uri &uri, sptr dataObserver, +bool DataObsMgrService::IsDataMgrService(uint32_t tokenId, int32_t uid) +{ + Security::AccessToken::ATokenTypeEnum tokenType = + Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); + if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + return false; + } + if (uid != DATA_MANAGER_SERVICE_UID) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "request not from DataMgr, uid %{public}d, DataMgr %{public}d", + uid, DATA_MANAGER_SERVICE_UID); + return false; + } + return true; +} + +bool DataObsMgrService::IsCallingPermissionValid(DataObsOption &opt) +{ + if (opt.IsSystem()) { + uint32_t tokenId = IPCSkeleton::GetCallingTokenID(); + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + bool isValid = IsSystemApp(tokenId, fullTokenId); + if (!isValid) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "CallingPermission invalid, token %{public}d", tokenId); + return false; + } + } + return true; +} + +bool DataObsMgrService::IsCallingPermissionValid(DataObsOption &opt, int32_t userId, int32_t callingUserId) +{ + if (callingUserId < 0) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid userId %{public}d", callingUserId); + return false; + } + bool acrossUser = false; + if (userId == DATAOBS_DEFAULT_CURRENT_USER || userId == callingUserId) { + acrossUser = false; + } else { + acrossUser = true; + } + + uint32_t tokenId = IPCSkeleton::GetCallingTokenID(); + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + int32_t uid = IPCSkeleton::GetCallingUid(); + bool isValid = true; + if (acrossUser) { + isValid = IsSystemApp(tokenId, fullTokenId) || IsDataMgrService(tokenId, uid); + } else if (opt.IsSystem()) { + isValid = IsSystemApp(tokenId, fullTokenId); + } + if (!isValid) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "CallingPermission invalid, token %{public}d, from %{public}d to %{public}d", + tokenId, callingUserId, userId); + return false; + } + return true; +} + +std::string FormatUri(const std::string &uri) +{ + auto pos = uri.find_last_of('?'); + if (pos == std::string::npos) { + return uri; + } + + return uri.substr(0, pos); +} + +int32_t DataObsMgrService::RegisterObserver(const Uri &uri, sptr dataObserver, int32_t userId, DataObsOption opt) -{ - return RegisterObserverInner(uri, dataObserver, userId, opt, false); -} - -int32_t DataObsMgrService::RegisterObserverFromExtension(const Uri &uri, sptr dataObserver, - int32_t userId, DataObsOption opt) -{ - return RegisterObserverInner(uri, dataObserver, userId, opt, true); -} - -// just hisysevent now -int32_t DataObsMgrService::VerifyDataSharePermission(Uri &uri, bool isRead, ObserverInfo &info) -{ - std::string uriStr = uri.ToString(); - uint32_t tokenId = info.tokenId; - uint64_t fullTokenId = info.fullTokenId; - int ret; - bool isExtension = info.isExtension; - if (isExtension) { - ret = DataShare::DataSharePermission::IsExtensionValid(tokenId, fullTokenId, info.callingUserId); - if (ret != DataShare::E_OK) { - info.errMsg.append(std::to_string(info.isExtension) + "_IsExtensionValid"); - TAG_LOGE(AAFwkTag::DBOBSMGR, "IsExtensionValid failed, uri:%{public}s, ret %{public}d," - "fullToken %{public}" PRId64 " msg %{public}s", uriStr.c_str(), ret, fullTokenId, info.errMsg.c_str()); - DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); - return ret; - } - } - return VerifyDataSharePermissionInner(uri, isRead, info); -} - -int32_t DataObsMgrService::VerifyDataSharePermissionInner(Uri &uri, bool isRead, ObserverInfo &info) -{ - std::string uriStr = uri.ToString(); - uint32_t tokenId = info.tokenId; - uint64_t fullTokenId = info.fullTokenId; - int ret; - bool isExtension = info.isExtension; +{ + return RegisterObserverInner(uri, dataObserver, userId, opt, false); +} + +int32_t DataObsMgrService::RegisterObserverFromExtension(const