diff --git a/bundle.json b/bundle.json index 049b1f88f21330e11c34beaab6f4dae4516e6aca..e3174faeb02dc8866b677b082891b142b8ce5ea6 100755 --- a/bundle.json +++ b/bundle.json @@ -28,6 +28,8 @@ ], "deps": { "components": [ + "access_token", + "accessibility", "eventhandler", "hilog", "ipc", diff --git a/interfaces/inner_kits/BUILD.gn b/interfaces/inner_kits/BUILD.gn index 9ee637c8b72c03b0ca2048de146db28db590cbaa..4900ec4415fe5b8d6fd50019badf628d0e0990c5 100644 --- a/interfaces/inner_kits/BUILD.gn +++ b/interfaces/inner_kits/BUILD.gn @@ -88,6 +88,8 @@ ohos_shared_library("libdinput_sdk") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "config_policy:configpolicy_util", "dsoftbus:softbus_client", diff --git a/interfaces/ipc/include/distributed_input_sink_stub.h b/interfaces/ipc/include/distributed_input_sink_stub.h index 3d1396963912a4e16aeaf048e9259fa25fb8c9b7..9b6a1ea9c359240fa9075e63604a0d3271e1dfb3 100644 --- a/interfaces/ipc/include/distributed_input_sink_stub.h +++ b/interfaces/ipc/include/distributed_input_sink_stub.h @@ -44,6 +44,8 @@ public: int32_t RegisterSharingDhIdListenerInner(MessageParcel &data, MessageParcel &reply, MessageOption &option); + bool HasEnableDHPermission(); + private: DISALLOW_COPY_AND_MOVE(DistributedInputSinkStub); using DistributedInputSinkFunc = int32_t (DistributedInputSinkStub::*)(MessageParcel &data, MessageParcel &reply, diff --git a/interfaces/ipc/include/distributed_input_source_stub.h b/interfaces/ipc/include/distributed_input_source_stub.h index eca2be520b8a9ed7284564a58224350a53241861..19d3aa272bf664831443b5dd76677a1841d3a8d0 100644 --- a/interfaces/ipc/include/distributed_input_source_stub.h +++ b/interfaces/ipc/include/distributed_input_source_stub.h @@ -61,6 +61,8 @@ private: int32_t HandleUnregisterSimulationEventListener(MessageParcel &data, MessageParcel &reply); int32_t HandleRegisterSessionStateCb(MessageParcel &data, MessageParcel &reply); int32_t HandleUnregisterSessionStateCb(MessageParcel &data, MessageParcel &reply); + bool HasEnableDHPermission(); + bool HasAccessDHPermission(); DISALLOW_COPY_AND_MOVE(DistributedInputSourceStub); private: std::atomic sourceManagerInitFlag_ {false}; diff --git a/interfaces/ipc/src/distributed_input_sink_stub.cpp b/interfaces/ipc/src/distributed_input_sink_stub.cpp index 767b7d2a956f6063e4867a0eda336168608a1331..300de42cfe4981d208c7c4eb4986351d393db5d3 100644 --- a/interfaces/ipc/src/distributed_input_sink_stub.cpp +++ b/interfaces/ipc/src/distributed_input_sink_stub.cpp @@ -15,12 +15,14 @@ #include "distributed_input_sink_stub.h" +#include "accesstoken_kit.h" #include "constants_dinput.h" #include "dinput_errcode.h" #include "dinput_ipc_interface_code.h" #include "dinput_log.h" #include "dinput_utils_tool.h" #include "i_sharing_dhid_listener.h" +#include "ipc_skeleton.h" namespace OHOS { namespace DistributedHardware { @@ -48,6 +50,15 @@ DistributedInputSinkStub::~DistributedInputSinkStub() memberFuncMap_.clear(); } +bool DistributedInputSinkStub::HasEnableDHPermission() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + const std::string permissionName = "ohos.permission.ENABLE_DISTRIBUTED_HARDWARE"; + int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, + permissionName); + return (result == Security::AccessToken::PERMISSION_GRANTED); +} + int32_t DistributedInputSinkStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { @@ -66,6 +77,10 @@ int32_t DistributedInputSinkStub::OnRemoteRequest(uint32_t code, MessageParcel & int32_t DistributedInputSinkStub::InitInner(MessageParcel &data, MessageParcel &reply, MessageOption &option) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } DHLOGI("DistributedInputSinkStub InitInner start"); int32_t ret = Init(); if (!reply.WriteInt32(ret)) { @@ -77,6 +92,10 @@ int32_t DistributedInputSinkStub::InitInner(MessageParcel &data, MessageParcel & int32_t DistributedInputSinkStub::ReleaseInner(MessageParcel &data, MessageParcel &reply, MessageOption &option) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } int32_t ret = Release(); if (!reply.WriteInt32(ret)) { DHLOGE("DistributedInputSinkStub write ret failed, ret = %d", ret); diff --git a/interfaces/ipc/src/distributed_input_source_stub.cpp b/interfaces/ipc/src/distributed_input_source_stub.cpp index 6ead0d0b554a1da734375723928ee19a565a14c7..ec8200d3f3cbe4530b0fad053fc8865be28fca8e 100644 --- a/interfaces/ipc/src/distributed_input_source_stub.cpp +++ b/interfaces/ipc/src/distributed_input_source_stub.cpp @@ -15,10 +15,12 @@ #include "distributed_input_source_stub.h" +#include "accesstoken_kit.h" #include "constants_dinput.h" #include "dinput_errcode.h" #include "dinput_ipc_interface_code.h" #include "dinput_log.h" +#include "ipc_skeleton.h" namespace OHOS { namespace DistributedHardware { @@ -82,8 +84,31 @@ void DistributedInputSourceStub::RegRespFunMap() memberFuncMap_[static_cast(IDInputSourceInterfaceCode::UNREGISTER_SESSION_STATE_CB)] = &DistributedInputSourceStub::HandleUnregisterSessionStateCb; } + +bool DistributedInputSourceStub::HasEnableDHPermission() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + const std::string permissionName = "ohos.permission.ENABLE_DISTRIBUTED_HARDWARE"; + int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, + permissionName); + return (result == Security::AccessToken::PERMISSION_GRANTED); +} + +bool DistributedInputSourceStub::HasAccessDHPermission() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + const std::string permissionName = "ohos.permission.ACCESS_DISTRIBUTED_HARDWARE"; + int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, + permissionName); + return (result == Security::AccessToken::PERMISSION_GRANTED); +} + int32_t DistributedInputSourceStub::HandleInitDistributedHardware(MessageParcel &reply) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::unique_lock lock(operatorMutex_); if (sourceManagerInitFlag_.load()) { DHLOGE("DistributedInputSourceStub already init."); @@ -100,6 +125,10 @@ int32_t DistributedInputSourceStub::HandleInitDistributedHardware(MessageParcel int32_t DistributedInputSourceStub::HandleReleaseDistributedHardware(MessageParcel &reply) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::unique_lock lock(operatorMutex_); if (!sourceManagerInitFlag_.load()) { DHLOGE("DistributedInputSourceStub already Release."); @@ -116,6 +145,10 @@ int32_t DistributedInputSourceStub::HandleReleaseDistributedHardware(MessageParc int32_t DistributedInputSourceStub::HandleRegisterDistributedHardware(MessageParcel &data, MessageParcel &reply) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string devId = data.ReadString(); std::string dhId = data.ReadString(); std::string params = data.ReadString(); @@ -134,6 +167,10 @@ int32_t DistributedInputSourceStub::HandleRegisterDistributedHardware(MessagePar int32_t DistributedInputSourceStub::HandleUnregisterDistributedHardware(MessageParcel &data, MessageParcel &reply) { + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string devId = data.ReadString(); std::string dhId = data.ReadString(); sptr callback = iface_cast(data.ReadRemoteObject()); @@ -151,6 +188,10 @@ int32_t DistributedInputSourceStub::HandleUnregisterDistributedHardware(MessageP int32_t DistributedInputSourceStub::HandlePrepareRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string deviceId = data.ReadString(); sptr callback = iface_cast(data.ReadRemoteObject()); if (callback == nullptr) { @@ -167,6 +208,10 @@ int32_t DistributedInputSourceStub::HandlePrepareRemoteInput(MessageParcel &data int32_t