From d17bbbd7b7110ed60dd282f6250b5eb081060995 Mon Sep 17 00:00:00 2001 From: wangtiantian Date: Wed, 5 Jul 2023 20:58:51 +0800 Subject: [PATCH 1/2] IssueNo:#I7GD5T Description:add permission Sig:SIG_ApplicaitonFramework Feature or Bugfix:Bugfix Binary Source:No Signed-off-by: wangtiantian --- .../bundlemgr/include/bundle_permission_mgr.h | 13 +++ .../bundlemgr/src/bundle_permission_mgr.cpp | 100 +++++++++++++----- 2 files changed, 86 insertions(+), 27 deletions(-) diff --git a/services/bundlemgr/include/bundle_permission_mgr.h b/services/bundlemgr/include/bundle_permission_mgr.h index 6124a28546..a644175723 100644 --- a/services/bundlemgr/include/bundle_permission_mgr.h +++ b/services/bundlemgr/include/bundle_permission_mgr.h @@ -155,6 +155,19 @@ private: const std::string &permissionName, const Security::AccessToken::PermissionFlag flag, const std::string &bundleName); + static bool InnerUpdateDefinePermission( + const Security::AccessToken::AccessTokenID tokenId, + const InnerBundleInfo &oldInfo, + const InnerBundleInfo &newInfo, + std::vector &newDefPermList); + + static bool InnerUpdateRequestPermission( + const Security::AccessToken::AccessTokenID tokenId, + const InnerBundleInfo &oldInfo, + const InnerBundleInfo &newInfo, + std::vector &newPermissionStateList, + std::vector &newRequestPermName); + static std::map defaultPermissions_; }; } // namespace AppExecFwk diff --git a/services/bundlemgr/src/bundle_permission_mgr.cpp b/services/bundlemgr/src/bundle_permission_mgr.cpp index adcc0bb126..7be6c4aecf 100644 --- a/services/bundlemgr/src/bundle_permission_mgr.cpp +++ b/services/bundlemgr/src/bundle_permission_mgr.cpp @@ -170,40 +170,19 @@ bool BundlePermissionMgr::UpdateDefineAndRequestPermissions(Security::AccessToke const InnerBundleInfo &oldInfo, const InnerBundleInfo &newInfo, std::vector &newRequestPermName) { APP_LOGD("UpdateDefineAndRequestPermissions bundleName = %{public}s", newInfo.GetBundleName().c_str()); - std::vector defPermList = GetPermissionDefList(newInfo); std::vector newDefPermList; - if (!GetNewPermissionDefList(tokenIdEx.tokenIdExStruct.tokenID, defPermList, newDefPermList)) { + if (!InnerUpdateDefinePermission(tokenIdEx.tokenIdExStruct.tokenID, oldInfo, newInfo, newDefPermList)) { + APP_LOGE("UpdateDefineAndRequestPermissions InnerUpdateDefinePermission failed"); return false; } - std::vector reqPermissionStateList = GetPermissionStateFullList(newInfo); + std::vector newPermissionStateList; - if (!GetNewPermissionStateFull(tokenIdEx.tokenIdExStruct.tokenID, reqPermissionStateList, + if (!InnerUpdateRequestPermission(tokenIdEx.tokenIdExStruct.tokenID, oldInfo, newInfo, newPermissionStateList, newRequestPermName)) { + APP_LOGE("UpdateDefineAndRequestPermissions InnerUpdateRequestPermission failed"); return false; } - // delete old definePermission - std::vector needDeleteDefinePermission = GetNeedDeleteDefinePermissionName(oldInfo, newInfo); - for (const auto &name : needDeleteDefinePermission) { - auto iter = std::find_if(newDefPermList.begin(), newDefPermList.end(), [&name](const auto &defPerm) { - return defPerm.permissionName == name; - }); - if (iter != newDefPermList.end()) { - APP_LOGD("delete definePermission %{public}s", name.c_str()); - newDefPermList.erase(iter); - } - } - // delete old requestPermission - std::vector needDeleteRequestPermission = GetNeedDeleteRequestPermissionName(oldInfo, newInfo); - for (const auto &name : needDeleteRequestPermission) { - auto iter = std::find_if(newPermissionStateList.begin(), newPermissionStateList.end(), - [&name](const auto &defPerm) { - return defPerm.permissionName == name; - }); - if (iter != newPermissionStateList.end()) { - APP_LOGD("delete requestPermission %{public}s", name.c_str()); - newPermissionStateList.erase(iter); - } - } + AccessToken::HapPolicyParams hapPolicy; std::string apl = newInfo.GetAppPrivilegeLevel(); APP_LOGD("newDefPermList size:%{public}zu, newPermissionStateList size:%{public}zu, isSystemApp: %{public}d", @@ -291,6 +270,16 @@ bool BundlePermissionMgr::GetNewPermissionStateFull(Security::AccessToken::Acces