Uri &uri, sptr dataObserver, + int32_t userId, DataObsOption opt) +{ + return RegisterObserverInner(uri, dataObserver, userId, opt, true); +} + +int32_t DataObsMgrService::VerifyDataShareExtension(Uri &uri, ObserverInfo &info) +{ + std::string uriStr = uri.ToString(); + uint32_t tokenId = info.tokenId; + uint64_t fullTokenId = info.fullTokenId; + int ret; + bool isExtension = info.isFromExtension; + if (isExtension) { + ret = DataShare::DataSharePermission::IsExtensionValid(tokenId, fullTokenId, info.callingUserId); + if (ret != DataShare::E_OK) { + info.errMsg.append(std::to_string(info.isFromExtension) + "_IsExtensionValid"); + TAG_LOGE(AAFwkTag::DBOBSMGR, "IsExtensionValid failed, uri:%{public}s, ret %{public}d," + "fullToken %{public}" PRId64 " msg %{public}s", uriStr.c_str(), ret, fullTokenId, info.errMsg.c_str()); + DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); + return ret; + } + } + return DataShare::E_OK; +} + +// just hisysevent now +int32_t DataObsMgrService::VerifyDataSharePermission(Uri &uri, bool isRead, ObserverInfo &info) +{ + int32_t ret = VerifyDataShareExtension(uri, info); + if (ret != 0) { + return ret; + } + return VerifyDataSharePermissionInner(uri, isRead, info); +} + +std::pair DataObsMgrService::GetUriPermission(Uri &uri, bool isRead, ObserverInfo &info) +{ + uint32_t tokenId = info.tokenId; + std::string uriStr = uri.ToString(); + auto [ret, permission] = permission_->GetUriPermission(uri, info.userId, isRead, info.isSilentUri); + if (ret != DataShare::E_OK) { + info.errMsg.append(std::to_string(info.isFromExtension) + "_GetUriPermission"); + TAG_LOGE(AAFwkTag::DBOBSMGR, "GetUriPermission failed, uri:%{public}s," + "token %{public}d", uriStr.c_str(), tokenId); + DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); + } + return std::make_pair(ret, permission); +} + +int32_t DataObsMgrService::VerifyDataSharePermissionInner(Uri &uri, bool isRead, ObserverInfo &info) +{ + std::string uriStr = uri.ToString(); + uint32_t tokenId = info.tokenId; + uint64_t fullTokenId = info.fullTokenId; + int ret; + bool isExtension = info.isFromExtension; if (permission_ == nullptr) { LOG_ERROR("permission_ nullptr"); return COMMON_ERROR; } - std::tie(ret, info.permission) = permission_->GetUriPermission(uri, - info.userId, isRead, isExtension); - if (ret != DataShare::E_OK) { - info.errMsg.append(std::to_string(info.isExtension) + "_GetUriPermission"); - TAG_LOGE(AAFwkTag::DBOBSMGR, "GetUriPermission failed, uri:%{public}s, isExtension %{public}d," - "token %{public}d", uriStr.c_str(), isExtension, tokenId); - DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); - return ret; - } - uint32_t verifyToken = isExtension ? info.firstCallerTokenId : tokenId; - if (!DataShare::DataSharePermission::VerifyPermission(uri, verifyToken, info.permission, isExtension)) { - info.errMsg.append(std::to_string(info.isExtension) + "_VerifyPermission"); - TAG_LOGE(AAFwkTag::DBOBSMGR, "VerifyPermission failed, uri:%{public}s, isExtension %{public}d," - "token %{public}d", uriStr.c_str(), isExtension, tokenId); - DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); - return DataShare::E_DATASHARE_PERMISSION_DENIED; - } - return 0; -} - -int32_t DataObsMgrService::RegisterObserverInner(const Uri &uri, sptr dataObserver, - int32_t userId, DataObsOption opt, bool isExtension) + std::tie(ret, info.permission) = permission_->GetUriPermission(uri, info.userId, isRead, info.isSilentUri); + if (ret != DataShare::E_OK) { + info.errMsg.append(std::to_string(info.isFromExtension) + "_GetUriPermission"); + TAG_LOGE(AAFwkTag::DBOBSMGR, "GetUriPermission failed, uri:%{public}s, isExtension %{public}d," + "token %{public}d", uriStr.c_str(), isExtension, tokenId); + DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); + return ret; + } + uint32_t verifyToken = isExtension ? info.firstCallerTokenId : tokenId; + if (!DataShare::DataSharePermission::VerifyPermission(uri, verifyToken, info.permission, info.isSilentUri)) { + info.errMsg.append(std::to_string(info.isFromExtension) + "_VerifyPermission"); + TAG_LOGE(AAFwkTag::DBOBSMGR, "VerifyPermission failed, uri:%{public}s, isExtension %{public}d," + "token %{public}d", uriStr.c_str(), isExtension, verifyToken); + DataShare::DataSharePermission::ReportExtensionFault(ret, tokenId, uriStr, info.errMsg); + return DataShare::E_DATASHARE_PERMISSION_DENIED; + } + return 0; +} + +int32_t DataObsMgrService::RegisterObserverInner(const Uri &uri, sptr dataObserver, + int32_t userId, DataObsOption opt, bool isExtension) { if (dataObserver == nullptr) { TAG_LOGE(AAFwkTag::DBOBSMGR, "null dataObserver, uri:%{public}s", @@ -314,33 +337,38 @@ int32_t DataObsMgrService::RegisterObserverInner(const Uri &uri, sptr(uri).GetScheme() == SHARE_PREFERENCES) { status = dataObsMgrInnerPref_->HandleRegisterObserver(uri, observerNode); } else { @@ -369,12 +397,12 @@ int DataObsMgrService::UnregisterObserver(const Uri &uri, sptr lck(taskCountMutex_); if (taskCount_ >= TASK_COUNT_MAX) { @@ -457,13 +485,18 @@ int32_t DataObsMgrService::NotifyChangeInner(Uri &uri, int32_t userId, DataObsOp } ++taskCount_; } + std::string readPermission; + int32_t ret; + std::tie(ret, readPermission) = GetUriPermission(uri, userId, info); + // todo:return ChangeInfo changeInfo = { ChangeInfo::ChangeType::OTHER, { uri } }; - handler_->SubmitTask([this, uri, changeInfo, userId]() { + handler_->SubmitTask([this, uri, changeInfo, userId, readPermission, isSilentUri = info.isSilentUri]() { if (const_cast(uri).GetScheme() == SHARE_PREFERENCES) { dataObsMgrInnerPref_->HandleNotifyChange(uri, userId); } else { - dataObsMgrInner_->HandleNotifyChange(uri, userId); - dataObsMgrInnerExt_->HandleNotifyChange(changeInfo, userId); + dataObsMgrInner_->HandleNotifyChange(uri, userId, readPermission, isSilentUri); + std::vector verifyInfo = {ObserverVerifyInfo(uri, readPermission, isSilentUri)}; + dataObsMgrInnerExt_->HandleNotifyChange(changeInfo, userId, verifyInfo); } std::lock_guard lck(taskCountMutex_); --taskCount_; @@ -485,24 +518,24 @@ Status DataObsMgrService::RegisterObserverExt(const Uri &uri, sptrHandleRegisterObserver(innerUri, dataObserver, info, isDescendants); + return dataObsMgrInnerExt_->HandleRegisterObserver(innerUri, dataObserver, info, isDescendants); } Status DataObsMgrService::UnregisterObserverExt(const Uri &uri, sptr dataObserver, @@ -519,7 +552,7 @@ Status DataObsMgrService::UnregisterObserverExt(const Uri &uri, sptr dataO TAG_LOGE(AAFwkTag::DBOBSMGR, "null dataObsMgrInner"); return DATAOBS_SERVICE_INNER_IS_NULL; } - if (!IsCallingPermissionValid(opt)) { + if (!IsCallingPermissionValid(opt)) { return DATAOBS_NOT_SYSTEM_APP; } @@ -572,42 +605,61 @@ Status DataObsMgrService::NotifyChangeExt(const ChangeInfo &changeInfo, DataObsO return DATAOBS_SERVICE_HANDLER_IS_NULL; } if (dataObsMgrInner_ == nullptr || dataObsMgrInnerExt_ == nullptr) { - LOG_ERROR("dataObsMgrInner_:%{public}d or null dataObsMgrInnerExt", dataObsMgrInner_ == nullptr); + LOG_ERROR("dataObsMgrInner_:%{public}d or null dataObsMgrInnerExt", dataObsMgrInner_ == nullptr); return DATAOBS_SERVICE_INNER_IS_NULL; } - if (!IsCallingPermissionValid(opt)) { + if (!IsCallingPermissionValid(opt)) { return DATAOBS_NOT_SYSTEM_APP; } - auto tokenId = IPCSkeleton::GetCallingTokenID(); - int userId = GetCallingUserId(tokenId); + auto tokenId = IPCSkeleton::GetCallingTokenID(); + int userId = GetCallingUserId(tokenId); if (userId == -1) { - LOG_ERROR("GetCallingUserId fail, type:%{public}d, userId:%{public}d", changeInfo.changeType_, userId); + LOG_ERROR("GetCallingUserId