From 3ac675737c2d755ef0a5c456d6be38514b17f84f Mon Sep 17 00:00:00 2001 From: lsq Date: Fri, 27 May 2022 17:22:41 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8F=96=E6=B6=88=E5=AD=98=E5=82=A8=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E7=9A=84=E6=9D=83=E9=99=90=E5=AE=9A=E4=B9=89=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I111ade949f88eb33bfaf88d9485bd9ad35e61b3e --- .../accesstoken/include/permission_def.h | 6 ++ .../unittest/src/accesstoken_kit_test.cpp | 2 + .../test/unittest/src/accesstoken_kit_test.h | 1 + .../permission/permission_definition_cache.h | 13 +++- .../include/permission/permission_manager.h | 3 +- .../permission/permission_policy_set.h | 10 ++- .../include/permission/permission_validator.h | 4 +- .../cpp/include/token/hap_token_info_inner.h | 3 +- .../permission_definition_cache.cpp | 57 ++++++++++++++-- .../cpp/src/permission/permission_manager.cpp | 19 ++---- .../src/permission/permission_policy_set.cpp | 65 ++++--------------- .../src/permission/permission_validator.cpp | 4 +- .../src/token/accesstoken_info_manager.cpp | 18 ++--- .../cpp/src/token/hap_token_info_inner.cpp | 17 ++--- .../cpp/src/token/native_token_info_inner.cpp | 11 ++-- 15 files changed, 120 insertions(+), 113 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h index 39352b4e5..c1fa9ca7c 100644 --- a/interfaces/innerkits/accesstoken/include/permission_def.h +++ b/interfaces/innerkits/accesstoken/include/permission_def.h @@ -36,6 +36,12 @@ public: std::string description; int descriptionId; }; + +class PermissionDefData final { +public: + AccessTokenID tokenId; + PermissionDef permDef; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp index a21f00a82..5213af1bb 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp @@ -127,6 +127,7 @@ void AccessTokenKitTest::TearDownTestCase() void AccessTokenKitTest::SetUp() { + selfTokenId_ = GetSelfTokenID(); g_infoManagerTestInfoParms = g_infoManagerTestInfoParmsBak; g_infoManagerTestPolicyPrams = g_infoManagerTestPolicyPramsBak; HapInfoParams info = { @@ -268,6 +269,7 @@ void AccessTokenKitTest::TearDown() { AccessTokenID tokenID = GetAccessTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); AccessTokenKit::DeleteToken(tokenID); + SetSelfTokenID(selfTokenId_); } unsigned int AccessTokenKitTest::GetAccessTokenID(int userID, std::string bundleName, int instIndex) diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h index 3db3e42ac..b419cd90d 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h +++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.h @@ -49,6 +49,7 @@ public: unsigned int GetAccessTokenID(int userID, std::string bundleName, int instIndex); void DeleteTestToken() const; void AllocTestToken() const; + uint64_t selfTokenId_; }; } // namespace AccessToken } // namespace Security diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 59e31d777..d3f923e74 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -19,6 +19,7 @@ #include #include +#include "data_translator.h" #include "permission_def.h" #include "rwlock.h" @@ -33,7 +34,7 @@ public: virtual ~PermissionDefinitionCache(); - bool Insert(const PermissionDef& info); + bool Insert(const PermissionDef& info, AccessTokenID tokenId); bool Update(const PermissionDef& info); @@ -49,6 +50,12 @@ public: bool IsPermissionDefEmpty(); + void StorePermissionDef(std::vector& valueList); + + void GetDefPermissionsByTokenId(std::vector& permList, AccessTokenID tokenId); + + int32_t RestorePermDefInfo(std::vector& permDefRes); + private: PermissionDefinitionCache(); @@ -58,9 +65,9 @@ private: /** * key: the permission name. - * value: the object of PermissionDef. + * value: the object of PermissionDefData. */ - std::map permissionDefinitionMap_; + std::map permissionDefinitionMap_; OHOS::Utils::RWLock cacheLock_; }; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 68ad9751d..aa829f333 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -36,7 +36,8 @@ public: static PermissionManager& GetInstance(); virtual ~PermissionManager(); - void AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag); + void AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, + bool updateFlag); void RemoveDefPermissions(AccessTokenID tokenID); int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName); int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 1db448e10..6f600f4f9 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -35,12 +35,11 @@ public: virtual ~PermissionPolicySet(); static std::shared_ptr BuildPermissionPolicySet(AccessTokenID tokenId, - const std::vector& permList, const std::vector& permStateList); + const std::vector& permStateList); static std::shared_ptr