From 29d988b65a21df449dd314246090129e7c359cef Mon Sep 17 00:00:00 2001 From: donglin Date: Mon, 27 May 2024 04:02:43 +0000 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Eextension=E9=BB=91=E5=90=8D?= =?UTF-8?q?=E5=8D=95=E7=AE=A1=E6=8E=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: donglin Change-Id: Icef5e4cc89459fb4869c9696fabe13c2f38bb280 --- .../ability_business_error.cpp | 11 +- .../include/ability_manager_errors.h | 12 +- .../ability_business_error.h | 12 +- services/abilitymgr/BUILD.gn | 6 + services/abilitymgr/abilitymgr.gni | 4 + .../abilitymgr/include/extension_config.h | 17 ++- .../extension_control_interceptor.h | 36 +++++ .../resource/ams_extension_config.json | 3 + .../src/ability_manager_service.cpp | 2 + services/abilitymgr/src/extension_config.cpp | 140 ++++++++++++++++-- .../extension_control_interceptor.cpp | 75 ++++++++++ services/appmgr/include/app_spawn_client.h | 1 + services/appmgr/include/utils/appspawn_util.h | 3 + test/unittest/ability_record_test/BUILD.gn | 1 + .../specified_mission_list_test/BUILD.gn | 1 + .../BUILD.gn | 1 + 16 files changed, 302 insertions(+), 23 deletions(-) create mode 100644 services/abilitymgr/include/interceptor/extension_control_interceptor.h create mode 100644 services/abilitymgr/resource/ams_extension_config.json create mode 100644 services/abilitymgr/src/interceptor/extension_control_interceptor.cpp diff --git a/frameworks/native/ability/native/ability_business_error/ability_business_error.cpp b/frameworks/native/ability/native/ability_business_error/ability_business_error.cpp index 9f9e0b30717..a583bb2cd5f 100644 --- a/frameworks/native/ability/native/ability_business_error/ability_business_error.cpp +++ b/frameworks/native/ability/native/ability_business_error/ability_business_error.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -82,6 +82,9 @@ constexpr const char* ERROR_MSG_MULTI_APP_NOT_SUPPORTED = "App clone or multi-in constexpr const char* ERROR_MSG_APP_CLONE_INDEX_INVALID = "The target app clone with the specified index does not exist."; constexpr const char* ERROR_MSG_NOT_APP_CLONE = "The target app is not Clone."; +constexpr const char* ERROR_MSG_EXTENSION_START_THIRD_PARTY_APP_CONTROLLED = + "The extension can not start the specified third party application."; +constexpr const char* ERROR_MSG_EXTENSION_START_SERVICE_CONTROLLED = "The extension can not start the service."; // follow ERR_BUNDLE_MANAGER_BUNDLE_NOT_EXIST of appexecfwk_errors.h in bundle_framework constexpr int32_t ERR_BUNDLE_MANAGER_BUNDLE_NOT_EXIST = 8521220; @@ -138,6 +141,9 @@ static std::unordered_map ERR_CODE_MAP = { { AbilityErrorCode::ERROR_CODE_MULTI_APP_NOT_SUPPORTED, ERROR_MSG_MULTI_APP_NOT_SUPPORTED }, { AbilityErrorCode::ERROR_APP_CLONE_INDEX_INVALID, ERROR_MSG_APP_CLONE_INDEX_INVALID }, { AbilityErrorCode::ERROR_NOT_APP_CLONE, ERROR_MSG_NOT_APP_CLONE }, + { AbilityErrorCode::ERROR_CODE_EXTENSION_START_THIRD_PARTY_APP_CONTROLLED, + ERROR_MSG_EXTENSION_START_THIRD_PARTY_APP_CONTROLLED }, + { AbilityErrorCode::ERROR_CODE_EXTENSION_START_SERVICE_CONTROLLED, ERROR_MSG_EXTENSION_START_SERVICE_CONTROLLED} }; static std::unordered_map INNER_TO_JS_ERROR_CODE_MAP { @@ -196,6 +202,9 @@ static std::unordered_map INNER_TO_JS_ERROR_CODE_MAP {ERR_NO_RESIDENT_PERMISSION, AbilityErrorCode::ERROR_CODE_NO_RESIDENT_PERMISSION}, {ERR_MULTI_APP_NOT_SUPPORTED, AbilityErrorCode::ERROR_CODE_MULTI_APP_NOT_SUPPORTED}, {ERR_APP_CLONE_INDEX_INVALID, AbilityErrorCode::ERROR_APP_CLONE_INDEX_INVALID}, + {EXTENSION_BLOCKED_BY_THIRD_PARTY_APP_FLAG, + AbilityErrorCode::ERROR_CODE_EXTENSION_START_THIRD_PARTY_APP_CONTROLLED}, + {EXTENSION_BLOCKED_BY_SERVICE_LIST, AbilityErrorCode::ERROR_CODE_EXTENSION_START_SERVICE_CONTROLLED}, }; } diff --git a/interfaces/inner_api/ability_manager/include/ability_manager_errors.h b/interfaces/inner_api/ability_manager/include/ability_manager_errors.h index afcade1158b..7cbb777a3a9 100644 --- a/interfaces/inner_api/ability_manager/include/ability_manager_errors.h +++ b/interfaces/inner_api/ability_manager/include/ability_manager_errors.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2023 Huawei Device Co., Ltd. + * Copyright (c) 2021-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -524,6 +524,16 @@ enum { * Result(2097253) for block startup in lock screen. */ ERR_BLOCK_START_FIRST_BOOT_SCREEN_UNLOCK = 2097253, + + /* + * Result(2097254) for extension blocked by third party app flag + */ + EXTENSION_BLOCKED_BY_THIRD_PARTY_APP_FLAG = 2097254, + + /* + * Result(2097255) for extension blocked by service list + */ + EXTENSION_BLOCKED_BY_SERVICE_LIST = 2097255, }; enum { diff --git a/interfaces/kits/native/ability/native/ability_business_error/ability_business_error.h b/interfaces/kits/native/ability/native/ability_business_error/ability_business_error.h index e27ac14d0e0..52358e50328 100644 --- a/interfaces/kits/native/ability/native/ability_business_error/ability_business_error.h +++ b/interfaces/kits/native/ability/native/ability_business_error/ability_business_error.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -141,12 +141,18 @@ enum class AbilityErrorCode { // Ability already running. ERROR_ABILITY_ALREADY_RUNNING = 16000068, - // not support Clone app. - ERROR_CODE_MULTI_APP_NOT_SUPPORTED = 16000072, + // extension start third party app has been controlled. + ERROR_CODE_EXTENSION_START_THIRD_PARTY_APP_CONTROLLED = 16000069, + // extension start service has been controlled. + ERROR_CODE_EXTENSION_START_SERVICE_CONTROLLED = 16000070, + // app is not Clone. ERROR_NOT_APP_CLONE = 16000071, + // not support Clone app. + ERROR_CODE_MULTI_APP_NOT_SUPPORTED = 16000072, + // app clone index does not exist. ERROR_APP_CLONE_INDEX_INVALID = 16000073, diff --git a/services/abilitymgr/BUILD.gn b/services/abilitymgr/BUILD.gn index 01d9f923b8f..3ed8059e01a 100644 --- a/services/abilitymgr/BUILD.gn +++ b/services/abilitymgr/BUILD.gn @@ -252,6 +252,12 @@ ohos_prebuilt_etc("deeplink_reserve_config.json") { part_name = "ability_runtime" } +ohos_prebuilt_etc("ams_extension_config.json") { + source = "resource/ams_extension_config.json" + subsystem_name = "ability" + part_name = "ability_runtime" +} + group("ams_service_config") { deps = [ ":ams_service_config.json", diff --git a/services/abilitymgr/abilitymgr.gni b/services/abilitymgr/abilitymgr.gni index bf541a74e8d..1f788a4c8c5 100644 --- a/services/abilitymgr/abilitymgr.gni +++ b/services/abilitymgr/abilitymgr.gni @@ -57,14 +57,18 @@ abilityms_files = [ "src/ams_configuration_parameter.cpp", "src/insight_intent_utils.cpp", "src/insight_intent_profile.cpp", + + # interceptor "src/interceptor/ability_interceptor_executer.cpp", "src/interceptor/ability_jump_interceptor.cpp", "src/interceptor/control_interceptor.cpp", "src/interceptor/crowd_test_interceptor.cpp", "src/interceptor/disposed_rule_interceptor.cpp", "src/interceptor/ecological_rule_interceptor.cpp", + "src/interceptor/extension_control_interceptor.cpp", "src/interceptor/screen_unlock_interceptor.cpp", "src/interceptor/start_other_app_interceptor.cpp", + "src/uri_utils.cpp", "src/window_focus_changed_listener.cpp", diff --git a/services/abilitymgr/include/extension_config.h b/services/abilitymgr/include/extension_config.h index 71ad1ac3910..aecae671874 100644 --- a/services/abilitymgr/include/extension_config.h +++ b/services/abilitymgr/include/extension_config.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,6 +18,8 @@ #include #include +#include +#include #include "extension_ability_info.h" #include "singleton.h" @@ -30,11 +32,22 @@ public: virtual ~ExtensionConfig() = default; void LoadExtensionConfiguration(); int32_t GetExtensionAutoDisconnectTime(std::string extensionTypeName); + bool IsExtensionStartThirdPartyAppEnable(std::string extensionTypeName); + bool IsExtensionStartServiceEnable(std::string extensionTypeName, std::string targetUri); private: - void LoadExtensionAutoDisconnectTime(const nlohmann::json &object); + void LoadExtensionConfig(const nlohmann::json &object); bool ReadFileInfoJson(const std::string &filePath, nlohmann::json &jsonBuf); + std::string GetExtensionConfigPath() const; + void LoadExtensionAutoDisconnectTime(const nlohmann::json &object, std::string extensionTypeName); + void LoadExtensionThirdPartyAppBlockedList(const nlohmann::json &object, std::string extensionTypeName); + void LoadExtensionServiceBlockedList(const nlohmann::json &, std::string extensionTypeNameobject); + + bool CheckServiceExtensionUriValid(const std::string &uri); + std::map extensionAutoDisconnectTimeMap_; + std::unordered_map thirdPartyAppBlockedFlags_; + std::unordered_map> serviceBlockedLists_; }; } // OHOS } // AAFwk diff --git a/services/abilitymgr/include/interceptor/extension_control_interceptor.h b/services/abilitymgr/include/interceptor/extension_control_interceptor.h new file mode 100644 index 00000000000..fcecd4bdfb0 --- /dev/null +++ b/services/abilitymgr/include/interceptor/extension_control_interceptor.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_ABILITY_RUNTIME_EXTENSION_CONTROL_INTERCEPTOR_H +#define OHOS_ABILITY_RUNTIME_EXTENSION_CONTROL_INTERCEPTOR_H + +#include "ability_interceptor_interface.h" +#include "want.h" + +namespace OHOS { +namespace AAFwk { +class ExtensionControlInterceptor : public IAbilityInterceptor { +public: + ExtensionControlInterceptor() = default; + ~ExtensionControlInterceptor() = default; + ErrCode DoProcess(AbilityInterceptorParam param) override; +private: + bool IsExtensionStartThirdPartyAppEnable(std::string extensionTypeName, std::string targetBundleName); + bool IsExtensionStartServiceEnable(std::string extensionTypeName, std::string targetUri); +}; +} // namespace AAFwk +} // namespace OHOS + +#endif // OHOS_ABILITY_RUNTIME_START_OTHER_APP_INTERCEPTOR \ No newline at end of file diff --git a/services/abilitymgr/resource/ams_extension_config.json b/services/abilitymgr/resource/ams_extension_config.json new file mode 100644 index 00000000000..6b881c5a0c6 --- /dev/null +++ b/services/abilitymgr/resource/ams_extension_config.json @@ -0,0 +1,3 @@ +{ + "ams_extension_config": [] +} \ No newline at end of file diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp index 809043a7b7d..19ca761b597 100644 --- a/services/abilitymgr/src/ability_manager_service.cpp +++ b/services/abilitymgr/src/ability_manager_service.cpp @@ -69,6 +69,7 @@ #include "interceptor/crowd_test_interceptor.h" #include "interceptor/disposed_rule_interceptor.h" #include "interceptor/ecological_rule_interceptor.h" +#include "interceptor/extension_control_interceptor.h" #include "interceptor/screen_unlock_interceptor.h" #include "interceptor/start_other_app_interceptor.h" #include "ipc_skeleton.h" @@ -441,6 +442,7 @@ void AbilityManagerService::InitInterceptor() interceptorExecuter_->AddInterceptor("CrowdTest", std::make_shared()); interceptorExecuter_->AddInterceptor("Control", std::make_shared()); afterCheckExecuter_ = std::make_shared(); + afterCheckExecuter_->AddInterceptor("ExtensionControl", std::make_shared()); afterCheckExecuter_->AddInterceptor("StartOtherApp", std::make_shared()); afterCheckExecuter_->AddInterceptor("DisposedRule", std::make_shared()); afterCheckExecuter_->AddInterceptor("EcologicalRule", std::make_shared()); diff --git a/services/abilitymgr/src/extension_config.cpp b/services/abilitymgr/src/extension_config.cpp index 5c193b0c8a0..3ff2e2ba5bd 100644 --- a/services/abilitymgr/src/extension_config.cpp +++ b/services/abilitymgr/src/extension_config.cpp @@ -13,36 +13,53 @@ * limitations under the License. */ +#include "extension_config.h" + #include #include #include -#include "extension_config.h" +#include "config_policy_utils.h" +#include "element_name.h" #include "hilog_tag_wrapper.h" #include "hilog_wrapper.h" namespace OHOS { namespace AAFwk { namespace { -constexpr const char* AMS_EXTENSION_CONFIG = "/system/etc/ams_extension_config.json"; +constexpr const char* EXTENSION_CONFIG_DEFAULT_PATH = "/system/etc/ams_extension_config.json"; +constexpr const char* EXTENSION_CONFIG_FILE_PATH = "/etc/ams_extension_config.json"; -const std::string EXTENSION_AUTO_DISCONNECT_TIME_NAME = "ams_extension_config"; -const std::string EXTENSION_TYPE_NAME = "extension_type_name"; -const std::string EXTENSION_AUTO_DISCONNECT_TIME = "auto_disconnect_time"; +constexpr const char* EXTENSION_CONFIG_NAME = "ams_extension_config"; +constexpr const char* EXTENSION_TYPE_NAME = "extension_type_name"; +constexpr const char* EXTENSION_AUTO_DISCONNECT_TIME = "auto_disconnect_time"; + +constexpr const char* EXTENSION_THIRD_PARTY_APP_BLOCKED_FLAG_NAME = "third_party_app_blocked_flag"; +constexpr const char* EXTENSION_SERVICE_BLOCKED_LIST_NAME = "service_blocked_list"; const int32_t DEFAULT_EXTENSION_AUTO_DISCONNECT_TIME = -1; } +std::string ExtensionConfig::GetExtensionConfigPath() const +{ + char buf[MAX_PATH_LEN] = { 0 }; + char *configPath = GetOneCfgFile(EXTENSION_CONFIG_FILE_PATH, buf, MAX_PATH_LEN); + if (configPath == nullptr || configPath[0] == '\0' || strlen(configPath) > MAX_PATH_LEN) { + return EXTENSION_CONFIG_DEFAULT_PATH; + } + return configPath; +} + void ExtensionConfig::LoadExtensionConfiguration() { TAG_LOGD(AAFwkTag::ABILITYMGR, "call"); nlohmann::json jsonBuf; - if (!ReadFileInfoJson(AMS_EXTENSION_CONFIG, jsonBuf)) { + if (!ReadFileInfoJson(GetExtensionConfigPath().c_str(), jsonBuf)) { TAG_LOGE(AAFwkTag::ABILITYMGR, "Parse file failed."); return; } - LoadExtensionAutoDisconnectTime(jsonBuf); + LoadExtensionConfig(jsonBuf); } int32_t ExtensionConfig::GetExtensionAutoDisconnectTime(std::string extensionTypeName) @@ -53,26 +70,98 @@ int32_t ExtensionConfig::GetExtensionAutoDisconnectTime(std::string extensionTyp return DEFAULT_EXTENSION_AUTO_DISCONNECT_TIME; } -void ExtensionConfig::LoadExtensionAutoDisconnectTime(const nlohmann::json &object) +bool ExtensionConfig::IsExtensionStartThirdPartyAppEnable(std::string extensionTypeName) +{ + if (thirdPartyAppBlockedFlags_.find(extensionTypeName) != thirdPartyAppBlockedFlags_.end()) { + return thirdPartyAppBlockedFlags_[extensionTypeName]; + } + return true; +} + +bool ExtensionConfig::IsExtensionStartServiceEnable(std::string