From 8d8a3d6821931368675dc02436d7db75e5619103 Mon Sep 17 00:00:00 2001 From: yuwenze Date: Mon, 20 Feb 2023 12:36:25 +0000 Subject: [PATCH] add uri lifecycle Signed-off-by: yuwenze Change-Id: Id8f92013bec7750d841b1df69b1347b6ce5ea878 --- .../include/uri_permission_manager_client.h | 2 +- .../uri_permission_manager_interface.h | 2 +- .../include/uri_permission_manager_proxy.h | 2 +- .../src/uri_permission_manager_client.cpp | 5 +++-- .../src/uri_permission_manager_proxy.cpp | 14 +++++++------ .../src/uri_permission_manager_stub.cpp | 3 ++- services/abilitymgr/include/ability_record.h | 7 ++++--- services/abilitymgr/src/ability_record.cpp | 21 ++++++++++++------- .../abilitymgr/src/mission_list_manager.cpp | 2 +- .../uri_permission_manager_stub_impl.h | 2 +- .../src/uri_permission_manager_stub_impl.cpp | 15 ++++++------- .../uripermissionmanager_fuzzer.cpp | 6 ++++-- 12 files changed, 48 insertions(+), 33 deletions(-) diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h index 5e30c0b2c8c..5088ad50aa3 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_client.h @@ -39,7 +39,7 @@ public: * @param fromTokenId The owner of uri. * @param targetTokenId The user of uri. */ - void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId); /** diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h index 17b286a2363..1125cb85de0 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_interface.h @@ -34,7 +34,7 @@ public: * @param fromTokenId The owner of uri. * @param targetTokenId The user of uri. */ - virtual void GrantUriPermission(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) = 0; diff --git a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h index 053572817b0..6df378e79dc 100644 --- a/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h +++ b/interfaces/inner_api/uri_permission/include/uri_permission_manager_proxy.h @@ -26,7 +26,7 @@ public: explicit UriPermissionManagerProxy(const sptr &impl); virtual ~UriPermissionManagerProxy() = default; - virtual void GrantUriPermission(const Uri &uri, unsigned int flag, + virtual bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp index 7b8b3a48129..5e71eb998a2 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_client.cpp @@ -22,14 +22,15 @@ namespace OHOS { namespace AAFwk { -void UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerClient::GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerClient::GrantUriPermission is called."); auto uriPermMgr = ConnectUriPermService(); if (uriPermMgr) { - uriPermMgr->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); + return uriPermMgr->GrantUriPermission(uri, flag, fromTokenId, targetTokenId); } + return false; } bool UriPermissionManagerClient::VerifyUriPermission(const Uri &uri, unsigned int flag, diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index 7602099ae43..cd0e0264b00 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -23,37 +23,39 @@ namespace AAFwk { UriPermissionManagerProxy::UriPermissionManagerProxy(const sptr &impl) : IRemoteProxy(impl) {} -void UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerProxy::GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) { HILOG_DEBUG("UriPermissionManagerProxy::GrantUriPermission is called."); MessageParcel data; if (!data.WriteInterfaceToken(IUriPermissionManager::GetDescriptor())) { HILOG_ERROR("Write interface token failed."); - return; + return false; } if (!data.WriteParcelable(&uri)) { HILOG_ERROR("Write uri failed."); - return; + return false; } if (!data.WriteInt32(flag)) { HILOG_ERROR("Write flag failed."); - return; + return false; } if (!data.WriteInt32(fromTokenId)) { HILOG_ERROR("Write fromTokenId failed."); - return; + return false; } if (!data.WriteInt32(targetTokenId)) { HILOG_ERROR("Write targetTokenId failed."); - return; + return false; } MessageParcel reply; MessageOption option; int error = Remote()->SendRequest(UriPermMgrCmd::ON_GRANT_URI_PERMISSION, data, reply, option); if (error != ERR_OK) { HILOG_ERROR("SendRequest fial, error: %{public}d", error); + return false; } + return reply.ReadBool(); } bool UriPermissionManagerProxy::VerifyUriPermission(const Uri &uri, unsigned int flag, diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 81d6ab6e58a..6f148161e1f 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -38,7 +38,8 @@ int UriPermissionManagerStub::OnRemoteRequest( auto