RestorePermissionPolicy(AccessTokenID tokenId, - const std::vector& permDefRes, const std::vector& permStateRes); - void StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList); - void Update(const std::vector& permList, const std::vector& permStateList); + const std::vector& permStateRes); + void StorePermissionPolicySet(std::vector& permStateValueList); + void Update(const std::vector& permStateList); int VerifyPermissStatus(const std::string& permissionName); void GetDefPermissions(std::vector& permList); @@ -63,7 +62,6 @@ private: void PermStateFullToString(const PermissionStateFull& state, std::string& info) const; OHOS::Utils::RWLock permPolicySetLock_; - std::vector permList_; std::vector permStateList_; AccessTokenID tokenId_; }; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h index 0e7de0fb3..bdf5e2b04 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_validator.h @@ -30,9 +30,9 @@ public: static bool IsPermissionFlagValid(int flag); static bool IsPermissionDefValid(const PermissionDef& permDef); static bool IsPermissionStateValid(const PermissionStateFull& permState); - static void FilterInvalidPermisionDef( + static void FilterInvalidPermissionDef( const std::vector& permList, std::vector& result); - static void FilterInvalidPermisionState( + static void FilterInvalidPermissionState( const std::vector& permList, std::vector& result); static bool IsGrantModeValid(int grantMode); static bool IsGrantStatusValid(int grantStaus); diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index 3108dd982..73781ccaa 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -41,10 +41,9 @@ public: void Update(const std::string& appIDDesc, const HapPolicyParams& policy); void TranslateToHapTokenInfo(HapTokenInfo& InfoParcel) const; void StoreHapInfo(std::vector& hapInfoValues, - std::vector& permDefValues, std::vector& permStateValues) const; int RestoreHapTokenInfo(AccessTokenID tokenId, GenericValues& tokenValue, - const std::vector& permDefRes, const std::vector& permStateRes); + const std::vector& permStateRes); std::shared_ptr GetHapInfoPermissionPolicySet() const; HapTokenInfo GetHapInfoBasic() const; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index 942e280c7..5c35b0401 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -17,6 +17,8 @@ #include "access_token.h" #include "accesstoken_log.h" +#include "field_const.h" +#include "generic_values.h" namespace OHOS { namespace Security { @@ -39,7 +41,7 @@ PermissionDefinitionCache::PermissionDefinitionCache() PermissionDefinitionCache::~PermissionDefinitionCache() {} -bool PermissionDefinitionCache::Insert(const PermissionDef& info) +bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID tokenId) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(info.permissionName); @@ -48,14 +50,15 @@ bool PermissionDefinitionCache::Insert(const PermissionDef& info) info.permissionName.c_str()); return false; } - permissionDefinitionMap_[info.permissionName] = info; + permissionDefinitionMap_[info.permissionName].permDef = info; + permissionDefinitionMap_[info.permissionName].tokenId = tokenId; return true; } bool PermissionDefinitionCache::Update(const PermissionDef& info) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - permissionDefinitionMap_[info.permissionName] = info; + permissionDefinitionMap_[info.permissionName].permDef = info; return true; } @@ -64,7 +67,7 @@ void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { - if (bundleName == it->second.bundleName) { + if (bundleName == it->second.permDef.bundleName) { permissionDefinitionMap_.erase(it++); } else { ++it; @@ -81,7 +84,7 @@ int PermissionDefinitionCache::FindByPermissionName(const std::string& permissio permissionName.c_str()); return RET_FAILED; } - info = it->second; + info = it->second.permDef; return RET_SUCCESS; } @@ -103,7 +106,7 @@ bool PermissionDefinitionCache::IsGrantedModeEqualInner(const std::string& permi if (it == permissionDefinitionMap_.end()) { return false; } - return it->second.grantMode == grantMode; + return it->second.permDef.grantMode == grantMode; } bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) @@ -117,6 +120,48 @@ bool PermissionDefinitionCache::IsPermissionDefEmpty() Utils::UniqueReadGuard cacheGuard(this->cacheLock_); return permissionDefinitionMap_.empty(); } + +void PermissionDefinitionCache::StorePermissionDef(std::vector& valueList) +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + auto it = permissionDefinitionMap_.begin(); + while (it != permissionDefinitionMap_.end()) { + GenericValues genericValues; + genericValues.Put(FIELD_TOKEN_ID, it->second.tokenId); + DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); + valueList.emplace_back(genericValues); + ++it; + } +} + +void