DistributedInputSourceStub::HandleUnprepareRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string deviceId = data.ReadString(); sptr callback = iface_cast(data.ReadRemoteObject()); if (callback == nullptr) { @@ -183,6 +228,10 @@ int32_t DistributedInputSourceStub::HandleUnprepareRemoteInput(MessageParcel &da int32_t DistributedInputSourceStub::HandleStartRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string deviceId = data.ReadString(); uint32_t inputTypes = data.ReadUint32(); sptr callback = iface_cast(data.ReadRemoteObject()); @@ -200,6 +249,10 @@ int32_t DistributedInputSourceStub::HandleStartRemoteInput(MessageParcel &data, int32_t DistributedInputSourceStub::HandleStopRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string deviceId = data.ReadString(); uint32_t inputTypes = data.ReadUint32(); sptr callback = iface_cast(data.ReadRemoteObject()); @@ -217,6 +270,10 @@ int32_t DistributedInputSourceStub::HandleStopRemoteInput(MessageParcel &data, M int32_t DistributedInputSourceStub::HandleStartRelayTypeRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); uint32_t inputTypes = data.ReadUint32(); @@ -235,6 +292,10 @@ int32_t DistributedInputSourceStub::HandleStartRelayTypeRemoteInput(MessageParce int32_t DistributedInputSourceStub::HandleStopRelayTypeRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); uint32_t inputTypes = data.ReadUint32(); @@ -253,6 +314,10 @@ int32_t DistributedInputSourceStub::HandleStopRelayTypeRemoteInput(MessageParcel int32_t DistributedInputSourceStub::HandlePrepareRelayRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); sptr callback = iface_cast(data.ReadRemoteObject()); @@ -270,6 +335,10 @@ int32_t DistributedInputSourceStub::HandlePrepareRelayRemoteInput(MessageParcel int32_t DistributedInputSourceStub::HandleUnprepareRelayRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); sptr callback = iface_cast(data.ReadRemoteObject()); @@ -287,6 +356,10 @@ int32_t DistributedInputSourceStub::HandleUnprepareRelayRemoteInput(MessageParce int32_t DistributedInputSourceStub::HandleStartDhidRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string sinkId = data.ReadString(); std::vector tempVector; @@ -320,6 +393,10 @@ int32_t DistributedInputSourceStub::HandleStartDhidRemoteInput(MessageParcel &da int32_t DistributedInputSourceStub::HandleStopDhidRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string sinkId = data.ReadString(); std::vector tempVector; @@ -353,6 +430,10 @@ int32_t DistributedInputSourceStub::HandleStopDhidRemoteInput(MessageParcel &dat int32_t DistributedInputSourceStub::HandleStartRelayDhidRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); @@ -387,6 +468,10 @@ int32_t DistributedInputSourceStub::HandleStartRelayDhidRemoteInput(MessageParce int32_t DistributedInputSourceStub::HandleStopRelayDhidRemoteInput(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } std::string srcId = data.ReadString(); std::string sinkId = data.ReadString(); @@ -529,6 +614,10 @@ int32_t DistributedInputSourceStub::HandleUnregisterSimulationEventListener(Mess int32_t DistributedInputSourceStub::HandleRegisterSessionStateCb(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } sptr callback = iface_cast(data.ReadRemoteObject()); if (callback == nullptr) { DHLOGE("HandleRegisterSessionStateCb failed, callback is nullptr."); @@ -545,6 +634,10 @@ int32_t DistributedInputSourceStub::HandleRegisterSessionStateCb(MessageParcel & int32_t DistributedInputSourceStub::HandleUnregisterSessionStateCb(MessageParcel &data, MessageParcel &reply) { + if (!HasAccessDHPermission()) { + DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission."); + return ERR_DH_INPUT_CLIENT_STOP_FAIL; + } int32_t ret = UnregisterSessionStateCb(); if (!reply.WriteInt32(ret)) { DHLOGE("HandleUnregisterSessionStateCb write ret failed, ret = %d", ret); diff --git a/interfaces/ipc/test/addwhitelistinfoscallbackunittest/BUILD.gn b/interfaces/ipc/test/addwhitelistinfoscallbackunittest/BUILD.gn index 1179c3ca1fd730203f0e91022f850e25b0efbb7a..eecbd186186e775c7c31cc54ab3eaca64793bd6a 100644 --- a/interfaces/ipc/test/addwhitelistinfoscallbackunittest/BUILD.gn +++ b/interfaces/ipc/test/addwhitelistinfoscallbackunittest/BUILD.gn @@ -92,6 +92,8 @@ ohos_unittest("add_white_list_infos_callbackl_test") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "distributed_hardware_fwk:libdhfwk_sdk", "dsoftbus:softbus_client", diff --git a/interfaces/ipc/test/clientunittest/BUILD.gn b/interfaces/ipc/test/clientunittest/BUILD.gn index a1a38e9f5c825836fab5b6cba7277008877286aa..4a838f5785b764882536724e09cb8dbd2554f335 100644 --- a/interfaces/ipc/test/clientunittest/BUILD.gn +++ b/interfaces/ipc/test/clientunittest/BUILD.gn @@ -116,6 +116,8 @@ ohos_unittest("distributed_input_client_test") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "config_policy:configpolicy_util", "distributed_hardware_fwk:libdhfwk_sdk", diff --git a/interfaces/ipc/test/dinputsourcecallbackunittest/BUILD.gn b/interfaces/ipc/test/dinputsourcecallbackunittest/BUILD.gn index a9181fca1ec02d36e489f705f0e4cc0f572a0b7a..13dfbe5e4d8baba2e123bb88fdef04de12ba911c 100644 --- a/interfaces/ipc/test/dinputsourcecallbackunittest/BUILD.gn +++ b/interfaces/ipc/test/dinputsourcecallbackunittest/BUILD.gn @@ -92,6 +92,8 @@ ohos_unittest("dinput_source_callback_test") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "distributed_hardware_fwk:libdhfwk_sdk", "dsoftbus:softbus_client", diff --git a/interfaces/ipc/test/ipcunittest/BUILD.gn b/interfaces/ipc/test/ipcunittest/BUILD.gn index 8f0d33b4ae82a3028cde79f2c67497c681fce8d4..83145771ef751fccea8001f7a057d8a9472f3e89 100644 --- a/interfaces/ipc/test/ipcunittest/BUILD.gn +++ b/interfaces/ipc/test/ipcunittest/BUILD.gn @@ -103,6 +103,8 @@ ohos_unittest("distributed_input_ipc_test") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "config_policy:configpolicy_util", "distributed_hardware_fwk:libdhfwk_sdk", diff --git a/services/sink/sinkmanager/BUILD.gn b/services/sink/sinkmanager/BUILD.gn index 2a8aa04b38deafe18dd8f9359ac8e4b24399216a..6dc12809ad3f577cacc2972b655eb7a2deae3e8d 100644 --- a/services/sink/sinkmanager/BUILD.gn +++ b/services/sink/sinkmanager/BUILD.gn @@ -64,6 +64,8 @@ ohos_shared_library("libdinput_sink") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "config_policy:configpolicy_util", "distributed_hardware_fwk:libdhfwk_sdk", diff --git a/services/source/sourcemanager/BUILD.gn b/services/source/sourcemanager/BUILD.gn index fc1defbae331c5d63bb6f1f0f560aba8eaec20ea..7bfd57f5b0654a657432195d10e62d2b0a34b001 100644 --- a/services/source/sourcemanager/BUILD.gn +++ b/services/source/sourcemanager/BUILD.gn @@ -102,6 +102,8 @@ ohos_shared_library("libdinput_source") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "config_policy:configpolicy_util", "distributed_hardware_fwk:libdhfwk_sdk", diff --git a/services/source/sourcemanager/test/sourcemanagerunittest/BUILD.gn b/services/source/sourcemanager/test/sourcemanagerunittest/BUILD.gn index 46761e9b3a75d02dea0097f6fb25346f9d5dc4e0..f3b375562677f6c84db6e027391212ca1420a047 100755 --- a/services/source/sourcemanager/test/sourcemanagerunittest/BUILD.gn +++ b/services/source/sourcemanager/test/sourcemanagerunittest/BUILD.gn @@ -122,6 +122,7 @@ ohos_unittest("distributed_input_sourcemanager_test") { "access_token:libaccesstoken_sdk", "access_token:libnativetoken", "access_token:libtoken_setproc", + "access_token:libtokenid_sdk", "c_utils:utils", "distributed_hardware_fwk:libdhfwk_sdk", "eventhandler:libeventhandler",