flag = data.ReadInt32(); auto fromTokenId = data.ReadInt32(); auto targetTokenId = data.ReadInt32(); - GrantUriPermission(*uri, flag, fromTokenId, targetTokenId); + auto ret = GrantUriPermission(*uri, flag, fromTokenId, targetTokenId); + reply.WriteBool(ret); break; } case UriPermMgrCmd::ON_VERIFY_URI_PERMISSION : { diff --git a/services/abilitymgr/include/ability_record.h b/services/abilitymgr/include/ability_record.h index 5276bf19254..65f18abeb3e 100644 --- a/services/abilitymgr/include/ability_record.h +++ b/services/abilitymgr/include/ability_record.h @@ -792,7 +792,7 @@ public: bool IsNeedToCallRequest() const; bool IsStartedByCall() const; void SetStartedByCall(const bool isFlag); - void CallRequest() const; + void CallRequest(); bool CallRequestDone(const sptr &callStub) const; bool IsStartToBackground() const; void SetStartToBackground(const bool flag); @@ -825,7 +825,7 @@ public: void SetNeedBackToOtherMissionStack(bool isNeedBackToOtherMissionStack); std::shared_ptr GetOtherMissionStackAbilityRecord() const; void SetOtherMissionStackAbilityRecord(const std::shared_ptr &abilityRecord); - void RemoveUriPermission() const; + void RemoveUriPermission(); protected: void SendEvent(uint32_t msg, uint32_t timeOut); @@ -844,7 +844,7 @@ private: */ void GetAbilityTypeString(std::string &typeStr); void OnSchedulerDied(const wptr &remote); - void GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) const; + void GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId); int32_t GetCurrentAccountId() const; /** @@ -985,6 +985,7 @@ private: std::shared_ptr startingWindowBg_ = nullptr; #endif + bool isGrantedUriPermission_ = false; uint32_t callerAccessTokenId_ = -1; bool isNeedBackToOtherMissionStack_ = false; std::weak_ptr otherMissionStackAbilityRecord_; // who starts this ability record by SA diff --git a/services/abilitymgr/src/ability_record.cpp b/services/abilitymgr/src/ability_record.cpp index 8264434e2fd..88d01ebf068 100644 --- a/services/abilitymgr/src/ability_record.cpp +++ b/services/abilitymgr/src/ability_record.cpp @@ -294,7 +294,6 @@ void AbilityRecord::ForegroundAbility(uint32_t sceneFlag) CHECK_POINTER(lifecycleDeal_); SendEvent(AbilityManagerService::FOREGROUND_TIMEOUT_MSG, AbilityManagerService::FOREGROUND_TIMEOUT); - GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); // schedule active after updating AbilityState and sending timeout message to avoid ability async callback // earlier than above actions. @@ -485,6 +484,7 @@ void AbilityRecord::ProcessForegroundAbility(bool isRecent, const AbilityRequest HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::string element = GetWant().GetElement().GetURI(); HILOG_DEBUG("SUPPORT_GRAPHICS: ability record: %{public}s", element.c_str()); + GrantUriPermission(want_, GetCurrentAccountId(), applicationInfo_.accessTokenId); if (isReady_) { auto handler = DelayedSingleton::GetInstance()->GetEventHandler(); @@ -2041,7 +2041,7 @@ void AbilityRecord::SetStartToForeground(const bool flag) isStartToForeground_ = flag; } -void AbilityRecord::CallRequest() const +void AbilityRecord::CallRequest() { HILOG_INFO("Call Request."); CHECK_POINTER(scheduler_); @@ -2202,7 +2202,7 @@ void AbilityRecord::DumpAbilityInfoDone(std::vector &infos) dumpCondition_.notify_all(); } -void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) const +void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_t targetTokenId) { if ((want.GetFlags() & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("Do not call uriPermissionMgr."); @@ -2237,15 +2237,22 @@ void AbilityRecord::GrantUriPermission(const Want &want, int32_t userId, uint32_ HILOG_ERROR("the uri does not belong to caller."); continue; } - IN_PROCESS_CALL_WITHOUT_RET(upmClient->GrantUriPermission(uri, want.GetFlags(), + auto ret = IN_PROCESS_CALL(upmClient->GrantUriPermission(uri, want.GetFlags(), callerAccessTokenId_, targetTokenId)); + if (ret) { + isGrantedUriPermission_ = true; + } } } -void AbilityRecord::RemoveUriPermission() const +void AbilityRecord::RemoveUriPermission() { - auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); - upmClient->RemoveUriPermission(applicationInfo_.accessTokenId); + if (isGrantedUriPermission_) { + HILOG_DEBUG("To remove uri permission."); + auto upmClient = AAFwk::UriPermissionManagerClient::GetInstance(); + upmClient->RemoveUriPermission(applicationInfo_.accessTokenId); + isGrantedUriPermission_ = false; + } } void AbilityRecord::HandleDlpAttached() diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 6d7cb7747f0..2958e8bf52d 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1294,7 +1294,6 @@ int MissionListManager::TerminateAbilityLocked(const std::shared_ptrSendResultToCallers(); - abilityRecord->RemoveUriPermission(); // 1. if the ability was foreground, first should find wether there is other ability foreground if (abilityRecord->IsAbilityState(FOREGROUND) || abilityRecord->IsAbilityState(FOREGROUNDING)) { @@ -1489,6 +1488,7 @@ void MissionListManager::CompleteTerminateAndUpdateMission(const std::shared_ptr CHECK_POINTER(abilityRecord); for (auto it : terminateAbilityList_) { if (it == abilityRecord) { + abilityRecord->RemoveUriPermission(); terminateAbilityList_.remove(it); // update inner mission info time bool excludeFromMissions = abilityRecord->GetAbilityInfo().excludeFromMissions; diff --git a/services/uripermmgr/include/uri_permission_manager_stub_impl.h b/services/uripermmgr/include/uri_permission_manager_stub_impl.h index edca67515fa..e2254b5de58 100644 --- a/services/uripermmgr/include/uri_permission_manager_stub_impl.h +++ b/services/uripermmgr/include/uri_permission_manager_stub_impl.h @@ -40,7 +40,7 @@ public: UriPermissionManagerStubImpl() = default; virtual ~UriPermissionManagerStubImpl() = default; - void GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override; bool VerifyUriPermission(const Uri &uri, unsigned int flag, diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index 2e3f1587fab..bb43fb3e139 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -31,18 +31,18 @@ namespace AAFwk { const int32_t DEFAULT_USER_ID = 0; using TokenId = Security::AccessToken::AccessTokenID; -void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, +bool UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag, const TokenId fromTokenId, const TokenId targetTokenId) { auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(IPCSkeleton::GetCallingTokenID()); if (tokenType != Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { HILOG_DEBUG("caller tokenType is not native, verify failure."); - return; + return false; } if ((flag & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) == 0) { HILOG_WARN("UriPermissionManagerStubImpl::GrantUriPermission: The param flag is invalid."); - return; + return false; } unsigned int tmpFlag = 0; if (flag & Want::FLAG_AUTH_WRITE_URI_PERMISSION) { @@ -54,13 +54,13 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i auto storageMgrProxy = ConnectStorageManager(); if (storageMgrProxy == nullptr) { HILOG_ERROR("ConnectStorageManager failed"); - return; + return false; } auto uriStr = uri.ToString(); auto ret = storageMgrProxy->CreateShareFile(uriStr, targetTokenId, tmpFlag); if (ret != 0 && ret != -EEXIST) { HILOG_ERROR("storageMgrProxy failed to CreateShareFile."); - return; + return false; } std::lock_guard guard(mutex_); auto search = uriMap_.find(uriStr); @@ -68,7 +68,7 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i if (search == uriMap_.end()) { std::list infoList = { info }; uriMap_.emplace(uriStr, infoList); - return; + return true; } auto& infoList = search->second; for (auto& item : infoList) { @@ -78,10 +78,11 @@ void UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned i item.flag = tmpFlag; } HILOG_INFO("uri permission has granted, not to grant again."); - return; + return true; } } infoList.emplace_back(info); + return true; } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, unsigned int flag, diff --git a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp index 171dbfd195c..931d8c1768f 100644 --- a/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp +++ b/test/fuzztest/uripermissionmanager_fuzzer/uripermissionmanager_fuzzer.cpp @@ -37,10 +37,12 @@ public: UriPermissionManagerStubFuzzTest() = default; virtual ~UriPermissionManagerStubFuzzTest() {} - void GrantUriPermission(const Uri &uri, unsigned int flag, + bool GrantUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID fromTokenId, const Security::AccessToken::AccessTokenID targetTokenId) override - {} + { + return true; + } bool VerifyUriPermission(const Uri &uri, unsigned int flag, const Security::AccessToken::AccessTokenID tokenId) override { -- Gitee