extensionTypeName, std::string targetUri) +{ + AppExecFwk::ElementName targetElementName; + if (!targetElementName.ParseURI(targetUri) || + serviceBlockedLists_.find(extensionTypeName) == serviceBlockedLists_.end()) { + return true; + } + for (const auto& iter : serviceBlockedLists_[extensionTypeName]) { + AppExecFwk::ElementName iterElementName; + if (iterElementName.ParseURI(iter) && + iterElementName.GetBundleName() == targetElementName.GetBundleName() && + iterElementName.GetAbilityName() == targetElementName.GetAbilityName()) { + return false; + } + } + return true; +} + +void ExtensionConfig::LoadExtensionConfig(const nlohmann::json &object) { - if (!object.contains(EXTENSION_AUTO_DISCONNECT_TIME_NAME)) { - TAG_LOGE(AAFwkTag::ABILITYMGR, "Disconnect time config not existed."); + if (!object.contains(EXTENSION_CONFIG_NAME) || !object.at(EXTENSION_CONFIG_NAME).is_array()) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Extension config not existed."); return; } - for (auto &item : object.at(EXTENSION_AUTO_DISCONNECT_TIME_NAME).items()) { + for (auto &item : object.at(EXTENSION_CONFIG_NAME).items()) { const nlohmann::json& jsonObject = item.value(); if (!jsonObject.contains(EXTENSION_TYPE_NAME) || !jsonObject.at(EXTENSION_TYPE_NAME).is_string()) { continue; } - if (!jsonObject.contains(EXTENSION_AUTO_DISCONNECT_TIME) || - !jsonObject.at(EXTENSION_AUTO_DISCONNECT_TIME).is_number()) { + std::string extensionTypeName = jsonObject.at(EXTENSION_TYPE_NAME).get(); + LoadExtensionAutoDisconnectTime(jsonObject, extensionTypeName); + LoadExtensionThirdPartyAppBlockedList(jsonObject, extensionTypeName); + LoadExtensionServiceBlockedList(jsonObject, extensionTypeName); + } +} + +void ExtensionConfig::LoadExtensionAutoDisconnectTime(const nlohmann::json &object, std::string extensionTypeName) +{ + if (!object.contains(EXTENSION_AUTO_DISCONNECT_TIME) || + !object.at(EXTENSION_AUTO_DISCONNECT_TIME).is_number()) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Auto disconnect time config not existed."); + return; + } + int32_t extensionAutoDisconnectTime = object.at(EXTENSION_AUTO_DISCONNECT_TIME).get(); + extensionAutoDisconnectTimeMap_[extensionTypeName] = extensionAutoDisconnectTime; +} + +void ExtensionConfig::LoadExtensionThirdPartyAppBlockedList(const nlohmann::json &object, + std::string extensionTypeName) +{ + TAG_LOGD(AAFwkTag::ABILITYMGR, "call."); + if (!object.contains(EXTENSION_THIRD_PARTY_APP_BLOCKED_FLAG_NAME) || + !object.at(EXTENSION_THIRD_PARTY_APP_BLOCKED_FLAG_NAME).is_boolean()) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Third party config not existed."); + return; + } + thirdPartyAppBlockedFlags_[extensionTypeName] = object.at(EXTENSION_THIRD_PARTY_APP_BLOCKED_FLAG_NAME).get(); + TAG_LOGD(AAFwkTag::ABILITYMGR, "The %{public}s extension's third party app blocked flag is %{public}d", + extensionTypeName.c_str(), thirdPartyAppBlockedFlags_[extensionTypeName]); +} + +void ExtensionConfig::LoadExtensionServiceBlockedList(const nlohmann::json &object, std::string extensionTypeName) +{ + TAG_LOGD(AAFwkTag::ABILITYMGR, "call."); + if (!object.contains(EXTENSION_SERVICE_BLOCKED_LIST_NAME) || + !object.at(EXTENSION_SERVICE_BLOCKED_LIST_NAME).is_array()) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Service config not existed."); + return; + } + std::unordered_set serviceBlockedList; + for (auto &item : object.at(EXTENSION_SERVICE_BLOCKED_LIST_NAME).items()) { + const nlohmann::json& jsonObject = item.value(); + if (!jsonObject.is_string()) { continue; } - std::string extensionTypeName = jsonObject.at(EXTENSION_TYPE_NAME).get(); - int32_t extensionAutoDisconnectTime = jsonObject.at(EXTENSION_AUTO_DISCONNECT_TIME).get(); - extensionAutoDisconnectTimeMap_[extensionTypeName] = extensionAutoDisconnectTime; + std::string serviceUri = jsonObject.get(); + if (CheckServiceExtensionUriValid(serviceUri)) { + serviceBlockedList.emplace(serviceUri); + } } + serviceBlockedLists_[extensionTypeName] = serviceBlockedList; + TAG_LOGD(AAFwkTag::ABILITYMGR, "The size of %{public}s extension's service blocked list is %{public}zu", + extensionTypeName.c_str(), serviceBlockedList.size()); } bool ExtensionConfig::ReadFileInfoJson(const std::string &filePath, nlohmann::json &jsonBuf) @@ -110,5 +199,24 @@ bool ExtensionConfig::ReadFileInfoJson(const std::string &filePath, nlohmann::js return true; } + +bool ExtensionConfig::CheckServiceExtensionUriValid(const std::string &uri) +{ + const size_t memberNum = 4; + if (std::count(uri.begin(), uri.end(), '/') != memberNum - 1) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Invalid uri: %{public}s.", uri.c_str()); + return false; + } + // correct uri: "/bundleName/moduleName/abilityName" + std::string::size_type pos1 = 0; + std::string::size_type pos2 = uri.find('/', pos1 + 1); + std::string::size_type pos3 = uri.find('/', pos2 + 1); + std::string::size_type pos4 = uri.find('/', pos3 + 1); + if ((pos3 == pos2 + 1) || (pos4 == pos3 + 1) || (pos4 == uri.size() - 1)) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "Invalid uri: %{public}s.", uri.c_str()); + return false; + } + return true; +} } } \ No newline at end of file diff --git a/services/abilitymgr/src/interceptor/extension_control_interceptor.cpp b/services/abilitymgr/src/interceptor/extension_control_interceptor.cpp new file mode 100644 index 00000000000..80dd42de12a --- /dev/null +++ b/services/abilitymgr/src/interceptor/extension_control_interceptor.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "interceptor/extension_control_interceptor.h" + +#include "ability_info.h" +#include "ability_util.h" +#include "extension_config.h" +#include "hilog_tag_wrapper.h" +#include "start_ability_utils.h" + +namespace OHOS { +namespace AAFwk { +namespace { +constexpr char STRICT_MODE[] = "strictMode"; +} + +ErrCode ExtensionControlInterceptor::DoProcess(AbilityInterceptorParam param) +{ + TAG_LOGE(AAFwkTag::ABILITYMGR, "call."); + if (!param.want.GetBoolParam(STRICT_MODE, false)) { + return ERR_OK; + } + AppExecFwk::AbilityInfo callerAbilityInfo; + if (StartAbilityUtils::GetCallerAbilityInfo(param.callerToken, callerAbilityInfo)) { + if (callerAbilityInfo.type != AppExecFwk::AbilityType::EXTENSION || + callerAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE || + callerAbilityInfo.bundleName == param.want.GetElement().GetBundleName()) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "not other extension."); + return ERR_OK; + } + // get target application info + AppExecFwk::AbilityInfo targetAbilityInfo; + if (StartAbilityUtils::startAbilityInfo != nullptr) { + targetAbilityInfo = StartAbilityUtils::startAbilityInfo->abilityInfo; + } else { + auto bundleMgrHelper = AbilityUtil::GetBundleManagerHelper(); + if (bundleMgrHelper == nullptr) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "The bundleMgrHelper is nullptr."); + return ERR_OK; + } + IN_PROCESS_CALL_WITHOUT_RET(bundleMgrHelper->QueryAbilityInfo(param.want, + AppExecFwk::AbilityInfoFlag::GET_ABILITY_INFO_WITH_APPLICATION, param.userId, targetAbilityInfo)); + } + // check