From 34cc6670382c1baa51de147a2119f3530cc7b903 Mon Sep 17 00:00:00 2001 From: yuwenze Date: Sun, 15 Jan 2023 09:04:04 +0000 Subject: [PATCH 01/52] add uri permission Signed-off-by: yuwenze Change-Id: I2d913f79c0b4e5c28cae29b2de9ab0d9bd4d71c5 --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 67 ++-------------- .../uri_permission_manager_interface.h | 2 +- .../src/uri_permission_manager_client.cpp | 1 - .../include/ability_manager_service.h | 3 - services/abilitymgr/include/ability_record.h | 8 +- .../src/ability_manager_service.cpp | 63 +-------------- services/abilitymgr/src/ability_record.cpp | 79 +++++++++++++++++-- .../src/implicit_start_processor.cpp | 10 ++- .../abilitymgr/src/mission_list_manager.cpp | 1 + services/sa_profile/183.xml | 2 +- .../src/uri_permission_manager_service.cpp | 3 + .../abilitymanagerservicefirst_fuzzer.cpp | 2 - .../ability_manager_service_test/BUILD.gn | 1 - .../ability_manager_service_test.cpp | 36 --------- .../ability_record_test.cpp | 3 +- 15 files changed, 98 insertions(+), 183 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 028db28fd05..dec6bb95de0 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -34,73 +34,16 @@ public: std::unique_ptr(static_cast(data)); } - static NativeValue* VerifyUriPermission(NativeEngine* engine, NativeCallbackInfo* info) + static NativeValue* GrantUriPermission(NativeEngine* engine, NativeCallbackInfo* info) { JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); - return (me != nullptr) ? me->OnVerifyUriPermission(*engine, *info) : nullptr; + return (me != nullptr) ? me->OnGrantUriPermission(*engine, *info) : nullptr; } private: - NativeValue* OnVerifyUriPermission(NativeEngine& engine, NativeCallbackInfo& info) + NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { - HILOG_DEBUG("OnVerifyUriPermission is called"); - constexpr int32_t argCount = 5; - if (info.argc > argCount) { - HILOG_ERROR("Too many parameters"); - ThrowTooFewParametersError(engine); - return engine.CreateUndefined(); - } - std::vector> args; - for (size_t i = 0; i < info.argc; ++i) { - args.emplace_back(engine.CreateReference(info.argv[i], 1)); - } - - constexpr int32_t argCountThree = 3; - AsyncTask::CompleteCallback complete = - [args, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { - constexpr int32_t argCountFour = 4; - if (args.size() != argCountThree && args.size() != argCountFour) { - HILOG_ERROR("Wrong number of parameters."); - task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); - return; - } - - std::string uriStr; - if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { - HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); - return; - } - - int flag = 0; - if (!ConvertFromJsValue(engine, args[1]->Get(), flag)) { - HILOG_ERROR("%{public}s called, the second parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "flag conversion failed.")); - return; - } - - int accessTokenId = 0; - constexpr int32_t index = 2; - if (!ConvertFromJsValue(engine, args[index]->Get(), accessTokenId)) { - HILOG_ERROR("%{public}s called, the third parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "accessTokenId conversion failed.")); - return; - } - - Uri uri(uriStr); - if (AAFwk::UriPermissionManagerClient::GetInstance()->VerifyUriPermission(uri, flag, accessTokenId)) { - task.Resolve(engine, CreateJsValue(engine, 0)); - } else { - task.Reject(engine, CreateJsError(engine, -1, "The app doesn't have the uri permission!")); - } - }; - - NativeValue* lastParam = (info.argc == argCountThree) ? nullptr : info.argv[argCountThree]; - NativeValue* result = nullptr; - AsyncTask::Schedule("JsUriPermMgr::OnVerifyUriPermission", - engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); - HILOG_DEBUG("OnVerifyUriPermission is called end"); - return result; + return engine.CreateUndefined(); } }; @@ -122,7 +65,7 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) object->SetNativePointer(jsUriPermMgr.release(), JsUriPermMgr::Finalizer, nullptr); const char *moduleName = "JsUriPermMgr"; - BindNativeFunction(*engine, *object, "verifyUriPermission", moduleName, JsUriPermMgr::VerifyUriPermission); + BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); return engine->CreateUndefined(); } } // namespace AbilityRuntime diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 44e3bbbf243..17b286a2363 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -24,7 +24,7 @@ namespace OHOS { namespace AAFwk { class IUriPermissionManager : public IRemoteBroker { public: - DECLARE_INTERFACE_DESCRIPTOR(u"ohos.aafwk.UriPermissionManager"); + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); /** * @brief Authorize the uri permission of fromTokenId to targetTokenId. diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index d789fc1cce8..7b8b3a48129 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -54,7 +54,6 @@ void UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken sptr UriPermissionManagerClient::ConnectUriPermService() { - return nullptr; HILOG_DEBUG("UriPermissionManagerClient::ConnectUriPermService is called."); std::lock_guard lock(mutex_); if (uriPermMgr_ == nullptr) { diff --git a/services/abilitymgr/include/ability_manager_service.h b/services/abilitymgr/include/ability_manager_service.h index 63dc8bb0953..6996add88fb 100644 --- a/services/abilitymgr/include/ability_manager_service.h +++ b/services/abilitymgr/include/ability_manager_service.h @@ -733,8 +733,6 @@ public: bool IsAbilityControllerStartById(int32_t missionId); - void GrantUriPermission(const Want &want, int32_t validUserId, uint32_t targetTokenId); - bool IsComponentInterceptionStart(const Want &want, const sptr &callerToken, int requestCode, int componentStatus, AbilityRequest &request); @@ -1063,7 +1061,6 @@ private: std::map dumpsysFuncMap_; int CheckStaticCfgPermission(AppExecFwk::AbilityInfo &abilityInfo); - void GrantUriPermission(const Want &want, int32_t validUserId); bool VerifyUriPermission(const AbilityRequest &abilityRequest, const Want &want); bool GetValidDataAbilityUri(const std::string &abilityInfoUri, std::string &adjustUri); diff --git a/services/abilitymgr/include/ability_record.h b/services/abilitymgr/include/ability_record.h index 25cfa4ad61d..8e4b92703c8 100644 --- a/services/abilitymgr/include/ability_record.h +++ b/services/abilitymgr/include/ability_record.h @@ -824,6 +824,8 @@ public: void SetPendingState(AbilityState state); AbilityState GetPendingState() const; + void RemoveUriPermission() const; + protected: void SendEvent(uint32_t msg, uint32_t timeOut); @@ -841,8 +843,10 @@ private: */ void GetAbilityTypeString(std::string &typeStr); void OnSchedulerDied(const wptr &remote); - void GrantUriPermission(const Want &want); - int GetCurrentAccountId(); + void GrantUriPermissionForResult(const Want &want) const; + void GrantUriPermission(const Want &want, int32_t userId) const; + void GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) const; + int32_t GetCurrentAccountId() const; /** * add system ability caller record diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp index 8c59135e31e..b4187f6054f 100644 --- a/services/abilitymgr/src/ability_manager_service.cpp +++ b/services/abilitymgr/src/ability_manager_service.cpp @@ -616,7 +616,6 @@ int AbilityManagerService::StartAbilityInner(const Want &want, const sptrGetBundleInfo(bundleName, bundleFlag, bundleInfo, validUserId))) { - HILOG_ERROR("Get bundle info failed."); - return; - } - - auto targetTokenId = bundleInfo.applicationInfo.accessTokenId; - GrantUriPermission(want, validUserId, targetTokenId); -} - -void AbilityManagerService::GrantUriPermission(const Want &want, int32_t validUserId, uint32_t targetTokenId) -{ - auto bms = GetBundleManager(); - CHECK_POINTER_IS_NULLPTR(bms); - auto uriStr = want.GetUri().ToString(); - auto uriVec = want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM); - uriVec.emplace_back(uriStr); - auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); - auto fromTokenId = IPCSkeleton::GetCallingTokenID(); - AppExecFwk::ExtensionAbilityInfo info; - for (auto str : uriVec) { - if (!IN_PROCESS_CALL(bms->QueryExtensionAbilityInfoByUri(str, validUserId, info))) { - HILOG_WARN("Not found ExtensionAbilityInfo according to the uri."); - continue; - } - if (info.type != AppExecFwk::ExtensionAbilityType::FILESHARE) { - HILOG_WARN("The upms only open to FILESHARE. The type is %{public}u.", info.type); - HILOG_WARN("BundleName: %{public}s, AbilityName: %{public}s.", info.bundleName.c_str(), info.name.c_str()); - continue; - } - if (fromTokenId != info.applicationInfo.accessTokenId) { - HILOG_WARN("Only the uri of this application can be authorized."); - continue; - } - - Uri uri(str); - IN_PROCESS_CALL_WITHOUT_RET(upmClient->GrantUriPermission(uri, want.GetFlags(), fromTokenId, targetTokenId)); - } -} - int AbilityManagerService::TerminateAbility(const sptr &token, int resultCode, const Want *resultWant) { auto abilityRecord = Token::GetAbilityRecordByToken(token); @@ -5071,10 +5013,7 @@ bool AbilityManagerService::IsNeedTimeoutForTest(const std::string &abilityName, bool AbilityManagerService::VerifyUriPermission(const AbilityRequest &abilityRequest, const Want &want) { - if (abilityRequest.abilityInfo.extensionAbilityType != AppExecFwk::ExtensionAbilityType::FILESHARE) { - HILOG_DEBUG("Only FILESHARE need to Verify uri permission."); - return true; - } + return true; auto uriStr = want.GetUri().ToString(); auto uriVec = want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM); uriVec.emplace_back(uriStr); diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 21eb0ddb05d..3ae6e3c95e8 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -28,6 +28,7 @@ #include "connection_state_manager.h" #include "hitrace_meter.h" #include "image_source.h" +#include "in_process_call_wrapper.h" #include "errors.h" #include "event_report.h" #include "hilog_wrapper.h" @@ -233,7 +234,8 @@ int AbilityRecord::LoadAbility() HILOG_ERROR("Root launcher restart is out of max count."); return ERR_INVALID_VALUE; } - + + GrantUriPermission(want_, GetCurrentAccountId()); if (isRestarting_) { restartTime_ = AbilityUtil::SystemTimeMillis(); } @@ -289,6 +291,7 @@ void AbilityRecord::ForegroundAbility(uint32_t sceneFlag) CHECK_POINTER(lifecycleDeal_); SendEvent(AbilityManagerService::FOREGROUND_TIMEOUT_MSG, AbilityManagerService::FOREGROUND_TIMEOUT); + GrantUriPermission(want_, GetCurrentAccountId()); // schedule active after updating AbilityState and sending timeout message to avoid ability async callback // earlier than above actions. @@ -1189,6 +1192,7 @@ void AbilityRecord::Terminate(const Closure &task) // earlier than above actions. currentState_ = AbilityState::TERMINATING; lifecycleDeal_->Terminate(want_, lifeCycleStateInfo_); + RemoveUriPermission(); } void AbilityRecord::ConnectAbility() @@ -1266,8 +1270,8 @@ void AbilityRecord::SendResult() std::lock_guard guard(lock_); CHECK_POINTER(scheduler_); CHECK_POINTER(result_); + GrantUriPermissionForResult(result_->resultWant_); scheduler_->SendResult(result_->requestCode_, result_->resultCode_, result_->resultWant_); - GrantUriPermission(result_->resultWant_); // reset result to avoid send result next time result_.reset(); } @@ -1744,6 +1748,7 @@ void AbilityRecord::OnSchedulerDied(const wptr &remote) return; } + RemoveUriPermission(); if (scheduler_ != nullptr && schedulerDeathRecipient_ != nullptr) { auto schedulerObject = scheduler_->AsObject(); if (schedulerObject != nullptr) { @@ -2033,6 +2038,7 @@ void AbilityRecord::CallRequest() const HILOG_INFO("Call Request."); CHECK_POINTER(scheduler_); + GrantUriPermission(want_, GetCurrentAccountId()); // Async call request scheduler_->CallRequest(); } @@ -2242,20 +2248,79 @@ void AbilityRecord::DumpAbilityInfoDone(std::vector &infos) dumpCondition_.notify_all(); } -void AbilityRecord::GrantUriPermission(const Want &want) +void AbilityRecord::GrantUriPermissionForResult(const Want &want) const { HILOG_DEBUG("AbilityRecord::GrantUriPermission is called."); auto flags = want.GetFlags(); if (flags & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) { HILOG_INFO("Want to grant r/w permission of the uri"); auto targetTokenId = abilityInfo_.applicationInfo.accessTokenId; - auto abilityMgr = DelayedSingleton::GetInstance(); - if (abilityMgr) { - abilityMgr->GrantUriPermission(want, GetCurrentAccountId(), targetTokenId); + GrantUriPermission(want, GetCurrentAccountId(), targetTokenId); + } +} + +void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) const +{ + auto bms = AbilityUtil::GetBundleManager(); + CHECK_POINTER_IS_NULLPTR(bms); + auto&& uriStr = want.GetUri().ToString(); + auto&& uriVec = want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM); + uriVec.emplace_back(uriStr); + auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); + auto fromTokenId = IPCSkeleton::GetCallingTokenID(); + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + for (auto&& str : uriVec) { + Uri uri(str); + auto&& scheme = uri.GetScheme(); + HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); + // only support file scheme + if (scheme != "file") { + HILOG_WARN("only support file uri."); + continue; } + auto&& authority = uri.GetAuthority(); + HILOG_INFO("uri authority is %{public}s.", authority.c_str()); + AppExecFwk::BundleInfo uriBundleInfo; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, userId))) { + HILOG_WARN("To fail to get bundle info according to uri."); + continue; + } + if (uriBundleInfo.applicationInfo.accessTokenId != fromTokenId) { + HILOG_ERROR("the uri does not belong to caller."); + continue; + } + IN_PROCESS_CALL_WITHOUT_RET(upmClient->GrantUriPermission(uri, want.GetFlags(), fromTokenId, targetTokenId)); } } +void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId) const +{ + if ((want.GetFlags() & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { + HILOG_DEBUG("Do not call uriPermissionMgr."); + return; + } + + HILOG_DEBUG("Start to grant Uri permisson."); + auto bms = AbilityUtil::GetBundleManager(); + CHECK_POINTER_IS_NULLPTR(bms); + + auto bundleName = want.GetBundle(); + AppExecFwk::BundleInfo bundleInfo; + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, userId))) { + HILOG_ERROR("Get bundle info failed."); + return; + } + auto targetTokenId = bundleInfo.applicationInfo.accessTokenId; + GrantUriPermission(want, userId, targetTokenId); +} + +void AbilityRecord::RemoveUriPermission() const +{ + auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); + upmClient->RemoveUriPermission(applicationInfo_.accessTokenId); +} + void AbilityRecord::HandleDlpAttached() { if (abilityInfo_.bundleName == DLP_BUNDLE_NAME) { @@ -2278,7 +2343,7 @@ void AbilityRecord::HandleDlpClosed() } } -int AbilityRecord::GetCurrentAccountId() +int32_t AbilityRecord::GetCurrentAccountId() const { std::vector osActiveAccountIds; ErrCode ret = DelayedSingleton::GetInstance()-> diff --git a/services/abilitymgr/src/implicit_start_processor.cpp b/services/abilitymgr/src/implicit_start_processor.cpp index 30f1c313cfd..c6b3a9da2a9 100644 --- a/services/abilitymgr/src/implicit_start_processor.cpp +++ b/services/abilitymgr/src/implicit_start_processor.cpp @@ -67,13 +67,13 @@ int ImplicitStartProcessor::ImplicitStartAbility(AbilityRequest &request, int32_ return ret; } - auto startAbilityTask = [imp = shared_from_this(), request, userId, - identity = IPCSkeleton::ResetCallingIdentity()](const std::string& bundle, const std::string& abilityName) { + auto identity = IPCSkeleton::ResetCallingIdentity(); + auto startAbilityTask = [imp = shared_from_this(), request, userId, identity] + (const std::string& bundle, const std::string& abilityName) mutable { HILOG_INFO("implicit start ability call back."); - auto oldIdentity = identity; // reset calling indentity - IPCSkeleton::SetCallingIdentity(oldIdentity); + IPCSkeleton::SetCallingIdentity(identity); AAFwk::Want targetWant = request.want; targetWant.SetElementName(bundle, abilityName); @@ -99,6 +99,8 @@ int ImplicitStartProcessor::ImplicitStartAbility(AbilityRequest &request, int32_ HILOG_INFO("ImplicitQueryInfos success, Multiple apps to choose."); Want want = sysDialogScheduler->GetSelectorDialogWant(dialogAppInfos, request.want); auto abilityMgr = DelayedSingleton::GetInstance(); + // reset calling indentity + IPCSkeleton::SetCallingIdentity(identity); return abilityMgr->StartAbility(want); } diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 00eaa658c05..9a285ddebb8 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1775,6 +1775,7 @@ void MissionListManager::OnTimeOut(uint32_t msgId, int64_t eventId) return; } HILOG_DEBUG("Ability timeout ,msg:%{public}d,name:%{public}s", msgId, abilityRecord->GetAbilityInfo().name.c_str()); + abilityRecord->RemoveUriPermission(); #ifdef SUPPORT_GRAPHICS if (abilityRecord->IsStartingWindow()) { diff --git a/services/sa_profile/183.xml b/services/sa_profile/183.xml index bb0becc4b3f..1c5ef7e28e7 100644 --- a/services/sa_profile/183.xml +++ b/services/sa_profile/183.xml @@ -20,7 +20,7 @@ libupms.z.so - false + true false 1 diff --git a/services/uripermmgr/src/uri_permission_manager_service.cpp b/services/uripermmgr/src/uri_permission_manager_service.cpp index 8e14337bfba..d0bee404ede 100644 --- a/services/uripermmgr/src/uri_permission_manager_service.cpp +++ b/services/uripermmgr/src/uri_permission_manager_service.cpp @@ -23,6 +23,9 @@ namespace OHOS { namespace AAFwk { +const bool REGISTER_RESULT = + SystemAbility::MakeAndRegisterAbility(DelayedSingleton::GetInstance().get()); + UriPermissionManagerService::UriPermissionManagerService() : SystemAbility(URI_PERMISSION_MGR_SERVICE_ID, true) {} UriPermissionManagerService::~UriPermissionManagerService() diff --git a/test/fuzztest/abilitymanagerservicefirst_fuzzer/abilitymanagerservicefirst_fuzzer.cpp b/test/fuzztest/abilitymanagerservicefirst_fuzzer/abilitymanagerservicefirst_fuzzer.cpp index 80ae1b77937..d80121b5845 100755 --- a/test/fuzztest/abilitymanagerservicefirst_fuzzer/abilitymanagerservicefirst_fuzzer.cpp +++ b/test/fuzztest/abilitymanagerservicefirst_fuzzer/abilitymanagerservicefirst_fuzzer.cpp @@ -103,8 +103,6 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) abilityms->ReportEventToSuspendManager(abilityInfo); abilityms->StartExtensionAbility(*want, token, int32Param, extensionType); abilityms->StopExtensionAbility(*want, token, int32Param, extensionType); - abilityms->GrantUriPermission(*want, int32Param); - abilityms->GrantUriPermission(*want, int32Param, uint32Param); abilityms->TerminateAbility(token, intParam, want); abilityms->CloseAbility(token, intParam, want); abilityms->TerminateAbilityWithFlag(token, intParam, want, boolParam); diff --git a/test/unittest/ability_manager_service_test/BUILD.gn b/test/unittest/ability_manager_service_test/BUILD.gn index 978bf021d1b..445efbca525 100755 --- a/test/unittest/ability_manager_service_test/BUILD.gn +++ b/test/unittest/ability_manager_service_test/BUILD.gn @@ -29,7 +29,6 @@ ohos_unittest("ability_manager_service_test") { "${distributedschedule_path}/samgr/adapter/interfaces/innerkits/include/", "${ability_runtime_innerkits_path}/app_manager/include/appmgr", "${ability_runtime_test_path}/mock/frameworks_kits_ability_native_test/include", - "//foundation/ability/ability_runtime/interfaces/inner_api/uri_permission/include", "//foundation/resourceschedule/background_task_mgr/services/transient_task/include", "//foundation/arkui/ace_engine/frameworks", "//foundation/resourceschedule/resource_schedule_service/ressched/interfaces/innerkits/ressched_client/include", diff --git a/test/unittest/ability_manager_service_test/ability_manager_service_test.cpp b/test/unittest/ability_manager_service_test/ability_manager_service_test.cpp index 71a25966611..3d74e479839 100755 --- a/test/unittest/ability_manager_service_test/ability_manager_service_test.cpp +++ b/test/unittest/ability_manager_service_test/ability_manager_service_test.cpp @@ -547,42 +547,6 @@ HWTEST_F(AbilityManagerServiceTest, StopExtensionAbility_001, TestSize.Level1) HILOG_INFO("AbilityManagerServiceTest StopExtensionAbility_001 end"); } -/* - * Feature: AbilityManagerService - * Function: GrantUriPermission - * SubFunction: NA - * FunctionPoints: AbilityManagerService GrantUriPermission - */ -HWTEST_F(AbilityManagerServiceTest, GrantUriPermission_001, TestSize.Level1) -{ - HILOG_INFO("AbilityManagerServiceTest GrantUriPermission_001 start"); - Want want; - want.SetFlags(4); - abilityMs_->GrantUriPermission(want, 100); - - want.SetFlags(1); - abilityMs_->GrantUriPermission(want, 100); - HILOG_INFO("AbilityManagerServiceTest GrantUriPermission_001 end"); -} - -/* - * Feature: AbilityManagerService - * Function: GrantUriPermission - * SubFunction: NA - * FunctionPoints: AbilityManagerService GrantUriPermission - */ -HWTEST_F(AbilityManagerServiceTest, GrantUriPermission_002, TestSize.Level1) -{ - HILOG_INFO("AbilityManagerServiceTest GrantUriPermission_002 start"); - Want want; - want.SetFlags(4); - abilityMs_->GrantUriPermission(want, 100, 1); - - want.SetFlags(1); - abilityMs_->GrantUriPermission(want, 100, 1); - HILOG_INFO("AbilityManagerServiceTest GrantUriPermission_002 end"); -} - /* * Feature: AbilityManagerService * Function: TerminateAbility diff --git a/test/unittest/ability_record_test/ability_record_test.cpp b/test/unittest/ability_record_test/ability_record_test.cpp index 0ebdf34d23d..8b083a77f6a 100644 --- a/test/unittest/ability_record_test/ability_record_test.cpp +++ b/test/unittest/ability_record_test/ability_record_test.cpp @@ -2302,7 +2302,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_001, TestSize.Level std::shared_ptr abilityRecord = GetAbilityRecord(); Want want; want.SetFlags(1); - abilityRecord->GrantUriPermission(want); + int32_t userId = 101; + abilityRecord->GrantUriPermission(want, userId); } /* -- Gitee From acd2672fad595bcb97dd2981fed4a4874e5574ad Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Sat, 28 Jan 2023 01:43:26 +0000 Subject: [PATCH 02/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 126 ++++++++++++++++++ .../include/uri_permission_manager_client.h | 10 ++ .../uri_permission_manager_interface.h | 12 ++ .../include/uri_permission_manager_proxy.h | 2 + .../src/uri_permission_manager_client.cpp | 10 ++ .../src/uri_permission_manager_proxy.cpp | 29 ++++ .../src/uri_permission_manager_stub.cpp | 12 ++ .../uri_permission_manager_stub_impl.h | 2 + .../src/uri_permission_manager_stub_impl.cpp | 46 +++++++ 9 files changed, 249 insertions(+) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index dec6bb95de0..529d81d146c 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -40,9 +40,133 @@ public: return (me != nullptr) ? me->OnGrantUriPermission(*engine, *info) : nullptr; } + static NativeValue* GrantUriPermissionFromSelf(NativeEngine* engine, NativeCallbackInfo* info) + { + JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); + return (me != nullptr) ? me->OnGrantUriPermissionFromSelf(*engine, *info) : nullptr; + } + private: NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { + constexpr int32_t argCountFour = 4; + constexpr int32_t argCountFive = 5; + // only support 4 or 5 params (4 parameter and 1 optional callback) + if (info.argc != argCountFive && info.argc != argCountFour) { + HILOG_ERROR("Invalid arguments"); + ThrowTooFewParametersError(engine); + return engine.CreateUndefined(); + } + std::vector> args; + for (size_t i = 0; i < info.argc; ++i) { + args.emplace_back(engine.CreateReference(info.argv[i], 1)); + } + HILOG_DEBUG("Grant Uri Permission start"); + + AsyncTask::CompleteCallback complete = + [args, argCountFour, argCountFive](NativeEngine& engine, AsyncTask& task, int32_t status) { + if (args.size() != argCountFive && args.size() != argCountFour) { + HILOG_ERROR("Wrong number of parameters."); + task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); + return; + } + + std::string uriStr; + if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { + HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); + return; + } + + int flag = 0; + if (!ConvertFromJsValue(engine, args[1]->Get(), flag)) { + HILOG_ERROR("%{public}s called, the second parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "flag conversion failed.")); + return; + } + + int fromAccessTokenId = 0; + if (!ConvertFromJsValue(engine, args[2]->Get(), fromAccessTokenId)) { + HILOG_ERROR("%{public}s called, the third parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "fromAccessTokenId conversion failed.")); + return; + } + + int targetAccessTokenId = 0; + if (!ConvertFromJsValue(engine, args[3]->Get(), targetAccessTokenId)) { + HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + return; + } + + Uri uri(uriStr); + AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, + fromAccessTokenId, targetAccessTokenId); + task.Resolve(engine, CreateJsValue(engine, 0)); + }; + + NativeValue* lastParam = (info.argc == argCountFive) ? info.argv[argCountFour] : nullptr; + NativeValue* result = nullptr; + AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", + engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); + return engine.CreateUndefined(); + } + + NativeValue* OnGrantUriPermissionFromSelf(NativeEngine& engine, NativeCallbackInfo& info) + { + constexpr int32_t argCountThree = 3; + constexpr int32_t argCountFour = 4; + // only support 3 or 4 params (4 parameter and 1 optional callback) + if (info.argc != argCountThree && info.argc != argCountFour) { + HILOG_ERROR("Invalid arguments"); + ThrowTooFewParametersError(engine); + return engine.CreateUndefined(); + } + std::vector> args; + for (size_t i = 0; i < info.argc; ++i) { + args.emplace_back(engine.CreateReference(info.argv[i], 1)); + } + HILOG_DEBUG("Grant Uri Permission start"); + + AsyncTask::CompleteCallback complete = + [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { + if (args.size() != argCountThree && args.size() != argCountFour) { + HILOG_ERROR("Wrong number of parameters."); + task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); + return; + } + + std::string uriStr; + if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { + HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); + return; + } + + int flag = 0; + if (!ConvertFromJsValue(engine, args[1]->Get(), flag)) { + HILOG_ERROR("%{public}s called, the second parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "flag conversion failed.")); + return; + } + + int targetAccessTokenId = 0; + if (!ConvertFromJsValue(engine, args[2]->Get(), targetAccessTokenId)) { + HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + return; + } + + Uri uri(uriStr); + AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermissionFromSelf(uri, + flag, targetAccessTokenId); + task.Resolve(engine, CreateJsValue(engine, 0)); + }; + + NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; + NativeValue* result = nullptr; + AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", + engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); return engine.CreateUndefined(); } }; @@ -66,6 +190,8 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) const char *moduleName = "JsUriPermMgr"; BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); + BindNativeFunction(*engine, *object, "grantUriPermissionFromSelf", + moduleName, JsUriPermMgr::GrantUriPermissionFromSelf); return engine->CreateUndefined(); } } // namespace AbilityRuntime diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 5e30c0b2c8c..29c2e6df53d 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -41,6 +41,16 @@ public: */ void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId); + + /** + * @brief Authorize the uri permission from self to targetTokenId. + * + * @param uri The file uri. + * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. + * @param targetTokenId The user of uri. + */ + void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId); /** * @brief Check whether the tokenId has URI permissions. diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 17b286a2363..aaa39388694 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -37,6 +37,16 @@ public: virtual void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) = 0; + + /** + * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * + * @param uri The file uri. + * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. + * @param targetTokenId The user of uri. + */ + virtual void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) = 0; /** * @brief Check whether the tokenId has URI permissions. @@ -65,6 +75,8 @@ public: // ipc id for RemoveUriPermission ON_REMOVE_URI_PERMISSION, + + ON_GRANT_URI_PERMISSION_FROM_SELF, }; }; } // namespace AAFwk diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 053572817b0..837defa3ac6 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -29,6 +29,8 @@ public: virtual void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; + virtual void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) override; virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 7b8b3a48129..104e64b097c 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -32,6 +32,16 @@ void UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int } } +void UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) +{ + HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); + auto uriPermMgr = ConnectUriPermService(); + if (uriPermMgr) { + uriPermMgr->GrantUriPermission(uri, flag, targetTokenId, targetTokenId); + } +} + bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 7602099ae43..2726cc56687 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -56,6 +56,35 @@ void UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int } } +void UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) +{ + HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermissionFromSelf is called."); + MessageParcel data; + if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { + HILOG_ERROR("Write interface token failed."); + return; + } + if (!data.WriteParcelable(&uri)) { + HILOG_ERROR("Write uri failed."); + return; + } + if (!data.WriteInt32(flag)) { + HILOG_ERROR("Write flag failed."); + return; + } + if (!data.WriteInt32(targetTokenId)) { + HILOG_ERROR("Write targetTokenId failed."); + return; + } + MessageParcel reply; + MessageOption option; + int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF, data, reply, option); + if (error != ERR_OK) { + HILOG_ERROR("SendRequest fial, error: %{public}d", error); + } +} + bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 81d6ab6e58a..6cf7d2049c7 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -41,6 +41,18 @@ int UriPermissionManagerStub::OnRemoteRequest( GrantUriPermission(*uri, flag, fromTokenId, targetTokenId); break; } + case UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF : { + std::unique_ptr uri(data.ReadParcelable()); + if (!uri) { + errCode = ERR_DEAD_OBJECT; + HILOG_ERROR("To read uri failed."); + break; + } + auto flag = data.ReadInt32(); + auto targetTokenId = data.ReadInt32(); + GrantUriPermissionFromSelf(*uri, flag, targetTokenId); + break; + } case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { std::unique_ptr uri(data.ReadParcelable()); if (!uri) { diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 02e54bf10df..fac78ee0cf0 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -40,6 +40,8 @@ public: void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; + void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) override; bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 1259d220d0a..f3583a0c076 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -76,6 +76,52 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i infoList.emplace_back(info); } +void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) +{ + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); + if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + HILOG_DEBUG("caller tokenType is not native, verify