APP_LOGE("BundlePermissionMgr::GetNewPermissionStateFull failed"); return false; } + // add old permission which need grant again + for (const auto &state : newPermissionState) { + if ((state.grantStatus[0] == AccessToken::PermissionState::PERMISSION_DENIED) && + (state.grantFlags[0] == AccessToken::PermissionFlag::PERMISSION_DEFAULT_FLAG)) { + APP_LOGD("BundlePermissionMgr::GetNewPermissionStateFull add old permission:%{public}s", + state.permissionName.c_str()); + newRequestPermName.emplace_back(state.permissionName); + } + } + for (const auto &perm : permissionState) { if (std::find_if(newPermissionState.begin(), newPermissionState.end(), [&perm](const auto &newPerm) { return newPerm.permissionName == perm.permissionName; @@ -791,5 +780,62 @@ bool BundlePermissionMgr::VerifyPreload(const AAFwk::Want &want) std::string bundleName = want.GetElement().GetBundleName(); return bundleName == callingBundleName; } + +bool BundlePermissionMgr::InnerUpdateDefinePermission( + const Security::AccessToken::AccessTokenID tokenId, + const InnerBundleInfo &oldInfo, + const InnerBundleInfo &newInfo, + std::vector &newDefPermList) +{ + std::vector defPermList = GetPermissionDefList(newInfo); + if (!GetNewPermissionDefList(tokenId, defPermList, newDefPermList)) { + return false; + } + + // delete old definePermission + std::vector needDeleteDefinePermission = GetNeedDeleteDefinePermissionName(oldInfo, newInfo); + for (const auto &name : needDeleteDefinePermission) { + auto iter = std::find_if(newDefPermList.begin(), newDefPermList.end(), [&name](const auto &defPerm) { + return defPerm.permissionName == name; + }); + if (iter != newDefPermList.end()) { + APP_LOGD("delete definePermission %{public}s", name.c_str()); + newDefPermList.erase(iter); + } + } + return true; +} + +bool BundlePermissionMgr::InnerUpdateRequestPermission( + const Security::AccessToken::AccessTokenID tokenId, + const InnerBundleInfo &oldInfo, + const InnerBundleInfo &newInfo, + std::vector &newPermissionStateList, + std::vector &newRequestPermName) +{ + // get access token permission + std::vector reqPermissionStateList = GetPermissionStateFullList(newInfo); + if (!GetNewPermissionStateFull(tokenId, reqPermissionStateList, + newPermissionStateList, newRequestPermName)) { + return false; + } + // delete old requestPermission + std::vector needDeleteRequestPermission = GetNeedDeleteRequestPermissionName(oldInfo, newInfo); + for (const auto &name : needDeleteRequestPermission) { + auto iter = std::find_if(newPermissionStateList.begin(), newPermissionStateList.end(), + [&name](const auto &defPerm) { + return defPerm.permissionName == name; + }); + if (iter != newPermissionStateList.end()) { + APP_LOGD("delete requestPermission %{public}s", name.c_str()); + newPermissionStateList.erase(iter); + } + auto deleteIter = std::find(newRequestPermName.begin(), newRequestPermName.end(), name); + if (deleteIter != newRequestPermName.begin()) { + newRequestPermName.erase(deleteIter); + } + } + return true; +} } // namespace AppExecFwk } // namespace OHOS \ No newline at end of file -- Gitee From cbf2fcd527b05e3fd0f93341428c2e87667b19e4 Mon Sep 17 00:00:00 2001 From: wangtiantian Date: Thu, 6 Jul 2023 21:14:32 +0800 Subject: [PATCH 2/2] IssueNo:#I7GD5T Description:fix bug Sig:SIG_ApplicaitonFramework Feature or Bugfix:Bugfix Binary Source:No Signed-off-by: wangtiantian --- services/bundlemgr/src/bundle_permission_mgr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/bundlemgr/src/bundle_permission_mgr.cpp b/services/bundlemgr/src/bundle_permission_mgr.cpp index 7be6c4aecf..c2a04bdffb 100644 --- a/services/bundlemgr/src/bundle_permission_mgr.cpp +++ b/services/bundlemgr/src/bundle_permission_mgr.cpp @@ -831,7 +831,7 @@ bool BundlePermissionMgr::InnerUpdateRequestPermission( newPermissionStateList.erase(iter); } auto deleteIter = std::find(newRequestPermName.begin(), newRequestPermName.end(), name); - if (deleteIter != newRequestPermName.begin()) { + if (deleteIter != newRequestPermName.end()) { newRequestPermName.erase(deleteIter); } } -- Gitee