diff --git a/frameworks/js/napi/uri_permission/BUILD.gn b/frameworks/js/napi/uri_permission/BUILD.gn index 6d151f2bd6ba0665ec25c3f6eb8cecc98c3aaa0f..d8c47d64168b874c578b3685d072f2a9d29f5867 100644 --- a/frameworks/js/napi/uri_permission/BUILD.gn +++ b/frameworks/js/napi/uri_permission/BUILD.gn @@ -24,15 +24,20 @@ ohos_shared_library("uripermissionmanager_napi") { include_dirs = [] - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_napi_path}/inner/napi_common:napi_common", + ] external_deps = [ "ability_base:zuri", + "ability_runtime:ability_runtime_error_util", "ability_runtime:abilitykit_native", "ability_runtime:runtime", + "bundle_framework:appexecfwk_base", "c_utils:utils", "hiviewdfx_hilog_native:libhilog", + "napi:ace_napi", ] if (!ability_runtime_graphics) { diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index b2e3f60854de68e182c753851213a73a39e3e975..9edd952e876d9271204d2f3b398f43c0ea60ede8 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -15,14 +15,23 @@ #include "js_uri_perm_mgr.h" +#include "ability_manager_errors.h" +#include "ability_runtime_error_util.h" #include "hilog_wrapper.h" #include "js_error_utils.h" #include "js_runtime_utils.h" +#include "napi_common_util.h" #include "uri.h" #include "uri_permission_manager_client.h" namespace OHOS { namespace AbilityRuntime { +namespace { +constexpr int32_t ERR_OK = 0; +constexpr int32_t argCountFour = 4; +constexpr int32_t argCountThree = 3; +constexpr int32_t argCountTwo = 2; +} class JsUriPermMgr { public: JsUriPermMgr() = default; @@ -33,6 +42,113 @@ public: HILOG_INFO("JsUriPermMgr::Finalizer is called"); std::unique_ptr(static_cast(data)); } + + static NativeValue* GrantUriPermission(NativeEngine* engine, NativeCallbackInfo* info) + { + JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); + return (me != nullptr) ? me->OnGrantUriPermission(*engine, *info) : nullptr; + } + + static NativeValue* RevokeUriPermission(NativeEngine* engine, NativeCallbackInfo* info) + { + JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); + return (me != nullptr) ? me->OnRevokeUriPermission(*engine, *info) : nullptr; + } + +private: + NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) + { + if (info.argc != argCountThree && info.argc != argCountFour) { + HILOG_ERROR("The number of parameter is invalid."); + ThrowTooFewParametersError(engine); + return engine.CreateUndefined(); + } + HILOG_DEBUG("Grant Uri Permission start"); + std::string uriStr; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[0]), uriStr)) { + HILOG_ERROR("The uriStr is invalid."); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); + return engine.CreateUndefined(); + } + int flag = 0; + if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[1]), flag)) { + HILOG_ERROR("The flag is invalid."); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); + return engine.CreateUndefined(); + } + std::string targetBundleName; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[argCountTwo]), targetBundleName)) { + HILOG_ERROR("The targetBundleName is invalid."); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); + return engine.CreateUndefined(); + } + AsyncTask::CompleteCallback complete = + [uriStr, flag, targetBundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { + Uri uri(uriStr); + auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, + targetBundleName, 0); + if (errCode == ERR_OK) { + task.ResolveWithNoError(engine, engine.CreateUndefined()); + } else if (errCode == AAFwk::CHECK_PERMISSION_FAILED) { + task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); + } else { + task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, + "Internal Error.")); + } + }; + NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; + NativeValue* result = nullptr; + AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", + engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); + return result; + } + + NativeValue* OnRevokeUriPermission(NativeEngine& engine, NativeCallbackInfo& info) + { + // only support 2 or 3 params (2 parameter and 1 optional callback) + if (info.argc != argCountThree && info.argc != argCountTwo) { + HILOG_ERROR("Invalid arguments"); + ThrowTooFewParametersError(engine); + return engine.CreateUndefined(); + } + std::string uriStr; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[0]), uriStr)) { + HILOG_ERROR("The uriStr is invalid."); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); + return engine.CreateUndefined(); + } + std::string bundleName; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[1]), bundleName)) { + HILOG_ERROR("The bundleName is invalid."); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); + return engine.CreateUndefined(); + } + AsyncTask::CompleteCallback complete = + [uriStr, bundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { + Uri uri(uriStr); + auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->RevokeUriPermissionManually(uri, + bundleName); + if (errCode == ERR_OK) { + task.ResolveWithNoError(engine, engine.CreateUndefined()); + } else if (errCode == AAFwk::CHECK_PERMISSION_FAILED) { + task.Reject(engine, CreateNoPermissionError(engine, + "Do not have permission ohos.permission.PROXY_AUTHORIZATION_URI")); + } else { + task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, + "Internal Error.")); + } + }; + NativeValue* lastParam = (info.argc == argCountThree) ? info.argv[argCountTwo] : nullptr; + NativeValue* result = nullptr; + AsyncTask::Schedule("JsUriPermMgr::OnRevokeUriPermission", + engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); + return result; + } }; NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) @@ -52,6 +168,9 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) std::unique_ptr jsUriPermMgr = std::make_unique(); object->SetNativePointer(jsUriPermMgr.release(), JsUriPermMgr::Finalizer, nullptr); + const char *moduleName = "JsUriPermMgr"; + BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); + BindNativeFunction(*engine, *object, "revokeUriPermission", moduleName, JsUriPermMgr::RevokeUriPermission); return engine->CreateUndefined(); } } // namespace AbilityRuntime diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 5088ad50aa32bdf53aad15c2913b9db6b9c4f709..a1344f29f86d6bb33c226289ac5928670be2ee1f 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -32,32 +32,30 @@ public: ~UriPermissionManagerClient() = default; /** - * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * @brief Authorize the uri permission of to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromTokenId The owner of uri. - * @param targetTokenId The user of uri. + * @param targetBundleName The user of uri. + * @param autoremove the uri is temperarily or not */ - bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId); + int GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove); /** - * @brief Check whether the tokenId has URI permissions. + * @brief Clear user's uri authorization record with auto remove flag. * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param tokenId The user of uri. - * @return Returns true if the verification is successful, otherwise returns false. + * @param tokenId A tokenId of an application. */ - bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId); + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId); /** * @brief Clear user's uri authorization record. * - * @param tokenId A tokenId of an application. + * @param uri The file uri. + * @param BundleName A BundleName of an application. */ - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId); + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName); private: sptr ConnectUriPermService(); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 1125cb85de08ac8d0f2c54c88d0ec97947262880..732ccf4123ec8b5dd7dc235fb0f038fc19ca3364 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -27,44 +27,42 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); /** - * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * @brief Authorize the uri permission to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromTokenId The owner of uri. - * @param targetTokenId The user of uri. + * @param targetBundleName The user of uri. + * @param autoremove the uri is temperarily or not + * @return Returns true if the authorization is successful, otherwise returns false. */ - virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) = 0; + virtual int GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) = 0; /** - * @brief Check whether the tokenId has URI permissions. + * @brief Clear user's uri authorization record with autoremove flag. * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param tokenId The user of uri. - * @return Returns true if the verification is successful, otherwise returns false. + * @param tokenId A tokenId of an application. + * @return Returns true if the remove is successful, otherwise returns false. */ - virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; /** * @brief Clear user's uri authorization record. * - * @param tokenId A tokenId of an application. + * @param uri The file uri. + * @param bundleName bundleName of an application. + * @return Returns true if the remove is successful, otherwise returns false. */ - virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) = 0; enum UriPermMgrCmd { // ipc id for GrantUriPermission ON_GRANT_URI_PERMISSION = 0, - // ipc id for VerifyUriPermission - ON_VERIFY_URI_PERMISSION, + // ipc id for RevokeUriPermission + ON_REVOKE_URI_PERMISSION, - // ipc id for RemoveUriPermission - ON_REMOVE_URI_PERMISSION, + ON_REVOKE_URI_PERMISSION_MANUALLY, }; }; } // namespace AAFwk diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 6df378e79dc3e6e862d88c4011f46d1c15424907..98914541be959fd270fed4a12f5a227ceb4a750f 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -26,14 +26,11 @@ public: explicit UriPermissionManagerProxy(const sptr &impl); virtual ~UriPermissionManagerProxy() = default; - virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override; + virtual int GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) override; - virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override; - - virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: static inline BrokerDelegator delegator_; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 5e71eb998a28063cf45ed69d4f2e149b3984dae2..d076b35d0f044105dc20ae052cefd681177b9a46 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -15,6 +15,7 @@ #include "uri_permission_manager_client.h" +#include "ability_manager_errors.h" #include "hilog_wrapper.h" #include "if_system_ability_manager.h" #include "iservice_registry.h" @@ -22,35 +23,35 @@ namespace OHOS { namespace AAFwk { -bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) +int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); + HILOG_DEBUG("targetBundleName :%{public}s", targetBundleName.c_str()); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, autoremove); } - return false; + return INNER_ERR; } -bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) +void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { - HILOG_DEBUG("UriPermissionManagerClient::VerifyUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->VerifyUriPermission(uri, flag, tokenId); + return uriPermMgr->RevokeUriPermission(tokenId); } - return false; } -void UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { - HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermissionManually is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->RemoveUriPermission(tokenId); + return uriPermMgr->RevokeUriPermissionManually(uri, bundleName); } + return INNER_ERR; } sptr UriPermissionManagerClient::ConnectUriPermService() diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index cd0e0264b0019d9543ee7ecf0129e5cffaae6647..bb7be569fa051ffad499aa5b803fdab3fc7dad91 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -15,6 +15,7 @@ #include "uri_permission_manager_proxy.h" +#include "ability_manager_errors.h" #include "hilog_wrapper.h" #include "parcel.h" @@ -23,90 +24,85 @@ namespace AAFwk { UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr &impl) : IRemoteProxy(impl) {} -bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) +int UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return false; + return INNER_ERR; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return false; + return INNER_ERR; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return false; + return INNER_ERR; } - if (!data.WriteInt32(fromTokenId)) { - HILOG_ERROR("Write fromTokenId failed."); - return false; + if (!data.WriteString(targetBundleName)) { + HILOG_ERROR("Write targetBundleName failed."); + return INNER_ERR; } - if (!data.WriteInt32(targetTokenId)) { - HILOG_ERROR("Write targetTokenId failed."); - return false; + if (!data.WriteInt32(autoremove)) { + HILOG_ERROR("Write autoremove failed."); + return INNER_ERR; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return false; + return INNER_ERR; } - return reply.ReadBool(); + return reply.ReadInt32(); } -bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) +void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { - HILOG_DEBUG("UriPermissionManagerProxy::VerifyUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return false; - } - if (!data.WriteParcelable(&uri)) { - HILOG_ERROR("Write uri failed."); - return false; - } - if (!data.WriteInt32(flag)) { - HILOG_ERROR("Write flag failed."); - return false; + return; } if (!data.WriteInt32(tokenId)) { - HILOG_ERROR("Write tokenId failed."); - return false; + HILOG_ERROR("Write AccessTokenID failed."); + return; } MessageParcel reply; MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_VERIFY_URI_PERMISSION, data, reply, option); + int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { - HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return false; + HILOG_ERROR("SendRequest fail, error: %{public}d", error); } - return true; } -void UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +int UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { - HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermissionManually is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return INNER_ERR; } - if (!data.WriteInt32(tokenId)) { - HILOG_ERROR("Write AccessTokenID failed."); - return; + if (!data.WriteParcelable(&uri)) { + HILOG_ERROR("Write uri failed."); + return INNER_ERR; + } + if (!data.WriteString(bundleName)) { + HILOG_ERROR("Write bundleName failed."); + return INNER_ERR; } MessageParcel reply; MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION, data, reply, option); + int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); + return INNER_ERR; } + return reply.ReadInt32(); } } // namespace AAFwk } // namespace OHOS diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 6f148161e1fdaa1163a01740d2b643b56509d6dc..5f2e6327f3fce7226e3df82de2ba51620d65d46d 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -36,30 +36,27 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto flag = data.ReadInt32(); - auto fromTokenId = data.ReadInt32(); - auto targetTokenId = data.ReadInt32(); - auto ret = GrantUriPermission(*uri, flag, fromTokenId, targetTokenId); - reply.WriteBool(ret); + auto targetBundleName = data.ReadString(); + auto autoremove = data.ReadInt32(); + int result = GrantUriPermission(*uri, flag, targetBundleName, autoremove); + reply.WriteInt32(result); break; } - case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { + case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION : { + auto tokenId = data.ReadInt32(); + RevokeUriPermission(tokenId); + break; + } + case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY : { std::unique_ptr uri(data.ReadParcelable()); if (!uri) { errCode = ERR_DEAD_OBJECT; HILOG_ERROR("To read uri failed."); break; } - auto flag = data.ReadInt32(); - auto tokenId = data.ReadInt32(); - if (!VerifyUriPermission(*uri, flag, tokenId)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To check uri permission failed."); - } - break; - } - case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION : { - auto tokenId = data.ReadInt32(); - RemoveUriPermission(tokenId); + auto bundleName = data.ReadString(); + int result = RevokeUriPermissionManually(*uri, bundleName); + reply.WriteInt32(result); break; } default: diff --git a/services/abilitymgr/include/ability_record.h b/services/abilitymgr/include/ability_record.h index 2e29a14982239beb4e1a0db028cc8ae887cc36c3..b2ab255c6e8c023018ba1fb0a3f41b00addc8067 100644 --- a/services/abilitymgr/include/ability_record.h +++ b/services/abilitymgr/include/ability_record.h @@ -834,7 +834,7 @@ public: void SetNeedBackToOtherMissionStack(bool isNeedBackToOtherMissionStack); std::shared_ptr GetOtherMissionStackAbilityRecord() const; void SetOtherMissionStackAbilityRecord(const std::shared_ptr &abilityRecord); - void RemoveUriPermission(); + void RevokeUriPermission(); protected: void SendEvent(uint32_t msg, uint32_t timeOut); @@ -851,7 +851,7 @@ private: */ void GetAbilityTypeString(std::string &typeStr); void OnSchedulerDied(const wptr &remote); - void GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId); + void GrantUriPermission(const Want &want, int32_t userId, std::string targetBundleName); int32_t GetCurrentAccountId() const; /** diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 5ff6f3ace5f38d27fd9383f8eeecb324610acd8f..05bb5d933ec187fc11085ba899aad9038a6c9abb 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -506,7 +506,8 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::string element = GetWant().GetElement().GetURI(); HILOG_DEBUG("SUPPORT_GRAPHICS: ability record: %{public}s", element.c_str()); - GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + + GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.bundleName); if (isReady_) { auto handler = DelayedSingleton::GetInstance()->GetEventHandler(); @@ -1292,7 +1293,7 @@ void AbilityRecord::SendResult() std::lock_guard guard(lock_); CHECK_POINTER(scheduler_); CHECK_POINTER(result_); - GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), applicationInfo_.bundleName); scheduler_->SendResult(result_->requestCode_, result_->resultCode_, result_->resultWant_); // reset result to avoid send result next time result_.reset(); @@ -1774,7 +1775,7 @@ void AbilityRecord::OnSchedulerDied(const wptr &remote) return; } - RemoveUriPermission(); + RevokeUriPermission(); if (scheduler_ != nullptr && schedulerDeathRecipient_ != nullptr) { auto schedulerObject = scheduler_->AsObject(); if (schedulerObject != nullptr) { @@ -2077,7 +2078,7 @@ void AbilityRecord::CallRequest() HILOG_INFO("Call Request."); CHECK_POINTER(scheduler_); - GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.bundleName); // Async call request scheduler_->CallRequest(); } @@ -2234,7 +2235,7 @@ void AbilityRecord::DumpAbilityInfoDone(std::vector &infos) dumpCondition_.notify_all(); } -void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) +void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, std::string targetBundleName) { if ((want.GetFlags() & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("Do not call uriPermissionMgr."); @@ -2271,20 +2272,21 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_ HILOG_ERROR("the uri does not belong to caller."); continue; } + int autoremove = 1; auto ret = IN_PROCESS_CALL(upmClient->GrantUriPermission(uri, want.GetFlags(), - callerAccessTokenId_, targetTokenId)); + targetBundleName, autoremove)); if (ret) { isGrantedUriPermission_ = true; } } } -void AbilityRecord::RemoveUriPermission() +void AbilityRecord::RevokeUriPermission() { if (isGrantedUriPermission_) { HILOG_DEBUG("To remove uri permission."); auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); - upmClient->RemoveUriPermission(applicationInfo_.accessTokenId); + upmClient->RevokeUriPermission(applicationInfo_.accessTokenId); isGrantedUriPermission_ = false; } } diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 