blocked list + if (!targetAbilityInfo.applicationInfo.isSystemApp && + !DelayedSingleton::GetInstance()->IsExtensionStartThirdPartyAppEnable( + callerAbilityInfo.extensionTypeName)) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "The extension start has been blocked by third party app flag."); + return EXTENSION_BLOCKED_BY_THIRD_PARTY_APP_FLAG; + } + if (targetAbilityInfo.extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE && + !DelayedSingleton::GetInstance()->IsExtensionStartServiceEnable( + callerAbilityInfo.extensionTypeName, param.want.GetElement().GetURI())) { + TAG_LOGE(AAFwkTag::ABILITYMGR, "The extension start has been blocked by service list."); + return EXTENSION_BLOCKED_BY_SERVICE_LIST; + } + } + TAG_LOGI(AAFwkTag::ABILITYMGR, "other ok."); + return ERR_OK; +} +} // namespace AAFwk +} // namespace OHOS \ No newline at end of file diff --git a/services/appmgr/include/app_spawn_client.h b/services/appmgr/include/app_spawn_client.h index cb53111a711..74803ffb993 100644 --- a/services/appmgr/include/app_spawn_client.h +++ b/services/appmgr/include/app_spawn_client.h @@ -90,6 +90,7 @@ struct StartFlags { static const int GWP_ENABLED_FORCE = 10; static const int GWP_ENABLED_NORMAL = 11; static const int TSANENABLED = 12; + static const int EXTENSION_CONTROLLED = 13; }; union AppSpawnPidMsg { diff --git a/services/appmgr/include/utils/appspawn_util.h b/services/appmgr/include/utils/appspawn_util.h index 8050404577b..433ee6ad587 100644 --- a/services/appmgr/include/utils/appspawn_util.h +++ b/services/appmgr/include/utils/appspawn_util.h @@ -54,6 +54,9 @@ static uint32_t BuildStartFlags(const AAFwk::Want &want, const ApplicationInfo & if (applicationInfo.tsanEnabled) { startFlags = startFlags | (START_FLAG_BASE << StartFlags::TSANENABLED); } + if (want.GetBoolParam("ohos.ability.params.extensionControl", false)) { + startFlags = startFlags | (START_FLAG_BASE << StartFlags::EXTENSION_CONTROLLED); + } return startFlags; } diff --git a/test/unittest/ability_record_test/BUILD.gn b/test/unittest/ability_record_test/BUILD.gn index 9a0d77c07e3..99ef803b010 100644 --- a/test/unittest/ability_record_test/BUILD.gn +++ b/test/unittest/ability_record_test/BUILD.gn @@ -147,6 +147,7 @@ ohos_unittest("ability_record_test_call") { "bundle_framework:appexecfwk_base", "c_utils:utils", "common_event_service:cesfwk_innerkits", + "config_policy:configpolicy_util", "ffrt:libffrt", "hilog:libhilog", "ipc:ipc_core", diff --git a/test/unittest/specified_mission_list_test/BUILD.gn b/test/unittest/specified_mission_list_test/BUILD.gn index 6f2374e2d35..8e8b53a08c0 100644 --- a/test/unittest/specified_mission_list_test/BUILD.gn +++ b/test/unittest/specified_mission_list_test/BUILD.gn @@ -62,6 +62,7 @@ ohos_unittest("specified_mission_list_test") { "ability_base:zuri", "c_utils:utils", "common_event_service:cesfwk_innerkits", + "config_policy:configpolicy_util", "ffrt:libffrt", "hilog:libhilog", "init:libbeget_proxy", diff --git a/test/unittest/ui_ability_lifecycle_manager_test/BUILD.gn b/test/unittest/ui_ability_lifecycle_manager_test/BUILD.gn index 8bdbe8e0bd7..a45656fc37b 100644 --- a/test/unittest/ui_ability_lifecycle_manager_test/BUILD.gn +++ b/test/unittest/ui_ability_lifecycle_manager_test/BUILD.gn @@ -69,6 +69,7 @@ ohos_unittest("ui_ability_lifecycle_manager_test") { "bundle_framework:appexecfwk_core", "c_utils:utils", "common_event_service:cesfwk_innerkits", + "config_policy:configpolicy_util", "dsoftbus:softbus_client", "ffrt:libffrt", "hilog:libhilog", -- Gitee