failure."); + return; + } + + if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); + return; + } + unsigned int tmpFlag = 0; + if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { + tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; + } else { + tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; + } + + auto uriStr = uri.ToString(); + std::lock_guard guard(mutex_); + auto search = uriMap_.find(uriStr); + GrantInfo info = { tmpFlag, callerTokenId, targetTokenId }; + if (search == uriMap_.end()) { + HILOG_INFO("uri is not exist, add uri and GrantInfo to map."); + std::list infoList = { info }; + uriMap_.emplace(uriStr, infoList); + return; + } + auto& infoList = search->second; + for (auto& item : infoList) { + if (item.fromTokenId == callerTokenId && item.targetTokenId == targetTokenId) { + if ((tmpFlag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) != 0) { + item.flag = tmpFlag; + } + HILOG_INFO("uri permission has granted, not to grant again."); + return; + } + } + HILOG_DEBUG("uri is exist, add GrantInfo to list."); + infoList.emplace_back(info); +} + bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { -- Gitee From c9926ca75be249e99f38eff47b2cc830b1f04be7 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Sat, 28 Jan 2023 12:36:09 +0000 Subject: [PATCH 03/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/common/include/permission_constants.h | 1 + services/uripermmgr/BUILD.gn | 6 ++++-- .../uripermmgr/src/uri_permission_manager_stub_impl.cpp | 9 +++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/services/common/include/permission_constants.h b/services/common/include/permission_constants.h index 9e8159bacee..940be3c9f0d 100644 --- a/services/common/include/permission_constants.h +++ b/services/common/include/permission_constants.h @@ -35,6 +35,7 @@ constexpr const char* PERMISSION_START_ABILITIES_FROM_BACKGROUND = "ohos.permiss constexpr const char* PERMISSION_START_ABILIIES_FROM_BACKGROUND = "ohos.permission.START_ABILIIES_FROM_BACKGROUND"; constexpr const char* PERMISSION_ABILITY_BACKGROUND_COMMUNICATION = "ohos.permission.ABILITY_BACKGROUND_COMMUNICATION"; constexpr const char* PERMISSION_MANAGER_ABILITY_FROM_GATEWAY = "ohos.permission.MANAGER_ABILITY_FROM_GATEWAY"; +constexpr const char* PERMISSION_PROXY_AUTHORIZATION_URI = "ohos.permission.PROXY_AUTHORIZATION_URI"; } // namespace PermissionConstants } // namespace AAFwk } // namespace OHOS diff --git a/services/uripermmgr/BUILD.gn b/services/uripermmgr/BUILD.gn index 2e676064870..055560937da 100644 --- a/services/uripermmgr/BUILD.gn +++ b/services/uripermmgr/BUILD.gn @@ -33,8 +33,10 @@ ohos_shared_library("libupms") { "src/uri_permission_manager_stub_impl.cpp", ] - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_services_path}/common:perm_verification", + ] external_deps = [ "ability_base:want", diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f3583a0c076..ed92e4ada85 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -22,6 +22,8 @@ #include "ipc_skeleton.h" #include "iservice_registry.h" #include "os_account_manager_wrapper.h" +#include "permission_constants.h" +#include "permission_verification.h" #include "singleton.h" #include "system_ability_definition.h" #include "want.h" @@ -41,6 +43,13 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i return; } + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (!permission) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); + return; + } + if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); return; -- Gitee From 374981f619bdd759841eccae45d7867825727495 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 1 Feb 2023 01:09:16 +0000 Subject: [PATCH 04/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../src/uri_permission_manager_client.cpp | 2 +- services/abilitymgr/src/ability_record.cpp | 4 +- .../src/uri_permission_manager_stub_impl.cpp | 48 ++++++++++++------- 3 files changed, 35 insertions(+), 19 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 104e64b097c..95651e67a52 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -38,7 +38,7 @@ void UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsi HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->GrantUriPermission(uri, flag, targetTokenId, targetTokenId); + uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetTokenId); } } diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 3ae6e3c95e8..7fa82cfeb9b 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -2274,8 +2274,8 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_ auto&& scheme = uri.GetScheme(); HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); // only support file scheme - if (scheme != "file") { - HILOG_WARN("only support file uri."); + if (scheme != "file" && scheme != "dataShare") { + HILOG_WARN("only support file or dataShare uri."); continue; } auto&& authority = uri.GetAuthority(); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index ed92e4ada85..5f56776b400 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -36,18 +36,16 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - HILOG_DEBUG("caller tokenType is not native, verify failure."); - return; - } - - auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( - AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); - if (!permission) { - HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); - return; + HILOG_DEBUG("caller tokenType is not native, verifying proxy authorization permission"); + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (!permission) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); + return; + } } if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { @@ -90,16 +88,34 @@ void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); - if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - HILOG_DEBUG("caller tokenType is not native, verify failure."); - return; - } if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); return; } + + auto bms = ConnectBundleManager(); + Uri uri_inner = uri; + auto&& scheme = uri_inner.GetScheme(); + HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); + // only support file or dataShare scheme + if (scheme != "file" && scheme != "dataShare") { + HILOG_WARN("only support file or dataShare uri."); + return; + } + auto&& authority = uri_inner.GetAuthority(); + HILOG_INFO("uri authority is %{public}s.", authority.c_str()); + AppExecFwk::BundleInfo uriBundleInfo; + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info according to uri."); + return; + } + if (uriBundleInfo.applicationInfo.accessTokenId != callerTokenId) { + HILOG_ERROR("the uri does not belong to caller."); + return; + } + unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; @@ -266,4 +282,4 @@ int UriPermissionManagerStubImpl::GetCurrentAccountId() return osActiveAccountIds.front(); } } // namespace AAFwk -} // namespace OHOS +} // namespace OHOS \ No newline at end of file -- Gitee From f01834515e746f74094d5337ef1641040389f02d Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 1 Feb 2023 08:40:15 +0000 Subject: [PATCH 05/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/abilitymgr/src/ability_record.cpp | 24 +---- .../uri_permission_manager_stub_impl.h | 1 + .../src/uri_permission_manager_stub_impl.cpp | 93 +++++++------------ 3 files changed, 35 insertions(+), 83 deletions(-) diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 7fa82cfeb9b..985e4c4f99c 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -2261,35 +2261,13 @@ void AbilityRecord::GrantUriPermissionForResult(const Want &want) const void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) const { - auto bms = AbilityUtil::GetBundleManager(); - CHECK_POINTER_IS_NULLPTR(bms); auto&& uriStr = want.GetUri().ToString(); auto&& uriVec = want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM); uriVec.emplace_back(uriStr); auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); - auto fromTokenId = IPCSkeleton::GetCallingTokenID(); - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; for (auto&& str : uriVec) { Uri uri(str); - auto&& scheme = uri.GetScheme(); - HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); - // only support file scheme - if (scheme != "file" && scheme != "dataShare") { - HILOG_WARN("only support file or dataShare uri."); - continue; - } - auto&& authority = uri.GetAuthority(); - HILOG_INFO("uri authority is %{public}s.", authority.c_str()); - AppExecFwk::BundleInfo uriBundleInfo; - if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, userId))) { - HILOG_WARN("To fail to get bundle info according to uri."); - continue; - } - if (uriBundleInfo.applicationInfo.accessTokenId != fromTokenId) { - HILOG_ERROR("the uri does not belong to caller."); - continue; - } - IN_PROCESS_CALL_WITHOUT_RET(upmClient->GrantUriPermission(uri, want.GetFlags(), fromTokenId, targetTokenId)); + IN_PROCESS_CALL_WITHOUT_RET(upmClient->GrantUriPermissionFromSelf(uri, want.GetFlags(), targetTokenId)); } } diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index fac78ee0cf0..2539aaaab41 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -31,6 +31,7 @@ struct GrantInfo { unsigned int flag; const unsigned int fromTokenId; const unsigned int targetTokenId; + unsigned int autoremove; }; class UriPermissionManagerStubImpl : public UriPermissionManagerStub, public std::enable_shared_from_this { diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 5f56776b400..25cf6c14ccc 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -37,15 +37,13 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); - if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - HILOG_DEBUG("caller tokenType is not native, verifying proxy authorization permission"); - auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( - AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); - if (!permission) { - HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); - return; - } + + // only uri with proxy authorization permission or from process itself can be granted + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (!permission && (fromTokenId != callerTokenId)) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); + return; } if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { @@ -59,50 +57,8 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } - auto uriStr = uri.ToString(); - std::lock_guard guard(mutex_); - auto search = uriMap_.find(uriStr); - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; - if (search == uriMap_.end()) { - HILOG_INFO("uri is not exist, add uri and GrantInfo to map."); - std::list infoList = { info }; - uriMap_.emplace(uriStr, infoList); - return; - } - auto& infoList = search->second; - for (auto& item : infoList) { - if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) { - if ((tmpFlag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) != 0) { - item.flag = tmpFlag; - } - HILOG_INFO("uri permission has granted, not to grant again."); - return; - } - } - HILOG_DEBUG("uri is exist, add GrantInfo to list."); - infoList.emplace_back(info); -} - -void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) -{ - auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - - if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { - HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return; - } - auto bms = ConnectBundleManager(); Uri uri_inner = uri; - auto&& scheme = uri_inner.GetScheme(); - HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); - // only support file or dataShare scheme - if (scheme != "file" && scheme != "dataShare") { - HILOG_WARN("only support file or dataShare uri."); - return; - } auto&& authority = uri_inner.GetAuthority(); HILOG_INFO("uri authority is %{public}s.", authority.c_str()); AppExecFwk::BundleInfo uriBundleInfo; @@ -115,18 +71,26 @@ void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un HILOG_ERROR("the uri does not belong to caller."); return; } - - unsigned int tmpFlag = 0; - if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { - tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; - } else { - tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; + auto&& scheme = uri_inner.GetScheme(); + HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); + // only support file or dataShare scheme + if (scheme != "file" && scheme != "dataShare") { + HILOG_WARN("only support file or dataShare uri."); + return; } auto uriStr = uri.ToString(); std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); - GrantInfo info = { tmpFlag, callerTokenId, targetTokenId }; + unsigned int autoremove = 0; + // auto remove URI permission for clipboard + Security::AccessToken::NativeTokenInfo nativeInfo; + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(fromTokenId, nativeInfo); + HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); + if (nativeInfo.processName == "pasteboard_serv") { + autoremove = 1; + } + GrantInfo info = { tmpFlag, callerTokenId, targetTokenId, autoremove }; if (search == uriMap_.end()) { HILOG_INFO("uri is not exist, add uri and GrantInfo to map."); std::list infoList = { info }; @@ -135,7 +99,7 @@ void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un } auto& infoList = search->second; for (auto& item : infoList) { - if (item.fromTokenId == callerTokenId && item.targetTokenId == targetTokenId) { + if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) { if ((tmpFlag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) != 0) { item.flag = tmpFlag; } @@ -147,6 +111,15 @@ void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un infoList.emplace_back(info); } +void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) +{ + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + + GrantUriPermission(uri, flag, callerTokenId, targetTokenId); +} + bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { @@ -206,7 +179,7 @@ void UriPermissionManagerStubImpl::RemoveUriPermission(const Security::AccessTok for (auto iter = uriMap_.begin(); iter != uriMap_.end();) { auto& list = iter->second; for (auto it = list.begin(); it != list.end(); it++) { - if (it->targetTokenId == tokenId) { + if (it->targetTokenId == tokenId && it->autoremove) { HILOG_INFO("Erase an info form list."); list.erase(it); break; -- Gitee From 9fb83a2e9e9d189756643b43f274e820f777d65c Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 7 Feb 2023 02:36:27 +0000 Subject: [PATCH 06/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 51 +++++++++++++++++++ .../include/uri_permission_manager_client.h | 9 +++- .../uri_permission_manager_interface.h | 11 +++- .../include/uri_permission_manager_proxy.h | 1 + .../src/uri_permission_manager_client.cpp | 9 ++++ .../src/uri_permission_manager_proxy.cpp | 20 ++++++++ .../src/uri_permission_manager_stub.cpp | 5 ++ .../uri_permission_manager_stub_impl.h | 1 + .../src/uri_permission_manager_stub_impl.cpp | 20 ++++++++ 9 files changed, 125 insertions(+), 2 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 529d81d146c..1e9ae39bfc4 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -46,6 +46,12 @@ public: return (me != nullptr) ? me->OnGrantUriPermissionFromSelf(*engine, *info) : nullptr; } + static NativeValue* RemoveUriPermission(NativeEngine* engine, NativeCallbackInfo* info) + { + JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); + return (me != nullptr) ? me->OnRemoveUriPermission(*engine, *info) : nullptr; + } + private: NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { @@ -169,6 +175,50 @@ private: engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); return engine.CreateUndefined(); } + + NativeValue* OnRemoveUriPermission(NativeEngine& engine, NativeCallbackInfo& info) + { + constexpr int32_t argCountOne = 1; + constexpr int32_t argCountTwo = 2; + // only support 3 or 4 params (4 parameter and 1 optional callback) + if (info.argc != argCountOne && info.argc != argCountTwo) { + HILOG_ERROR("Invalid arguments"); + ThrowTooFewParametersError(engine); + return engine.CreateUndefined(); + } + std::vector> args; + for (size_t i = 0; i < info.argc; ++i) { + args.emplace_back(engine.CreateReference(info.argv[i], 1)); + } + HILOG_DEBUG("Remove Uri Permission start"); + + AsyncTask::CompleteCallback complete = + [args, argCountOne, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { + if (args.size() != argCountOne && args.size() != argCountTwo) { + HILOG_ERROR("Wrong number of parameters."); + task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); + return; + } + + std::string uriStr; + int tokenId = 0; + if (!ConvertFromJsValue(engine, args[0]->Get(), tokenId)) { + HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + return; + } + + Uri uri(uriStr); + AAFwk::UriPermissionManagerClient::GetInstance()->RemoveUriPermissionManually(tokenId); + task.Resolve(engine, CreateJsValue(engine, 0)); + }; + + NativeValue* lastParam = (info.argc == argCountTwo) ? info.argv[argCountOne] : nullptr; + NativeValue* result = nullptr; + AsyncTask::Schedule("JsUriPermMgr::OnRemoveUriPermission", + engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); + return engine.CreateUndefined(); + } }; NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) @@ -192,6 +242,7 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); BindNativeFunction(*engine, *object, "grantUriPermissionFromSelf", moduleName, JsUriPermMgr::GrantUriPermissionFromSelf); + BindNativeFunction(*engine, *object, "RemoveUriPermission", moduleName, JsUriPermMgr::RemoveUriPermission); return engine->CreateUndefined(); } } // namespace AbilityRuntime diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 29c2e6df53d..fe7bfd714a9 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -63,12 +63,19 @@ public: bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId); /** - * @brief Clear user's uri authorization record. + * @brief Clear user's uri authorization record with auto remove flag. * * @param tokenId A tokenId of an application. */ void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId); + /** + * @brief Clear user's uri authorization record. + * + * @param tokenId A tokenId of an application. + */ + void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId); + private: sptr ConnectUriPermService(); void ClearProxy(); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index aaa39388694..b3149a479b4 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -60,12 +60,19 @@ public: const Security::AccessToken::AccessTokenID tokenId) = 0; /** - * @brief Clear user's uri authorization record. + * @brief Clear user's uri authorization record with autoremove flag. * * @param tokenId A tokenId of an application. */ virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; + /** + * @brief Clear user's uri authorization record. + * + * @param tokenId A tokenId of an application. + */ + virtual void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) = 0; + enum UriPermMgrCmd { // ipc id for GrantUriPermission ON_GRANT_URI_PERMISSION = 0, @@ -76,6 +83,8 @@ public: // ipc id for RemoveUriPermission ON_REMOVE_URI_PERMISSION, + ON_REMOVE_URI_PERMISSION_MANUALLY, + ON_GRANT_URI_PERMISSION_FROM_SELF, }; }; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 837defa3ac6..31a5fbb4534 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -36,6 +36,7 @@ public: const Security::AccessToken::AccessTokenID tokenId) override; virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; private: static inline BrokerDelegator delegator_; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 95651e67a52..076d8381cce 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -62,6 +62,15 @@ void UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken } } +void UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +{ + HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); + auto uriPermMgr = ConnectUriPermService(); + if (uriPermMgr) { + uriPermMgr->RemoveUriPermissionManually(tokenId); + } +} + sptr UriPermissionManagerClient::ConnectUriPermService() { HILOG_DEBUG("UriPermissionManagerClient::ConnectUriPermService is called."); diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 2726cc56687..65997de62bc 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -135,5 +135,25 @@ void UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken: HILOG_ERROR("SendRequest fail, error: %{public}d", error); } } + +void UriPermissionManagerProxy::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +{ + HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermissionManually is called."); + MessageParcel data; + if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { + HILOG_ERROR("Write interface token failed."); + return; + } + if (!data.WriteInt32(tokenId)) { + HILOG_ERROR("Write AccessTokenID failed."); + return; + } + MessageParcel reply; + MessageOption option; + int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY, data, reply, option); + if (error != ERR_OK) { + HILOG_ERROR("SendRequest fail, error: %{public}d", error); + } +} } // namespace AAFwk } // namespace OHOS diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 6cf7d2049c7..02abddb49cc 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -73,6 +73,11 @@ int UriPermissionManagerStub::OnRemoteRequest( RemoveUriPermission(tokenId); break; } + case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY : { + auto tokenId = data.ReadInt32(); + RemoveUriPermissionManually(tokenId); + break; + } default: return IPCObjectStub::OnRemoteRequest(code, data, reply, option); } diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 2539aaaab41..f2a045fd08b 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -48,6 +48,7 @@ public: const Security::AccessToken::AccessTokenID tokenId) override; void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; private: sptr ConnectBundleManager(); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 25cf6c14ccc..6c5fc4341ee 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -193,6 +193,26 @@ void UriPermissionManagerStubImpl::RemoveUriPermission(const Security::AccessTok } } +void UriPermissionManagerStubImpl::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +{ + std::lock_guard guard(mutex_); + for (auto iter = uriMap_.begin(); iter != uriMap_.end();) { + auto& list = iter->second; + for (auto it = list.begin(); it != list.end(); it++) { + if (it->targetTokenId == tokenId) { + HILOG_INFO("Erase an info form list."); + list.erase(it); + break; + } + } + if (list.size() == 0) { + uriMap_.erase(iter++); + } else { + iter++; + } + } +} + sptr UriPermissionManagerStubImpl::ConnectBundleManager() { HILOG_DEBUG("%{public}s is called.", __func__); -- Gitee From c64c490df51a14a6023be17a77499c3cebfa8baf Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 20 Feb 2023 02:58:04 +0000 Subject: [PATCH 07/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/abilitymgr/src/ability_record.cpp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 30fdaa3be9c..af648490f0f 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -239,10 +239,6 @@ int AbilityRecord::LoadAbility() return ERR_INVALID_VALUE; } -<<<<<<< HEAD - GrantUriPermission(want_, GetCurrentAccountId()); -======= ->>>>>>> main/master if (isRestarting_) { restartTime_ = AbilityUtil::SystemTimeMillis(); } -- Gitee From 40e80bc5eff253f31406b0bf921aadc892b87ab6 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 20 Feb 2023 03:29:41 +0000 Subject: [PATCH 08/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/BUILD.gn | 3 +-- services/uripermmgr/src/uri_permission_manager_stub_impl.cpp | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/uripermmgr/BUILD.gn b/services/uripermmgr/BUILD.gn index 018ab8be16f..2766f309e19 100644 --- a/services/uripermmgr/BUILD.gn +++ b/services/uripermmgr/BUILD.gn @@ -67,8 +67,7 @@ ohos_static_library("libupms_static") { sources = libupms_sources - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] external_deps = [ "ability_base:want", diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 677eb4699c4..bef909b230c 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -81,6 +81,7 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } auto uriStr = uri.ToString(); + auto storageMgrProxy = ConnectStorageManager(); auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, tmpFlag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); -- Gitee From ccc29732f744a82309927342b4e55f18e7aa84d6 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 20 Feb 2023 07:00:32 +0000 Subject: [PATCH 09/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/BUILD.gn | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/uripermmgr/BUILD.gn b/services/uripermmgr/BUILD.gn index 2766f309e19..e5acfc37bc2 100644 --- a/services/uripermmgr/BUILD.gn +++ b/services/uripermmgr/BUILD.gn @@ -67,7 +67,10 @@ ohos_static_library("libupms_static") { sources = libupms_sources - deps = [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps = [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_services_path}/common:perm_verification", + ] external_deps = [ "ability_base:want", -- Gitee From ec3619217ca4f24266f85b68b2958bdc6cd2acb1 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 20 Feb 2023 07:44:31 +0000 Subject: [PATCH 10/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/BUILD.gn | 2 +- .../uripermissionmanager_fuzzer.cpp | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/services/uripermmgr/BUILD.gn b/services/uripermmgr/BUILD.gn index e5acfc37bc2..4117be5aa4a 100644 --- a/services/uripermmgr/BUILD.gn +++ b/services/uripermmgr/BUILD.gn @@ -36,7 +36,7 @@ ohos_shared_library("libupms") { sources = libupms_sources - deps = [ + deps = [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", "${ability_runtime_services_path}/common:perm_verification", ] diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 171dbfd195c..1b932711602 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -41,6 +41,9 @@ public: const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override {} + void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + const Security::AccessToken::AccessTokenID targetTokenId) override + {} bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override { @@ -48,6 +51,8 @@ public: } void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override {} + void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override + {} }; uint32_t GetU32Data(const char* ptr) -- Gitee From 559aa2ecbf93bc822261217b371783ba23ed8bb5 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 01:27:17 +0000 Subject: [PATCH 11/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 6 +-- .../include/uri_permission_manager_client.h | 8 ++-- .../uri_permission_manager_interface.h | 12 ++++-- .../include/uri_permission_manager_proxy.h | 8 ++-- .../src/uri_permission_manager_client.cpp | 8 ++-- .../src/uri_permission_manager_proxy.cpp | 42 +++++++++++-------- .../src/uri_permission_manager_stub.cpp | 22 +++++++--- .../uri_permission_manager_stub_impl.h | 8 ++-- .../src/uri_permission_manager_stub_impl.cpp | 33 ++++++++------- 9 files changed, 87 insertions(+), 60 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 1e9ae39bfc4..79732273bba 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -115,7 +115,7 @@ private: NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); - return engine.CreateUndefined(); + return result; } NativeValue* OnGrantUriPermissionFromSelf(NativeEngine& engine, NativeCallbackInfo& info) @@ -173,7 +173,7 @@ private: NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); - return engine.CreateUndefined(); + return result; } NativeValue* OnRemoveUriPermission(NativeEngine& engine, NativeCallbackInfo& info) @@ -217,7 +217,7 @@ private: NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnRemoveUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); - return engine.CreateUndefined(); + return result; } }; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index fe7bfd714a9..9da5c0f9b74 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -39,7 +39,7 @@ public: * @param fromTokenId The owner of uri. * @param targetTokenId The user of uri. */ - void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId); /** @@ -49,7 +49,7 @@ public: * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. * @param targetTokenId The user of uri. */ - void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId); /** @@ -67,14 +67,14 @@ public: * * @param tokenId A tokenId of an application. */ - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId); + bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId); /** * @brief Clear user's uri authorization record. * * @param tokenId A tokenId of an application. */ - void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId); + bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId); private: sptr ConnectUriPermService(); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index b3149a479b4..b9bf5e0baae 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -33,8 +33,9 @@ public: * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. * @param fromTokenId The owner of uri. * @param targetTokenId The user of uri. + * @return Returns true if the authorization is successful, otherwise returns false. */ - virtual void GrantUriPermission(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) = 0; @@ -44,8 +45,9 @@ public: * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. * @param targetTokenId The user of uri. + * @return Returns true if the authorization is successful, otherwise returns false. */ - virtual void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) = 0; /** @@ -63,15 +65,17 @@ public: * @brief Clear user's uri authorization record with autoremove flag. * * @param tokenId A tokenId of an application. + * @return Returns true if the remove is successful, otherwise returns false. */ - virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; /** * @brief Clear user's uri authorization record. * * @param tokenId A tokenId of an application. + * @return Returns true if the remove is successful, otherwise returns false. */ - virtual void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) = 0; enum UriPermMgrCmd { // ipc id for GrantUriPermission diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 31a5fbb4534..3797062ed1e 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -26,17 +26,17 @@ public: explicit UriPermissionManagerProxy(const sptr &impl); virtual ~UriPermissionManagerProxy() = default; - virtual void GrantUriPermission(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; - virtual void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) override; virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - virtual void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - virtual void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; + virtual bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; private: static inline BrokerDelegator delegator_; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 076d8381cce..4f99f966b19 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -22,7 +22,7 @@ namespace OHOS { namespace AAFwk { -void UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); @@ -32,7 +32,7 @@ void UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int } } -void UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, +bool UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); @@ -53,7 +53,7 @@ bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned in return false; } -void UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); @@ -62,7 +62,7 @@ void UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken } } -void UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 65997de62bc..e332188cde2 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -23,66 +23,70 @@ namespace AAFwk { UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr &impl) : IRemoteProxy(impl) {} -void UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return false; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return; + return false; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return; + return false; } if (!data.WriteInt32(fromTokenId)) { HILOG_ERROR("Write fromTokenId failed."); - return; + return false; } if (!data.WriteInt32(targetTokenId)) { HILOG_ERROR("Write targetTokenId failed."); - return; + return false; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); + return false; } + return true; } -void UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, +bool UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermissionFromSelf is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return false; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return; + return false; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return; + return false; } if (!data.WriteInt32(targetTokenId)) { HILOG_ERROR("Write targetTokenId failed."); - return; + return false; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); + return false; } + return true; } bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -116,44 +120,48 @@ bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int return true; } -void UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return false; } if (!data.WriteInt32(tokenId)) { HILOG_ERROR("Write AccessTokenID failed."); - return; + return false; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); + return false; } + return true; } -void UriPermissionManagerProxy::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerProxy::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermissionManually is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return false; } if (!data.WriteInt32(tokenId)) { HILOG_ERROR("Write AccessTokenID failed."); - return; + return false; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); + return false; } + return true; } } // namespace AAFwk } // namespace OHOS diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 02abddb49cc..77988b8bc89 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -38,7 +38,10 @@ int UriPermissionManagerStub::OnRemoteRequest( auto flag = data.ReadInt32(); auto fromTokenId = data.ReadInt32(); auto targetTokenId = data.ReadInt32(); - GrantUriPermission(*uri, flag, fromTokenId, targetTokenId); + if (!GrantUriPermission(*uri, flag, fromTokenId, targetTokenId)) { + errCode = ERR_INVALID_OPERATION; + HILOG_ERROR("To grant uri permission failed."); + } break; } case UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF : { @@ -49,8 +52,11 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto flag = data.ReadInt32(); - auto targetTokenId = data.ReadInt32(); - GrantUriPermissionFromSelf(*uri, flag, targetTokenId); + auto targetTokenId = data.ReadInt32(); + if (!GrantUriPermissionFromSelf(*uri, flag, targetTokenId)) { + errCode = ERR_INVALID_OPERATION; + HILOG_ERROR("To grant uri permission failed."); + } break; } case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { @@ -70,12 +76,18 @@ int UriPermissionManagerStub::OnRemoteRequest( } case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION : { auto tokenId = data.ReadInt32(); - RemoveUriPermission(tokenId); + if (!RemoveUriPermission(tokenId)) { + errCode = ERR_INVALID_OPERATION; + HILOG_ERROR("To grant uri permission failed."); + } break; } case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY : { auto tokenId = data.ReadInt32(); - RemoveUriPermissionManually(tokenId); + if (RemoveUriPermissionManually(tokenId)) { + errCode = ERR_INVALID_OPERATION; + HILOG_ERROR("To grant uri permission failed."); + } break; } default: diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 6117a427f6d..dc34495bb31 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -41,16 +41,16 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; - void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) override; bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; + bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; private: sptr ConnectBundleManager(); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index bef909b230c..9bd5015dc64 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -33,7 +33,7 @@ namespace AAFwk { const int32_t DEFAULT_USER_ID = 0; using TokenId = Security::AccessToken::AccessTokenID; -void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, const TokenId fromTokenId, const TokenId targetTokenId) { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); @@ -44,12 +44,12 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); if (!permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); - return; + return false; } if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return; + return false; } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { @@ -66,18 +66,18 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); - return; + return false; } if (uriBundleInfo.applicationInfo.accessTokenId != callerTokenId) { HILOG_ERROR("the uri does not belong to caller."); - return; + return false; } auto&& scheme = uri_inner.GetScheme(); HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); // only support file or dataShare scheme if (scheme != "file" && scheme != "dataShare") { HILOG_WARN("only support file or dataShare uri."); - return; + return false; } auto uriStr = uri.ToString(); @@ -85,7 +85,7 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, tmpFlag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); - return; + return false; } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); @@ -101,7 +101,7 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); - return; + return true; } auto& infoList = search->second; for (auto& item : infoList) { @@ -111,19 +111,20 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i item.flag = tmpFlag; } HILOG_INFO("uri permission has granted, not to grant again."); - return; + return true; } } infoList.emplace_back(info); + return true; } -void UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, +bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - GrantUriPermission(uri, flag, callerTokenId, targetTokenId); + return GrantUriPermission(uri, flag, callerTokenId, targetTokenId); } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -179,7 +180,7 @@ bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned return false; } -void UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) +bool UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); std::vector uriList; @@ -206,15 +207,16 @@ void UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return; + return false; } if (!uriList.empty()) { storageMgrProxy->DeleteShareFile(tokenId, uriList); } + return true; } -void UriPermissionManagerStubImpl::RemoveUriPermissionManually(const TokenId tokenId) +bool UriPermissionManagerStubImpl::RemoveUriPermissionManually(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission manually."); std::vector uriList; @@ -241,12 +243,13 @@ void UriPermissionManagerStubImpl::RemoveUriPermissionManually(const TokenId tok auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return; + return false; } if (!uriList.empty()) { storageMgrProxy->DeleteShareFile(tokenId, uriList); } + return true; } sptr UriPermissionManagerStubImpl::ConnectBundleManager() -- Gitee From 5fe4ede326c7c815e3b3adedb7c0db73ede241fe Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 01:49:46 +0000 Subject: [PATCH 12/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../uripermissionmanager_fuzzer.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 1b932711602..4c3a74c0d49 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -37,11 +37,11 @@ public: UriPermissionManagerStubFuzzTest() = default; virtual ~UriPermissionManagerStubFuzzTest() {} - void GrantUriPermission(const Uri &uri, unsigned int flag, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override {} - void GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, + bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) override {} bool VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -49,9 +49,9 @@ public: { return true; } - void RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override + bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override {} - void RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override + bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override {} }; -- Gitee From d8bfc8a2aa438ae22c3d389e7fb316d48096b362 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 02:03:16 +0000 Subject: [PATCH 13/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../src/uri_permission_manager_client.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index bbbd7b066f5..147fe732f7f 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -39,8 +39,9 @@ bool UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsi HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetTokenId); + return uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetTokenId); } + return false; } bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -59,8 +60,10 @@ bool UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->RemoveUriPermission(tokenId); + return uriPermMgr->RemoveUriPermission(tokenId); } + return false; +} } bool UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) @@ -68,8 +71,9 @@ bool UriPermissionManagerClient::RemoveUriPermissionManually(const Security::Acc HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->RemoveUriPermissionManually(tokenId); + return uriPermMgr->RemoveUriPermissionManually(tokenId); } + return false; } sptr UriPermissionManagerClient::ConnectUriPermService() -- Gitee From 5e4eb264c69639ddc0129778c8fee7872a8c47cc Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 02:28:47 +0000 Subject: [PATCH 14/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../src/uri_permission_manager_client.cpp | 1 - q | 150 ++++++++++++++++++ .../src/uri_permission_manager_stub_impl.cpp | 1 + 3 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 q diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 147fe732f7f..583cc0b5a30 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -64,7 +64,6 @@ bool UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken } return false; } -} bool UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) { diff --git a/q b/q new file mode 100644 index 00000000000..d8fd1852c6e --- /dev/null +++ b/q @@ -0,0 +1,150 @@ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 1) /* +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 2) * Copyright (c) 2021 Huawei Device Co., Ltd. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 3) * Licensed under the Apache License, Version 2.0 (the "License"); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 4) * you may not use this file except in compliance with the License. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 5) * You may obtain a copy of the License at +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 6) * +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 7) * http://www.apache.org/licenses/LICENSE-2.0 +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 8) * +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 9) * Unless required by applicable law or agreed to in writing, software +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 10) * distributed under the License is distributed on an "AS IS" BASIS, +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 11) * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 12) * See the License for the specific language governing permissions and +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 13) * limitations under the License. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 14) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 15) +2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 16) #ifndef OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H +2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 17) #define OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 18) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 19) #include +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 20) #include +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 21) #include +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 22) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 23) #include "nocopyable.h" +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 24) #include "client_socket.h" +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 25) #include "shared_package/base_shared_package_info.h" +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 26) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 27) namespace OHOS { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 28) namespace AppExecFwk { +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 29) using AppSpawnMsg = AppSpawn::ClientSocket::AppProperty; +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 30) using HspList = std::vector; +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 31) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 32) struct AppSpawnStartMsg { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 33) int32_t uid; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 34) int32_t gid; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 35) std::vector gids; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 36) std::string procName; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 37) std::string soPath; +04f88e4266 (jerry 2022-01-25 04:44:20 +0000 38) uint32_t accessTokenId; +04f88e4266 (jerry 2022-01-25 04:44:20 +0000 39) std::string apl; +4518391eef (jerry 2022-02-11 01:23:40 +0000 40) std::string bundleName; +f2efb88342 (bigpumpkin 2022-03-04 18:25:21 +0800 41) std::string renderParam; // only nweb spawn need this param. +a13aa96ccf (jsjzju 2022-04-20 15:47:09 +0800 42) int32_t pid; +a13aa96ccf (jsjzju 2022-04-20 15:47:09 +0800 43) int32_t code = 0; // 0: DEFAULT; 1: GET_RENDER_TERMINATION_STATUS +e141ea545f (unknown 2022-04-24 19:57:49 +0800 44) uint32_t flags; +a7efdcddfa (Zhang Qilong 2022-06-28 15:43:05 +0800 45) int32_t bundleIndex; // when dlp launch another app used, default is 0 +cd6282495a (maosiping 2022-07-27 11:24:29 +0800 46) uint8_t setAllowInternet; +c0fbcb72f9 (zhongjianfei 2022-09-24 11:23:40 +0800 47) uint8_t allowInternet; // hap socket allowed +cd6282495a (maosiping 2022-07-27 11:24:29 +0800 48) uint8_t reserved1; +cd6282495a (maosiping 2022-07-27 11:24:29 +0800 49) uint8_t reserved2; +1759915252 (gongyuechen 2022-11-22 03:10:16 +0000 50) uint64_t accessTokenIdEx; +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 51) HspList hspList; // list of harmony shared package +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 52) }; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 53) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 54) constexpr auto LEN_PID = sizeof(pid_t); +e141ea545f (unknown 2022-04-24 19:57:49 +0800 55) struct StartFlags { +999274ae7f (unknown 2022-04-25 15:19:22 +0800 56) static const int COLD_START = 0; +999274ae7f (unknown 2022-04-25 15:19:22 +0800 57) static const int BACKUP_EXTENSION = 1; +68b33aa116 (Lin Qiheng 2022-06-28 10:00:56 +0800 58) static const int DLP_MANAGER = 2; +2af7f4d897 (wangzhen 2023-02-13 07:36:12 +0000 59) static const int DEBUGGABLE = 3; +e141ea545f (unknown 2022-04-24 19:57:49 +0800 60) }; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 61) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 62) union AppSpawnPidMsg { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 63) pid_t pid = 0; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 64) char pidBuf[LEN_PID]; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 65) }; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 66) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 67) class AppSpawnMsgWrapper { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 68) public: +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 69) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 70) * Constructor. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 71) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 72) AppSpawnMsgWrapper() = default; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 73) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 74) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 75) * Destructor +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 76) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 77) ~AppSpawnMsgWrapper(); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 78) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 79) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 80) * Disable copy. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 81) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 82) DISALLOW_COPY_AND_MOVE(AppSpawnMsgWrapper); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 83) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 84) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 85) * Verify message and assign to member variable. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 86) * +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 87) * @param startMsg, request message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 88) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 89) bool AssembleMsg(const AppSpawnStartMsg &startMsg); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 90) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 91) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 92) * Get function, return isValid_. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 93) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 94) bool IsValid() const +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 95) { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 96) return isValid_; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 97) } +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 98) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 99) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 100) * Get function, return member variable message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 101) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 102) const void *GetMsgBuf() const +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 103) { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 104) return reinterpret_cast(msg_); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 105) } +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 106) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 107) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 108) * Get function, return message length. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 109) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 110) int32_t GetMsgLength() const +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 111) { +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 112) return isValid_ ? sizeof(AppSpawnMsg) : 0; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 113) } +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 114) +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 115) /** +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 116) * Get function, return hsp list string +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 117) */ +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 118) const std::string& GetHspListStr() const { +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 119) return hspListStr; +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 120) } +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 121) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 122) private: +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 123) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 124) * Verify message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 125) * +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 126) * @param startMsg, request message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 127) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 128) bool VerifyMsg(const AppSpawnStartMsg &startMsg) const; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 129) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 130) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 131) * Print message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 132) * +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 133) * @param startMsg, request message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 134) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 135) void DumpMsg() const; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 136) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 137) /** +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 138) * Release message. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 139) */ +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 140) void FreeMsg(); +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 141) +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 142) private: +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 143) bool isValid_ = false; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 144) // because AppSpawnMsg's size is uncertain, so should use raw pointer. +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 145) AppSpawnMsg *msg_ = nullptr; +7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 146) std::string hspListStr; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 147) }; +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 148) } // namespace AppExecFwk +144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 149) } // namespace OHOS +2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 150) #endif // OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index b6e07cf7629..e36c13e675b 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -78,6 +78,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (scheme != "file" && scheme != "dataShare") { HILOG_WARN("only support file or dataShare uri."); return false; + } auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); -- Gitee From f001f3b7252007cc96c74225fd0e44e2f1cdc880 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 03:26:35 +0000 Subject: [PATCH 15/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- q | 150 -------------------------------------------------------------- 1 file changed, 150 deletions(-) delete mode 100644 q diff --git a/q b/q deleted file mode 100644 index d8fd1852c6e..00000000000 --- a/q +++ /dev/null @@ -1,150 +0,0 @@ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 1) /* -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 2) * Copyright (c) 2021 Huawei Device Co., Ltd. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 3) * Licensed under the Apache License, Version 2.0 (the "License"); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 4) * you may not use this file except in compliance with the License. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 5) * You may obtain a copy of the License at -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 6) * -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 7) * http://www.apache.org/licenses/LICENSE-2.0 -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 8) * -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 9) * Unless required by applicable law or agreed to in writing, software -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 10) * distributed under the License is distributed on an "AS IS" BASIS, -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 11) * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 12) * See the License for the specific language governing permissions and -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 13) * limitations under the License. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 14) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 15) -2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 16) #ifndef OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H -2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 17) #define OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 18) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 19) #include -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 20) #include -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 21) #include -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 22) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 23) #include "nocopyable.h" -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 24) #include "client_socket.h" -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 25) #include "shared_package/base_shared_package_info.h" -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 26) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 27) namespace OHOS { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 28) namespace AppExecFwk { -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 29) using AppSpawnMsg = AppSpawn::ClientSocket::AppProperty; -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 30) using HspList = std::vector; -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 31) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 32) struct AppSpawnStartMsg { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 33) int32_t uid; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 34) int32_t gid; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 35) std::vector gids; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 36) std::string procName; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 37) std::string soPath; -04f88e4266 (jerry 2022-01-25 04:44:20 +0000 38) uint32_t accessTokenId; -04f88e4266 (jerry 2022-01-25 04:44:20 +0000 39) std::string apl; -4518391eef (jerry 2022-02-11 01:23:40 +0000 40) std::string bundleName; -f2efb88342 (bigpumpkin 2022-03-04 18:25:21 +0800 41) std::string renderParam; // only nweb spawn need this param. -a13aa96ccf (jsjzju 2022-04-20 15:47:09 +0800 42) int32_t pid; -a13aa96ccf (jsjzju 2022-04-20 15:47:09 +0800 43) int32_t code = 0; // 0: DEFAULT; 1: GET_RENDER_TERMINATION_STATUS -e141ea545f (unknown 2022-04-24 19:57:49 +0800 44) uint32_t flags; -a7efdcddfa (Zhang Qilong 2022-06-28 15:43:05 +0800 45) int32_t bundleIndex; // when dlp launch another app used, default is 0 -cd6282495a (maosiping 2022-07-27 11:24:29 +0800 46) uint8_t setAllowInternet; -c0fbcb72f9 (zhongjianfei 2022-09-24 11:23:40 +0800 47) uint8_t allowInternet; // hap socket allowed -cd6282495a (maosiping 2022-07-27 11:24:29 +0800 48) uint8_t reserved1; -cd6282495a (maosiping 2022-07-27 11:24:29 +0800 49) uint8_t reserved2; -1759915252 (gongyuechen 2022-11-22 03:10:16 +0000 50) uint64_t accessTokenIdEx; -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 51) HspList hspList; // list of harmony shared package -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 52) }; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 53) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 54) constexpr auto LEN_PID = sizeof(pid_t); -e141ea545f (unknown 2022-04-24 19:57:49 +0800 55) struct StartFlags { -999274ae7f (unknown 2022-04-25 15:19:22 +0800 56) static const int COLD_START = 0; -999274ae7f (unknown 2022-04-25 15:19:22 +0800 57) static const int BACKUP_EXTENSION = 1; -68b33aa116 (Lin Qiheng 2022-06-28 10:00:56 +0800 58) static const int DLP_MANAGER = 2; -2af7f4d897 (wangzhen 2023-02-13 07:36:12 +0000 59) static const int DEBUGGABLE = 3; -e141ea545f (unknown 2022-04-24 19:57:49 +0800 60) }; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 61) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 62) union AppSpawnPidMsg { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 63) pid_t pid = 0; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 64) char pidBuf[LEN_PID]; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 65) }; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 66) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 67) class AppSpawnMsgWrapper { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 68) public: -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 69) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 70) * Constructor. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 71) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 72) AppSpawnMsgWrapper() = default; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 73) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 74) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 75) * Destructor -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 76) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 77) ~AppSpawnMsgWrapper(); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 78) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 79) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 80) * Disable copy. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 81) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 82) DISALLOW_COPY_AND_MOVE(AppSpawnMsgWrapper); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 83) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 84) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 85) * Verify message and assign to member variable. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 86) * -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 87) * @param startMsg, request message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 88) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 89) bool AssembleMsg(const AppSpawnStartMsg &startMsg); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 90) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 91) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 92) * Get function, return isValid_. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 93) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 94) bool IsValid() const -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 95) { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 96) return isValid_; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 97) } -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 98) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 99) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 100) * Get function, return member variable message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 101) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 102) const void *GetMsgBuf() const -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 103) { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 104) return reinterpret_cast(msg_); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 105) } -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 106) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 107) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 108) * Get function, return message length. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 109) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 110) int32_t GetMsgLength() const -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 111) { -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 112) return isValid_ ? sizeof(AppSpawnMsg) : 0; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 113) } -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 114) -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 115) /** -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 116) * Get function, return hsp list string -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 117) */ -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 118) const std::string& GetHspListStr() const { -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 119) return hspListStr; -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 120) } -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 121) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 122) private: -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 123) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 124) * Verify message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 125) * -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 126) * @param startMsg, request message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 127) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 128) bool VerifyMsg(const AppSpawnStartMsg &startMsg) const; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 129) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 130) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 131) * Print message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 132) * -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 133) * @param startMsg, request message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 134) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 135) void DumpMsg() const; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 136) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 137) /** -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 138) * Release message. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 139) */ -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 140) void FreeMsg(); -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 141) -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 142) private: -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 143) bool isValid_ = false; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 144) // because AppSpawnMsg's size is uncertain, so should use raw pointer. -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 145) AppSpawnMsg *msg_ = nullptr; -7dca8e4f0d (yangmingliang 2022-12-15 11:03:43 +0800 146) std::string hspListStr; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 147) }; -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 148) } // namespace AppExecFwk -144b31720d (hanhaibin 2022-01-19 16:24:52 +0800 149) } // namespace OHOS -2f6afc061c (黄师伟 2022-07-15 19:38:20 +0800 150) #endif // OHOS_ABILITY_RUNTIME_APP_SPAWN_MSG_WRAPPER_H -- Gitee From f9fee2fe17c9680aafa94b80ef37b5dc89131809 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Feb 2023 06:25:05 +0000 Subject: [PATCH 16/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../uripermissionmanager_fuzzer.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 4c3a74c0d49..ba47be164be 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -40,19 +40,27 @@ public: bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override - {} + { + return true; + } bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID targetTokenId) override - {} + { + return true; + } bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override { return true; } bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override - {} + { + return true; + } bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override - {} + { + return true; + } }; uint32_t GetU32Data(const char* ptr) -- Gitee From cb5b8dfca1ce9507c5ba7d786775354dedc4d4af Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 2 Mar 2023 11:22:00 +0000 Subject: [PATCH 17/52] uri permission by bundle name Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/BUILD.gn | 1 + .../napi/uri_permission/js_uri_perm_mgr.cpp | 48 ++++++----- .../include/uri_permission_manager_client.h | 26 +++--- .../uri_permission_manager_interface.h | 33 ++++---- .../include/uri_permission_manager_proxy.h | 11 +-- .../src/uri_permission_manager_client.cpp | 20 ++--- .../src/uri_permission_manager_proxy.cpp | 40 +++++---- .../src/uri_permission_manager_stub.cpp | 31 ++++--- services/abilitymgr/include/ability_record.h | 4 +- services/abilitymgr/src/ability_record.cpp | 42 ++++++++-- .../abilitymgr/src/mission_list_manager.cpp | 4 +- .../uri_permission_manager_stub_impl.h | 12 +-- .../src/uri_permission_manager_stub_impl.cpp | 83 ++++++++++++------- .../uripermissionmanager_fuzzer.cpp | 11 +-- .../ability_record_test.cpp | 30 +++---- .../uri_permission_impl_test.cpp | 63 ++++++++------ .../uri_permission_test.cpp | 18 ++-- 17 files changed, 286 insertions(+), 191 deletions(-) diff --git a/frameworks/js/napi/uri_permission/BUILD.gn b/frameworks/js/napi/uri_permission/BUILD.gn index 6d151f2bd6b..a0e5ab46cc7 100644 --- a/frameworks/js/napi/uri_permission/BUILD.gn +++ b/frameworks/js/napi/uri_permission/BUILD.gn @@ -31,6 +31,7 @@ ohos_shared_library("uripermissionmanager_napi") { "ability_base:zuri", "ability_runtime:abilitykit_native", "ability_runtime:runtime", + "bundle_framework:appexecfwk_base", "c_utils:utils", "hiviewdfx_hilog_native:libhilog", ] diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 79732273bba..53977e5797b 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -46,10 +46,10 @@ public: return (me != nullptr) ? me->OnGrantUriPermissionFromSelf(*engine, *info) : nullptr; } - static NativeValue* RemoveUriPermission(NativeEngine* engine, NativeCallbackInfo* info) + static NativeValue* RevokeUriPermission(NativeEngine* engine, NativeCallbackInfo* info) { JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); - return (me != nullptr) ? me->OnRemoveUriPermission(*engine, *info) : nullptr; + return (me != nullptr) ? me->OnRevokeUriPermission(*engine, *info) : nullptr; } private: @@ -91,23 +91,24 @@ private: return; } - int fromAccessTokenId = 0; - if (!ConvertFromJsValue(engine, args[2]->Get(), fromAccessTokenId)) { + std::string fromBundleName; + if (!ConvertFromJsValue(engine, args[2]->Get(), fromBundleName)) { HILOG_ERROR("%{public}s called, the third parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "fromAccessTokenId conversion failed.")); + task.Reject(engine, CreateJsError(engine, -1, "fromBundleName conversion failed.")); return; } - int targetAccessTokenId = 0; - if (!ConvertFromJsValue(engine, args[3]->Get(), targetAccessTokenId)) { + std::string targetBundleName; + if (!ConvertFromJsValue(engine, args[3]->Get(), targetBundleName)) { HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + task.Reject(engine, CreateJsError(engine, -1, "targetBundleName conversion failed.")); return; } Uri uri(uriStr); + int autoremove = 0; AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, - fromAccessTokenId, targetAccessTokenId); + fromBundleName, targetBundleName, autoremove); task.Resolve(engine, CreateJsValue(engine, 0)); }; @@ -156,19 +157,19 @@ private: return; } - int targetAccessTokenId = 0; - if (!ConvertFromJsValue(engine, args[2]->Get(), targetAccessTokenId)) { + std::string targetBundleName; + if (!ConvertFromJsValue(engine, args[2]->Get(), targetBundleName)) { HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + task.Reject(engine, CreateJsError(engine, -1, "targetBundleName conversion failed.")); return; } + Uri uri(uriStr); AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermissionFromSelf(uri, - flag, targetAccessTokenId); + flag, targetBundleName); task.Resolve(engine, CreateJsValue(engine, 0)); }; - NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", @@ -176,7 +177,7 @@ private: return result; } - NativeValue* OnRemoveUriPermission(NativeEngine& engine, NativeCallbackInfo& info) + NativeValue* OnRevokeUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { constexpr int32_t argCountOne = 1; constexpr int32_t argCountTwo = 2; @@ -201,21 +202,26 @@ private: } std::string uriStr; - int tokenId = 0; - if (!ConvertFromJsValue(engine, args[0]->Get(), tokenId)) { + if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { + HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); + task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); + return; + } + std::string bundleName; + if (!ConvertFromJsValue(engine, args[0]->Get(), bundleName)) { HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "targetAccessTokenId conversion failed.")); + task.Reject(engine, CreateJsError(engine, -1, "BundleName conversion failed.")); return; } Uri uri(uriStr); - AAFwk::UriPermissionManagerClient::GetInstance()->RemoveUriPermissionManually(tokenId); + AAFwk::UriPermissionManagerClient::GetInstance()->RevokeUriPermissionManually(uri, bundleName); task.Resolve(engine, CreateJsValue(engine, 0)); }; NativeValue* lastParam = (info.argc == argCountTwo) ? info.argv[argCountOne] : nullptr; NativeValue* result = nullptr; - AsyncTask::Schedule("JsUriPermMgr::OnRemoveUriPermission", + AsyncTask::Schedule("JsUriPermMgr::OnRevokeUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); return result; } @@ -242,7 +248,7 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); BindNativeFunction(*engine, *object, "grantUriPermissionFromSelf", moduleName, JsUriPermMgr::GrantUriPermissionFromSelf); - BindNativeFunction(*engine, *object, "RemoveUriPermission", moduleName, JsUriPermMgr::RemoveUriPermission); + BindNativeFunction(*engine, *object, "RevokeUriPermission", moduleName, JsUriPermMgr::RevokeUriPermission); return engine->CreateUndefined(); } } // namespace AbilityRuntime diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 9da5c0f9b74..024f17a4a02 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -32,25 +32,26 @@ public: ~UriPermissionManagerClient() = default; /** - * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * @brief Authorize the uri permission of fromBundleName to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromTokenId The owner of uri. - * @param targetTokenId The user of uri. + * @param fromBundleName The owner of uri. + * @param targetBundleName The user of uri. + * @param autoremove the uri is temperarily or not */ - bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId); + bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string fromBundleName, + const std::string targetBundleName, int autoremove); /** - * @brief Authorize the uri permission from self to targetTokenId. + * @brief Authorize the uri permission from self to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param targetTokenId The user of uri. + * @param targetBundleName The user of uri. */ bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId); + const std::string targetBundleName); /** * @brief Check whether the tokenId has URI permissions. @@ -67,14 +68,15 @@ public: * * @param tokenId A tokenId of an application. */ - bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId); + bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId); /** * @brief Clear user's uri authorization record. - * - * @param tokenId A tokenId of an application. + * + * @param uri The file uri. + * @param BundleName A BundleName of an application. */ - bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId); + bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName); private: sptr ConnectUriPermService(); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index b9bf5e0baae..c469970105c 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -25,30 +25,32 @@ namespace AAFwk { class IUriPermissionManager : public IRemoteBroker { public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); - + /** - * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * @brief Authorize the uri permission of fromBundleName to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromTokenId The owner of uri. - * @param targetTokenId The user of uri. + * @param fromBundleName The owner of uri. + * @param targetBundleName The user of uri. + * @param autoremove the uri is temperarily or not * @return Returns true if the authorization is successful, otherwise returns false. */ virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) = 0; + const std::string fromBundleName, + const std::string targetBundleName, + int autoremove) = 0; /** - * @brief Authorize the uri permission of fromTokenId to targetTokenId. + * @brief Authorize the uri permission of self to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param targetTokenId The user of uri. + * @param targetBundleName The user of uri. * @return Returns true if the authorization is successful, otherwise returns false. */ virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) = 0; + const std::string targetBundleName) = 0; /** * @brief Check whether the tokenId has URI permissions. @@ -67,15 +69,16 @@ public: * @param tokenId A tokenId of an application. * @return Returns true if the remove is successful, otherwise returns false. */ - virtual bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; /** * @brief Clear user's uri authorization record. * - * @param tokenId A tokenId of an application. + * @param uri The file uri. + * @param bundleName bundleName of an application. * @return Returns true if the remove is successful, otherwise returns false. */ - virtual bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) = 0; enum UriPermMgrCmd { // ipc id for GrantUriPermission @@ -84,10 +87,10 @@ public: // ipc id for VerifyUriPermission ON_VERIFY_URI_PERMISSION, - // ipc id for RemoveUriPermission - ON_REMOVE_URI_PERMISSION, + // ipc id for RevokeUriPermission + ON_REVOKE_URI_PERMISSION, - ON_REMOVE_URI_PERMISSION_MANUALLY, + ON_REVOKE_URI_PERMISSION_MANUALLY, ON_GRANT_URI_PERMISSION_FROM_SELF, }; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 3797062ed1e..5d750785582 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -27,16 +27,17 @@ public: virtual ~UriPermissionManagerProxy() = default; virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override; + const std::string fromBundleName, + const std::string targetBundleName, + int autoremove) override; virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) override; + const std::string targetBundleName) override; virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - virtual bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - virtual bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; + virtual bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: static inline BrokerDelegator delegator_; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 583cc0b5a30..9a074e33b0f 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -23,23 +23,23 @@ namespace OHOS { namespace AAFwk { bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) + const std::string fromBundleName, const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + return uriPermMgr->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); } return false; } bool UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) + const std::string targetBundleName) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetTokenId); + return uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetBundleName); } return false; } @@ -55,22 +55,22 @@ bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned in return false; } -bool UriPermissionManagerClient::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { - HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->RemoveUriPermission(tokenId); + return uriPermMgr->RevokeUriPermission(tokenId); } return false; } -bool UriPermissionManagerClient::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { - HILOG_DEBUG("UriPermissionManagerClient::RemoveUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermissionManually is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->RemoveUriPermissionManually(tokenId); + return uriPermMgr->RevokeUriPermissionManually(uri, bundleName); } return false; } diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index e332188cde2..2f3327e036d 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -24,7 +24,7 @@ UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr & : IRemoteProxy(impl) {} bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) + const std::string fromBundleName, const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; @@ -40,12 +40,16 @@ bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int HILOG_ERROR("Write flag failed."); return false; } - if (!data.WriteInt32(fromTokenId)) { - HILOG_ERROR("Write fromTokenId failed."); + if (!data.WriteString(fromBundleName)) { + HILOG_ERROR("Write fromBundleName failed."); return false; } - if (!data.WriteInt32(targetTokenId)) { - HILOG_ERROR("Write targetTokenId failed."); + if (!data.WriteString(targetBundleName)) { + HILOG_ERROR("Write targetBundleName failed."); + return false; + } + if (!data.WriteInt32(autoremove)) { + HILOG_ERROR("Write autoremove failed."); return false; } MessageParcel reply; @@ -59,7 +63,7 @@ bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int } bool UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) + const std::string targetBundleName) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermissionFromSelf is called."); MessageParcel data; @@ -75,8 +79,8 @@ bool UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsig HILOG_ERROR("Write flag failed."); return false; } - if (!data.WriteInt32(targetTokenId)) { - HILOG_ERROR("Write targetTokenId failed."); + if (!data.WriteString(targetBundleName)) { + HILOG_ERROR("Write targetBundleName failed."); return false; } MessageParcel reply; @@ -120,9 +124,9 @@ bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int return true; } -bool UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { - HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermission is called."); + HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); @@ -134,7 +138,7 @@ bool UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken: } MessageParcel reply; MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION, data, reply, option); + int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); return false; @@ -142,21 +146,25 @@ bool UriPermissionManagerProxy::RemoveUriPermission(const Security::AccessToken: return true; } -bool UriPermissionManagerProxy::RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) +bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { - HILOG_DEBUG("UriPermissionManagerProxy::RemoveUriPermissionManually is called."); + HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermissionManually is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); return false; } - if (!data.WriteInt32(tokenId)) { - HILOG_ERROR("Write AccessTokenID failed."); + if (!data.WriteParcelable(&uri)) { + HILOG_ERROR("Write uri failed."); + return false; + } + if (!data.WriteString(bundleName)) { + HILOG_ERROR("Write bundleName failed."); return false; } MessageParcel reply; MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY, data, reply, option); + int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); return false; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 77988b8bc89..652a1b6f2ad 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -36,9 +36,10 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto flag = data.ReadInt32(); - auto fromTokenId = data.ReadInt32(); - auto targetTokenId = data.ReadInt32(); - if (!GrantUriPermission(*uri, flag, fromTokenId, targetTokenId)) { + auto fromBundleName = data.ReadString(); + auto targetBundleName = data.ReadString(); + auto autoremove = data.ReadInt32(); + if (!GrantUriPermission(*uri, flag, fromBundleName, targetBundleName, autoremove)) { errCode = ERR_INVALID_OPERATION; HILOG_ERROR("To grant uri permission failed."); } @@ -52,8 +53,8 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto flag = data.ReadInt32(); - auto targetTokenId = data.ReadInt32(); - if (!GrantUriPermissionFromSelf(*uri, flag, targetTokenId)) { + auto targetBundleName = data.ReadString(); + if (!GrantUriPermissionFromSelf(*uri, flag, targetBundleName)) { errCode = ERR_INVALID_OPERATION; HILOG_ERROR("To grant uri permission failed."); } @@ -74,19 +75,25 @@ int UriPermissionManagerStub::OnRemoteRequest( } break; } - case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION : { + case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION : { auto tokenId = data.ReadInt32(); - if (!RemoveUriPermission(tokenId)) { + if (!RevokeUriPermission(tokenId)) { errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To grant uri permission failed."); + HILOG_ERROR("To revoke uri permission failed."); } break; } - case UriPermMgrCmd::ON_REMOVE_URI_PERMISSION_MANUALLY : { - auto tokenId = data.ReadInt32(); - if (RemoveUriPermissionManually(tokenId)) { + case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY : { + std::unique_ptr uri(data.ReadParcelable()); + if (!uri) { + errCode = ERR_DEAD_OBJECT; + HILOG_ERROR("To read uri failed."); + break; + } + auto bundleName = data.ReadString(); + if (RevokeUriPermissionManually(*uri, bundleName)) { errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To grant uri permission failed."); + HILOG_ERROR("To revoke uri permission failed."); } break; } diff --git a/services/abilitymgr/include/ability_record.h b/services/abilitymgr/include/ability_record.h index 65f18abeb3e..4517ee8fc89 100644 --- a/services/abilitymgr/include/ability_record.h +++ b/services/abilitymgr/include/ability_record.h @@ -825,7 +825,7 @@ public: void SetNeedBackToOtherMissionStack(bool isNeedBackToOtherMissionStack); std::shared_ptr GetOtherMissionStackAbilityRecord() const; void SetOtherMissionStackAbilityRecord(const std::shared_ptr &abilityRecord); - void RemoveUriPermission(); + void RevokeUriPermission(); protected: void SendEvent(uint32_t msg, uint32_t timeOut); @@ -844,7 +844,7 @@ private: */ void GetAbilityTypeString(std::string &typeStr); void OnSchedulerDied(const wptr &remote); - void GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId); + void GrantUriPermission(const Want &want, int32_t userId, std::string targetBundleName); int32_t GetCurrentAccountId() const; /** diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 9a833b0907c..b437a5183fa 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -484,7 +484,15 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::string element = GetWant().GetElement().GetURI(); HILOG_DEBUG("SUPPORT_GRAPHICS: ability record: %{public}s", element.c_str()); - GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + auto callerUid = IPCSkeleton::GetCallingUid(); + HILOG_DEBUG("callerPid : %{public}u", callerUid); + + auto bms = AbilityUtil::GetBundleManager(); + std::string targetBundleName; + if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + HILOG_ERROR("Get targetBundleName name by uid failed."); + } + GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); if (isReady_) { auto handler = DelayedSingleton::GetInstance()->GetEventHandler(); @@ -1197,7 +1205,7 @@ void AbilityRecord::Terminate(const Closure &task) // earlier than above actions. currentState_ = AbilityState::TERMINATING; lifecycleDeal_->Terminate(want_, lifeCycleStateInfo_); - RemoveUriPermission(); + RevokeUriPermission(); } void AbilityRecord::ConnectAbility() @@ -1275,7 +1283,12 @@ void AbilityRecord::SendResult() std::lock_guard guard(lock_); CHECK_POINTER(scheduler_); CHECK_POINTER(result_); - GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + auto bms = AbilityUtil::GetBundleManager(); + std::string targetBundleName; + if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + HILOG_ERROR("Get targetBundleName name by uid failed."); + } + GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), targetBundleName); scheduler_->SendResult(result_->requestCode_, result_->resultCode_, result_->resultWant_); // reset result to avoid send result next time result_.reset(); @@ -1757,7 +1770,7 @@ void AbilityRecord::OnSchedulerDied(const wptr &remote) return; } - RemoveUriPermission(); + RevokeUriPermission(); if (scheduler_ != nullptr && schedulerDeathRecipient_ != nullptr) { auto schedulerObject = scheduler_->AsObject(); if (schedulerObject != nullptr) { @@ -2047,7 +2060,12 @@ void AbilityRecord::CallRequest() HILOG_INFO("Call Request."); CHECK_POINTER(scheduler_); - GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); + auto bms = AbilityUtil::GetBundleManager(); + std::string targetBundleName; + if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + HILOG_ERROR("Get targetBundleName name by uid failed."); + } + GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); // Async call request scheduler_->CallRequest(); } @@ -2203,7 +2221,7 @@ void AbilityRecord::DumpAbilityInfoDone(std::vector &infos) dumpCondition_.notify_all(); } -void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) +void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, std::string targetBundleName) { if ((want.GetFlags() & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("Do not call uriPermissionMgr."); @@ -2217,6 +2235,11 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_ auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; auto fromTokenId = IPCSkeleton::GetCallingTokenID(); + auto fromUid = GetUid(); + std::string fromBundleName; + if(!bms->GetBundleNameForUid(fromUid, fromBundleName)) { + HILOG_ERROR("Get fromBundleName name by uid failed."); + } for (auto&& str : uriVec) { Uri uri(str); auto&& scheme = uri.GetScheme(); @@ -2238,20 +2261,21 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_ HILOG_ERROR("the uri does not belong to caller."); continue; } + int autoremove = 1; auto ret = IN_PROCESS_CALL(upmClient->GrantUriPermission(uri, want.GetFlags(), - callerAccessTokenId_, targetTokenId)); + fromBundleName, targetBundleName, autoremove)); if (ret) { isGrantedUriPermission_ = true; } } } -void AbilityRecord::RemoveUriPermission() +void AbilityRecord::RevokeUriPermission() { if (isGrantedUriPermission_) { HILOG_DEBUG("To remove uri permission."); auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); - upmClient->RemoveUriPermission(applicationInfo_.accessTokenId); + upmClient->RevokeUriPermission(applicationInfo_.accessTokenId); isGrantedUriPermission_ = false; } } diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 2958e8bf52d..671af7d3c8b 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1488,7 +1488,7 @@ void MissionListManager::CompleteTerminateAndUpdateMission(const std::shared_ptr CHECK_POINTER(abilityRecord); for (auto it : terminateAbilityList_) { if (it == abilityRecord) { - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); terminateAbilityList_.remove(it); // update inner mission info time bool excludeFromMissions = abilityRecord->GetAbilityInfo().excludeFromMissions; @@ -1809,7 +1809,7 @@ void MissionListManager::OnTimeOut(uint32_t msgId, int64_t eventId) return; } HILOG_DEBUG("Ability timeout ,msg:%{public}d,name:%{public}s", msgId, abilityRecord->GetAbilityInfo().name.c_str()); - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); #ifdef SUPPORT_GRAPHICS if (abilityRecord->IsStartingWindow()) { diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index dc34495bb31..5a0c049d9cf 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -33,7 +33,7 @@ struct GrantInfo { unsigned int flag; const unsigned int fromTokenId; const unsigned int targetTokenId; - unsigned int autoremove; + int autoremove; }; class UriPermissionManagerStubImpl : public UriPermissionManagerStub, public std::enable_shared_from_this { @@ -41,16 +41,16 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override; + bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string fromBundleName, + const std::string targetBundleName, int autoremove) override; bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) override; + const std::string targetBundleName) override; bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override; + bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: sptr ConnectBundleManager(); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index e36c13e675b..f3134a43643 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -34,10 +34,24 @@ const int32_t DEFAULT_USER_ID = 0; using TokenId = Security::AccessToken::AccessTokenID; bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, - const TokenId fromTokenId, const TokenId targetTokenId) + const std::string fromBundleName, const std::string targetBundleName, int autoremove) { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + + auto bms = ConnectBundleManager(); + AppExecFwk::BundleInfo uriBundleInfo; + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(fromBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info to fromBundleName."); + return false; + } + Security::AccessToken::AccessTokenID fromTokenId = uriBundleInfo.applicationInfo.accessTokenId; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(targetBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info to targetBundleName."); + return false; + } + Security::AccessToken::AccessTokenID targetTokenId = uriBundleInfo.applicationInfo.accessTokenId; // only uri with proxy authorization permission or from process itself can be granted auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( @@ -58,12 +72,10 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } - auto bms = ConnectBundleManager(); + Uri uri_inner = uri; auto&& authority = uri_inner.GetAuthority(); HILOG_INFO("uri authority is %{public}s.", authority.c_str()); - AppExecFwk::BundleInfo uriBundleInfo; - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); return false; @@ -93,15 +105,15 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); - unsigned int autoremove = 0; + int autoremove_ = autoremove; // auto remove URI permission for clipboard Security::AccessToken::NativeTokenInfo nativeInfo; Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(fromTokenId, nativeInfo); HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); if (nativeInfo.processName == "pasteboard_serv") { - autoremove = 1; + autoremove_ = 1; } - GrantInfo info = { tmpFlag, callerTokenId, targetTokenId, autoremove }; + GrantInfo info = { tmpFlag, callerTokenId, targetTokenId, autoremove_ }; if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); @@ -123,12 +135,17 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) + const std::string targetBundleName) { - auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - - return GrantUriPermission(uri, flag, callerTokenId, targetTokenId); + auto callerUid = IPCSkeleton::GetCallingUid(); + HILOG_DEBUG("callerPid : %{public}u", callerUid); + auto bms = ConnectBundleManager(); + std::string callerBundleName; + if(!bms->GetBundleNameForUid(callerUid, callerBundleName)) { + HILOG_ERROR("Get caller bundle name by caller uid failed."); + } + int autoremove = 1; + return GrantUriPermission(uri, flag, callerBundleName, targetBundleName, autoremove); } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -184,7 +201,7 @@ bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned return false; } -bool UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) +bool UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); std::vector uriList; @@ -220,26 +237,34 @@ bool UriPermissionManagerStubImpl::RemoveUriPermission(const TokenId tokenId) return true; } -bool UriPermissionManagerStubImpl::RemoveUriPermissionManually(const TokenId tokenId) +bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { HILOG_DEBUG("Start to remove uri permission manually."); + auto bms = ConnectBundleManager(); + AppExecFwk::BundleInfo uriBundleInfo; + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info to bundleName."); + return false; + } + Security::AccessToken::AccessTokenID tokenId = uriBundleInfo.applicationInfo.accessTokenId; std::vector uriList; { std::lock_guard guard(mutex_); - for (auto iter = uriMap_.begin(); iter != uriMap_.end();) { - auto& list = iter->second; - for (auto it = list.begin(); it != list.end(); it++) { - if (it->targetTokenId == tokenId) { - HILOG_INFO("Erase an info form list."); - list.erase(it); - uriList.emplace_back(iter->first); - break; - } - } - if (list.size() == 0) { - uriMap_.erase(iter++); - } else { - iter++; + + auto uriStr = uri.ToString(); + auto search = uriMap_.find(uriStr); + if (search == uriMap_.end()) { + HILOG_ERROR("URI does not exist on uri map."); + return false; + } + auto& list = search->second; + for (auto it = list.begin(); it != list.end(); it++) { + if (it->targetTokenId == tokenId) { + HILOG_INFO("Erase an info form