PermissionDefinitionCache::GetDefPermissionsByTokenId(std::vector& permList, + AccessTokenID tokenId) +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + auto it = permissionDefinitionMap_.begin(); + while (it != permissionDefinitionMap_.end()) { + if (tokenId == it->second.tokenId) { + permList.emplace_back(it->second.permDef); + } + ++it; + } +} + +int32_t PermissionDefinitionCache::RestorePermDefInfo(std::vector& permDefRes) +{ + std::vector permDataList; + for (GenericValues& defValue : permDefRes) { + PermissionDef def; + AccessTokenID tokenId = (AccessTokenID)defValue.GetInt(FIELD_TOKEN_ID); + int32_t ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x permDef is wrong.", tokenId); + return ret; + } + Insert(def, tokenId); + } + return RET_SUCCESS; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index d41a88b68..363af1d21 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -45,18 +45,13 @@ PermissionManager::~PermissionManager() { } -void PermissionManager::AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag) +void PermissionManager::AddDefPermissions(const std::vector& permList, AccessTokenID tokenId, + bool updateFlag) { - if (tokenInfo == nullptr) { - return; - } - std::shared_ptr permPolicySet = tokenInfo->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - return; - } - std::vector permList; - permPolicySet->GetDefPermissions(permList); - for (auto perm : permList) { + std::vector permFilterList; + PermissionValidator::FilterInvalidPermissionDef(permList, permFilterList); + + for (auto perm : permFilterList) { if (!PermissionValidator::IsPermissionDefValid(perm)) { ACCESSTOKEN_LOG_INFO(LABEL, "invalid permission definition info: %{public}s", TransferPermissionDefToString(perm).c_str()); @@ -69,7 +64,7 @@ void PermissionManager::AddDefPermissions(std::shared_ptr tok } if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { - PermissionDefinitionCache::GetInstance().Insert(perm); + PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); } else { ACCESSTOKEN_LOG_INFO(LABEL, "permission %{public}s has define", TransferPermissionDefToString(perm).c_str()); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 471ed5f26..a4fb10b7b 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -36,13 +36,11 @@ PermissionPolicySet::~PermissionPolicySet() } std::shared_ptr PermissionPolicySet::BuildPermissionPolicySet( - AccessTokenID tokenId, const std::vector& permList, - const std::vector& permStateList) + AccessTokenID tokenId, const std::vector& permStateList) { std::shared_ptr policySet = std::make_shared(); if (policySet != nullptr) { - PermissionValidator::FilterInvalidPermisionDef(permList, policySet->permList_); - PermissionValidator::FilterInvalidPermisionState(permStateList, policySet->permStateList_); + PermissionValidator::FilterInvalidPermissionState(permStateList, policySet->permStateList_); policySet->tokenId_ = tokenId; } return policySet; @@ -57,30 +55,12 @@ void PermissionPolicySet::UpdatePermStateFull(const PermissionStateFull& permOld } } -void PermissionPolicySet::Update(const std::vector& permList, - const std::vector& permStateList) +void PermissionPolicySet::Update(const std::vector& permStateList) { - std::vector permFilterList; std::vector permStateFilterList; - - PermissionValidator::FilterInvalidPermisionDef(permList, permFilterList); - PermissionValidator::FilterInvalidPermisionState(permStateList, permStateFilterList); + PermissionValidator::FilterInvalidPermissionState(permStateList, permStateFilterList); Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - for (const PermissionDef& permNew : permFilterList) { - bool found = false; - for (PermissionDef& permOld : permList_) { - if (permNew.permissionName == permOld.permissionName) { - permOld = permNew; - found = true; - break; - } - } - if (!found) { - permList_.emplace_back(permNew); - } - } - for (PermissionStateFull& permStateNew : permStateFilterList) { for (const PermissionStateFull& permStateOld : permStateList_) { if (permStateNew.permissionName == permStateOld.permissionName) { @@ -93,7 +73,7 @@ void PermissionPolicySet::Update(const std::vector& permList, } std::shared_ptr PermissionPolicySet::RestorePermissionPolicy(AccessTokenID tokenId, - const std::vector& permDefRes, const std::vector& permStateRes) + const std::vector& permStateRes) { std::shared_ptr policySet = std::make_shared(); if (policySet == nullptr) { @@ -102,18 +82,6 @@ std::shared_ptr PermissionPolicySet::RestorePermissionPolic } policySet->tokenId_ = tokenId; - for (GenericValues defValue : permDefRes) { - if ((AccessTokenID)defValue.GetInt(FIELD_TOKEN_ID) == tokenId) { - PermissionDef