From b40fd429d2a0c1b43d8c7bfd2a06660d54d6c79e Mon Sep 17 00:00:00 2001 From: yuwenze Date: Tue, 9 May 2023 03:59:27 +0000 Subject: [PATCH] modify Signed-off-by: yuwenze Change-Id: I557605251305dfe16e6610281bae81e1e47b4942 --- frameworks/native/ability/native/ability.cpp | 7 +- .../include/ability_manager_interface.h | 4 +- .../include/ability_manager_service.h | 6 +- .../ui_ability_lifecycle_manager.h | 11 +++- .../abilitymgr/src/ability_manager_client.cpp | 1 + .../src/ability_manager_service.cpp | 54 ++++++++++++---- .../ui_ability_lifecycle_manager.cpp | 64 ++++++++++--------- 7 files changed, 93 insertions(+), 54 deletions(-) diff --git a/frameworks/native/ability/native/ability.cpp b/frameworks/native/ability/native/ability.cpp index bccce29c594..d99d1710728 100644 --- a/frameworks/native/ability/native/ability.cpp +++ b/frameworks/native/ability/native/ability.cpp @@ -205,12 +205,7 @@ void Ability::OnStart(const Want &want, sptr sessionInfo) // Update resMgr, Configuration HILOG_DEBUG("%{public}s get display by displayId %{public}d.", __func__, displayId); - sptr display = nullptr; - if (Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) { - // waiting for SCB to provide GetDisplayById - } else { - display = Rosen::DisplayManager::GetInstance().GetDisplayById(displayId); - } + auto display = Rosen::DisplayManager::GetInstance().GetDisplayById(displayId); if (display) { float density = display->GetVirtualPixelRatio(); int32_t width = display->GetWidth(); diff --git a/interfaces/inner_api/ability_manager/include/ability_manager_interface.h b/interfaces/inner_api/ability_manager/include/ability_manager_interface.h index 07f404d9ae5..c968c93b9a7 100644 --- a/interfaces/inner_api/ability_manager/include/ability_manager_interface.h +++ b/interfaces/inner_api/ability_manager/include/ability_manager_interface.h @@ -1143,8 +1143,6 @@ public: // start ui extension ability START_UI_EXTENSION_ABILITY, - START_UI_ABILITY_BY_SCB, - CALL_REQUEST_DONE, START_ABILITY_AS_CALLER_BY_TOKEN, @@ -1160,6 +1158,8 @@ public: // ipc id for connect ui extension ability CONNECT_UI_EXTENSION_ABILITY, + START_UI_ABILITY_BY_SCB, + // ipc id for continue ability(1101) START_CONTINUATION = 1101, diff --git a/services/abilitymgr/include/ability_manager_service.h b/services/abilitymgr/include/ability_manager_service.h index eb50b58f44d..deeed7108df 100644 --- a/services/abilitymgr/include/ability_manager_service.h +++ b/services/abilitymgr/include/ability_manager_service.h @@ -59,8 +59,8 @@ namespace OHOS { namespace AAFwk { enum class ServiceRunningState { STATE_NOT_START, STATE_RUNNING }; -const int32_t BASE_USER_RANGE = 200000; -const int32_t U0_USER_ID = 0; +constexpr int32_t BASE_USER_RANGE = 200000; +constexpr int32_t U0_USER_ID = 0; constexpr int32_t INVALID_USER_ID = -1; using OHOS::AppExecFwk::IAbilityController; class PendingWantManager; @@ -1328,6 +1328,8 @@ private: bool IsReleaseCallInterception(const sptr &connect, const AppExecFwk::ElementName &element, int &result); + bool CheckCallingTokenId(const std::string &bundleName, int32_t userId); + constexpr static int REPOLL_TIME_MICRO_SECONDS = 1000000; constexpr static int WAITING_BOOT_ANIMATION_TIMER = 5; diff --git a/services/abilitymgr/include/scene_board/ui_ability_lifecycle_manager.h b/services/abilitymgr/include/scene_board/ui_ability_lifecycle_manager.h index fd6f99f9c9d..11bc5d2d683 100644 --- a/services/abilitymgr/include/scene_board/ui_ability_lifecycle_manager.h +++ b/services/abilitymgr/include/scene_board/ui_ability_lifecycle_manager.h @@ -64,11 +64,18 @@ public: */ void OnAbilityRequestDone(const sptr &token, int32_t state) const; + /** + * Check whether the UIAbility is alive. + * + * @param token ability's token. + * @return Returns true on alive. + */ + bool IsContainsAbility(const sptr &token) const; + private: std::shared_ptr GetAbilityRecordByToken(const sptr &token) const; void UpdateAbilityRecordLaunchReason(const AbilityRequest &abilityRequest, std::shared_ptr &abilityRecord) const; - bool IsContainsAbility(std::shared_ptr &abilityRecord) const; void EraseAbilityRecord(const std::shared_ptr &abilityRecord); int DispatchState(const std::shared_ptr &abilityRecord, int state); int DispatchTerminate(const std::shared_ptr &abilityRecord); @@ -84,7 +91,7 @@ private: void MoveToBackgroundTask(const std::shared_ptr &abilityRecord); mutable std::recursive_mutex sessionLock_; - std::map, std::shared_ptr> sessionItems_; + std::map, std::shared_ptr> sessionAbilityMap_; }; } // namespace AAFwk } // namespace OHOS diff --git a/services/abilitymgr/src/ability_manager_client.cpp b/services/abilitymgr/src/ability_manager_client.cpp index 327203c9851..d0a0c618c38 100644 --- a/services/abilitymgr/src/ability_manager_client.cpp +++ b/services/abilitymgr/src/ability_manager_client.cpp @@ -203,6 +203,7 @@ ErrCode AbilityManagerClient::StartUIAbilityBySCB(const Want &want, const StartO HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); if (sessionInfo == nullptr) { HILOG_ERROR("sessionInfo is nullptr"); + return ERR_INVALID_VALUE; } auto abms = GetAbilityManager(); CHECK_POINTER_RETURN_NOT_CONNECTED(abms); diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp index f474a43d0c9..450b87687ff 100644 --- a/services/abilitymgr/src/ability_manager_service.cpp +++ b/services/abilitymgr/src/ability_manager_service.cpp @@ -108,6 +108,7 @@ const std::string WHITE_LIST_ASS_WAKEUP_FLAG = "component.startup.whitelist.asso const std::string BUNDLE_NAME_LAUNCHER = "com.ohos.launcher"; const std::string BUNDLE_NAME_SYSTEMUI = "com.ohos.systemui"; const std::string BUNDLE_NAME_SETTINGSDATA = "com.ohos.settingsdata"; +const std::string BUNDLE_NAME_SCENEBOARD = "com.ohos.sceneboard"; const std::unordered_set WHITE_LIST_ASS_WAKEUP_SET = { BUNDLE_NAME_SETTINGSDATA }; @@ -964,10 +965,26 @@ int AbilityManagerService::StartUIAbilityBySCB(const Want &want, const StartOpti { HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); HILOG_DEBUG("Call."); + if (sessionInfo == nullptr || sessionInfo->sessionToken == nullptr) { + HILOG_ERROR("sessionInfo is nullptr"); + return ERR_INVALID_VALUE; + } + auto currentUserId = GetUserId(); EventInfo eventInfo = BuildEventInfo(want, currentUserId); EventReport::SendAbilityEvent(EventName::START_ABILITY, HiSysEventType::BEHAVIOR, eventInfo); + if(!CheckCallingTokenId(BUNDLE_NAME_SCENEBOARD, U0_USER_ID)) { + HILOG_ERROR("Not sceneboard called, not allowed."); + return ERR_WRONG_INTERFACE_CALL; + } + + if (sessionInfo->callerToken != nullptr && !VerificationAllToken(sessionInfo->callerToken)) { + eventInfo.errCode = ERR_INVALID_VALUE; + EventReport::SendAbilityEvent(EventName::START_ABILITY_ERROR, HiSysEventType::FAULT, eventInfo); + return ERR_INVALID_CALLER; + } + auto result = interceptorExecuter_ == nullptr ? ERR_INVALID_VALUE : interceptorExecuter_->DoProcess(want, -1, currentUserId, true); if (result != ERR_OK) { @@ -1011,6 +1028,24 @@ int AbilityManagerService::StartUIAbilityBySCB(const Want &want, const StartOpti return uiAbilityLifecycleManager_->StartUIAbility(abilityRequest, sessionInfo); } +bool AbilityManagerService::CheckCallingTokenId(const std::string &bundleName, int32_t userId) +{ + auto bms = GetBundleManager(); + if (bms == nullptr) { + HILOG_ERROR("bms is invalid."); + return false; + } + AppExecFwk::ApplicationInfo appInfo; + IN_PROCESS_CALL_WITHOUT_RET(bms->GetApplicationInfo(bundleName, + AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, userId, appInfo)); + auto