24854dca7ca9aa6e12af27c1dd225e775ab35ab9..578a0fcae6190942d6937750a67781fc0ebabf37 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1558,7 +1558,7 @@ void MissionListManager::CompleteTerminateAndUpdateMission(const std::shared_ptr CHECK_POINTER(abilityRecord); for (auto it : terminateAbilityList_) { if (it == abilityRecord) { - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); terminateAbilityList_.remove(it); // update inner mission info time bool excludeFromMissions = abilityRecord->GetAbilityInfo().excludeFromMissions; @@ -1880,7 +1880,7 @@ void MissionListManager::OnTimeOut(uint32_t msgId, int64_t abilityRecordId) return; } HILOG_DEBUG("Ability timeout,msg:%{public}d,name:%{public}s", msgId, abilityRecord->GetAbilityInfo().name.c_str()); - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); #ifdef SUPPORT_GRAPHICS if (abilityRecord->IsStartingWindow()) { diff --git a/services/common/include/permission_constants.h b/services/common/include/permission_constants.h index 9e8159bacee12996716fb3317c5bb7b877a50668..940be3c9f0dbb1ecd71a03fca33f5f6d610aec76 100644 --- a/services/common/include/permission_constants.h +++ b/services/common/include/permission_constants.h @@ -35,6 +35,7 @@ constexpr const char* PERMISSION_START_ABILITIES_FROM_BACKGROUND = "ohos.permiss constexpr const char* PERMISSION_START_ABILIIES_FROM_BACKGROUND = "ohos.permission.START_ABILIIES_FROM_BACKGROUND"; constexpr const char* PERMISSION_ABILITY_BACKGROUND_COMMUNICATION = "ohos.permission.ABILITY_BACKGROUND_COMMUNICATION"; constexpr const char* PERMISSION_MANAGER_ABILITY_FROM_GATEWAY = "ohos.permission.MANAGER_ABILITY_FROM_GATEWAY"; +constexpr const char* PERMISSION_PROXY_AUTHORIZATION_URI = "ohos.permission.PROXY_AUTHORIZATION_URI"; } // namespace PermissionConstants } // namespace AAFwk } // namespace OHOS diff --git a/services/uripermmgr/BUILD.gn b/services/uripermmgr/BUILD.gn index c29844abcbbbb930df85bbe43fd175a0552d19f5..4117be5aa4abcc8fd1df320fe0e92cf04d647846 100644 --- a/services/uripermmgr/BUILD.gn +++ b/services/uripermmgr/BUILD.gn @@ -36,8 +36,10 @@ ohos_shared_library("libupms") { sources = libupms_sources - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_services_path}/common:perm_verification", + ] external_deps = [ "ability_base:want", @@ -65,8 +67,10 @@ ohos_static_library("libupms_static") { sources = libupms_sources - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_services_path}/common:perm_verification", + ] external_deps = [ "ability_base:want", diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index fbaad18b9bb47906051d752552746acbc4af626a..c360abcf3c247a64f04d0b9bbbd44d28add4cd59 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -33,6 +33,7 @@ struct GrantInfo { unsigned int flag; const unsigned int fromTokenId; const unsigned int targetTokenId; + int autoremove; }; class UriPermissionManagerStubImpl : public UriPermissionManagerStub, public std::enable_shared_from_this { @@ -40,13 +41,11 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override; + int GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) override; - bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override; - - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: sptr ConnectBundleManager(); @@ -54,6 +53,10 @@ private: int GetCurrentAccountId(); void ClearBMSProxy(); void ClearSMProxy(); + int GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID fromTokenId, + Security::AccessToken::AccessTokenID targetTokenId, int autoremove); + Security::AccessToken::AccessTokenID GetTokenIdByBundleName(const std::string bundleName); class BMSOrSMDeathRecipient : public IRemoteObject::DeathRecipient { public: diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index c1b9cc933c1a3b430e87b9ccf36320ee10ab1abe..0e50eee1476c358c632191e96ac62b7b5dd218a5 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -15,6 +15,7 @@ #include "uri_permission_manager_stub_impl.h" +#include "ability_manager_errors.h" #include "accesstoken_kit.h" #include "hilog_wrapper.h" #include "if_system_ability_manager.h" @@ -22,6 +23,8 @@ #include "ipc_skeleton.h" #include "iservice_registry.h" #include "os_account_manager_wrapper.h" +#include "permission_constants.h" +#include "permission_verification.h" #include "singleton.h" #include "system_ability_definition.h" #include "want.h" @@ -29,20 +32,28 @@ namespace OHOS { namespace AAFwk { const int32_t DEFAULT_USER_ID = 0; +const int32_t ERR_OK = 0; using TokenId = Security::AccessToken::AccessTokenID; -bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, - const TokenId fromTokenId, const TokenId targetTokenId) +int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, + const std::string targetBundleName, int autoremove) { - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); - if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - HILOG_DEBUG("caller tokenType is not native, verify failure."); - return false; - } - if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return false; + return INNER_ERR; + } + Uri uri_inner = uri; + auto&& authority = uri_inner.GetAuthority(); + Security::AccessToken::AccessTokenID fromTokenId = GetTokenIdByBundleName(authority); + Security::AccessToken::AccessTokenID targetTokenId = GetTokenIdByBundleName(targetBundleName); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && + !permission && (fromTokenId != callerTokenId)) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); + return CHECK_PERMISSION_FAILED; } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { @@ -50,104 +61,77 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } else { tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } + auto&& scheme = uri_inner.GetScheme(); + if (scheme != "file") { + HILOG_WARN("only support file uri."); + return INNER_ERR; + } + // auto remove URI permission for clipboard + Security::AccessToken::NativeTokenInfo nativeInfo; + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); + HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); + if (nativeInfo.processName == "pasteboard_serv") { + autoremove = 1; + } + return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId, autoremove); +} +int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID fromTokenId, + Security::AccessToken::AccessTokenID targetTokenId, int autoremove) +{ auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return false; + return INNER_ERR; } auto uriStr = uri.ToString(); - auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, tmpFlag); + auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, flag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); - return false; + return INNER_ERR; } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + GrantInfo info = { flag, fromTokenId, targetTokenId, autoremove }; if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); - return true; + return ERR_OK; } auto& infoList = search->second; for (auto& item : infoList) { if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) { - if ((tmpFlag & item.flag) == 0) { + if ((flag & item.flag) == 0) { HILOG_INFO("Update uri r/w permission."); - item.flag = tmpFlag; + item.flag = flag; } HILOG_INFO("uri permission has granted, not to grant again."); - return true; + return ERR_OK; } } infoList.emplace_back(info); - return true; + return ERR_OK; } -bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) -{ - if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { - HILOG_WARN("UriPermissionManagerStubImpl:::VerifyUriPermission: The param flag is invalid."); - return false; - } - - auto bms = ConnectBundleManager(); - auto uriStr = uri.ToString(); - if (bms) { - AppExecFwk::ExtensionAbilityInfo info; - if (!IN_PROCESS_CALL(bms->QueryExtensionAbilityInfoByUri(uriStr, GetCurrentAccountId(), info))) { - HILOG_DEBUG("%{public}s, Fail to get extension info from bundle manager.", __func__); - return false; - } - if (info.type != AppExecFwk::ExtensionAbilityType::FILESHARE) { - HILOG_DEBUG("%{public}s, The upms only open to FILESHARE. The type is %{public}u.", __func__, info.type); - return false; - } - - if (tokenId == info.applicationInfo.accessTokenId) { - HILOG_DEBUG("The uri belongs to this application."); - return true; - } - } - - std::lock_guard guard(mutex_); - auto search = uriMap_.find(uriStr); - if (search == uriMap_.end()) { - HILOG_DEBUG("This tokenID does not have permission for this uri."); - return false; - } - - unsigned int tmpFlag = 0; - if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { - tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; - } else { - tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; - } - - for (const auto& item : search->second) { - if (item.targetTokenId == tokenId && - (item.flag == Want::FLAG_AUTH_WRITE_URI_PERMISSION || item.flag == tmpFlag)) { - HILOG_DEBUG("This tokenID have permission for this uri."); - return true; - } - } - - HILOG_DEBUG("The application does not have permission for this URI."); - return false; -} - -void UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) +void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + Security::AccessToken::NativeTokenInfo nativeInfo; + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); + HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); + if (nativeInfo.processName != "fodundation") { + HILOG_ERROR("RevokeUriPermission can only be called by foundation"); + return; + } std::vector uriList; { std::lock_guard guard(mutex_); for (auto iter = uriMap_.begin(); iter != uriMap_.end();) { auto& list = iter->second; for (auto it = list.begin(); it != list.end(); it++) { - if (it->targetTokenId == tokenId) { + if (it->targetTokenId == tokenId && it->autoremove) { HILOG_INFO("Erase an info form list."); list.erase(it); uriList.emplace_back(iter->first); @@ -173,6 +157,54 @@ void UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) } } +int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) +{ + HILOG_DEBUG("Start to remove uri permission manually."); + Uri uri_inner = uri; + auto&& authority = uri_inner.GetAuthority(); + Security::AccessToken::AccessTokenID