def; - int ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); - if (ret == RET_SUCCESS) { - policySet->permList_.emplace_back(def); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x permDef is wrong.", tokenId); - } - } - } - for (GenericValues stateValue : permStateRes) { if ((AccessTokenID)stateValue.GetInt(FIELD_TOKEN_ID) == tokenId) { PermissionStateFull state; @@ -142,16 +110,6 @@ void PermissionPolicySet::MergePermissionStateFull(std::vector& valueList) const -{ - for (auto permissionDef : permList_) { - GenericValues genericValues; - genericValues.Put(FIELD_TOKEN_ID, tokenId_); - DataTranslator::TranslationIntoGenericValues(permissionDef, genericValues); - valueList.emplace_back(genericValues); - } -} - void PermissionPolicySet::StorePermissionState(std::vector& valueList) const { for (auto permissionState : permStateList_) { @@ -173,11 +131,9 @@ void PermissionPolicySet::StorePermissionState(std::vector& value } } -void PermissionPolicySet::StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList) +void PermissionPolicySet::StorePermissionPolicySet(std::vector& permStateValueList) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - StorePermissionDef(permDefValueList); StorePermissionState(permStateValueList); } @@ -198,8 +154,7 @@ int PermissionPolicySet::VerifyPermissStatus(const std::string& permissionName) void PermissionPolicySet::GetDefPermissions(std::vector& permList) { - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - permList.assign(permList_.begin(), permList_.end()); + PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenId_); } void PermissionPolicySet::GetPermissionStateFulls(std::vector& permList) @@ -307,9 +262,11 @@ void PermissionPolicySet::ToString(std::string& info) Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); info.append(R"( "permDefList": [)"); info.append("\n"); - for (auto iter = permList_.begin(); iter != permList_.end(); iter++) { + std::vector permList; + PermissionDefinitionCache::GetInstance().GetDefPermissionsByTokenId(permList, tokenId_); + for (auto iter = permList.begin(); iter != permList.end(); iter++) { PermDefToString(*iter, info); - if (iter != (permList_.end() - 1)) { + if (iter != (permList.end() - 1)) { info.append(",\n"); } } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp index 9eea11ef8..7f46cae37 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp @@ -89,7 +89,7 @@ bool PermissionValidator::IsPermissionStateValid(const PermissionStateFull& perm } -void PermissionValidator::FilterInvalidPermisionDef( +void PermissionValidator::FilterInvalidPermissionDef( const std::vector& permList, std::vector& result) { std::set permDefSet; @@ -121,7 +121,7 @@ void PermissionValidator::DeduplicateResDevID(const PermissionStateFull& permSta result.isGeneral = permState.isGeneral; } -void PermissionValidator::FilterInvalidPermisionState( +void PermissionValidator::FilterInvalidPermissionState( const std::vector& permList, std::vector& result) { std::set permStateSet; diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 18a62e12c..08bb0c909 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -24,6 +24,7 @@ #include "field_const.h" #include "generic_values.h" #include "hap_token_info_inner.h" +#include "permission_definition_cache.h" #include "permission_manager.h" #ifdef TOKEN_SYNC_ENABLE @@ -87,7 +88,7 @@ void AccessTokenInfoManager::InitHapTokenInfos() ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } - ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); + ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); @@ -104,6 +105,7 @@ void AccessTokenInfoManager::InitHapTokenInfos() " restore hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex()); } + PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); } void AccessTokenInfoManager::InitNativeTokenInfos() @@ -185,9 +187,6 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptrIsRemote()) { - PermissionManager::GetInstance().AddDefPermissions(info, false); - } return RET_SUCCESS; } @@ -399,6 +398,8 @@ int AccessTokenInfoManager::CreateHapTokenInfo( AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); return RET_FAILED; } + PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); + ACCESSTOKEN_LOG_INFO(LABEL, "create hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); @@ -532,7 +533,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID, tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex()); } - PermissionManager::GetInstance().AddDefPermissions(infoPtr, true); + PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenID, true); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); #endif @@ -603,9 +604,8 