accessTokenId = IPCSkeleton::GetCallingTokenID(); + if (accessTokenId != appInfo.accessTokenId) { + HILOG_ERROR("Permission verification failed"); + return false; + } + return true; +} + bool AbilityManagerService::IsBackgroundTaskUid(const int uid) { #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE @@ -4076,7 +4111,11 @@ bool AbilityManagerService::VerificationAllToken(const sptr &toke HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); HILOG_INFO("VerificationAllToken."); std::shared_lock lock(managersMutex_); - { + if (Rosen::SceneBoardJudgement::IsSceneBoardEnabled()) { + if (uiAbilityLifecycleManager_ != nullptr && uiAbilityLifecycleManager_->IsContainsAbility(token)) { + return true; + } + } else { HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, "VerificationAllToken::SearchMissionListManagers"); for (auto item: missionListManagers_) { if (item.second && item.second->GetAbilityRecordByToken(token)) { @@ -4719,17 +4758,8 @@ void AbilityManagerService::UpdateMissionSnapShot(const sptr& tok } auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); if (!isSaCall) { - auto bms = GetBundleManager(); - CHECK_POINTER_IS_NULLPTR(bms); - AppExecFwk::ApplicationInfo appInfo; - if (!IN_PROCESS_CALL(bms->GetApplicationInfo(BUNDLE_NAME_LAUNCHER, - AppExecFwk::BundleFlag::GET_BUNDLE_DEFAULT, GetUserId(), appInfo))) { - HILOG_ERROR("Not found GetApplicationInfo according to the bundle name."); - return; - } - auto tokenId = IPCSkeleton::GetCallingTokenID(); - if (tokenId != appInfo.accessTokenId) { - HILOG_ERROR("%{public}s: Permission verification failed", __func__); + if(!CheckCallingTokenId(BUNDLE_NAME_LAUNCHER, GetUserId())) { + HILOG_ERROR("Not launcher called, not allowed."); return; } } diff --git a/services/abilitymgr/src/scene_board/ui_ability_lifecycle_manager.cpp b/services/abilitymgr/src/scene_board/ui_ability_lifecycle_manager.cpp index 5ba931aedf3..dd6e15eccb3 100644 --- a/services/abilitymgr/src/scene_board/ui_ability_lifecycle_manager.cpp +++ b/services/abilitymgr/src/scene_board/ui_ability_lifecycle_manager.cpp @@ -29,47 +29,52 @@ int UIAbilityLifecycleManager::StartUIAbility(AbilityRequest &abilityRequest, sp HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::lock_guard guard(sessionLock_); HILOG_DEBUG("Call."); + if (sessionInfo == nullptr || sessionInfo->sessionToken == nullptr) { + HILOG_ERROR("sessionInfo is invalid."); + return ERR_INVALID_VALUE; + } + // for uri permission, go to optimize abilityRequest.callerAccessTokenId = IPCSkeleton::GetCallingTokenID(); - std::shared_ptr targetAbilityRecord = nullptr; - auto iter = sessionItems_.find(sessionInfo); - if (iter != sessionItems_.end()) { - targetAbilityRecord = iter->second; + std::shared_ptr uiAbilityRecord = nullptr; + auto iter = sessionAbilityMap_.find(sessionInfo->sessionToken); + if (iter != sessionAbilityMap_.end()) { + uiAbilityRecord = iter->second; } else { - targetAbilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest, sessionInfo); + uiAbilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest, sessionInfo); } - if (targetAbilityRecord == nullptr) { + if (uiAbilityRecord == nullptr) { HILOG_ERROR("Failed to get ability record."); return ERR_INVALID_VALUE; } - if (targetAbilityRecord->IsTerminating()) { - HILOG_ERROR("%{public}s is terminating.", targetAbilityRecord->GetAbilityInfo().name.c_str()); + if (uiAbilityRecord->IsTerminating()) { + HILOG_ERROR("%{public}s is terminating.", uiAbilityRecord->GetAbilityInfo().name.c_str()); return ERR_INVALID_VALUE; } - if (targetAbilityRecord->GetPendingState() == AbilityState::FOREGROUND) { + if (uiAbilityRecord->GetPendingState() == AbilityState::FOREGROUND) { HILOG_DEBUG("pending state is FOREGROUND."); - targetAbilityRecord->SetPendingState(AbilityState::FOREGROUND); - if (iter == sessionItems_.end()) { - sessionItems_.emplace(sessionInfo, targetAbilityRecord); + uiAbilityRecord->SetPendingState(AbilityState::FOREGROUND); + if (iter == sessionAbilityMap_.end()) { + sessionAbilityMap_.emplace(sessionInfo->sessionToken, uiAbilityRecord); } return ERR_OK; } else { HILOG_DEBUG("pending state is not FOREGROUND."); - targetAbilityRecord->SetPendingState(AbilityState::FOREGROUND); + uiAbilityRecord->SetPendingState(AbilityState::FOREGROUND); } - UpdateAbilityRecordLaunchReason(abilityRequest, targetAbilityRecord); + UpdateAbilityRecordLaunchReason(abilityRequest, uiAbilityRecord); sptr abilityInfoCallback = iface_cast(abilityRequest.abilityInfoCallback); if (abilityInfoCallback != nullptr) { - abilityInfoCallback->NotifyAbilityToken(targetAbilityRecord->GetToken(), abilityRequest.want); + abilityInfoCallback->NotifyAbilityToken(uiAbilityRecord->GetToken(), abilityRequest.want); } - targetAbilityRecord->ProcessForegroundAbility(); - if (iter == sessionItems_.end()) { - sessionItems_.emplace(sessionInfo, targetAbilityRecord); + uiAbilityRecord->ProcessForegroundAbility(); + if (iter == sessionAbilityMap_.end()) { + sessionAbilityMap_.emplace(sessionInfo->sessionToken, uiAbilityRecord); } return ERR_OK; } @@ -79,6 +84,9 @@ int UIAbilityLifecycleManager::AttachAbilityThread(const sptr { HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); std::lock_guard guard(sessionLock_); + if (!IsContainsAbility(token)) { + return ERR_INVALID_VALUE; + } auto&& abilityRecord = Token::GetAbilityRecordByToken(token); CHECK_POINTER_AND_RETURN(abilityRecord, ERR_INVALID_VALUE); HILOG_DEBUG("AbilityMS attach abilityThread, name is %{public}s.", abilityRecord->GetAbilityInfo().name.c_str()); @@ -87,10 +95,6 @@ int UIAbilityLifecycleManager::AttachAbilityThread(const sptr CHECK_POINTER_AND_RETURN_LOG(handler, ERR_INVALID_VALUE, "Fail to get AbilityEventHandler."); handler->RemoveEvent(AbilityManagerService::LOAD_TIMEOUT_MSG, abilityRecord->GetAbilityRecordId()); - if (!IsContainsAbility(abilityRecord)) { - return ERR_INVALID_VALUE; - } - abilityRecord->SetScheduler(scheduler); DelayedSingleton::GetInstance()->MoveToForeground(token); return ERR_OK; @@ -311,19 +315,19 @@ std::shared_ptr UIAbilityLifecycleManager::GetAbilityRecordByToke } std::lock_guard guard(sessionLock_); - for (auto iter = sessionItems_.begin(); iter != sessionItems_.end(); iter++) { - if (iter->second->GetToken()->AsObject() == token) { + for (auto iter = sessionAbilityMap_.begin(); iter != sessionAbilityMap_.end(); iter++) { + if (iter->second != nullptr && iter->second->GetToken()->AsObject() == token) { return iter->second; } } return nullptr; } -bool UIAbilityLifecycleManager::IsContainsAbility(std::shared_ptr &abilityRecord) const +bool UIAbilityLifecycleManager::IsContainsAbility(const sptr &token) const { std::lock_guard guard(sessionLock_); - for (auto iter = sessionItems_.begin(); iter != sessionItems_.end(); iter++) { - if (iter->second == abilityRecord) { + for (auto iter = sessionAbilityMap_.begin(); iter != sessionAbilityMap_.end(); iter++) { + if (iter->second != nullptr && iter->second->GetToken()->AsObject() == token) { return true; } } @@ -336,9 +340,9 @@ void UIAbilityLifecycleManager::EraseAbilityRecord(const std::shared_ptr guard(sessionLock_); - for (auto iter = sessionItems_.begin(); iter != sessionItems_.end(); iter++) { - if (iter->second == abilityRecord) { - sessionItems_.erase(iter); + for (auto iter = sessionAbilityMap_.begin(); iter != sessionAbilityMap_.end(); iter++) { + if (iter->second != nullptr && iter->second->GetToken()->AsObject() == abilityRecord->GetToken()->AsObject()) { + sessionAbilityMap_.erase(iter); break; } } -- Gitee