list."); + list.erase(it); + uriList.emplace_back(search->first); + break; } } } diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index ba47be164be..7edac454d0e 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -38,13 +38,14 @@ public: virtual ~UriPermissionManagerStubFuzzTest() {} bool GrantUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID fromTokenId, - const Security::AccessToken::AccessTokenID targetTokenId) override + std::string fromBundleName, + std::string targetBundleName, + int autoremove) override { return true; } bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID targetTokenId) override + std::string targetBundleName) override { return true; } @@ -53,11 +54,11 @@ public: { return true; } - bool RemoveUriPermission(const Security::AccessToken::AccessTokenID tokenId) override + bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override { return true; } - bool RemoveUriPermissionManually(const Security::AccessToken::AccessTokenID tokenId) override + bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override { return true; } diff --git a/test/unittest/ability_record_test/ability_record_test.cpp b/test/unittest/ability_record_test/ability_record_test.cpp index cb5a3344073..1c6b6caa9d9 100644 --- a/test/unittest/ability_record_test/ability_record_test.cpp +++ b/test/unittest/ability_record_test/ability_record_test.cpp @@ -2102,8 +2102,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_001, TestSize.Level std::shared_ptr abilityRecord = GetAbilityRecord(); Want want; int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, "name"); } /* @@ -2121,8 +2121,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_002, TestSize.Level want.SetFlags(1); want.SetUri("datashare://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2140,8 +2140,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_003, TestSize.Level want.SetFlags(1); want.SetUri("file://com.example.mock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2159,8 +2159,8 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_004, TestSize.Level want.SetFlags(1); want.SetUri("file://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - uint32_t targetTokenId = 1; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* @@ -2174,27 +2174,27 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_004, TestSize.Level HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_005, TestSize.Level1) { std::shared_ptr abilityRecord = GetAbilityRecord(); - uint32_t targetTokenId = 56; abilityRecord->SetCallerAccessTokenId(targetTokenId); Want want; want.SetFlags(1); want.SetUri("file://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); int32_t userId = 100; - abilityRecord->GrantUriPermission(want, userId, targetTokenId); + std::string targetBundleName = "name"; + abilityRecord->GrantUriPermission(want, userId, targetBundleName); } /* * Feature: AbilityRecord - * Function: RemoveUriPermission - * SubFunction: RemoveUriPermission + * Function: RevokeUriPermission + * SubFunction: RevokeUriPermission * FunctionPoints: NA * EnvConditions: NA - * CaseDescription: Verify AbilityRecord RemoveUriPermission + * CaseDescription: Verify AbilityRecord RevokeUriPermission */ -HWTEST_F(AbilityRecordTest, AbilityRecord_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(AbilityRecordTest, AbilityRecord_RevokeUriPermission_001, TestSize.Level1) { std::shared_ptr abilityRecord = GetAbilityRecord(); - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); } /* diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index 9e613e98c07..0c5668d83e7 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -58,9 +58,10 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 0; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); } /* @@ -75,9 +76,10 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_002, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); } /* @@ -95,7 +97,10 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_003, TestSize.Level1) uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; MockSystemAbilityManager::isNullptr = false; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -111,11 +116,12 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_004, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 2; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; MockSystemAbilityManager::isNullptr = false; StorageManager::StorageManagerServiceMock::isZero = false; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; StorageManager::StorageManagerServiceMock::isZero = true; } @@ -132,13 +138,16 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_005, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; - upms->GrantUriPermission(uri, tmpFlag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, tmpFlag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -154,14 +163,17 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_006, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -177,7 +189,10 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); @@ -185,17 +200,17 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; uint32_t tokenId = 4; - upms->GrantUriPermission(uri, flag, fromTokenId, tokenId); + upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId, autoremove); MockSystemAbilityManager::isNullptr = true; } /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(UriPermissionImplTest, Upms_RevokeUriPermission_001, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; @@ -205,16 +220,16 @@ HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_001, TestSize.Level1) std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); - upms->RemoveUriPermission(targetTokenId); + upms->RevokeUriPermission(targetTokenId); } /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_002, TestSize.Level1) +HWTEST_F(UriPermissionImplTest, Upms_RevokeUriPermission_002, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; @@ -225,7 +240,7 @@ HWTEST_F(UriPermissionImplTest, Upms_RemoveUriPermission_002, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); uint32_t tokenId = 4; - upms->RemoveUriPermission(tokenId); + upms->RevokeUriPermission(tokenId); } /* diff --git a/test/unittest/uri_permission_test/uri_permission_test.cpp b/test/unittest/uri_permission_test/uri_permission_test.cpp index 508d930bee0..d0eb72379ee 100755 --- a/test/unittest/uri_permission_test/uri_permission_test.cpp +++ b/test/unittest/uri_permission_test/uri_permission_test.cpp @@ -51,9 +51,10 @@ HWTEST_F(UriPermissionTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + std::string fromBundleName = "name1"; + std::string targetBundleName = "name2"; + int autoremove = 1; + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); } /* @@ -82,21 +83,22 @@ HWTEST_F(UriPermissionTest, Upms_ConnectStorageManager_001, TestSize.Level1) /* * Feature: URIPermissionManagerService - * Function: RemoveUriPermission + * Function: RevokeUriPermission * SubFunction: NA - * FunctionPoints: URIPermissionManagerService RemoveUriPermission + * FunctionPoints: URIPermissionManagerService RevokeUriPermission */ -HWTEST_F(UriPermissionTest, Upms_RemoveUriPermission_001, TestSize.Level1) +HWTEST_F(UriPermissionTest, Upms_RevokeUriPermission_001, TestSize.Level1) { auto upms = std::make_shared(); unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId }; + int autoremove = 1; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; std::list infoList = { info }; auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; upms->uriMap_.emplace(uriStr, infoList); - upms->RemoveUriPermission(targetTokenId); + upms->RevokeUriPermission(targetTokenId); } /* -- Gitee From f4fb1cdad97f03548781a6d941cc042beeb99974 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 3 Mar 2023 03:37:58 +0000 Subject: [PATCH 18/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../uri_permission_impl_test/uri_permission_impl_test.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index 0c5668d83e7..a4eebc4aa2c 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -94,8 +94,6 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_003, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 2; - uint32_t fromTokenId = 2; - uint32_t targetTokenId = 3; MockSystemAbilityManager::isNullptr = false; std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; @@ -173,7 +171,7 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_006, TestSize.Level1) Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId, autoremove); + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -200,7 +198,7 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; uint32_t tokenId = 4; - upms->GrantUriPermission(uri, flag, fromTokenId, targetTokenId, autoremove); + upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } -- Gitee From d4bcc88029d6e654e47b274d764d4bade18d7532 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 3 Mar 2023 05:37:18 +0000 Subject: [PATCH 19/52] fix text Signed-off-by: gongyuechen --- .../uri_permission_impl_test/uri_permission_impl_test.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index a4eebc4aa2c..5dd39fa35fe 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -197,7 +197,6 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - uint32_t tokenId = 4; upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } -- Gitee From e331a66505daab3a1ee1b7376e67d9fc0cd25382 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 3 Mar 2023 06:16:57 +0000 Subject: [PATCH 20/52] fix test Signed-off-by: gongyuechen --- test/unittest/ability_record_test/ability_record_test.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/test/unittest/ability_record_test/ability_record_test.cpp b/test/unittest/ability_record_test/ability_record_test.cpp index 1c6b6caa9d9..13e498756dd 100644 --- a/test/unittest/ability_record_test/ability_record_test.cpp +++ b/test/unittest/ability_record_test/ability_record_test.cpp @@ -2174,7 +2174,6 @@ HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_004, TestSize.Level HWTEST_F(AbilityRecordTest, AbilityRecord_GrantUriPermission_005, TestSize.Level1) { std::shared_ptr abilityRecord = GetAbilityRecord(); - abilityRecord->SetCallerAccessTokenId(targetTokenId); Want want; want.SetFlags(1); want.SetUri("file://ohos.samples.clock/data/storage/el2/base/haps/entry/files/test_A.txt"); -- Gitee From ba48014a4b6378303bc3bff8ddaeecd669ac0484 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 8 Mar 2023 03:23:49 +0000 Subject: [PATCH 21/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 9 +--- .../include/uri_permission_manager_client.h | 5 +- .../uri_permission_manager_interface.h | 4 +- .../include/uri_permission_manager_proxy.h | 1 - .../src/uri_permission_manager_client.cpp | 5 +- .../src/uri_permission_manager_proxy.cpp | 6 +-- .../src/uri_permission_manager_stub.cpp | 3 +- services/abilitymgr/src/ability_record.cpp | 7 +-- .../uri_permission_manager_stub_impl.h | 2 +- .../src/uri_permission_manager_stub_impl.cpp | 52 ++++++++++++------- .../uripermissionmanager_fuzzer.cpp | 1 - .../uri_permission_impl_test.cpp | 21 +++----- .../uri_permission_test.cpp | 3 +- 13 files changed, 53 insertions(+), 66 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 53977e5797b..939316bbd09 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -91,13 +91,6 @@ private: return; } - std::string fromBundleName; - if (!ConvertFromJsValue(engine, args[2]->Get(), fromBundleName)) { - HILOG_ERROR("%{public}s called, the third parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "fromBundleName conversion failed.")); - return; - } - std::string targetBundleName; if (!ConvertFromJsValue(engine, args[3]->Get(), targetBundleName)) { HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); @@ -108,7 +101,7 @@ private: Uri uri(uriStr); int autoremove = 0; AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, - fromBundleName, targetBundleName, autoremove); + targetBundleName, autoremove); task.Resolve(engine, CreateJsValue(engine, 0)); }; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 024f17a4a02..26030603c69 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -32,15 +32,14 @@ public: ~UriPermissionManagerClient() = default; /** - * @brief Authorize the uri permission of fromBundleName to targetBundleName. + * @brief Authorize the uri permission of to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromBundleName The owner of uri. * @param targetBundleName The user of uri. * @param autoremove the uri is temperarily or not */ - bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string fromBundleName, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove); /** diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index c469970105c..64bcc15503e 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -27,17 +27,15 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); /** - * @brief Authorize the uri permission of fromBundleName to targetBundleName. + * @brief Authorize the uri permission to targetBundleName. * * @param uri The file uri. * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param fromBundleName The owner of uri. * @param targetBundleName The user of uri. * @param autoremove the uri is temperarily or not * @return Returns true if the authorization is successful, otherwise returns false. */ virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string fromBundleName, const std::string targetBundleName, int autoremove) = 0; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 5d750785582..b4bb22392ab 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -27,7 +27,6 @@ public: virtual ~UriPermissionManagerProxy() = default; virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string fromBundleName, const std::string targetBundleName, int autoremove) override; virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 9a074e33b0f..c9a7e7dd19d 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -23,12 +23,13 @@ namespace OHOS { namespace AAFwk { bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string fromBundleName, const std::string targetBundleName, int autoremove) + const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); + HILOG_DEBUG("argetBundleName :%{public}s", targetBundleName.c_str()); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - return uriPermMgr->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, autoremove); } return false; } diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 2f3327e036d..f8be318b805 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -24,7 +24,7 @@ UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr & : IRemoteProxy(impl) {} bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string fromBundleName, const std::string targetBundleName, int autoremove) + const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; @@ -40,10 +40,6 @@ bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int HILOG_ERROR("Write flag failed."); return false; } - if (!data.WriteString(fromBundleName)) { - HILOG_ERROR("Write fromBundleName failed."); - return false; - } if (!data.WriteString(targetBundleName)) { HILOG_ERROR("Write targetBundleName failed."); return false; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 652a1b6f2ad..9644457b510 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -36,10 +36,9 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto flag = data.ReadInt32(); - auto fromBundleName = data.ReadString(); auto targetBundleName = data.ReadString(); auto autoremove = data.ReadInt32(); - if (!GrantUriPermission(*uri, flag, fromBundleName, targetBundleName, autoremove)) { + if (!GrantUriPermission(*uri, flag, targetBundleName, autoremove)) { errCode = ERR_INVALID_OPERATION; HILOG_ERROR("To grant uri permission failed."); } diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index b437a5183fa..2d5fae0c501 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -2235,11 +2235,6 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, std::st auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; auto fromTokenId = IPCSkeleton::GetCallingTokenID(); - auto fromUid = GetUid(); - std::string fromBundleName; - if(!bms->GetBundleNameForUid(fromUid, fromBundleName)) { - HILOG_ERROR("Get fromBundleName name by uid failed."); - } for (auto&& str : uriVec) { Uri uri(str); auto&& scheme = uri.GetScheme(); @@ -2263,7 +2258,7 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, std::st } int autoremove = 1; auto ret = IN_PROCESS_CALL(upmClient->GrantUriPermission(uri, want.GetFlags(), - fromBundleName, targetBundleName, autoremove)); + targetBundleName, autoremove)); if (ret) { isGrantedUriPermission_ = true; } diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 5a0c049d9cf..a65482fe04e 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -41,7 +41,7 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string fromBundleName, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, const std::string targetBundleName) override; diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f3134a43643..f420b3ad5ea 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -34,29 +34,40 @@ const int32_t DEFAULT_USER_ID = 0; using TokenId = Security::AccessToken::AccessTokenID; bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string fromBundleName, const std::string targetBundleName, int autoremove) + const std::string targetBundleName, int autoremove) { auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - auto bms = ConnectBundleManager(); - AppExecFwk::BundleInfo uriBundleInfo; auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; - if (!IN_PROCESS_CALL(bms->GetBundleInfo(fromBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info to fromBundleName."); + + AppExecFwk::BundleInfo uriBundleInfo; + Uri uri_inner = uri; + auto&& authority = uri_inner.GetAuthority(); + HILOG_INFO("uri authority is %{public}s.", authority.c_str()); + if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info according to uri."); return false; } Security::AccessToken::AccessTokenID fromTokenId = uriBundleInfo.applicationInfo.accessTokenId; + HILOG_DEBUG("fromTokenId : %{public}u", fromTokenId); + if (!IN_PROCESS_CALL(bms->GetBundleInfo(targetBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info to targetBundleName."); return false; } Security::AccessToken::AccessTokenID targetTokenId = uriBundleInfo.applicationInfo.accessTokenId; + HILOG_DEBUG("targetTokenId : %{public}u %{public}s", targetTokenId, targetBundleName.c_str()); // only uri with proxy authorization permission or from process itself can be granted + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); + bool nativeToken = false; + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + nativeToken = true; + } auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); - if (!permission && (fromTokenId != callerTokenId)) { + if (!nativeToken && !permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); return false; } @@ -73,17 +84,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } - Uri uri_inner = uri; - auto&& authority = uri_inner.GetAuthority(); - HILOG_INFO("uri authority is %{public}s.", authority.c_str()); - if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info according to uri."); - return false; - } - if (uriBundleInfo.applicationInfo.accessTokenId != callerTokenId) { - HILOG_ERROR("the uri does not belong to caller."); - return false; - } + auto&& scheme = uri_inner.GetScheme(); HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); // only support file or dataShare scheme @@ -138,14 +139,29 @@ bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un const std::string targetBundleName) { auto callerUid = IPCSkeleton::GetCallingUid(); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerPid : %{public}u", callerUid); auto bms = ConnectBundleManager(); + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + AppExecFwk::BundleInfo uriBundleInfo; + Uri uri_inner = uri; + auto&& authority = uri_inner.GetAuthority(); + HILOG_INFO("uri authority is %{public}s.", authority.c_str()); + if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info according to uri."); + return false; + } + + if (uriBundleInfo.applicationInfo.accessTokenId != callerTokenId) { + HILOG_ERROR("the uri does not belong to caller."); + return false; + } std::string callerBundleName; if(!bms->GetBundleNameForUid(callerUid, callerBundleName)) { HILOG_ERROR("Get caller bundle name by caller uid failed."); } int autoremove = 1; - return GrantUriPermission(uri, flag, callerBundleName, targetBundleName, autoremove); + return GrantUriPermission(uri, flag, targetBundleName, autoremove); } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 7edac454d0e..c16e22c1248 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -38,7 +38,6 @@ public: virtual ~UriPermissionManagerStubFuzzTest() {} bool GrantUriPermission(const Uri &uri, unsigned int flag, - std::string fromBundleName, std::string targetBundleName, int autoremove) override { diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index 5dd39fa35fe..311f810de67 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -58,10 +58,9 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 0; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* @@ -76,10 +75,9 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_002, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* @@ -95,10 +93,9 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_003, TestSize.Level1) Uri uri(uriStr); unsigned int flag = 2; MockSystemAbilityManager::isNullptr = false; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -114,12 +111,11 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_004, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 2; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; MockSystemAbilityManager::isNullptr = false; StorageManager::StorageManagerServiceMock::isZero = false; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; StorageManager::StorageManagerServiceMock::isZero = true; } @@ -136,7 +132,6 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_005, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; @@ -145,7 +140,7 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_005, TestSize.Level1) upms->uriMap_.emplace(uriStr, infoList); Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; - upms->GrantUriPermission(uri, tmpFlag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, tmpFlag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -161,7 +156,6 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_006, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; @@ -171,7 +165,7 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_006, TestSize.Level1) Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } @@ -187,7 +181,6 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) unsigned int tmpFlag = 1; uint32_t fromTokenId = 2; uint32_t targetTokenId = 3; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove }; @@ -197,7 +190,7 @@ HWTEST_F(UriPermissionImplTest, Upms_GrantUriPermission_007, TestSize.Level1) Uri uri(uriStr); MockSystemAbilityManager::isNullptr = false; unsigned int flag = 2; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); MockSystemAbilityManager::isNullptr = true; } diff --git a/test/unittest/uri_permission_test/uri_permission_test.cpp b/test/unittest/uri_permission_test/uri_permission_test.cpp index d0eb72379ee..90974d71043 100755 --- a/test/unittest/uri_permission_test/uri_permission_test.cpp +++ b/test/unittest/uri_permission_test/uri_permission_test.cpp @@ -51,10 +51,9 @@ HWTEST_F(UriPermissionTest, Upms_GrantUriPermission_001, TestSize.Level1) auto uriStr = "file://com.example.test/data/storage/el2/base/haps/entry/files/test_A.txt"; Uri uri(uriStr); unsigned int flag = 1; - std::string fromBundleName = "name1"; std::string targetBundleName = "name2"; int autoremove = 1; - upms->GrantUriPermission(uri, flag, fromBundleName, targetBundleName, autoremove); + upms->GrantUriPermission(uri, flag, targetBundleName, autoremove); } /* -- Gitee From 49bd61dfb34a7bae8cae9164e67c55a0107a9dd3 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 8 Mar 2023 07:13:00 +0000 Subject: [PATCH 22/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 4 ++-- services/abilitymgr/src/ability_record.cpp | 6 +++--- .../uripermmgr/src/uri_permission_manager_stub_impl.cpp | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 939316bbd09..1e0bd186e33 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -129,7 +129,7 @@ private: HILOG_DEBUG("Grant Uri Permission start"); AsyncTask::CompleteCallback complete = - [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { + [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { if (args.size() != argCountThree && args.size() != argCountFour) { HILOG_ERROR("Wrong number of parameters."); task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); @@ -187,7 +187,7 @@ private: HILOG_DEBUG("Remove Uri Permission start"); AsyncTask::CompleteCallback complete = - [args, argCountOne, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { + [args, argCountOne, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { if (args.size() != argCountOne && args.size() != argCountTwo) { HILOG_ERROR("Wrong number of parameters."); task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 2d5fae0c501..06bc9b434b1 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -489,7 +489,7 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest auto bms = AbilityUtil::GetBundleManager(); std::string targetBundleName; - if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { HILOG_ERROR("Get targetBundleName name by uid failed."); } GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); @@ -1285,7 +1285,7 @@ void AbilityRecord::SendResult() CHECK_POINTER(result_); auto bms = AbilityUtil::GetBundleManager(); std::string targetBundleName; - if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { HILOG_ERROR("Get targetBundleName name by uid failed."); } GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), targetBundleName); @@ -2062,7 +2062,7 @@ void AbilityRecord::CallRequest() auto bms = AbilityUtil::GetBundleManager(); std::string targetBundleName; - if(!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { + if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { HILOG_ERROR("Get targetBundleName name by uid failed."); } GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f420b3ad5ea..cfdd00e684e 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -65,7 +65,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { nativeToken = true; } - auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); if (!nativeToken && !permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); @@ -157,7 +157,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un return false; } std::string callerBundleName; - if(!bms->GetBundleNameForUid(callerUid, callerBundleName)) { + if (!bms->GetBundleNameForUid(callerUid, callerBundleName)) { HILOG_ERROR("Get caller bundle name by caller uid failed."); } int autoremove = 1; -- Gitee From cbc340671a1044622457cf225aeef14715171dd2 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 8 Mar 2023 08:08:12 +0000 Subject: [PATCH 23/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../js/napi/uri_permission/js_uri_perm_mgr.cpp | 1 - .../include/uri_permission_manager_client.h | 2 +- .../src/uri_permission_manager_stub_impl.cpp | 15 +++++++++++++-- test/unittest/uri_permission_impl_test/BUILD.gn | 3 ++- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 1e0bd186e33..e375c8a6cbd 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -157,7 +157,6 @@ private: return; } - Uri uri(uriStr); AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermissionFromSelf(uri, flag, targetBundleName); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 26030603c69..e64e0447bf9 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -71,7 +71,7 @@ public: /** * @brief Clear user's uri authorization record. - * + * * @param uri The file uri. * @param BundleName A BundleName of an application. */ diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index cfdd00e684e..32751377e65 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -41,6 +41,11 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto bms = ConnectBundleManager(); auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; + if (bms == nullptr) { + HILOG_WARN("Failed to get bms."); + return false; + } + AppExecFwk::BundleInfo uriBundleInfo; Uri uri_inner = uri; auto&& authority = uri_inner.GetAuthority(); @@ -82,8 +87,6 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i } else { tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } - - auto&& scheme = uri_inner.GetScheme(); HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); @@ -142,6 +145,10 @@ bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, un auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerPid : %{public}u", callerUid); auto bms = ConnectBundleManager(); + if (bms == nullptr) { + HILOG_WARN("Failed to get bms."); + return false; + } auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; AppExecFwk::BundleInfo uriBundleInfo; Uri uri_inner = uri; @@ -257,6 +264,10 @@ bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, c { HILOG_DEBUG("Start to remove uri permission manually."); auto bms = ConnectBundleManager(); + if (bms == nullptr) { + HILOG_WARN("Failed to get bms."); + return false; + } AppExecFwk::BundleInfo uriBundleInfo; auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { diff --git a/test/unittest/uri_permission_impl_test/BUILD.gn b/test/unittest/uri_permission_impl_test/BUILD.gn index 8c244917519..e0324976790 100755 --- a/test/unittest/uri_permission_impl_test/BUILD.gn +++ b/test/unittest/uri_permission_impl_test/BUILD.gn @@ -9,7 +9,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License. import("//build/test.gni") import("//foundation/ability/ability_runtime/ability_runtime.gni") @@ -48,6 +48,7 @@ ohos_unittest("uri_permission_impl_test") { "ability_base:zuri", "access_token:libnativetoken", "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "c_utils:utils", -- Gitee From 4cc1ea1ab35b9d13601c2a89bf160884aa110f7a Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Wed, 8 Mar 2023 08:49:22 +0000 Subject: [PATCH 24/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- test/unittest/uri_permission_test/BUILD.gn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/unittest/uri_permission_test/BUILD.gn b/test/unittest/uri_permission_test/BUILD.gn index 938b6fc4787..4aa571d8b94 100755 --- a/test/unittest/uri_permission_test/BUILD.gn +++ b/test/unittest/uri_permission_test/BUILD.gn @@ -9,7 +9,7 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. +# limitations under the License. import("//build/test.gni") import("//foundation/ability/ability_runtime/ability_runtime.gni") @@ -33,6 +33,7 @@ ohos_unittest("uri_permission_test") { external_deps = [ "ability_base:zuri", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "storage_service:storage_manager_sa_proxy", ] -- Gitee From 9628e7e9d24383aaf550c5f23f1b88b7db298262 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 9 Mar 2023 06:17:47 +0000 Subject: [PATCH 25/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index e375c8a6cbd..d387e255d96 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -56,9 +56,9 @@ private: NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { constexpr int32_t argCountFour = 4; - constexpr int32_t argCountFive = 5; - // only support 4 or 5 params (4 parameter and 1 optional callback) - if (info.argc != argCountFive && info.argc != argCountFour) { + constexpr int32_t argCountThree = 3; + // only support 3 or 4 params (3 parameter and 1 optional callback) + if (info.argc != argCountThree && info.argc != argCountFour) { HILOG_ERROR("Invalid arguments"); ThrowTooFewParametersError(engine); return engine.CreateUndefined(); @@ -70,8 +70,8 @@ private: HILOG_DEBUG("Grant Uri Permission start"); AsyncTask::CompleteCallback complete = - [args, argCountFour, argCountFive](NativeEngine& engine, AsyncTask& task, int32_t status) { - if (args.size() != argCountFive && args.size() != argCountFour) { + [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { + if (args.size() != argCountThree && args.size() != argCountFour) { HILOG_ERROR("Wrong number of parameters."); task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); return; @@ -105,7 +105,7 @@ private: task.Resolve(engine, CreateJsValue(engine, 0)); }; - NativeValue* lastParam = (info.argc == argCountFive) ? info.argv[argCountFour] : nullptr; + NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); @@ -171,10 +171,10 @@ private: NativeValue* OnRevokeUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { - constexpr int32_t argCountOne = 1; + constexpr int32_t argCountThree = 3; constexpr int32_t argCountTwo = 2; - // only support 3 or 4 params (4 parameter and 1 optional callback) - if (info.argc != argCountOne && info.argc != argCountTwo) { + // only support 2 or 3 params (2 parameter and 1 optional callback) + if (info.argc != argCountThre && info.argc != argCountTwo) { HILOG_ERROR("Invalid arguments"); ThrowTooFewParametersError(engine); return engine.CreateUndefined(); @@ -186,8 +186,8 @@ private: HILOG_DEBUG("Remove Uri Permission start"); AsyncTask::CompleteCallback complete = - [args, argCountOne, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { - if (args.size() != argCountOne && args.size() != argCountTwo) { + [args, argCountThree, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { + if (args.size() != argCountThree && args.size() != argCountTwo) { HILOG_ERROR("Wrong number of parameters."); task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); return; @@ -211,7 +211,7 @@ private: task.Resolve(engine, CreateJsValue(engine, 0)); }; - NativeValue* lastParam = (info.argc == argCountTwo) ? info.argv[argCountOne] : nullptr; + NativeValue* lastParam = (info.argc == argCountThree) ? info.argv[argCountTwo] : nullptr; NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnRevokeUriPermission", engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); -- Gitee From 0dfe78ad1ec9daff22a285579367911b23a30c88 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 9 Mar 2023 06:35:32 +0000 Subject: [PATCH 26/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index d387e255d96..d82a0186f8f 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -174,7 +174,7 @@ private: constexpr int32_t argCountThree = 3; constexpr int32_t argCountTwo = 2; // only support 2 or 3 params (2 parameter and 1 optional callback) - if (info.argc != argCountThre && info.argc != argCountTwo) { + if (info.argc != argCountThree && info.argc != argCountTwo) { HILOG_ERROR("Invalid arguments"); ThrowTooFewParametersError(engine); return engine.CreateUndefined(); -- Gitee From 3692af2ce22de0db411a4a17a39294ea7c2c13a8 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 9 Mar 2023 07:23:51 +0000 Subject: [PATCH 27/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index d82a0186f8f..f8d86d00ec3 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -240,7 +240,7 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); BindNativeFunction(*engine, *object, "grantUriPermissionFromSelf", moduleName, JsUriPermMgr::GrantUriPermissionFromSelf); - BindNativeFunction(*engine, *object, "RevokeUriPermission", moduleName, JsUriPermMgr::RevokeUriPermission); + BindNativeFunction(*engine, *object, "revokeUriPermission", moduleName, JsUriPermMgr::RevokeUriPermission); return engine->CreateUndefined(); } } // namespace AbilityRuntime -- Gitee From c82fa29083fb098010ed121770eca3639173ddf0 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 9 Mar 2023 07:34:07 +0000 Subject: [PATCH 28/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../uri_permission/src/uri_permission_manager_proxy.cpp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index f8be318b805..d418fefdd34 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -146,10 +146,6 @@ bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, cons { HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermissionManually is called."); MessageParcel data; - if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { - HILOG_ERROR("Write interface token failed."); - return false; - } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); return false; -- Gitee From 537275de071174bbf6bb180a25b83041203366a9 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 9 Mar 2023 09:16:01 +0000 Subject: [PATCH 29/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 2 +- .../uri_permission/src/uri_permission_manager_proxy.cpp | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index f8d86d00ec3..396cae36a67 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -200,7 +200,7 @@ private: return; } std::string bundleName; - if (!ConvertFromJsValue(engine, args[0]->Get(), bundleName)) { + if (!ConvertFromJsValue(engine, args[1]->Get(), bundleName)) { HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); task.Reject(engine, CreateJsError(engine, -1, "BundleName conversion failed.")); return; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index d418fefdd34..f8be318b805 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -146,6 +146,10 @@ bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, cons { HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermissionManually is called."); MessageParcel data; + if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { + HILOG_ERROR("Write interface token failed."); + return false; + } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); return false; -- Gitee From 1ccdf3c21daa171f23ae00f4e4f90a06641a62b8 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 06:42:35 +0000 Subject: [PATCH 30/52] delete grantUriPermissionFromSelf Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 65 ------------------- .../include/uri_permission_manager_client.h | 10 --- .../uri_permission_manager_interface.h | 13 ---- .../include/uri_permission_manager_proxy.h | 2 - .../src/uri_permission_manager_client.cpp | 11 ---- .../src/uri_permission_manager_proxy.cpp | 31 --------- .../src/uri_permission_manager_stub.cpp | 15 ----- .../uri_permission_manager_stub_impl.h | 3 - .../src/uri_permission_manager_stub_impl.cpp | 33 ---------- .../uripermissionmanager_fuzzer.cpp | 5 -- 10 files changed, 188 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 396cae36a67..b068759f71c 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -40,12 +40,6 @@ public: return (me != nullptr) ? me->OnGrantUriPermission(*engine, *info) : nullptr; } - static NativeValue* GrantUriPermissionFromSelf(NativeEngine* engine, NativeCallbackInfo* info) - { - JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); - return (me != nullptr) ? me->OnGrantUriPermissionFromSelf(*engine, *info) : nullptr; - } - static NativeValue* RevokeUriPermission(NativeEngine* engine, NativeCallbackInfo* info) { JsUriPermMgr* me = CheckParamsAndGetThis(engine, info); @@ -112,63 +106,6 @@ private: return result; } - NativeValue* OnGrantUriPermissionFromSelf(NativeEngine& engine, NativeCallbackInfo& info) - { - constexpr int32_t argCountThree = 3; - constexpr int32_t argCountFour = 4; - // only support 3 or 4 params (4 parameter and 1 optional callback) - if (info.argc != argCountThree && info.argc != argCountFour) { - HILOG_ERROR("Invalid arguments"); - ThrowTooFewParametersError(engine); - return engine.CreateUndefined(); - } - std::vector> args; - for (size_t i = 0; i < info.argc; ++i) { - args.emplace_back(engine.CreateReference(info.argv[i], 1)); - } - HILOG_DEBUG("Grant Uri Permission start"); - - AsyncTask::CompleteCallback complete = - [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { - if (args.size() != argCountThree && args.size() != argCountFour) { - HILOG_ERROR("Wrong number of parameters."); - task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); - return; - } - - std::string uriStr; - if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { - HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); - return; - } - - int flag = 0; - if (!ConvertFromJsValue(engine, args[1]->Get(), flag)) { - HILOG_ERROR("%{public}s called, the second parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "flag conversion failed.")); - return; - } - - std::string targetBundleName; - if (!ConvertFromJsValue(engine, args[2]->Get(), targetBundleName)) { - HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "targetBundleName conversion failed.")); - return; - } - - Uri uri(uriStr); - AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermissionFromSelf(uri, - flag, targetBundleName); - task.Resolve(engine, CreateJsValue(engine, 0)); - }; - NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; - NativeValue* result = nullptr; - AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", - engine, CreateAsyncTaskWithLastParam(engine, lastParam, nullptr, std::move(complete), &result)); - return result; - } - NativeValue* OnRevokeUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { constexpr int32_t argCountThree = 3; @@ -238,8 +175,6 @@ NativeValue* CreateJsUriPermMgr(NativeEngine* engine, NativeValue* exportObj) const char *moduleName = "JsUriPermMgr"; BindNativeFunction(*engine, *object, "grantUriPermission", moduleName, JsUriPermMgr::GrantUriPermission); - BindNativeFunction(*engine, *object, "grantUriPermissionFromSelf", - moduleName, JsUriPermMgr::GrantUriPermissionFromSelf); BindNativeFunction(*engine, *object, "revokeUriPermission", moduleName, JsUriPermMgr::RevokeUriPermission); return engine->CreateUndefined(); } diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index e64e0447bf9..ac4419ad2bc 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -41,16 +41,6 @@ public: */ bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove); - - /** - * @brief Authorize the uri permission from self to targetBundleName. - * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param targetBundleName The user of uri. - */ - bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName); /** * @brief Check whether the tokenId has URI permissions. diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 64bcc15503e..ba622d65c91 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -38,17 +38,6 @@ public: virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) = 0; - - /** - * @brief Authorize the uri permission of self to targetBundleName. - * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param targetBundleName The user of uri. - * @return Returns true if the authorization is successful, otherwise returns false. - */ - virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) = 0; /** * @brief Check whether the tokenId has URI permissions. @@ -89,8 +78,6 @@ public: ON_REVOKE_URI_PERMISSION, ON_REVOKE_URI_PERMISSION_MANUALLY, - - ON_GRANT_URI_PERMISSION_FROM_SELF, }; }; } // namespace AAFwk diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index b4bb22392ab..7ca959c6b22 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -29,8 +29,6 @@ public: virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; - virtual bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) override; virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index c9a7e7dd19d..50228e9caec 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -34,17 +34,6 @@ bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int return false; } -bool UriPermissionManagerClient::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) -{ - HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermissionFromSelf is called."); - auto uriPermMgr = ConnectUriPermService(); - if (uriPermMgr) { - return uriPermMgr->GrantUriPermissionFromSelf(uri, flag, targetBundleName); - } - return false; -} - bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index f8be318b805..15b46efe1fb 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -58,37 +58,6 @@ bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int return true; } -bool UriPermissionManagerProxy::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) -{ - HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermissionFromSelf is called."); - MessageParcel data; - if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { - HILOG_ERROR("Write interface token failed."); - return false; - } - if (!data.WriteParcelable(&uri)) { - HILOG_ERROR("Write uri failed."); - return false; - } - if (!data.WriteInt32(flag)) { - HILOG_ERROR("Write flag failed."); - return false; - } - if (!data.WriteString(targetBundleName)) { - HILOG_ERROR("Write targetBundleName failed."); - return false; - } - MessageParcel reply; - MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF, data, reply, option); - if (error != ERR_OK) { - HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return false; - } - return true; -} - bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 9644457b510..82db0a890e6 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -44,21 +44,6 @@ int UriPermissionManagerStub::OnRemoteRequest( } break; } - case UriPermMgrCmd::ON_GRANT_URI_PERMISSION_FROM_SELF : { - std::unique_ptr uri(data.ReadParcelable()); - if (!uri) { - errCode = ERR_DEAD_OBJECT; - HILOG_ERROR("To read uri failed."); - break; - } - auto flag = data.ReadInt32(); - auto targetBundleName = data.ReadString(); - if (!GrantUriPermissionFromSelf(*uri, flag, targetBundleName)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To grant uri permission failed."); - } - break; - } case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { std::unique_ptr uri(data.ReadParcelable()); if (!uri) { diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index a65482fe04e..e64d4bd96bf 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -43,9 +43,6 @@ public: bool GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; - bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) override; - bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 32751377e65..320139975b5 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -138,39 +138,6 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i return true; } -bool UriPermissionManagerStubImpl::GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - const std::string targetBundleName) -{ - auto callerUid = IPCSkeleton::GetCallingUid(); - auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerPid : %{public}u", callerUid); - auto bms = ConnectBundleManager(); - if (bms == nullptr) { - HILOG_WARN("Failed to get bms."); - return false; - } - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; - AppExecFwk::BundleInfo uriBundleInfo; - Uri uri_inner = uri; - auto&& authority = uri_inner.GetAuthority(); - HILOG_INFO("uri authority is %{public}s.", authority.c_str()); - if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info according to uri."); - return false; - } - - if (uriBundleInfo.applicationInfo.accessTokenId != callerTokenId) { - HILOG_ERROR("the uri does not belong to caller."); - return false; - } - std::string callerBundleName; - if (!bms->GetBundleNameForUid(callerUid, callerBundleName)) { - HILOG_ERROR("Get caller bundle name by caller uid failed."); - } - int autoremove = 1; - return GrantUriPermission(uri, flag, targetBundleName, autoremove); -} - bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) { diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index c16e22c1248..aeb06cf9c92 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -43,11 +43,6 @@ public: { return true; } - bool GrantUriPermissionFromSelf(const Uri &uri, unsigned int flag, - std::string targetBundleName) override - { - return true; - } bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override { -- Gitee From db0f6b5cfbee8e8db162ef4d67c567673836f837 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 07:03:15 +0000 Subject: [PATCH 31/52] edit js_uri_perm_mgr Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 114 ++++++++---------- 1 file changed, 52 insertions(+), 62 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index b068759f71c..680d0e0b8e4 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -53,50 +53,45 @@ private: constexpr int32_t argCountThree = 3; // only support 3 or 4 params (3 parameter and 1 optional callback) if (info.argc != argCountThree && info.argc != argCountFour) { - HILOG_ERROR("Invalid arguments"); - ThrowTooFewParametersError(engine); + HILOG_ERROR("The number of parameter is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); return engine.CreateUndefined(); } - std::vector> args; - for (size_t i = 0; i < info.argc; ++i) { - args.emplace_back(engine.CreateReference(info.argv[i], 1)); - } HILOG_DEBUG("Grant Uri Permission start"); - AsyncTask::CompleteCallback complete = - [args, argCountFour, argCountThree](NativeEngine& engine, AsyncTask& task, int32_t status) { - if (args.size() != argCountThree && args.size() != argCountFour) { - HILOG_ERROR("Wrong number of parameters."); - task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); - return; - } - - std::string uriStr; - if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { - HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); - return; - } - - int flag = 0; - if (!ConvertFromJsValue(engine, args[1]->Get(), flag)) { - HILOG_ERROR("%{public}s called, the second parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "flag conversion failed.")); - return; - } - - std::string targetBundleName; - if (!ConvertFromJsValue(engine, args[3]->Get(), targetBundleName)) { - HILOG_ERROR("%{public}s called, the fourth parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "targetBundleName conversion failed.")); - return; - } + std::string uriStr; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[0]), uriStr)) { + HILOG_ERROR("The uriStr is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + return engine.CreateUndefined(); + } + int flag = 0; + if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[1]), flag)) { + HILOG_ERROR("The flag is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + return engine.CreateUndefined(); + } + std::string targetBundleName; + if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[2]), targetBundleName)) { + HILOG_ERROR("The flag is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + return engine.CreateUndefined(); + } + AsyncTask::CompleteCallback complete = + [uriStr, flag, targetBundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { Uri uri(uriStr); int autoremove = 0; - AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, + auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, targetBundleName, autoremove); - task.Resolve(engine, CreateJsValue(engine, 0)); + if (errCode == true) { + task.ResolveWithNoError(engine, CreateJsApplicationQuickFixInfo(engine, quickFixInfo)); + } else { + task.Reject(engine, CreateJsErrorByErrorCode(engine, 201)); + } }; NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; @@ -116,36 +111,31 @@ private: ThrowTooFewParametersError(engine); return engine.CreateUndefined(); } - std::vector> args; - for (size_t i = 0; i < info.argc; ++i) { - args.emplace_back(engine.CreateReference(info.argv[i], 1)); + std::string uriStr; + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[0]), uriStr)) { + HILOG_ERROR("The uriStr is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + return engine.CreateUndefined(); + } + std::string bundleName; + if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[1]), bundleName)) { + HILOG_ERROR("The flag is invalid."); + Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + return engine.CreateUndefined(); } - HILOG_DEBUG("Remove Uri Permission start"); AsyncTask::CompleteCallback complete = - [args, argCountThree, argCountTwo](NativeEngine& engine, AsyncTask& task, int32_t status) { - if (args.size() != argCountThree && args.size() != argCountTwo) { - HILOG_ERROR("Wrong number of parameters."); - task.Reject(engine, CreateJsError(engine, -1, "Wrong number of parameters.")); - return; - } - - std::string uriStr; - if (!ConvertFromJsValue(engine, args[0]->Get(), uriStr)) { - HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "uri conversion failed.")); - return; - } - std::string bundleName; - if (!ConvertFromJsValue(engine, args[1]->Get(), bundleName)) { - HILOG_ERROR("%{public}s called, the first parameter is invalid.", __func__); - task.Reject(engine, CreateJsError(engine, -1, "BundleName conversion failed.")); - return; - } - + [uriStr, bundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { Uri uri(uriStr); - AAFwk::UriPermissionManagerClient::GetInstance()->RevokeUriPermissionManually(uri, bundleName); - task.Resolve(engine, CreateJsValue(engine, 0)); + auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->RevokeUriPermissionManually(uri, + bundleName); + if (errCode == true) { + task.ResolveWithNoError(engine, CreateJsApplicationQuickFixInfo(engine, quickFixInfo)); + } else { + task.Reject(engine, CreateJsErrorByErrorCode(engine, 201)); + } }; NativeValue* lastParam = (info.argc == argCountThree) ? info.argv[argCountTwo] : nullptr; -- Gitee From 910cf7ef1d147ed4a8688fc57ab18ccc280da5b8 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 07:11:37 +0000 Subject: [PATCH 32/52] revoke uri permission to void fuction Signed-off-by: gongyuechen --- .../include/uri_permission_manager_client.h | 2 +- .../include/uri_permission_manager_interface.h | 2 +- .../uri_permission/include/uri_permission_manager_proxy.h | 2 +- .../uri_permission/src/uri_permission_manager_client.cpp | 8 +++----- .../uri_permission/src/uri_permission_manager_proxy.cpp | 5 ++--- .../uri_permission/src/uri_permission_manager_stub.cpp | 5 +---- .../uripermmgr/include/uri_permission_manager_stub_impl.h | 2 +- .../uripermmgr/src/uri_permission_manager_stub_impl.cpp | 6 +++--- .../uripermissionmanager_fuzzer.cpp | 4 ++-- 9 files changed, 15 insertions(+), 21 deletions(-) diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index ac4419ad2bc..cb05fefe039 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -57,7 +57,7 @@ public: * * @param tokenId A tokenId of an application. */ - bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId); + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId); /** * @brief Clear user's uri authorization record. diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index ba622d65c91..d875590daaa 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -56,7 +56,7 @@ public: * @param tokenId A tokenId of an application. * @return Returns true if the remove is successful, otherwise returns false. */ - virtual bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; + virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) = 0; /** * @brief Clear user's uri authorization record. diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 7ca959c6b22..ff919ff2152 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -33,7 +33,7 @@ public: virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - virtual bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; virtual bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 50228e9caec..2729f0afe35 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -45,14 +45,12 @@ bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned in return false; } -bool UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) +void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); - if (uriPermMgr) { - return uriPermMgr->RevokeUriPermission(tokenId); - } - return false; + uriPermMgr->RevokeUriPermission(tokenId); + return; } bool UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 15b46efe1fb..7757bb439cb 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -89,7 +89,7 @@ bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int return true; } -bool UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) +void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermission is called."); MessageParcel data; @@ -106,9 +106,8 @@ bool UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken: int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); - return false; } - return true; + return; } bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 82db0a890e6..142d1b36869 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -61,10 +61,7 @@ int UriPermissionManagerStub::OnRemoteRequest( } case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION : { auto tokenId = data.ReadInt32(); - if (!RevokeUriPermission(tokenId)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To revoke uri permission failed."); - } + RevokeUriPermission(tokenId); break; } case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY : { diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index e64d4bd96bf..2475c1cae61 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -46,7 +46,7 @@ public: bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; - bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 320139975b5..fcbd3030d90 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -191,7 +191,7 @@ bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned return false; } -bool UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) +void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); std::vector uriList; @@ -218,13 +218,13 @@ bool UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return false; + return; } if (!uriList.empty()) { storageMgrProxy->DeleteShareFile(tokenId, uriList); } - return true; + return; } bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index aeb06cf9c92..df8149f9ae4 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -48,9 +48,9 @@ public: { return true; } - bool RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override + void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override { - return true; + return; } bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override { -- Gitee From 75e7f1e6344baad4db595a8071e83a470083f927 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 07:29:22 +0000 Subject: [PATCH 33/52] fix error Signed-off-by: gongyuechen --- .../uri_permission/src/uri_permission_manager_proxy.cpp | 4 ++-- .../uri_permission/src/uri_permission_manager_stub.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 7757bb439cb..857124cf959 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -55,7 +55,7 @@ bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int HILOG_ERROR("SendRequest fial, error: %{public}d", error); return false; } - return true; + return reply.ReadBool(); } bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -133,7 +133,7 @@ bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, cons HILOG_ERROR("SendRequest fail, error: %{public}d", error); return false; } - return true; + return reply.ReadBool(); } } // namespace AAFwk } // namespace OHOS diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 142d1b36869..30e19974b09 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -72,7 +72,7 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto bundleName = data.ReadString(); - if (RevokeUriPermissionManually(*uri, bundleName)) { + if (!RevokeUriPermissionManually(*uri, bundleName)) { errCode = ERR_INVALID_OPERATION; HILOG_ERROR("To revoke uri permission failed."); } -- Gitee From 080c39462bc0edc98b4e8faabaeec2e5479214e2 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 08:18:49 +0000 Subject: [PATCH 34/52] fix function too long Signed-off-by: gongyuechen --- services/abilitymgr/src/ability_record.cpp | 21 ++------- .../uri_permission_manager_stub_impl.h | 4 ++ .../src/uri_permission_manager_stub_impl.cpp | 45 ++++++++----------- 3 files changed, 26 insertions(+), 44 deletions(-) diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 06bc9b434b1..0eafc9519d0 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -487,12 +487,7 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest auto callerUid = IPCSkeleton::GetCallingUid(); HILOG_DEBUG("callerPid : %{public}u", callerUid); - auto bms = AbilityUtil::GetBundleManager(); - std::string targetBundleName; - if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { - HILOG_ERROR("Get targetBundleName name by uid failed."); - } - GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); + GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.bundleName); if (isReady_) { auto handler = DelayedSingleton::GetInstance()->GetEventHandler(); @@ -1283,12 +1278,7 @@ void AbilityRecord::SendResult() std::lock_guard guard(lock_); CHECK_POINTER(scheduler_); CHECK_POINTER(result_); - auto bms = AbilityUtil::GetBundleManager(); - std::string targetBundleName; - if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { - HILOG_ERROR("Get targetBundleName name by uid failed."); - } - GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), targetBundleName); + GrantUriPermission(result_->resultWant_, GetCurrentAccountId(), applicationInfo_.bundleName); scheduler_->SendResult(result_->requestCode_, result_->resultCode_, result_->resultWant_); // reset result to avoid send result next time result_.reset(); @@ -2060,12 +2050,7 @@ void AbilityRecord::CallRequest() HILOG_INFO("Call Request."); CHECK_POINTER(scheduler_); - auto bms = AbilityUtil::GetBundleManager(); - std::string targetBundleName; - if (!bms->GetBundleNameForUid(applicationInfo_.uid, targetBundleName)) { - HILOG_ERROR("Get targetBundleName name by uid failed."); - } - GrantUriPermission(want_, GetCurrentAccountId(), targetBundleName); + GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.bundleName); // Async call request scheduler_->CallRequest(); } diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 2475c1cae61..3efcddf5f09 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -55,6 +55,10 @@ private: int GetCurrentAccountId(); void ClearBMSProxy(); void ClearSMProxy(); + bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID fromTokenId, + Security::AccessToken::AccessTokenID targetTokenId, + int autoremove); class BMSOrSMDeathRecipient : public IRemoteObject::DeathRecipient { public: diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index fcbd3030d90..633bc7c550f 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -36,73 +36,66 @@ using TokenId = Security::AccessToken::AccessTokenID; bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) { - auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { + HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); + return false; + } auto bms = ConnectBundleManager(); - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; - if (bms == nullptr) { HILOG_WARN("Failed to get bms."); return false; } - + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; AppExecFwk::BundleInfo uriBundleInfo; Uri uri_inner = uri; auto&& authority = uri_inner.GetAuthority(); - HILOG_INFO("uri authority is %{public}s.", authority.c_str()); if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); return false; } Security::AccessToken::AccessTokenID fromTokenId = uriBundleInfo.applicationInfo.accessTokenId; - HILOG_DEBUG("fromTokenId : %{public}u", fromTokenId); - if (!IN_PROCESS_CALL(bms->GetBundleInfo(targetBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info to targetBundleName."); return false; } Security::AccessToken::AccessTokenID targetTokenId = uriBundleInfo.applicationInfo.accessTokenId; - HILOG_DEBUG("targetTokenId : %{public}u %{public}s", targetTokenId, targetBundleName.c_str()); - // only uri with proxy authorization permission or from process itself can be granted auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); - bool nativeToken = false; - if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - nativeToken = true; - } auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); - if (!nativeToken && !permission && (fromTokenId != callerTokenId)) { + if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && + !permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); return false; } - - if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { - HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return false; - } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; } else { tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } - auto&& scheme = uri_inner.GetScheme(); - HILOG_INFO("uri scheme is %{public}s.", scheme.c_str()); - // only support file or dataShare scheme if (scheme != "file" && scheme != "dataShare") { HILOG_WARN("only support file or dataShare uri."); return false; } + return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId); +} + +bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID fromTokenId, + Security::AccessToken::AccessTokenID targetTokenId, + int autoremove) +{ auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); return false; } - auto uriStr = uri.ToString(); - auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, tmpFlag); + auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, flag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); return false; @@ -117,7 +110,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (nativeInfo.processName == "pasteboard_serv") { autoremove_ = 1; } - GrantInfo info = { tmpFlag, callerTokenId, targetTokenId, autoremove_ }; + GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove_ }; if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); -- Gitee From e86aa8ccc5b470d54a2466b62dd4194036e1a819 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 08:28:48 +0000 Subject: [PATCH 35/52] fix some logic error Signed-off-by: gongyuechen --- .../include/uri_permission_manager_interface.h | 3 +-- .../uripermmgr/src/uri_permission_manager_stub_impl.cpp | 7 +++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index d875590daaa..0675ca99d9a 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -36,8 +36,7 @@ public: * @return Returns true if the authorization is successful, otherwise returns false. */ virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string targetBundleName, - int autoremove) = 0; + const std::string targetBundleName, int autoremove) = 0; /** * @brief Check whether the tokenId has URI permissions. diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 633bc7c550f..f5d9b4e53d9 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -81,7 +81,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i HILOG_WARN("only support file or dataShare uri."); return false; } - return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId); + return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId, autoremove); } bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, @@ -102,13 +102,12 @@ bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); - int autoremove_ = autoremove; // auto remove URI permission for clipboard Security::AccessToken::NativeTokenInfo nativeInfo; - Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(fromTokenId, nativeInfo); + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); if (nativeInfo.processName == "pasteboard_serv") { - autoremove_ = 1; + autoremove = 1; } GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove_ }; if (search == uriMap_.end()) { -- Gitee From 97172f62a71893932c91360a67dc1d9b00f96e64 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Fri, 10 Mar 2023 08:44:30 +0000 Subject: [PATCH 36/52] fix some error Signed-off-by: gongyuechen --- .../src/uri_permission_manager_proxy.cpp | 4 ++-- .../include/uri_permission_manager_stub_impl.h | 1 + .../src/uri_permission_manager_stub_impl.cpp | 11 ++++++----- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 857124cf959..161685af496 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -95,11 +95,11 @@ void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken: MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return false; + return; } if (!data.WriteInt32(tokenId)) { HILOG_ERROR("Write AccessTokenID failed."); - return false; + return; } MessageParcel reply; MessageOption option; diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 3efcddf5f09..9e031de7952 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -56,6 +56,7 @@ private: void ClearBMSProxy(); void ClearSMProxy(); bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID callerTokenId, Security::AccessToken::AccessTokenID fromTokenId, Security::AccessToken::AccessTokenID targetTokenId, int autoremove); diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f5d9b4e53d9..654e24a3e2b 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -81,10 +81,11 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i HILOG_WARN("only support file or dataShare uri."); return false; } - return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId, autoremove); + return GrantUriPermissionImpl(uri, tmpFlag, callerTokenId, fromTokenId, targetTokenId, autoremove); } -bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, +bool UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID callerTokenId, Security::AccessToken::AccessTokenID fromTokenId, Security::AccessToken::AccessTokenID targetTokenId, int autoremove) @@ -109,7 +110,7 @@ bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, if (nativeInfo.processName == "pasteboard_serv") { autoremove = 1; } - GrantInfo info = { tmpFlag, fromTokenId, targetTokenId, autoremove_ }; + GrantInfo info = { Flag, fromTokenId, targetTokenId, autoremove }; if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); @@ -118,9 +119,9 @@ bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, auto& infoList = search->second; for (auto& item : infoList) { if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) { - if ((tmpFlag & item.flag) == 0) { + if ((Flag & item.flag) == 0) { HILOG_INFO("Update uri r/w permission."); - item.flag = tmpFlag; + item.flag = Flag; } HILOG_INFO("uri permission has granted, not to grant again."); return true; -- Gitee From b59c5beaaa872458003ad94fc019801e38d96671 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 03:09:25 +0000 Subject: [PATCH 37/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/BUILD.gn | 8 ++- .../napi/uri_permission/js_uri_perm_mgr.cpp | 50 ++++++++++------- .../include/uri_permission_manager_client.h | 4 +- .../uri_permission_manager_interface.h | 4 +- .../include/uri_permission_manager_proxy.h | 4 +- .../src/uri_permission_manager_client.cpp | 9 +-- .../src/uri_permission_manager_proxy.cpp | 30 +++++----- .../src/uri_permission_manager_stub.cpp | 12 ++-- .../uri_permission_manager_stub_impl.h | 6 +- .../src/uri_permission_manager_stub_impl.cpp | 55 ++++++++++--------- .../uripermissionmanager_fuzzer.cpp | 8 +-- 11 files changed, 104 insertions(+), 86 deletions(-) diff --git a/frameworks/js/napi/uri_permission/BUILD.gn b/frameworks/js/napi/uri_permission/BUILD.gn index a0e5ab46cc7..82e1aefd28c 100644 --- a/frameworks/js/napi/uri_permission/BUILD.gn +++ b/frameworks/js/napi/uri_permission/BUILD.gn @@ -24,16 +24,20 @@ ohos_shared_library("uripermissionmanager_napi") { include_dirs = [] - deps = - [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr" ] + deps =[ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + "${ability_runtime_napi_path}/inner/napi_common:napi_common", + ] external_deps = [ "ability_base:zuri", + "ability_runtime:ability_runtime_error_util", "ability_runtime:abilitykit_native", "ability_runtime:runtime", "bundle_framework:appexecfwk_base", "c_utils:utils", "hiviewdfx_hilog_native:libhilog", + "napi:ace_napi", ] if (!ability_runtime_graphics) { diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 680d0e0b8e4..b2361646338 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -15,14 +15,19 @@ #include "js_uri_perm_mgr.h" +#include "ability_runtime_error_util.h" #include "hilog_wrapper.h" #include "js_error_utils.h" #include "js_runtime_utils.h" +#include "napi_common_util.h" #include "uri.h" #include "uri_permission_manager_client.h" namespace OHOS { namespace AbilityRuntime { +const int32_t INTERNAL_ERROR = 16000050; +const int32_t PERMISSION_ERROR = 201; +const int32_t ERR_OK = 0; class JsUriPermMgr { public: JsUriPermMgr() = default; @@ -51,10 +56,11 @@ private: { constexpr int32_t argCountFour = 4; constexpr int32_t argCountThree = 3; + constexpr int32_t argTwo = 2; // only support 3 or 4 params (3 parameter and 1 optional callback) if (info.argc != argCountThree && info.argc != argCountFour) { HILOG_ERROR("The number of parameter is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowTooFewParametersError(engine); return engine.CreateUndefined(); } HILOG_DEBUG("Grant Uri Permission start"); @@ -63,34 +69,38 @@ private: if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[0]), uriStr)) { HILOG_ERROR("The uriStr is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } int flag = 0; if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[1]), flag)) { HILOG_ERROR("The flag is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } std::string targetBundleName; - if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), - reinterpret_cast(info.argv[2]), targetBundleName)) { + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), + reinterpret_cast(info.argv[argTwo]), targetBundleName)) { HILOG_ERROR("The flag is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } AsyncTask::CompleteCallback complete = [uriStr, flag, targetBundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { Uri uri(uriStr); - int autoremove = 0; auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->GrantUriPermission(uri, flag, - targetBundleName, autoremove); - if (errCode == true) { - task.ResolveWithNoError(engine, CreateJsApplicationQuickFixInfo(engine, quickFixInfo)); - } else { - task.Reject(engine, CreateJsErrorByErrorCode(engine, 201)); + targetBundleName, 0); + if (errCode == ERR_OK) { + task.ResolveWithNoError(engine, engine.CreateUndefined()); + } + if (errCode == PERMISSION_ERROR) { + task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); + } + if (errCode == INTERNAL_ERROR) { + task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, + "Internal Error.")); } }; @@ -115,14 +125,14 @@ private: if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[0]), uriStr)) { HILOG_ERROR("The uriStr is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } std::string bundleName; - if (!OHOS::AppExecFwk::UnwrapInt32FromJS2(reinterpret_cast(&engine), + if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[1]), bundleName)) { HILOG_ERROR("The flag is invalid."); - Throw(engine, AAFwk::ERR_QUICKFIX_PARAM_INVALID); + ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } @@ -131,10 +141,12 @@ private: Uri uri(uriStr); auto errCode = AAFwk::UriPermissionManagerClient::GetInstance()->RevokeUriPermissionManually(uri, bundleName); - if (errCode == true) { - task.ResolveWithNoError(engine, CreateJsApplicationQuickFixInfo(engine, quickFixInfo)); - } else { - task.Reject(engine, CreateJsErrorByErrorCode(engine, 201)); + if (errCode == ERR_OK) { + task.ResolveWithNoError(engine, engine.CreateUndefined()); + } + if (errCode == INTERNAL_ERROR) { + task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, + "Internal Error.")); } }; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index cb05fefe039..b18f21726b8 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -39,7 +39,7 @@ public: * @param targetBundleName The user of uri. * @param autoremove the uri is temperarily or not */ - bool GrantUriPermission(const Uri &uri, unsigned int flag, + int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove); /** @@ -65,7 +65,7 @@ public: * @param uri The file uri. * @param BundleName A BundleName of an application. */ - bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName); + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName); private: sptr ConnectUriPermService(); diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 0675ca99d9a..e48d0bb8643 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -35,7 +35,7 @@ public: * @param autoremove the uri is temperarily or not * @return Returns true if the authorization is successful, otherwise returns false. */ - virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, + virtual int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) = 0; /** @@ -64,7 +64,7 @@ public: * @param bundleName bundleName of an application. * @return Returns true if the remove is successful, otherwise returns false. */ - virtual bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) = 0; + virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) = 0; enum UriPermMgrCmd { // ipc id for GrantUriPermission diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index ff919ff2152..32b6ef5904f 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -26,7 +26,7 @@ public: explicit UriPermissionManagerProxy(const sptr &impl); virtual ~UriPermissionManagerProxy() = default; - virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, + virtual int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; @@ -34,7 +34,7 @@ public: const Security::AccessToken::AccessTokenID tokenId) override; virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - virtual bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; + virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: static inline BrokerDelegator delegator_; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 2729f0afe35..a076c92698f 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -22,7 +22,8 @@ namespace OHOS { namespace AAFwk { -bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, +const int32_t INTERNAL_ERROR = 16000050; +int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); @@ -31,7 +32,7 @@ bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int if (uriPermMgr) { return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, autoremove); } - return false; + return INTERNAL_ERROR; } bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -53,14 +54,14 @@ void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken return; } -bool UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) +int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermissionManually is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { return uriPermMgr->RevokeUriPermissionManually(uri, bundleName); } - return false; + return INTERNAL_ERROR; } sptr UriPermissionManagerClient::ConnectUriPermService() diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 161685af496..f4887379aea 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -20,42 +20,44 @@ namespace OHOS { namespace AAFwk { +const int32_t INTERNAL_ERROR = 16000050; + UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr &impl) : IRemoteProxy(impl) {} -bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, +int UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteString(targetBundleName)) { HILOG_ERROR("Write targetBundleName failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteInt32(autoremove)) { HILOG_ERROR("Write autoremove failed."); - return false; + return INTERNAL_ERROR; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return false; + return INTERNAL_ERROR; } - return reply.ReadBool(); + return reply.ReadInt32(); } bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -110,30 +112,30 @@ void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken: return; } -bool UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) +int UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermissionManually is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return false; + return INTERNAL_ERROR; } if (!data.WriteString(bundleName)) { HILOG_ERROR("Write bundleName failed."); - return false; + return INTERNAL_ERROR; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); - return false; + return INTERNAL_ERROR; } - return reply.ReadBool(); + return reply.ReadInt32(); } } // namespace AAFwk } // namespace OHOS diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 30e19974b09..cc84e429050 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -38,10 +38,8 @@ int UriPermissionManagerStub::OnRemoteRequest( auto flag = data.ReadInt32(); auto targetBundleName = data.ReadString(); auto autoremove = data.ReadInt32(); - if (!GrantUriPermission(*uri, flag, targetBundleName, autoremove)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To grant uri permission failed."); - } + int result = GrantUriPermission(*uri, flag, targetBundleName, autoremove); + reply.WriteInt32(result); break; } case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { @@ -72,10 +70,8 @@ int UriPermissionManagerStub::OnRemoteRequest( break; } auto bundleName = data.ReadString(); - if (!RevokeUriPermissionManually(*uri, bundleName)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To revoke uri permission failed."); - } + int result = RevokeUriPermissionManually(*uri, bundleName); + reply.WriteInt32(result); break; } default: diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 9e031de7952..4e89114d038 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -41,13 +41,13 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - bool GrantUriPermission(const Uri &uri, unsigned int flag, + int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override; void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; - bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; private: sptr ConnectBundleManager(); @@ -55,7 +55,7 @@ private: int GetCurrentAccountId(); void ClearBMSProxy(); void ClearSMProxy(); - bool GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + int GrantUriPermissionImpl(const Uri &uri, unsigned int flag, Security::AccessToken::AccessTokenID callerTokenId, Security::AccessToken::AccessTokenID fromTokenId, Security::AccessToken::AccessTokenID targetTokenId, diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 654e24a3e2b..f8e1fb5e6e5 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -31,19 +31,22 @@ namespace OHOS { namespace AAFwk { const int32_t DEFAULT_USER_ID = 0; +const int32_t INTERNAL_ERROR = 16000050; +const int32_t PERMISSION_DENIED_ERROR = 201; +const int32_t ERR_OK = 0; using TokenId = Security::AccessToken::AccessTokenID; -bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, +int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) { if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return false; + return INTERNAL_ERROR; } auto bms = ConnectBundleManager(); if (bms == nullptr) { HILOG_WARN("Failed to get bms."); - return false; + return INTERNAL_ERROR; } auto callerTokenId = IPCSkeleton::GetCallingTokenID(); HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); @@ -53,12 +56,12 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto&& authority = uri_inner.GetAuthority(); if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); - return false; + return INTERNAL_ERROR; } Security::AccessToken::AccessTokenID fromTokenId = uriBundleInfo.applicationInfo.accessTokenId; if (!IN_PROCESS_CALL(bms->GetBundleInfo(targetBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info to targetBundleName."); - return false; + return INTERNAL_ERROR; } Security::AccessToken::AccessTokenID targetTokenId = uriBundleInfo.applicationInfo.accessTokenId; // only uri with proxy authorization permission or from process itself can be granted @@ -68,7 +71,7 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && !permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); - return false; + return PERMISSION_DENIED_ERROR; } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { @@ -79,27 +82,27 @@ bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto&& scheme = uri_inner.GetScheme(); if (scheme != "file" && scheme != "dataShare") { HILOG_WARN("only support file or dataShare uri."); - return false; + return INTERNAL_ERROR; } return GrantUriPermissionImpl(uri, tmpFlag, callerTokenId, fromTokenId, targetTokenId, autoremove); } -bool UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, - Security::AccessToken::AccessTokenID callerTokenId, - Security::AccessToken::AccessTokenID fromTokenId, - Security::AccessToken::AccessTokenID targetTokenId, - int autoremove) +int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, + Security::AccessToken::AccessTokenID callerTokenId, + Security::AccessToken::AccessTokenID fromTokenId, + Security::AccessToken::AccessTokenID targetTokenId, + int autoremove) { auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return false; + return INTERNAL_ERROR; } auto uriStr = uri.ToString(); auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, flag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); - return false; + return INTERNAL_ERROR; } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); @@ -110,25 +113,25 @@ bool UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsign if (nativeInfo.processName == "pasteboard_serv") { autoremove = 1; } - GrantInfo info = { Flag, fromTokenId, targetTokenId, autoremove }; + GrantInfo info = { flag, fromTokenId, targetTokenId, autoremove }; if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); - return true; + return ERR_OK; } auto& infoList = search->second; for (auto& item : infoList) { if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) { - if ((Flag & item.flag) == 0) { + if ((flag & item.flag) == 0) { HILOG_INFO("Update uri r/w permission."); - item.flag = Flag; + item.flag = flag; } HILOG_INFO("uri permission has granted, not to grant again."); - return true; + return ERR_OK; } } infoList.emplace_back(info); - return true; + return ERR_OK; } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, @@ -220,19 +223,19 @@ void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) return; } -bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) +int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { HILOG_DEBUG("Start to remove uri permission manually."); auto bms = ConnectBundleManager(); if (bms == nullptr) { HILOG_WARN("Failed to get bms."); - return false; + return INTERNAL_ERROR; } AppExecFwk::BundleInfo uriBundleInfo; auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info to bundleName."); - return false; + return INTERNAL_ERROR; } Security::AccessToken::AccessTokenID tokenId = uriBundleInfo.applicationInfo.accessTokenId; std::vector uriList; @@ -243,7 +246,7 @@ bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, c auto search = uriMap_.find(uriStr); if (search == uriMap_.end()) { HILOG_ERROR("URI does not exist on uri map."); - return false; + return INTERNAL_ERROR; } auto& list = search->second; for (auto it = list.begin(); it != list.end(); it++) { @@ -259,13 +262,13 @@ bool UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, c auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return false; + return INTERNAL_ERROR; } if (!uriList.empty()) { storageMgrProxy->DeleteShareFile(tokenId, uriList); } - return true; + return ERR_OK; } sptr UriPermissionManagerStubImpl::ConnectBundleManager() diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index df8149f9ae4..5af92b2049a 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -37,11 +37,11 @@ public: UriPermissionManagerStubFuzzTest() = default; virtual ~UriPermissionManagerStubFuzzTest() {} - bool GrantUriPermission(const Uri &uri, unsigned int flag, + int GrantUriPermission(const Uri &uri, unsigned int flag, std::string targetBundleName, int autoremove) override { - return true; + return 0; } bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override @@ -52,9 +52,9 @@ public: { return; } - bool RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override + int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override { - return true; + return 0; } }; -- Gitee From f7ebc170156b5b8560b416ce720e22f4d9b786b7 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 06:32:36 +0000 Subject: [PATCH 38/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/js/napi/uri_permission/BUILD.gn b/frameworks/js/napi/uri_permission/BUILD.gn index 82e1aefd28c..d8c47d64168 100644 --- a/frameworks/js/napi/uri_permission/BUILD.gn +++ b/frameworks/js/napi/uri_permission/BUILD.gn @@ -24,7 +24,7 @@ ohos_shared_library("uripermissionmanager_napi") { include_dirs = [] - deps =[ + deps = [ "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", "${ability_runtime_napi_path}/inner/napi_common:napi_common", ] -- Gitee From 49f6aab3a7c1c2a34413f3786d2a709899f4e078 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 06:49:12 +0000 Subject: [PATCH 39/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/abilitymgr/src/mission_list_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 6045cf8cbc2..1d9b6b6bc8b 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1834,7 +1834,7 @@ void MissionListManager::OnTimeOut(uint32_t msgId, int64_t eventId) } HILOG_DEBUG("Ability timeout ,msg:%{public}d,name:%{public}s", msgId, abilityRecord->GetAbilityInfo().name.c_str()); - abilityRecord->RemoveUriPermission(); + abilityRecord->RevokeUriPermission(); #ifdef SUPPORT_GRAPHICS if (abilityRecord->IsStartingWindow()) { -- Gitee From 22817e795ff87526edc4a536210ab84003d86744 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 08:54:57 +0000 Subject: [PATCH 40/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index b2361646338..682937c00b3 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -64,7 +64,6 @@ private: return engine.CreateUndefined(); } HILOG_DEBUG("Grant Uri Permission start"); - std::string uriStr; if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[0]), uriStr)) { @@ -86,7 +85,6 @@ private: ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } - AsyncTask::CompleteCallback complete = [uriStr, flag, targetBundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { Uri uri(uriStr); @@ -94,7 +92,7 @@ private: targetBundleName, 0); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } + } if (errCode == PERMISSION_ERROR) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); } @@ -103,7 +101,6 @@ private: "Internal Error.")); } }; - NativeValue* lastParam = (info.argc == argCountFour) ? info.argv[argCountThree] : nullptr; NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnGrantUriPermission", @@ -143,7 +140,7 @@ private: bundleName); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } + } if (errCode == INTERNAL_ERROR) { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); -- Gitee From 6f1e96223b50addce128baa4080af638f0f65774 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 11:30:46 +0000 Subject: [PATCH 41/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../js/napi/uri_permission/js_uri_perm_mgr.cpp | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 682937c00b3..fbe2194927a 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -25,9 +25,12 @@ namespace OHOS { namespace AbilityRuntime { -const int32_t INTERNAL_ERROR = 16000050; -const int32_t PERMISSION_ERROR = 201; -const int32_t ERR_OK = 0; +constexpr int32_t INTERNAL_ERROR = 16000050; +constexpr int32_t PERMISSION_ERROR = 201; +constexpr int32_t ERR_OK = 0; +constexpr int32_t argCountFour = 4; +constexpr int32_t argCountThree = 3; +constexpr int32_t argCountTwo = 2; class JsUriPermMgr { public: JsUriPermMgr() = default; @@ -54,10 +57,6 @@ public: private: NativeValue* OnGrantUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { - constexpr int32_t argCountFour = 4; - constexpr int32_t argCountThree = 3; - constexpr int32_t argTwo = 2; - // only support 3 or 4 params (3 parameter and 1 optional callback) if (info.argc != argCountThree && info.argc != argCountFour) { HILOG_ERROR("The number of parameter is invalid."); ThrowTooFewParametersError(engine); @@ -80,7 +79,7 @@ private: } std::string targetBundleName; if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), - reinterpret_cast(info.argv[argTwo]), targetBundleName)) { + reinterpret_cast(info.argv[argCountTwo]), targetBundleName)) { HILOG_ERROR("The flag is invalid."); ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); @@ -110,8 +109,6 @@ private: NativeValue* OnRevokeUriPermission(NativeEngine& engine, NativeCallbackInfo& info) { - constexpr int32_t argCountThree = 3; - constexpr int32_t argCountTwo = 2; // only support 2 or 3 params (2 parameter and 1 optional callback) if (info.argc != argCountThree && info.argc != argCountTwo) { HILOG_ERROR("Invalid arguments"); -- Gitee From ae2aacc62b6953d4f9f22f4a8352e9f766046890 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 13 Mar 2023 12:38:47 +0000 Subject: [PATCH 42/52] delete verifyuripermission Signed-off-by: gongyuechen --- .../include/uri_permission_manager_client.h | 10 ---- .../uri_permission_manager_interface.h | 14 ----- .../include/uri_permission_manager_proxy.h | 3 -- .../src/uri_permission_manager_client.cpp | 11 ---- .../src/uri_permission_manager_proxy.cpp | 31 ----------- .../src/uri_permission_manager_stub.cpp | 15 ------ .../uri_permission_manager_stub_impl.h | 2 - .../src/uri_permission_manager_stub_impl.cpp | 53 ------------------- .../uripermissionmanager_fuzzer.cpp | 5 -- 9 files changed, 144 deletions(-) diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index b18f21726b8..a1344f29f86 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -42,16 +42,6 @@ public: int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove); - /** - * @brief Check whether the tokenId has URI permissions. - * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param tokenId The user of uri. - * @return Returns true if the verification is successful, otherwise returns false. - */ - bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId); - /** * @brief Clear user's uri authorization record with auto remove flag. * diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index e48d0bb8643..30915f3716d 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -38,17 +38,6 @@ public: virtual int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) = 0; - /** - * @brief Check whether the tokenId has URI permissions. - * - * @param uri The file uri. - * @param flag Want::FLAG_AUTH_READ_URI_PERMISSION or Want::FLAG_AUTH_WRITE_URI_PERMISSION. - * @param tokenId The user of uri. - * @return Returns true if the verification is successful, otherwise returns false. - */ - virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) = 0; - /** * @brief Clear user's uri authorization record with autoremove flag. * @@ -70,9 +59,6 @@ public: // ipc id for GrantUriPermission ON_GRANT_URI_PERMISSION = 0, - // ipc id for VerifyUriPermission - ON_VERIFY_URI_PERMISSION, - // ipc id for RevokeUriPermission ON_REVOKE_URI_PERMISSION, diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 32b6ef5904f..bbacbc4814e 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -30,9 +30,6 @@ public: const std::string targetBundleName, int autoremove) override; - virtual bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override; - virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index a076c92698f..4f51f886683 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -35,17 +35,6 @@ int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int return INTERNAL_ERROR; } -bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) -{ - HILOG_DEBUG("UriPermissionManagerClient::VerifyUriPermission is called."); - auto uriPermMgr = ConnectUriPermService(); - if (uriPermMgr) { - return uriPermMgr->VerifyUriPermission(uri, flag, tokenId); - } - return false; -} - void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermission is called."); diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index f4887379aea..9d1958973f0 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -60,37 +60,6 @@ int UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int f return reply.ReadInt32(); } -bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) -{ - HILOG_DEBUG("UriPermissionManagerProxy::VerifyUriPermission is called."); - MessageParcel data; - if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { - HILOG_ERROR("Write interface token failed."); - return false; - } - if (!data.WriteParcelable(&uri)) { - HILOG_ERROR("Write uri failed."); - return false; - } - if (!data.WriteInt32(flag)) { - HILOG_ERROR("Write flag failed."); - return false; - } - if (!data.WriteInt32(tokenId)) { - HILOG_ERROR("Write tokenId failed."); - return false; - } - MessageParcel reply; - MessageOption option; - int error = Remote()->SendRequest(UriPermMgrCmd::ON_VERIFY_URI_PERMISSION, data, reply, option); - if (error != ERR_OK) { - HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return false; - } - return true; -} - void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerProxy::RevokeUriPermission is called."); diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index cc84e429050..5f2e6327f3f 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -42,21 +42,6 @@ int UriPermissionManagerStub::OnRemoteRequest( reply.WriteInt32(result); break; } - case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { - std::unique_ptr uri(data.ReadParcelable()); - if (!uri) { - errCode = ERR_DEAD_OBJECT; - HILOG_ERROR("To read uri failed."); - break; - } - auto flag = data.ReadInt32(); - auto tokenId = data.ReadInt32(); - if (!VerifyUriPermission(*uri, flag, tokenId)) { - errCode = ERR_INVALID_OPERATION; - HILOG_ERROR("To check uri permission failed."); - } - break; - } case UriPermMgrCmd::ON_REVOKE_URI_PERMISSION : { auto tokenId = data.ReadInt32(); RevokeUriPermission(tokenId); diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 4e89114d038..5af3a3f3a7e 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -43,8 +43,6 @@ public: int GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) override; - bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override; void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index dfe781a4e09..ab8929864c1 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -134,59 +134,6 @@ int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigne return ERR_OK; } -bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) -{ - if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { - HILOG_WARN("UriPermissionManagerStubImpl:::VerifyUriPermission: The param flag is invalid."); - return false; - } - - auto bms = ConnectBundleManager(); - auto uriStr = uri.ToString(); - if (bms) { - AppExecFwk::ExtensionAbilityInfo info; - if (!IN_PROCESS_CALL(bms->QueryExtensionAbilityInfoByUri(uriStr, GetCurrentAccountId(), info))) { - HILOG_DEBUG("%{public}s, Fail to get extension info from bundle manager.", __func__); - return false; - } - if (info.type != AppExecFwk::ExtensionAbilityType::FILESHARE) { - HILOG_DEBUG("%{public}s, The upms only open to FILESHARE. The type is %{public}u.", __func__, info.type); - return false; - } - - if (tokenId == info.applicationInfo.accessTokenId) { - HILOG_DEBUG("The uri belongs to this application."); - return true; - } - } - - std::lock_guard guard(mutex_); - auto search = uriMap_.find(uriStr); - if (search == uriMap_.end()) { - HILOG_DEBUG("This tokenID does not have permission for this uri."); - return false; - } - - unsigned int tmpFlag = 0; - if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { - tmpFlag = Want::FLAG_AUTH_WRITE_URI_PERMISSION; - } else { - tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; - } - - for (const auto& item : search->second) { - if (item.targetTokenId == tokenId && - (item.flag == Want::FLAG_AUTH_WRITE_URI_PERMISSION || item.flag == tmpFlag)) { - HILOG_DEBUG("This tokenID have permission for this uri."); - return true; - } - } - - HILOG_DEBUG("The application does not have permission for this URI."); - return false; -} - void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 5af92b2049a..aa084565986 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -43,11 +43,6 @@ public: { return 0; } - bool VerifyUriPermission(const Uri &uri, unsigned int flag, - const Security::AccessToken::AccessTokenID tokenId) override - { - return true; - } void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override { return; -- Gitee From 982f97e3aa9c358e6abb2c80370687eda87dbe47 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 03:20:02 +0000 Subject: [PATCH 43/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 2 +- .../uri_permission_manager_interface.h | 2 +- .../include/uri_permission_manager_proxy.h | 3 +- .../src/uri_permission_manager_client.cpp | 2 +- .../src/uri_permission_manager_proxy.cpp | 1 - services/abilitymgr/src/ability_record.cpp | 2 - .../uri_permission_manager_stub_impl.h | 2 +- .../src/uri_permission_manager_stub_impl.cpp | 79 +++++++++---------- 8 files changed, 42 insertions(+), 51 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index fbe2194927a..4104b8fea72 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -80,7 +80,7 @@ private: std::string targetBundleName; if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[argCountTwo]), targetBundleName)) { - HILOG_ERROR("The flag is invalid."); + HILOG_ERROR("The targetBundleName is invalid."); ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 30915f3716d..732ccf4123e 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -25,7 +25,7 @@ namespace AAFwk { class IUriPermissionManager : public IRemoteBroker { public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.ability.UriPermissionManager"); - + /** * @brief Authorize the uri permission to targetBundleName. * diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index bbacbc4814e..98914541be9 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -27,8 +27,7 @@ public: virtual ~UriPermissionManagerProxy() = default; virtual int GrantUriPermission(const Uri &uri, unsigned int flag, - const std::string targetBundleName, - int autoremove) override; + const std::string targetBundleName, int autoremove) override; virtual void RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) override; virtual int RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) override; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 4f51f886683..57cea6d614a 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -27,7 +27,7 @@ int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int const std::string targetBundleName, int autoremove) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); - HILOG_DEBUG("argetBundleName :%{public}s", targetBundleName.c_str()); + HILOG_DEBUG("targetBundleName :%{public}s", targetBundleName.c_str()); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, autoremove); diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 9d1958973f0..efc6272b5c7 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -78,7 +78,6 @@ void UriPermissionManagerProxy::RevokeUriPermission(const Security::AccessToken: if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); } - return; } int UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 2e0869fac1a..76314993d56 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -484,8 +484,6 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::string element = GetWant().GetElement().GetURI(); HILOG_DEBUG("SUPPORT_GRAPHICS: ability record: %{public}s", element.c_str()); - auto callerUid = IPCSkeleton::GetCallingUid(); - HILOG_DEBUG("callerPid : %{public}u", callerUid); GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.bundleName); diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 5af3a3f3a7e..4a3d3d1cf8e 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -54,10 +54,10 @@ private: void ClearBMSProxy(); void ClearSMProxy(); int GrantUriPermissionImpl(const Uri &uri, unsigned int flag, - Security::AccessToken::AccessTokenID callerTokenId, Security::AccessToken::AccessTokenID fromTokenId, Security::AccessToken::AccessTokenID targetTokenId, int autoremove); + Security::AccessToken::AccessTokenID GetTokenIdByBundleName(const std::string bundleName); class BMSOrSMDeathRecipient : public IRemoteObject::DeathRecipient { public: diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index ab8929864c1..978684cabbe 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -43,29 +43,12 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); return INTERNAL_ERROR; } - auto bms = ConnectBundleManager(); - if (bms == nullptr) { - HILOG_WARN("Failed to get bms."); - return INTERNAL_ERROR; - } - auto callerTokenId = IPCSkeleton::GetCallingTokenID(); - HILOG_DEBUG("callerTokenId : %{public}u", callerTokenId); - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; - AppExecFwk::BundleInfo uriBundleInfo; Uri uri_inner = uri; auto&& authority = uri_inner.GetAuthority(); - if (!IN_PROCESS_CALL(bms->GetBundleInfo(authority, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info according to uri."); - return INTERNAL_ERROR; - } - Security::AccessToken::AccessTokenID fromTokenId = uriBundleInfo.applicationInfo.accessTokenId; - if (!IN_PROCESS_CALL(bms->GetBundleInfo(targetBundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info to targetBundleName."); - return INTERNAL_ERROR; - } - Security::AccessToken::AccessTokenID targetTokenId = uriBundleInfo.applicationInfo.accessTokenId; - // only uri with proxy authorization permission or from process itself can be granted - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); + Security::AccessToken::AccessTokenID fromTokenId = GetTokenIdByBundleName(authority); + Security::AccessToken::AccessTokenID targetTokenId = GetTokenIdByBundleName(targetBundleName); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerTokenId); auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && @@ -84,11 +67,17 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in HILOG_WARN("only support file or dataShare uri."); return INTERNAL_ERROR; } - return GrantUriPermissionImpl(uri, tmpFlag, callerTokenId, fromTokenId, targetTokenId, autoremove); + // auto remove URI permission for clipboard + Security::AccessToken::NativeTokenInfo nativeInfo; + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); + HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); + if (nativeInfo.processName == "pasteboard_serv") { + autoremove = 1; + } + return GrantUriPermissionImpl(uri, tmpFlag, fromTokenId, targetTokenId, autoremove); } int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, - Security::AccessToken::AccessTokenID callerTokenId, Security::AccessToken::AccessTokenID fromTokenId, Security::AccessToken::AccessTokenID targetTokenId, int autoremove) @@ -106,13 +95,6 @@ int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigne } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); - // auto remove URI permission for clipboard - Security::AccessToken::NativeTokenInfo nativeInfo; - Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); - HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); - if (nativeInfo.processName == "pasteboard_serv") { - autoremove = 1; - } GrantInfo info = { flag, fromTokenId, targetTokenId, autoremove }; if (search == uriMap_.end()) { std::list infoList = { info }; @@ -173,18 +155,18 @@ void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) { HILOG_DEBUG("Start to remove uri permission manually."); - auto bms = ConnectBundleManager(); - if (bms == nullptr) { - HILOG_WARN("Failed to get bms."); - return INTERNAL_ERROR; - } - AppExecFwk::BundleInfo uriBundleInfo; - auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; - if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, uriBundleInfo, GetCurrentAccountId()))) { - HILOG_WARN("To fail to get bundle info to bundleName."); - return INTERNAL_ERROR; + Uri uri_inner = uri; + auto&& authority = uri_inner.GetAuthority(); + Security::AccessToken::AccessTokenID uriTokenId = GetTokenIdByBundleName(authority); + Security::AccessToken::AccessTokenID tokenId = GetTokenIdByBundleName(bundleName); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + auto permission = PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); + if (!permission && (uriTokenId != callerTokenId) && (tokenId != callerTokenId)) { + HILOG_WARN("UriPermissionManagerStubImpl::RevokeUriPermission: No permission for revoke uri."); + return PERMISSION_DENIED_ERROR; } - Security::AccessToken::AccessTokenID tokenId = uriBundleInfo.applicationInfo.accessTokenId; + std::vector uriList; { std::lock_guard guard(mutex_); @@ -205,7 +187,6 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co } } } - auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); @@ -250,6 +231,20 @@ sptr UriPermissionManagerStubImpl::ConnectBundleManager( return bundleManager_; } +Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByBundleName(const std::string bundleName) { + auto bms = ConnectBundleManager(); + if (bms == nullptr) { + HILOG_WARN("Failed to get bms."); + return INTERNAL_ERROR; + } + AppExecFwk::BundleInfo bundleInfo; + if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, GetCurrentAccountId()))) { + HILOG_WARN("To fail to get bundle info according to uri."); + return INTERNAL_ERROR; + } + return bundleInfo.applicationInfo.accessTokenId; +} + sptr UriPermissionManagerStubImpl::ConnectStorageManager() { std::lock_guard lock(storageMutex_); -- Gitee From a09d1a52e6be28c9bd7a85f195c650c7e78a2995 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 03:25:39 +0000 Subject: [PATCH 44/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../js/napi/uri_permission/js_uri_perm_mgr.cpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 4104b8fea72..5fd209ec307 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -91,11 +91,9 @@ private: targetBundleName, 0); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } - if (errCode == PERMISSION_ERROR) { + } else if (errCode == PERMISSION_ERROR) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); - } - if (errCode == INTERNAL_ERROR) { + } else if (errCode == INTERNAL_ERROR) { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); } @@ -125,7 +123,7 @@ private: std::string bundleName; if (!OHOS::AppExecFwk::UnwrapStringFromJS2(reinterpret_cast(&engine), reinterpret_cast(info.argv[1]), bundleName)) { - HILOG_ERROR("The flag is invalid."); + HILOG_ERROR("The bundleName is invalid."); ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } @@ -137,8 +135,9 @@ private: bundleName); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } - if (errCode == INTERNAL_ERROR) { + } else if (errCode == PERMISSION_ERROR) { + task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); + }else if (errCode == INTERNAL_ERROR) { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); } -- Gitee From 6db3c25b9933d9f051a63029752d3a39373d30fd Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 03:29:23 +0000 Subject: [PATCH 45/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/src/uri_permission_manager_stub_impl.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 978684cabbe..eeb1595c4d8 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -237,6 +237,7 @@ Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByB HILOG_WARN("Failed to get bms."); return INTERNAL_ERROR; } + auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; AppExecFwk::BundleInfo bundleInfo; if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); -- Gitee From d7733d02fbbf25153b0373f879f6735ede37d614 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 06:19:19 +0000 Subject: [PATCH 46/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../napi/uri_permission/js_uri_perm_mgr.cpp | 11 ++++----- .../src/uri_permission_manager_client.cpp | 10 ++++---- .../src/uri_permission_manager_proxy.cpp | 23 +++++++++--------- .../src/uri_permission_manager_stub_impl.cpp | 24 +++++++++---------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 5fd209ec307..4a6d9314f6d 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -15,6 +15,7 @@ #include "js_uri_perm_mgr.h" +#include "ability_manager_errors.h" #include "ability_runtime_error_util.h" #include "hilog_wrapper.h" #include "js_error_utils.h" @@ -25,8 +26,6 @@ namespace OHOS { namespace AbilityRuntime { -constexpr int32_t INTERNAL_ERROR = 16000050; -constexpr int32_t PERMISSION_ERROR = 201; constexpr int32_t ERR_OK = 0; constexpr int32_t argCountFour = 4; constexpr int32_t argCountThree = 3; @@ -91,9 +90,9 @@ private: targetBundleName, 0); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } else if (errCode == PERMISSION_ERROR) { + } else if (errCode == CHECK_PERMISSION_FAILED) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); - } else if (errCode == INTERNAL_ERROR) { + } else { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); } @@ -135,9 +134,9 @@ private: bundleName); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } else if (errCode == PERMISSION_ERROR) { + } else if (errCode == CHECK_PERMISSION_FAILED) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); - }else if (errCode == INTERNAL_ERROR) { + } else { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); } diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 57cea6d614a..83e2baffa61 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -15,6 +15,7 @@ #include "uri_permission_manager_client.h" +#include "ability_manager_errors.h" #include "hilog_wrapper.h" #include "if_system_ability_manager.h" #include "iservice_registry.h" @@ -22,7 +23,6 @@ namespace OHOS { namespace AAFwk { -const int32_t INTERNAL_ERROR = 16000050; int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, const std::string targetBundleName, int autoremove) { @@ -32,14 +32,16 @@ int UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int if (uriPermMgr) { return uriPermMgr->GrantUriPermission(uri, flag, targetBundleName, autoremove); } - return INTERNAL_ERROR; + return INNER_ERR; } void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken::AccessTokenID tokenId) { HILOG_DEBUG("UriPermissionManagerClient::RevokeUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); - uriPermMgr->RevokeUriPermission(tokenId); + if (uriPermMgr) { + return uriPermMgr->RevokeUriPermission(tokenId); + } return; } @@ -50,7 +52,7 @@ int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, cons if (uriPermMgr) { return uriPermMgr->RevokeUriPermissionManually(uri, bundleName); } - return INTERNAL_ERROR; + return INNER_ERR; } sptr UriPermissionManagerClient::ConnectUriPermService() diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index efc6272b5c7..bb7be569fa0 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -15,13 +15,12 @@ #include "uri_permission_manager_proxy.h" +#include "ability_manager_errors.h" #include "hilog_wrapper.h" #include "parcel.h" namespace OHOS { namespace AAFwk { -const int32_t INTERNAL_ERROR = 16000050; - UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr &impl) : IRemoteProxy(impl) {} @@ -32,30 +31,30 @@ int UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int f MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteString(targetBundleName)) { HILOG_ERROR("Write targetBundleName failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteInt32(autoremove)) { HILOG_ERROR("Write autoremove failed."); - return INTERNAL_ERROR; + return INNER_ERR; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); - return INTERNAL_ERROR; + return INNER_ERR; } return reply.ReadInt32(); } @@ -86,22 +85,22 @@ int UriPermissionManagerProxy::RevokeUriPermissionManually(const Uri &uri, const MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return INTERNAL_ERROR; + return INNER_ERR; } if (!data.WriteString(bundleName)) { HILOG_ERROR("Write bundleName failed."); - return INTERNAL_ERROR; + return INNER_ERR; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_REVOKE_URI_PERMISSION_MANUALLY, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fail, error: %{public}d", error); - return INTERNAL_ERROR; + return INNER_ERR; } return reply.ReadInt32(); } diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index eeb1595c4d8..f778eac928f 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -15,6 +15,7 @@ #include "uri_permission_manager_stub_impl.h" +#include "ability_manager_errors.h" #include "accesstoken_kit.h" #include "hilog_wrapper.h" #include "if_system_ability_manager.h" @@ -31,8 +32,6 @@ namespace OHOS { namespace AAFwk { const int32_t DEFAULT_USER_ID = 0; -const int32_t INTERNAL_ERROR = 16000050; -const int32_t PERMISSION_DENIED_ERROR = 201; const int32_t ERR_OK = 0; using TokenId = Security::AccessToken::AccessTokenID; @@ -41,7 +40,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in { if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return INTERNAL_ERROR; + return INNER_ERR; } Uri uri_inner = uri; auto&& authority = uri_inner.GetAuthority(); @@ -54,7 +53,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE && !permission && (fromTokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: No permission for proxy authorization uri."); - return PERMISSION_DENIED_ERROR; + return CHECK_PERMISSION_FAILED; } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { @@ -65,7 +64,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in auto&& scheme = uri_inner.GetScheme(); if (scheme != "file" && scheme != "dataShare") { HILOG_WARN("only support file or dataShare uri."); - return INTERNAL_ERROR; + return INNER_ERR; } // auto remove URI permission for clipboard Security::AccessToken::NativeTokenInfo nativeInfo; @@ -85,13 +84,13 @@ int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigne auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return INTERNAL_ERROR; + return INNER_ERR; } auto uriStr = uri.ToString(); auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, flag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); - return INTERNAL_ERROR; + return INNER_ERR; } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); @@ -164,7 +163,7 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co AAFwk::PermissionConstants::PERMISSION_PROXY_AUTHORIZATION_URI); if (!permission && (uriTokenId != callerTokenId) && (tokenId != callerTokenId)) { HILOG_WARN("UriPermissionManagerStubImpl::RevokeUriPermission: No permission for revoke uri."); - return PERMISSION_DENIED_ERROR; + return CHECK_PERMISSION_FAILED; } std::vector uriList; @@ -175,7 +174,7 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co auto search = uriMap_.find(uriStr); if (search == uriMap_.end()) { HILOG_ERROR("URI does not exist on uri map."); - return INTERNAL_ERROR; + return INNER_ERR; } auto& list = search->second; for (auto it = list.begin(); it != list.end(); it++) { @@ -190,7 +189,7 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return INTERNAL_ERROR; + return INNER_ERR; } if (!uriList.empty()) { @@ -231,7 +230,8 @@ sptr UriPermissionManagerStubImpl::ConnectBundleManager( return bundleManager_; } -Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByBundleName(const std::string bundleName) { +Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByBundleName(const std::string bundleName) +{ auto bms = ConnectBundleManager(); if (bms == nullptr) { HILOG_WARN("Failed to get bms."); @@ -241,7 +241,7 @@ Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByB AppExecFwk::BundleInfo bundleInfo; if (!IN_PROCESS_CALL(bms->GetBundleInfo(bundleName, bundleFlag, bundleInfo, GetCurrentAccountId()))) { HILOG_WARN("To fail to get bundle info according to uri."); - return INTERNAL_ERROR; + return GET_BUNDLE_INFO_FAILED; } return bundleInfo.applicationInfo.accessTokenId; } -- Gitee From cfe73c3f60afab4aaa360a170fb6c8aa5fe8951d Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 06:26:19 +0000 Subject: [PATCH 47/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 4a6d9314f6d..7563777b875 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -90,7 +90,7 @@ private: targetBundleName, 0); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } else if (errCode == CHECK_PERMISSION_FAILED) { + } else if (errCode == AAFwk::CHECK_PERMISSION_FAILED) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); } else { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, @@ -134,7 +134,7 @@ private: bundleName); if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); - } else if (errCode == CHECK_PERMISSION_FAILED) { + } else if (errCode == AAFwk::CHECK_PERMISSION_FAILED) { task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); } else { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, -- Gitee From 15385f841a90a194ad40abedb60c0f76a703ba39 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 14 Mar 2023 06:30:10 +0000 Subject: [PATCH 48/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/src/uri_permission_manager_stub_impl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f778eac928f..a13422e61b9 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -235,7 +235,7 @@ Security::AccessToken::AccessTokenID UriPermissionManagerStubImpl::GetTokenIdByB auto bms = ConnectBundleManager(); if (bms == nullptr) { HILOG_WARN("Failed to get bms."); - return INTERNAL_ERROR; + return GET_BUNDLE_MANAGER_SERVICE_FAILED; } auto bundleFlag = AppExecFwk::BundleFlag::GET_BUNDLE_WITH_EXTENSION_INFO; AppExecFwk::BundleInfo bundleInfo; -- Gitee From 3f249ac88ed0a5ae412f7c53497420433892110b Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Mon, 27 Mar 2023 12:47:58 +0000 Subject: [PATCH 49/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 5 ++--- .../src/uri_permission_manager_client.cpp | 1 - services/abilitymgr/src/ability_record.cpp | 1 - .../include/uri_permission_manager_stub_impl.h | 3 +-- .../src/uri_permission_manager_stub_impl.cpp | 11 +++++++++-- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 7563777b875..8d959a3a94d 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -126,7 +126,6 @@ private: ThrowError(engine, AbilityErrorCode::ERROR_CODE_INVALID_PARAM); return engine.CreateUndefined(); } - AsyncTask::CompleteCallback complete = [uriStr, bundleName](NativeEngine& engine, AsyncTask& task, int32_t status) { Uri uri(uriStr); @@ -135,13 +134,13 @@ private: if (errCode == ERR_OK) { task.ResolveWithNoError(engine, engine.CreateUndefined()); } else if (errCode == AAFwk::CHECK_PERMISSION_FAILED) { - task.Reject(engine, CreateNoPermissionError(engine, "ohos.permission.PROXY_AUTHORIZATION_URI")); + task.Reject(engine, CreateNoPermissionError(engine, + "Do not have permission ohos.permission.PROXY_AUTHORIZATION_URI")); } else { task.Reject(engine, CreateJsError(engine, ERR_ABILITY_RUNTIME_EXTERNAL_INTERNAL_ERROR, "Internal Error.")); } }; - NativeValue* lastParam = (info.argc == argCountThree) ? info.argv[argCountTwo] : nullptr; NativeValue* result = nullptr; AsyncTask::Schedule("JsUriPermMgr::OnRevokeUriPermission", diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 83e2baffa61..d076b35d0f0 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -42,7 +42,6 @@ void UriPermissionManagerClient::RevokeUriPermission(const Security::AccessToken if (uriPermMgr) { return uriPermMgr->RevokeUriPermission(tokenId); } - return; } int UriPermissionManagerClient::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 76314993d56..6eed23415e4 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -1200,7 +1200,6 @@ void AbilityRecord::Terminate(const Closure &task) // earlier than above actions. currentState_ = AbilityState::TERMINATING; lifecycleDeal_->Terminate(want_, lifeCycleStateInfo_); - RevokeUriPermission(); } void AbilityRecord::ConnectAbility() diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index 4a3d3d1cf8e..56844b38478 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -55,8 +55,7 @@ private: void ClearSMProxy(); int GrantUriPermissionImpl(const Uri &uri, unsigned int flag, Security::AccessToken::AccessTokenID fromTokenId, - Security::AccessToken::AccessTokenID targetTokenId, - int autoremove); + Security::AccessToken::AccessTokenID targetTokenId, int autoremove); Security::AccessToken::AccessTokenID GetTokenIdByBundleName(const std::string bundleName); class BMSOrSMDeathRecipient : public IRemoteObject::DeathRecipient { diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index a13422e61b9..985af02e9f4 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -62,7 +62,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in tmpFlag = Want::FLAG_AUTH_READ_URI_PERMISSION; } auto&& scheme = uri_inner.GetScheme(); - if (scheme != "file" && scheme != "dataShare") { + if (scheme != "file") { HILOG_WARN("only support file or dataShare uri."); return INNER_ERR; } @@ -118,6 +118,14 @@ int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigne void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) { HILOG_DEBUG("Start to remove uri permission."); + auto callerTokenId = IPCSkeleton::GetCallingTokenID(); + Security::AccessToken::NativeTokenInfo nativeInfo; + Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(callerTokenId, nativeInfo); + HILOG_DEBUG("callerprocessName : %{public}s", nativeInfo.processName.c_str()); + if (nativeInfo.processName != "fodundation") { + HILOG_ERROR("RevokeUriPermission can only be called by foundation"); + return; + } std::vector uriList; { std::lock_guard guard(mutex_); @@ -148,7 +156,6 @@ void UriPermissionManagerStubImpl::RevokeUriPermission(const TokenId tokenId) if (!uriList.empty()) { storageMgrProxy->DeleteShareFile(tokenId, uriList); } - return; } int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName) -- Gitee From da99f967f670cd714c3426f15df43b578bccf076 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Tue, 28 Mar 2023 02:18:06 +0000 Subject: [PATCH 50/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp index 8d959a3a94d..9edd952e876 100644 --- a/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp +++ b/frameworks/js/napi/uri_permission/js_uri_perm_mgr.cpp @@ -26,10 +26,12 @@ namespace OHOS { namespace AbilityRuntime { +namespace { constexpr int32_t ERR_OK = 0; constexpr int32_t argCountFour = 4; constexpr int32_t argCountThree = 3; constexpr int32_t argCountTwo = 2; +} class JsUriPermMgr { public: JsUriPermMgr() = default; -- Gitee From e0bc5d12c218e2a38d1a5cbc47c64301a44d7163 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 30 Mar 2023 11:55:09 +0000 Subject: [PATCH 51/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- .../src/uri_permission_manager_stub_impl.cpp | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 985af02e9f4..564274af2ed 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -63,7 +63,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in } auto&& scheme = uri_inner.GetScheme(); if (scheme != "file") { - HILOG_WARN("only support file or dataShare uri."); + HILOG_WARN("only support file uri."); return INNER_ERR; } // auto remove URI permission for clipboard @@ -78,8 +78,7 @@ int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned in int UriPermissionManagerStubImpl::GrantUriPermissionImpl(const Uri &uri, unsigned int flag, Security::AccessToken::AccessTokenID fromTokenId, - Security::AccessToken::AccessTokenID targetTokenId, - int autoremove) + Security::AccessToken::AccessTokenID targetTokenId, int autoremove) { auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { @@ -187,21 +186,21 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co for (auto it = list.begin(); it != list.end(); it++) { if (it->targetTokenId == tokenId) { HILOG_INFO("Erase an info form list."); - list.erase(it); + auto storageMgrProxy = ConnectStorageManager(); + if (storageMgrProxy == nullptr) { + HILOG_ERROR("ConnectStorageManager failed"); + return INNER_ERR; + } uriList.emplace_back(search->first); + if (storageMgrProxy->DeleteShareFile(tokenId, uriList) == ERR_OK) { + list.erase(it); + } else { + HILOG_ERROR("DeleteShareFile failed"); + } break; } } } - auto storageMgrProxy = ConnectStorageManager(); - if (storageMgrProxy == nullptr) { - HILOG_ERROR("ConnectStorageManager failed"); - return INNER_ERR; - } - - if (!uriList.empty()) { - storageMgrProxy->DeleteShareFile(tokenId, uriList); - } return ERR_OK; } -- Gitee From 55955a6f9340b443d2d4bb3358ba499203043c64 Mon Sep 17 00:00:00 2001 From: gongyuechen Date: Thu, 30 Mar 2023 13:09:42 +0000 Subject: [PATCH 52/52] Description: granturipermmsion Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: gongyuechen --- services/uripermmgr/src/uri_permission_manager_stub_impl.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 564274af2ed..0e50eee1476 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -194,10 +194,11 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co uriList.emplace_back(search->first); if (storageMgrProxy->DeleteShareFile(tokenId, uriList) == ERR_OK) { list.erase(it); + break; } else { HILOG_ERROR("DeleteShareFile failed"); + return INNER_ERR; } - break; } } } -- Gitee