uriTokenId = GetTokenIdByBundleName(authority); + Security::AccessToken::AccessTokenID tokenId = GetTokenIdByBundleName(bundleName); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (!permission && (uriTokenId != callerTokenId) && (tokenId != callerTokenId)) { + HILOG_WARN("UriPermissionManagerStubImpl::RevokeUriPermission: No permission for revoke uri."); + return CHECK_PERMISSION_FAILED; + } + + std::vector uriList; + { + std::lock_guard guard(mutex_); + + auto uriStr = uri.ToString(); + auto search = uriMap_.find(uriStr); + if (search == uriMap_.end()) { + HILOG_ERROR("URI does not exist on uri map."); + return INNER_ERR; + } + auto& list = search->second; + for (auto it = list.begin(); it != list.end(); it++) { + if (it->targetTokenId == tokenId) { + HILOG_INFO("Erase an info form list."); + auto storageMgrProxy = ConnectStorageManager(); + if (storageMgrProxy == nullptr) { + HILOG_ERROR("ConnectStorageManager failed"); + return INNER_ERR; + } + uriList.emplace_back(search->first); + if (storageMgrProxy->DeleteShareFile(tokenId, uriList) == ERR_OK) { + list.erase(it); + break; + } else { + HILOG_ERROR("DeleteShareFile failed"); + return INNER_ERR; + } + } + } + } + return ERR_OK; +} + sptr UriPermissionManagerStubImpl::ConnectBundleManager() { HILOG_DEBUG("%{public}s is called.", __func__); @@ -205,6 +237,22 @@ sptr UriPermissionManagerStubImpl::ConnectBundleManager( return bundleManager_; } +Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByBundleName(const std::string bundleName) +{ + auto bms = ConnectBundleManager(); + if (bms == nullptr) { + HILOG_WARN("Failed to get bms."); + return GET_BUNDLE_MANAGER_SERVICE_FAILED; + } + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + AppExecFwk::BundleInfo bundleInfo; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info according to uri."); + return GET_BUNDLE_INFO_FAILED; + } + return bundleInfo.applicationInfo.accessTokenId; +} + sptr UriPermissionManagerStubImpl::ConnectStorageManager() { std::lock_guard lock(storageMutex_); @@ -276,4 +324,4 @@ int UriPermissionManagerStubImpl::GetCurrentAccountId() return osActiveAccountIds.front(); } } // namespace AAFwk -} // namespace OHOS +} // namespace OHOS \ No newline at end of file diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 931d8c1768f0f2198bca7f5696fe081a7fe9a23f..aa0845659867ff7151651287b5be4016a9ed1d3a 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -37,19 +37,20 @@ public: UriPermissionManagerStubFuzzTest() = default; virtual ~UriPermissionManagerStubFuzzTest() {} - bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override + int GrantUriPermission(const Uri &uri, unsigned int flag, + std::string targetBundleName, + int autoremove) override { - return true; + return 0; } - bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override { - return true; + return; + } + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override + { + return 0; } - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override - {} }; uint32_t GetU32Data(const char* ptr) diff --git a/test/unittest/ability_record_test/ability_record_test.cpp b/test/unittest/ability_record_test/ability_record_test.cpp index 7c60c66b10aba2b7ad3bd615a4bac06289af317f..860884ecea8d83d0975b01e11259e904d1a51861 100644 --- a/test/unittest/ability_record_test/ability_record_test.cpp +++ b/test/unittest/ability_record_test/ability_record_test.cpp @@ -2087,8 +2087,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_001, TestSize.Level std::shared_ptr abilityRecord = GetAbilityRecord(); Want want; int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, "name"); } /* @@ -2106,8 +2106,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_002, TestSize.Level want.SetFlags(1); want.SetUri("datashare://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2125,8 +2125,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_003, TestSize.Level want.SetFlags(1); want.SetUri("file://com.example.mock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2144,8 +2144,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_004, TestSize.Level want.SetFlags(1); want.SetUri("file://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2159,27 +2159,26 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_004, TestSize.Level HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_005, TestSize.Level1) { std::shared_ptr abilityRecord = GetAbilityRecord(); - uint32_t targetTokenId = 56; - abilityRecord->SetCallerAccessTokenId(targetTokenId); Want want; want.SetFlags(1); want.SetUri("file://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* * Feature: AbilityRecord - * Function: RemoveUriPermission - * SubFunction: RemoveUriPermission + * Function: RevokeUriPermission + * SubFunction: RevokeUriPermission * FunctionPoints: NA * EnvConditions: NA - * CaseDescription: Verify AbilityRecord RemoveUriPermission + * CaseDescription: Verify AbilityRecord RevokeUriPermission */ -HWTEST_F(AbilityRecordTest, AbilityRecord_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(AbilityRecordTest, AbilityRecord_RevokeUriPermission_001, TestSize.Level1) { std::shared_ptr abilityRecord = GetAbilityRecord(); - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); } /* diff --git a/test/unittest/uri_permission_impl_test/BUILD.gn b/test/unittest/uri_permission_impl_test/BUILD.gn index 8c24491751967c78a6f2bf138904007f09eae5cf..e0324976790e01e287dccf18e192a984fcee1bcc 100755 --- a/test/unittest/uri_permission_impl_test/BUILD.gn +++ b/test/unittest/uri_permission_impl_test/BUILD.gn @@ -9,7 +9,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License. import("//build/test.gni") import("//foundation/ability/ability_runtime/ability_runtime.gni") @@ -48,6 +48,7 @@ ohos_unittest("uri_permission_impl_test") { "ability_base:zuri", "access_token:libnativetoken", "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "c_utils:utils", diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index 9e613e98c07e3747d9fc5454bdf3b54e3045d780..311f810de67ab305b6fb4536fef7f567cca51039 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -58,9 +58,9 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 0; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* @@ -75,9 +75,9 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_002, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* @@ -92,10 +92,10 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_003, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 2; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; MockSystemAbilityManager::isNullptr = false; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -111,11 +111,11 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_004, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 2; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; + std::string targetBundleName = "name2"; + int autoremove = 1; MockSystemAbilityManager::isNullptr = false; StorageManager::StorageManagerServiceMock::isZero = false; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; StorageManager::StorageManagerServiceMock::isZero = true; } @@ -132,13 +132,15 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_005, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; - upms->GrantUriPermission(uri, tmpFlag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, tmpFlag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -154,14 +156,16 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_006, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -177,25 +181,26 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - uint32_t tokenId = 4; - upms->GrantUriPermission(uri, flag, fromTokenId, tokenId); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(UriPermissionImplTest, Upms_RevokeUriPermission_001, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; @@ -205,16 +210,16 @@ HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_001, TestSize.Level1) std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); - upms->RemoveUriPermission(targetTokenId); + upms->RevokeUriPermission(targetTokenId); } /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_002, TestSize.Level1) +HWTEST_F(UriPermissionImplTest, Upms_RevokeUriPermission_002, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; @@ -225,7 +230,7 @@ HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_002, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); uint32_t tokenId = 4; - upms->RemoveUriPermission(tokenId); + upms->RevokeUriPermission(tokenId); } /* diff --git a/test/unittest/uri_permission_test/BUILD.gn b/test/unittest/uri_permission_test/BUILD.gn index 938b6fc4787916ffd13bd16a5b36e56ced0dce5d..4aa571d8b946d7482381f6f0c2dd07a6ecfb3d5c 100755 --- a/test/unittest/uri_permission_test/BUILD.gn +++ b/test/unittest/uri_permission_test/BUILD.gn @@ -9,7 +9,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License. import("//build/test.gni") import("//foundation/ability/ability_runtime/ability_runtime.gni") @@ -33,6 +33,7 @@ ohos_unittest("uri_permission_test") { external_deps = [ "ability_base:zuri", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "storage_service:storage_manager_sa_proxy", ] diff --git a/test/unittest/uri_permission_test/uri_permission_test.cpp b/test/unittest/uri_permission_test/uri_permission_test.cpp index 508d930bee0615737ec00eb68b55f60059458f0b..90974d7104391fa0310a473603db40172981696f 100755 --- a/test/unittest/uri_permission_test/uri_permission_test.cpp +++ b/test/unittest/uri_permission_test/uri_permission_test.cpp @@ -51,9 +51,9 @@ HWTEST_F(UriPermissionTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* @@ -82,21 +82,22 @@ HWTEST_F(UriPermissionTest, Upms_ConnectStorageManager_001, TestSize.Level1) /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionTest, Upms_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(UriPermissionTest, Upms_RevokeUriPermission_001, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); - upms->RemoveUriPermission(targetTokenId); + upms->RevokeUriPermission(targetTokenId); } /*