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok return RET_FAILED; } - std::vector permList = {}; std::shared_ptr newPermPolicySet = - PermissionPolicySet::BuildPermissionPolicySet(mapID, permList, hapSync.permStateList); + PermissionPolicySet::BuildPermissionPolicySet(mapID, hapSync.permStateList); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); @@ -857,7 +857,7 @@ void AccessTokenInfoManager::StoreAllTokenInfo() Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { - iter->second->StoreHapInfo(hapInfoValues, permDefValues, permStateValues); + iter->second->StoreHapInfo(hapInfoValues, permStateValues); } } } @@ -871,6 +871,8 @@ void AccessTokenInfoManager::StoreAllTokenInfo() } } + PermissionDefinitionCache::GetInstance().StorePermissionDef(permDefValues); + DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_HAP_INFO, hapInfoValues); DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenValues); DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_PERMISSION_DEF, permDefValues); diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 102565af1..ae09048c6 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -52,15 +52,14 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, tokenInfoBasic_.appID = info.appIDDesc; tokenInfoBasic_.deviceID = "0"; tokenInfoBasic_.apl = policy.apl; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permList, policy.permStateList); + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList); } HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, const HapTokenInfo &info, const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = info; - const std::vector permDefList; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permDefList, permStateList); + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList); } HapTokenInfoInner::~HapTokenInfoInner() @@ -75,11 +74,11 @@ void HapTokenInfoInner::Update(const std::string& appIDDesc, const HapPolicyPara tokenInfoBasic_.apl = policy.apl; if (permPolicySet_ == nullptr) { permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID, - policy.permList, policy.permStateList); + policy.permStateList); return; } - permPolicySet_->Update(policy.permList, policy.permStateList); + permPolicySet_->Update(policy.permStateList); return; } @@ -148,7 +147,7 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa } int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, - GenericValues& tokenValue, const std::vector& permDefRes, + GenericValues& tokenValue, const std::vector& permStateRes) { tokenInfoBasic_.tokenID = tokenId; @@ -156,8 +155,7 @@ int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, if (ret != RET_SUCCESS) { return RET_FAILED; } - permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, - permDefRes, permStateRes); + permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, permStateRes); return RET_SUCCESS; } @@ -169,7 +167,6 @@ void HapTokenInfoInner::StoreHapBasicInfo(std::vector& valueList) } void HapTokenInfoInner::StoreHapInfo(std::vector& hapInfoValues, - std::vector& permDefValues, std::vector& permStateValues) const { if (isRemote_) { @@ -179,7 +176,7 @@ void HapTokenInfoInner::StoreHapInfo(std::vector& hapInfoValues, } StoreHapBasicInfo(hapInfoValues); if (permPolicySet_ != nullptr) { - permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues); + permPolicySet_->StorePermissionPolicySet(permStateValues); } } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 012433693..ea09e2b57 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -41,9 +41,8 @@ NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native, const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = native; - std::vector permDefList = {}; permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, - permDefList, permStateList); + permStateList); } NativeTokenInfoInner::~NativeTokenInfoInner() @@ -74,9 +73,8 @@ int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, tokenInfoBasic_.dcap = dcap; tokenInfoBasic_.nativeAcls = nativeAcls; - std::vector permDefList = {}; permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, - permDefList, permStateList); + permStateList); return RET_SUCCESS; } @@ -149,7 +147,7 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge std::vector permDefRes = {}; permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, - permDefRes, permStateRes); + permStateRes); return RET_SUCCESS; } @@ -175,8 +173,7 @@ void NativeTokenInfoInner::StoreNativeInfo(std::vector& valueList valueList.emplace_back(genericValues); if (permPolicySet_ != nullptr) { - std::vector permDefValues; - permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues); + permPolicySet_->StorePermissionPolicySet(permStateValues); } } -- Gitee