From 8a3acdcb45797054ab21a31d94929ada2222add3 Mon Sep 17 00:00:00 2001
From: qianjiaxing <qianjiaxing@huawei.com>
Date: Wed, 16 Mar 2022 11:46:15 +0000
Subject: [PATCH] ipc check

Signed-off-by: qianjiaxing <qianjiaxing@huawei.com>
---
 services/distributedfiledaemon/BUILD.gn       |  2 +
 .../src/ipc/daemon_stub.cpp                   | 47 +++++++++++++++++++
 .../test/unittest/BUILD.gn                    |  2 +
 3 files changed, 51 insertions(+)

diff --git a/services/distributedfiledaemon/BUILD.gn b/services/distributedfiledaemon/BUILD.gn
index 7a2313b34..db9cfe08d 100755
--- a/services/distributedfiledaemon/BUILD.gn
+++ b/services/distributedfiledaemon/BUILD.gn
@@ -17,6 +17,7 @@ ohos_shared_library("libdistributedfiledaemon") {
   include_dirs = [
     "include",
     "//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
     "//base/security/deviceauth/interfaces/innerkits",
     "//third_party/json/include",
   ]
@@ -44,6 +45,7 @@ ohos_shared_library("libdistributedfiledaemon") {
     "//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp:devicemanagersdk",
   ]
   external_deps = [
+    "access_token:libaccesstoken_sdk",
     "dataclassification:data_transit_mgr",
     "dsoftbus_standard:softbus_client",
     "ipc:ipc_core",
diff --git a/services/distributedfiledaemon/src/ipc/daemon_stub.cpp b/services/distributedfiledaemon/src/ipc/daemon_stub.cpp
index 5568c2f74..5626ed8b3 100644
--- a/services/distributedfiledaemon/src/ipc/daemon_stub.cpp
+++ b/services/distributedfiledaemon/src/ipc/daemon_stub.cpp
@@ -13,7 +13,10 @@
  * limitations under the License.
  */
 
+#include "accesstoken_kit.h"
+#include "ipc_skeleton.h"
 #include "ipc/daemon_stub.h"
+#include "native_token_info.h"
 #include "utils_log.h"
 
 namespace OHOS {
@@ -24,8 +27,52 @@ DaemonStub::DaemonStub()
     opToInterfaceMap_[DFS_DAEMON_CMD_ECHO] = &DaemonStub::EchoServerDemoInner;
 }
 
+static bool GetClientUid(int &uid)
+{
+    uid = IPCSkeleton::GetCallingUid();
+    return true;
+}
+
+static bool GetClientTokenId(int &TokenId)
+{
+    TokenId = IPCSkeleton::GetCallingTokenID();
+    return true;
+}
+
+static std::string GetProcessName(int pid)
+{
+    Security::AccessToken::NativeTokenInfo tokenInfo = Security::AccessToken::NativeTokenInfo();
+    Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(pid, tokenInfo);
+    return tokenInfo.processName;
+}
+
+bool CheckClientPermission()
+{
+    int uid = -1;
+    int tokenId = 0;
+    if (!GetClientUid(uid)) {
+        LOGE("GetClientUid: fail");
+    }
+
+    if (!GetClientTokenId(tokenId)) {
+        LOGE("GetClientTokenId: fail");
+    }
+
+    std::string clientName = GetProcessName(tokenId);
+    LOGI("GetClientProcessName:%{public}s", clientName.c_str());
+    if (clientName == "distributedfile" || uid == 1000) {
+        return true;
+    }
+    return false;
+}
+
 int32_t DaemonStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
 {
+    if (!CheckClientPermission()) {
+        LOGE("ipc check error");
+        return ERR_PERMISSION_DENIED;
+    }
+
     if (data.ReadInterfaceToken() != GetDescriptor()) {
         return DFS_DAEMON_DESCRIPTOR_IS_EMPTY;
     }
diff --git a/services/distributedfiledaemon/test/unittest/BUILD.gn b/services/distributedfiledaemon/test/unittest/BUILD.gn
index 94b311b30..9114b4a97 100644
--- a/services/distributedfiledaemon/test/unittest/BUILD.gn
+++ b/services/distributedfiledaemon/test/unittest/BUILD.gn
@@ -21,6 +21,7 @@ config("module_private_config") {
   include_dirs = [
     "${services_path}/distributedfiledaemon/include",
     "//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
     "//base/security/deviceauth/interfaces/innerkits",
     "//third_party/json/include",
   ]
@@ -46,6 +47,7 @@ ohos_unittest("DeviceManagerAgentTest") {
   ]
 
   external_deps = [
+    "access_token:libaccesstoken_sdk",
     "dataclassification:data_transit_mgr",
     "dsoftbus_standard:softbus_client",
     "ipc:ipc_core",
-- 
Gitee