From 42ee3bd3d3a66dc99049d1ae1ea32823c91035d1 Mon Sep 17 00:00:00 2001 From: lixinsheng2 Date: Fri, 17 May 2024 16:56:07 +0800 Subject: [PATCH] =?UTF-8?q?USB=20DDK/HID=20DDK=E6=9C=8D=E5=8A=A1=E7=AB=AF?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lixinsheng2 --- input/bundle.json | 3 +- input/ddk_service/BUILD.gn | 6 +- .../ddk_service/include/hid_ddk_permission.h | 35 ++++++++++ input/ddk_service/src/hid_ddk_permission.cpp | 40 +++++++++++ input/ddk_service/src/hid_ddk_service.cpp | 18 +++++ usb/bundle.json | 3 +- usb/ddk_service/BUILD.gn | 2 + usb/ddk_service/include/usb_ddk_permission.h | 35 ++++++++++ usb/ddk_service/src/usb_ddk_permission.cpp | 40 +++++++++++ usb/ddk_service/src/usb_ddk_service.cpp | 67 +++++++++++++++++++ 10 files changed, 246 insertions(+), 3 deletions(-) create mode 100644 input/ddk_service/include/hid_ddk_permission.h create mode 100644 input/ddk_service/src/hid_ddk_permission.cpp create mode 100644 usb/ddk_service/include/usb_ddk_permission.h create mode 100644 usb/ddk_service/src/usb_ddk_permission.cpp diff --git a/input/bundle.json b/input/bundle.json index 01d82fd8ad..567ae36edb 100644 --- a/input/bundle.json +++ b/input/bundle.json @@ -28,7 +28,8 @@ "hdf_core", "hilog", "hilog_lite", - "drivers_interface_input" + "drivers_interface_input", + "access_token" ], "third_party": [ "bounds_checking_function" diff --git a/input/ddk_service/BUILD.gn b/input/ddk_service/BUILD.gn index 4afdeea409..66c73e405b 100644 --- a/input/ddk_service/BUILD.gn +++ b/input/ddk_service/BUILD.gn @@ -16,7 +16,10 @@ import("./../../../hdf_core/adapter/uhdf2/uhdf.gni") import("./../input.gni") ohos_shared_library("libhid_ddk_service_1.0") { - sources = [ "src/hid_ddk_service.cpp" ] + sources = [ + "src/hid_ddk_permission.cpp", + "src/hid_ddk_service.cpp", + ] include_dirs = [ "include/", "include/emit_event_manager/", @@ -25,6 +28,7 @@ ohos_shared_library("libhid_ddk_service_1.0") { deps = [ "${input_driver_path}/ddk_service/src/emit_event_manager:emit_event_manager" ] external_deps = [ + "access_token:libaccesstoken_sdk", "c_utils:utils", "drivers_interface_input:hid_ddk_idl_headers", "hdf_core:libhdf_utils", diff --git a/input/ddk_service/include/hid_ddk_permission.h b/input/ddk_service/include/hid_ddk_permission.h new file mode 100644 index 0000000000..d73fe89cd5 --- /dev/null +++ b/input/ddk_service/include/hid_ddk_permission.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HID_DDK_PERMISSION_H +#define HID_DDK_PERMISSION_H + +#include + +namespace OHOS { +namespace HDI { +namespace Input { +namespace Ddk { +namespace V1_0 { +class DdkPermissionManager { +public: + static bool VerifyPermission(std::string permissionName); +}; +} // namespace V1_0 +} // namespace Ddk +} // namespace Input +} // namespace HDI +} // namespace OHOS +#endif // HID_DDK_PERMISSION_H \ No newline at end of file diff --git a/input/ddk_service/src/hid_ddk_permission.cpp b/input/ddk_service/src/hid_ddk_permission.cpp new file mode 100644 index 0000000000..f52f966e2c --- /dev/null +++ b/input/ddk_service/src/hid_ddk_permission.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "hid_ddk_permission.h" + +#include + +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" + +namespace OHOS { +namespace HDI { +namespace Input { +namespace Ddk { +namespace V1_0 { +using namespace OHOS::Security::AccessToken; + +bool DdkPermissionManager::VerifyPermission(std::string permissionName) +{ + AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + HDF_LOGI("%{public}s VerifyAccessToken: %{public}d", __func__, result); + return result == PERMISSION_GRANTED; +} +} // namespace V1_0 +} // namespace Ddk +} // namespace Input +} // namespace HDI +} // namespace OHOS \ No newline at end of file diff --git a/input/ddk_service/src/hid_ddk_service.cpp b/input/ddk_service/src/hid_ddk_service.cpp index f5fee3b149..39f1be9e3e 100644 --- a/input/ddk_service/src/hid_ddk_service.cpp +++ b/input/ddk_service/src/hid_ddk_service.cpp @@ -17,6 +17,7 @@ #include #include #include "emit_event_manager.h" +#include "hid_ddk_permission.h" #define HDF_LOG_TAG hid_ddk_service @@ -25,6 +26,8 @@ namespace HDI { namespace Input { namespace Ddk { namespace V1_0 { +static const std::string PERMISSION_NAME = "ohos.permission.ACCESS_DDK_HID"; + extern "C" IHidDdk *HidDdkImplGetInstance(void) { return new (std::nothrow) HidDdkService(); @@ -34,6 +37,11 @@ int32_t HidDdkService::CreateDevice(const Hid_Device &hidDevice, const Hid_EventProperties &hidEventProperties, uint32_t &deviceId) { HDF_LOGI("%{public}s create device enter", __func__); + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + int32_t ret = OHOS::ExternalDeviceManager::EmitEventManager::GetInstance() .CreateDevice(hidDevice, hidEventProperties); if (ret < 0) { @@ -48,12 +56,22 @@ int32_t HidDdkService::CreateDevice(const Hid_Device &hidDevice, int32_t HidDdkService::EmitEvent(uint32_t deviceId, const std::vector &items) { HDF_LOGI("%{public}s emit event enter, deviceId=%{public}d", __func__, deviceId); + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + return OHOS::ExternalDeviceManager::EmitEventManager::GetInstance().EmitEvent(deviceId, items); } int32_t HidDdkService::DestroyDevice(uint32_t deviceId) { HDF_LOGI("%{public}s destroy device enter, deviceId=%{public}d", __func__, deviceId); + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + return OHOS::ExternalDeviceManager::EmitEventManager::GetInstance().DestroyDevice(deviceId); } diff --git a/usb/bundle.json b/usb/bundle.json index 2b1cb761f0..ed1bec7e05 100644 --- a/usb/bundle.json +++ b/usb/bundle.json @@ -36,7 +36,8 @@ "hitrace", "c_utils", "drivers_interface_usb", - "hisysevent" + "hisysevent", + "access_token" ], "third_party": [] }, diff --git a/usb/ddk_service/BUILD.gn b/usb/ddk_service/BUILD.gn index 382351465b..e430ffbe52 100644 --- a/usb/ddk_service/BUILD.gn +++ b/usb/ddk_service/BUILD.gn @@ -36,6 +36,7 @@ ohos_shared_library("libusb_ddk_service_1.0") { sources = [ "src/usb_ddk_hash.cpp", + "src/usb_ddk_permission.cpp", "src/usb_ddk_service.cpp", ] include_dirs = [ @@ -55,6 +56,7 @@ ohos_shared_library("libusb_ddk_service_1.0") { if (is_standard_system) { external_deps = [ + "access_token:libaccesstoken_sdk", "drivers_interface_usb:usb_ddk_idl_headers", "hdf_core:libhdf_host", "hdf_core:libhdf_ipc_adapter", diff --git a/usb/ddk_service/include/usb_ddk_permission.h b/usb/ddk_service/include/usb_ddk_permission.h new file mode 100644 index 0000000000..8d4a95dad6 --- /dev/null +++ b/usb/ddk_service/include/usb_ddk_permission.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef USB_DDK_PERMISSION_H +#define USB_DDK_PERMISSION_H + +#include + +namespace OHOS { +namespace HDI { +namespace Usb { +namespace Ddk { +namespace V1_0 { +class DdkPermissionManager { +public: + static bool VerifyPermission(std::string permissionName); +}; +} // namespace V1_0 +} // namespace Ddk +} // namespace Usb +} // namespace HDI +} // namespace OHOS +#endif // USB_DDK_PERMISSION_H \ No newline at end of file diff --git a/usb/ddk_service/src/usb_ddk_permission.cpp b/usb/ddk_service/src/usb_ddk_permission.cpp new file mode 100644 index 0000000000..c7a60bd2cf --- /dev/null +++ b/usb/ddk_service/src/usb_ddk_permission.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "usb_ddk_permission.h" + +#include + +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" + +namespace OHOS { +namespace HDI { +namespace Usb { +namespace Ddk { +namespace V1_0 { +using namespace OHOS::Security::AccessToken; + +bool DdkPermissionManager::VerifyPermission(std::string permissionName) +{ + AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + HDF_LOGI("%{public}s VerifyAccessToken: %{public}d", __func__, result); + return result == PERMISSION_GRANTED; +} +} // namespace V1_0 +} // namespace Ddk +} // namespace Usb +} // namespace HDI +} // namespace OHOS \ No newline at end of file diff --git a/usb/ddk_service/src/usb_ddk_service.cpp b/usb/ddk_service/src/usb_ddk_service.cpp index f95b134317..f3ba81fb15 100644 --- a/usb/ddk_service/src/usb_ddk_service.cpp +++ b/usb/ddk_service/src/usb_ddk_service.cpp @@ -21,6 +21,7 @@ #include "ddk_pnp_listener_mgr.h" #include "usb_ddk_hash.h" #include "usb_ddk_interface.h" +#include "usb_ddk_permission.h" #include "usb_raw_api.h" #include "usbd_wrapper.h" #define HDF_LOG_TAG usb_ddk_service @@ -44,6 +45,8 @@ namespace