From 31ed3b9f31b029b0ae4dec48a9f95b6356f924c0 Mon Sep 17 00:00:00 2001
From: wuliushuan <wuliushuan.30044128@huawei.com>
Date: Tue, 4 Mar 2025 11:40:55 +0800
Subject: [PATCH] =?UTF-8?q?GetReqPermissionsInner=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E7=AE=A1=E6=8E=A7250304?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wuliushuan <wuliushuan.30044128@huawei.com>
Change-Id: I87d7bc94152fcab887026d7337bfde4db4927104
---
 .../cpp/src/service/accesstoken_manager_stub.cpp     | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
index f11c5c81c..3b6f5e6d0 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
@@ -165,6 +165,18 @@ void AccessTokenManagerStub::GetDefPermissionsInner(MessageParcel& data, Message
 
 void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply)
 {
+    unsigned int callingTokenID = IPCSkeleton::GetCallingTokenID();
+    if ((this->GetTokenType(callingTokenID) == TOKEN_HAP) && (!IsSystemAppCalling())) {
+        reply.WriteInt32(AccessTokenError::ERR_NOT_SYSTEM_APP);
+        return;
+    }
+    if (!IsPrivilegedCalling() &&
+        VerifyAccessToken(callingTokenID, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenID);
+        reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED);
+        return;
+    }
+
     AccessTokenID tokenID = data.ReadUint32();
     int isSystemGrant = data.ReadInt32();
     std::vector<PermissionStateFullParcel> permList;
-- 
Gitee