fail, type:%{public}d, userId:%{public}d", changeInfo.changeType_, userId); return DATAOBS_INVALID_USERID; } ChangeInfo changes; Status result = DeepCopyChangeInfo(changeInfo, changes); if (result != SUCCESS) { - LOG_ERROR("copy data failed,changeType:%{public}ud,uris num:%{public}zu,null data:%{public}d,size:%{public}ud", + LOG_ERROR("copy data failed,changeType:%{public}ud,uris num:%{public}zu,null data:%{public}d,size:%{public}ud", changeInfo.changeType_, changeInfo.uris_.size(), changeInfo.data_ == nullptr, changeInfo.size_); return result; } { std::lock_guard lck(taskCountMutex_); if (taskCount_ >= TASK_COUNT_MAX) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "task num maxed, changeType:%{public}ud," + TAG_LOGE(AAFwkTag::DBOBSMGR, "task num maxed, changeType:%{public}ud," "uris num:%{public}zu, null data:%{public}d, size:%{public}ud", changeInfo.changeType_, changeInfo.uris_.size(), changeInfo.data_ == nullptr, changeInfo.size_); return DATAOBS_SERVICE_TASK_LIMMIT; } ++taskCount_; } - handler_->SubmitTask([this, changes, userId, tokenId]() { - dataObsMgrInnerExt_->HandleNotifyChange(changes, userId); + std::vector verifyInfo; + changes.uris_.remove_if([this, &verifyInfo, tokenId, userId](Uri &uri) { + ObserverInfo info(tokenId, 0, tokenId, userId, false); + info.errMsg = "NotifyChangeExt"; + int32_t ret = VerifyDataSharePermissionInner(uri, false, info); + if (ret != 0) { + // todo:return true; + } + auto [ret2, readPermission] = GetUriPermission(uri, true, info); + if (ret != 0) { + // todo:return true; + } + verifyInfo.push_back(ObserverVerifyInfo(readPermission, info.isSilentUri)); + return false; + }); + if (changes.uris_.empty()) { + // todo:return + } + handler_->SubmitTask([this, changes, userId, tokenId, verifyInfo]() { + std::vector info = verifyInfo; + dataObsMgrInnerExt_->HandleNotifyChange(changes, userId, info); + int32_t count = 0; for (auto &uri : changes.uris_) { - ObserverInfo info(tokenId, 0, 0, userId, false); - info.errMsg = "NotifyChangeExt"; - VerifyDataSharePermissionInner(uri, false, info); - dataObsMgrInner_->HandleNotifyChange(uri, userId); + dataObsMgrInner_->HandleNotifyChange(uri, userId, info[count].readPermission, + info[count].isSilentUri); + count++; } delete [] static_cast(changes.data_); std::lock_guard lck(taskCountMutex_); @@ -646,7 +698,7 @@ sptr DataObsMgrService::GetAbilityManagerService() const Status DataObsMgrService::NotifyProcessObserver(const std::string &key, const sptr &observer, DataObsOption opt) { - if (!IsCallingPermissionValid(opt)) { + if (!IsCallingPermissionValid(opt)) { return DATAOBS_NOT_SYSTEM_APP; } auto remote = GetAbilityManagerService(); diff --git a/services/dataobsmgr/src/dataobs_mgr_stub.cpp b/services/dataobsmgr/src/dataobs_mgr_stub.cpp index d882c399894..230498068a5 100644 --- a/services/dataobsmgr/src/dataobs_mgr_stub.cpp +++ b/services/dataobsmgr/src/dataobs_mgr_stub.cpp @@ -38,25 +38,27 @@ const DataObsManagerStub::RequestFuncType DataObsManagerStub::HANDLES[TRANS_BUTT &DataObsManagerStub::UnregisterObserverExtInner, &DataObsManagerStub::UnregisterObserverExtALLInner, &DataObsManagerStub::NotifyChangeExtInner, - &DataObsManagerStub::NotifyProcessObserverInner, - &DataObsManagerStub::RegisterObserverFromExtensionInner, - &DataObsManagerStub::NotifyChangeFromExtensionInner, - &DataObsManagerStub::VerifyWhiteListInner + &DataObsManagerStub::NotifyProcessObserverInner, + &DataObsManagerStub::RegisterObserverFromExtensionInner, + &DataObsManagerStub::NotifyChangeFromExtensionInner, + &DataObsManagerStub::VerifyWhiteListInner }; DataObsManagerStub::DataObsManagerStub() {} DataObsManagerStub::~DataObsManagerStub() {} -DataObsOption ReadObsOpt(MessageParcel &data) -{ - bool isSystem = data.ReadBool(); - uint32_t token = data.ReadUint32(); - DataObsOption opt(isSystem); - opt.SetFirstCallerTokenID(token); - return opt; -} - +DataObsOption ReadObsOpt(MessageParcel &data) +{ + bool isSystem = data.ReadBool(); + uint32_t token = data.ReadUint32(); + int32_t pid = data.ReadInt32(); + DataObsOption opt(isSystem); + opt.SetFirstCallerTokenID(token); + opt.SetFirstCallerPid(pid); + return opt; +} + int DataObsManagerStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { TAG_LOGD(AAFwkTag::DBOBSMGR, "code: %{public}d, flags: %{public}d, callingPid:%{public}d", code, option.GetFlags(), @@ -95,23 +97,23 @@ int DataObsManagerStub::RegisterObserverInner(MessageParcel &data, MessageParcel return NO_ERROR; } -int DataObsManagerStub::RegisterObserverFromExtensionInner(MessageParcel &data, MessageParcel &reply) -{ - Uri uri(data.ReadString()); - if (uri.ToString().empty()) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid uri"); - return IPC_STUB_INVALID_DATA_ERR; - } - - auto remote = data.ReadRemoteObject(); - auto observer = remote == nullptr ? nullptr : iface_cast(remote); - int32_t userId = data.ReadInt32(); - DataObsOption opt = ReadObsOpt(data); - int32_t result = RegisterObserverFromExtension(uri, observer, userId, opt); - reply.WriteInt32(result); - return NO_ERROR; -} - +int DataObsManagerStub::RegisterObserverFromExtensionInner(MessageParcel &data, MessageParcel &reply) +{ + Uri uri(data.ReadString()); + if (uri.ToString().empty()) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid uri"); + return IPC_STUB_INVALID_DATA_ERR; + } + + auto remote = data.ReadRemoteObject(); + auto observer = remote == nullptr ? nullptr : iface_cast(remote); + int32_t userId = data.ReadInt32(); + DataObsOption opt = ReadObsOpt(data); + int32_t result = RegisterObserverFromExtension(uri, observer, userId, opt); + reply.WriteInt32(result); + return NO_ERROR; +} + int DataObsManagerStub::UnregisterObserverInner(MessageParcel &data, MessageParcel &reply) { Uri uri(data.ReadString()); @@ -143,29 +145,29 @@ int DataObsManagerStub::NotifyChangeInner(MessageParcel &data, MessageParcel &re return NO_ERROR; } -int DataObsManagerStub::NotifyChangeFromExtensionInner(MessageParcel &data, MessageParcel &reply) -{ - Uri uri(data.ReadString()); - if (uri.ToString().empty()) { - TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid uri"); - return IPC_STUB_INVALID_DATA_ERR; - } - int32_t userId = data.ReadInt32(); - DataObsOption opt = ReadObsOpt(data); - int32_t result = NotifyChangeFromExtension(uri, userId, opt); - reply.WriteInt32(result); - return NO_ERROR; -} - -int DataObsManagerStub::VerifyWhiteListInner(MessageParcel &data, MessageParcel &reply) -{ - int32_t consumerToken = data.ReadInt32(); - int32_t providerToken = data.ReadInt32(); - int32_t result = CheckTrusts(consumerToken, providerToken); - reply.WriteInt32(result); - return NO_ERROR; -} - +int DataObsManagerStub::NotifyChangeFromExtensionInner(MessageParcel &data, MessageParcel &reply) +{ + Uri uri(data.ReadString()); + if (uri.ToString().empty()) { + TAG_LOGE(AAFwkTag::DBOBSMGR, "invalid uri"); + return IPC_STUB_INVALID_DATA_ERR; + } + int32_t userId = data.ReadInt32(); + DataObsOption opt = ReadObsOpt(data); + int32_t result = NotifyChangeFromExtension(uri, userId, opt); + reply.WriteInt32(result); + return NO_ERROR; +} + +int DataObsManagerStub::VerifyWhiteListInner(MessageParcel &data, MessageParcel &reply) +{ + int32_t consumerToken = data.ReadInt32(); + int32_t providerToken = data.ReadInt32(); + int32_t result = CheckTrusts(consumerToken, providerToken); + reply.WriteInt32(result); + return NO_ERROR; +} + int32_t DataObsManagerStub::RegisterObserverExtInner(MessageParcel &data, MessageParcel &reply) { Uri uri(data.ReadString()); -- Gitee