V1_0 { #define MAX_BUFF_SIZE 16384 #define MAX_CONTROL_BUFF_SIZE 1024 +static const std::string PERMISSION_NAME = "ohos.permission.ACCESS_DDK_USB"; + extern "C" IUsbDdk *UsbDdkImplGetInstance(void) { return new (std::nothrow) UsbDdkService(); @@ -101,6 +104,10 @@ static HdfDevEventlistener *g_pnpListener = nullptr; int32_t UsbDdkService::Init() { HDF_LOGI("usb ddk init"); + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } if (g_pnpListener == nullptr) { g_pnpListener = new HdfDevEventlistener(); if (g_pnpListener == nullptr) { @@ -120,11 +127,21 @@ int32_t UsbDdkService::Init() int32_t UsbDdkService::Release() { HDF_LOGI("usb ddk exit"); + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + return UsbExitHostSdk(nullptr); } int32_t UsbDdkService::GetDeviceDescriptor(uint64_t deviceId, UsbDeviceDescriptor &desc) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + UsbRawHandle *rawHandle = UsbRawOpenDevice(nullptr, GET_BUS_NUM(deviceId), GET_DEV_NUM(deviceId)); if (rawHandle == nullptr) { HDF_LOGE("%{public}s open device failed", __func__); @@ -148,6 +165,11 @@ int32_t UsbDdkService::GetDeviceDescriptor(uint64_t deviceId, UsbDeviceDescripto int32_t UsbDdkService::GetConfigDescriptor(uint64_t deviceId, uint8_t configIndex, std::vector &configDesc) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + UsbRawHandle *rawHandle = UsbRawOpenDevice(nullptr, GET_BUS_NUM(deviceId), GET_DEV_NUM(deviceId)); if (rawHandle == nullptr) { HDF_LOGE("%{public}s open device failed", __func__); @@ -185,6 +207,11 @@ int32_t UsbDdkService::GetConfigDescriptor(uint64_t deviceId, uint8_t configInde int32_t UsbDdkService::ClaimInterface(uint64_t deviceId, uint8_t interfaceIndex, uint64_t &interfaceHandle) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + struct UsbInterface *interface = UsbClaimInterface(nullptr, GET_BUS_NUM(deviceId), GET_DEV_NUM(deviceId), interfaceIndex); if (interface == nullptr) { @@ -206,11 +233,21 @@ int32_t UsbDdkService::ClaimInterface(uint64_t deviceId, uint8_t interfaceIndex, } int32_t UsbDdkService::ReleaseInterface(uint64_t interfaceHandle) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + return ReleaseUsbInterface(interfaceHandle); } int32_t UsbDdkService::SelectInterfaceSetting(uint64_t interfaceHandle, uint8_t settingIndex) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -225,6 +262,11 @@ int32_t UsbDdkService::SelectInterfaceSetting(uint64_t interfaceHandle, uint8_t int32_t UsbDdkService::GetCurrentInterfaceSetting(uint64_t interfaceHandle, uint8_t &settingIndex) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -239,6 +281,11 @@ int32_t UsbDdkService::GetCurrentInterfaceSetting(uint64_t interfaceHandle, uint int32_t UsbDdkService::SendControlReadRequest( uint64_t interfaceHandle, const UsbControlRequestSetup &setup, uint32_t timeout, std::vector &data) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -287,6 +334,11 @@ FINISHED: int32_t UsbDdkService::SendControlWriteRequest( uint64_t interfaceHandle, const UsbControlRequestSetup &setup, uint32_t timeout, const std::vector &data) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -337,6 +389,11 @@ FINISHED: int32_t UsbDdkService::SendPipeRequest( const UsbRequestPipe &pipe, uint32_t size, uint32_t offset, uint32_t length, uint32_t &transferedLength) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(pipe.interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -380,6 +437,11 @@ FINISHED: int32_t UsbDdkService::SendPipeRequestWithAshmem( const UsbRequestPipe &pipe, const UsbAshmem &ashmem, uint32_t &transferredLength) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + uint64_t handle = 0; int32_t ret = UsbDdkUnHash(pipe.interfaceHandle, handle); if (ret != HDF_SUCCESS) { @@ -422,6 +484,11 @@ FINISHED: int32_t UsbDdkService::GetDeviceMemMapFd(uint64_t deviceId, int &fd) { + if (!DdkPermissionManager::VerifyPermission(PERMISSION_NAME)) { + HDF_LOGE("%{public}s: no permission", __func__); + return HDF_ERR_NOPERM; + } + int32_t ret = UsbGetDeviceMemMapFd(nullptr, GET_BUS_NUM(deviceId), GET_DEV_NUM(deviceId)); if (ret < 0) { HDF_LOGE("%{public}s UsbGetDeviceMemMapFd failed %{public}d", __func__, ret); -- Gitee