diff --git a/services/implementation/src/cryptomgr/crypto_mgr.cpp b/services/implementation/src/cryptomgr/crypto_mgr.cpp index 6cba98ca7f0589ce9fc24a7fc7fb0d9a6496207b..908c19b1e867d50aec75722245a1b545b3bf7917 100644 --- a/services/implementation/src/cryptomgr/crypto_mgr.cpp +++ b/services/implementation/src/cryptomgr/crypto_mgr.cpp @@ -213,6 +213,10 @@ int32_t CryptoMgr::DecryptMessage(const std::string &inputMsg, std::string &outp return ERR_DM_CRYPTO_OPT_FAILED; } + if (inputMsgBytesLen < OVERHEAD_LEN) { + LOGE("invalid para."); + return ERR_DM_CRYPTO_PARA_INVALID; + } uint32_t outLen = inputMsgBytesLen - OVERHEAD_LEN + 1; /* for '\0' */ unsigned char *outData = (unsigned char *)calloc(outLen, sizeof(unsigned char)); if (outData == nullptr) { @@ -276,7 +280,7 @@ int32_t CryptoMgr::MbedAesGcmDecrypt(const AesGcmCipherKey *cipherKey, const uns int32_t CryptoMgr::DoDecryptData(AesGcmCipherKey *cipherKey, const unsigned char *input, uint32_t inLen, unsigned char *decryptData, uint32_t *decryptLen) { - if (cipherKey == NULL || input == NULL || inLen < GCM_IV_LEN || decryptData == NULL || decryptLen == NULL) { + if (cipherKey == NULL || input == NULL || inLen < OVERHEAD_LEN || decryptData == NULL || decryptLen == NULL) { return ERR_DM_CRYPTO_PARA_INVALID; } diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 33836f1ab913fab5da70bb69bd8d79acc37a24fc..020b5e881d5825bf8ca16395faae3534e7f8451d 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -114,13 +114,19 @@ bool PermissionManager::CheckMonitorPermission(void) } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) != + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) == PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding permissions."); - return false; + return true; } } - return true; + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP) { + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION) == + PermissionState::PERMISSION_GRANTED) { + return true; + } + } + LOGE("DM service access is denied, please apply for corresponding permissions."); + return false; } int32_t PermissionManager::GetCallerProcessName(std::string &processName) diff --git a/test/commonunittest/UTTest_permission_manager.cpp b/test/commonunittest/UTTest_permission_manager.cpp index 1ddd7830f05fe6f1e986b12b298ce9aaa7afd0e6..1cb44f5f9992b2db67b330f13b41e4bd826c187d 100644 --- a/test/commonunittest/UTTest_permission_manager.cpp +++ b/test/commonunittest/UTTest_permission_manager.cpp @@ -169,7 +169,7 @@ HWTEST_F(PermissionManagerTest, CheckMonitorPermission_001, testing::ext::TestSi EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_TYPE_BUTT)); ret = PermissionManager::GetInstance().CheckMonitorPermission(); - ASSERT_TRUE(ret); + ASSERT_FALSE(ret); EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(1001)); EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE));