diff --git a/services/samgr/native/BUILD.gn b/services/samgr/native/BUILD.gn index 072bd35bbebc26a355fa0cea405c48be9f37b2d4..7352e870c6f197b7bc368bfcb40fb660212c6266 100644 --- a/services/samgr/native/BUILD.gn +++ b/services/samgr/native/BUILD.gn @@ -82,7 +82,6 @@ ohos_executable("samgr") { } if (is_standard_system) { external_deps = [ - "access_token:libaccesstoken_sdk", "c_utils:utils", "ffrt:libffrt", "hilog:libhilog", @@ -110,6 +109,11 @@ ohos_executable("samgr") { defines += [ "RESSCHED_ENABLE" ] } + if (samgr_feature_access_token_enable) { + external_deps += [ "access_token:libaccesstoken_sdk" ] + defines += [ "ACCESS_TOKEN_ENABLE" ] + } + if (support_device_manager) { sources += [ "//foundation/systemabilitymgr/samgr/services/samgr/native/source/collect/device_networking_collect.cpp" ] external_deps += [ "device_manager:devicemanagersdk" ] diff --git a/services/samgr/native/source/system_ability_manager.cpp b/services/samgr/native/source/system_ability_manager.cpp index c962eb5a17cd14e510b0b3dacd670748289f41e5..9b407aebe691c2931251182e58a225b5a08ac249 100644 --- a/services/samgr/native/source/system_ability_manager.cpp +++ b/services/samgr/native/source/system_ability_manager.cpp @@ -20,7 +20,6 @@ #include #include "ability_death_recipient.h" -#include "accesstoken_kit.h" #include "datetime_ex.h" #include "directory_ex.h" #include "errors.h" @@ -40,6 +39,9 @@ #include "system_ability_manager_dumper.h" #include "tools.h" +#ifdef ACCESS_TOKEN_ENABLE +#include "accesstoken_kit.h" +#endif #ifdef SUPPORT_DEVICE_MANAGER #include "device_manager.h" using namespace OHOS::DistributedHardware; @@ -272,6 +274,7 @@ bool SystemAbilityManager::CheckCallerProcess(SaProfile& saProfile) bool SystemAbilityManager::CheckCallerProcess(const std::string& callProcess) { +#ifdef ACCESS_TOKEN_ENABLE uint32_t accessToken = IPCSkeleton::GetCallingTokenID(); Security::AccessToken::NativeTokenInfo nativeTokenInfo; int32_t tokenInfoResult = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(accessToken, nativeTokenInfo); @@ -284,6 +287,7 @@ bool SystemAbilityManager::CheckCallerProcess(const std::string& callProcess) HILOGE("cannot operate by process: %{public}s", nativeTokenInfo.processName.c_str()); return false; } +#endif // if not support access_token, not check access_token return true; } @@ -1997,6 +2001,7 @@ int32_t SystemAbilityManager::SendStrategy(int32_t type, std::vector& s int32_t level, std::string& action) { HILOGD("SendStrategy begin"); +#ifdef ACCESS_TOKEN_ENABLE uint32_t accessToken = IPCSkeleton::GetCallingTokenID(); Security::AccessToken::NativeTokenInfo nativeTokenInfo; int32_t result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(accessToken, nativeTokenInfo); @@ -2004,6 +2009,7 @@ int32_t SystemAbilityManager::SendStrategy(int32_t type, std::vector& s HILOGW("SendStrategy reject used by %{public}s", nativeTokenInfo.processName.c_str()); return ERR_PERMISSION_DENIED; } +#endif // if not support access_token, not check access_token for (auto saId : systemAbilityIds) { SaProfile saProfile; diff --git a/services/samgr/native/source/system_ability_manager_dumper.cpp b/services/samgr/native/source/system_ability_manager_dumper.cpp index 46fa6939a7d07adb9b4723c1c55d8c901adf6e96..6da44ee626bb93b4677e56f16911426be90d7da0 100644 --- a/services/samgr/native/source/system_ability_manager_dumper.cpp +++ b/services/samgr/native/source/system_ability_manager_dumper.cpp @@ -15,10 +15,13 @@ #include "system_ability_manager_dumper.h" -#include "accesstoken_kit.h" #include "ipc_skeleton.h" #include "system_ability_manager.h" +#ifdef ACCESS_TOKEN_ENABLE +#include "accesstoken_kit.h" +#endif + namespace OHOS { namespace { const std::string HIDUMPER_PROCESS_NAME = "hidumper_service"; @@ -74,6 +77,7 @@ bool SystemAbilityManagerDumper::Dump(std::shared_ptr #include -#include "accesstoken_kit.h" #include "datetime_ex.h" #include "errors.h" #include "hitrace_meter.h" @@ -31,6 +30,9 @@ #include "system_ability_on_demand_event.h" #include "tools.h" +#ifdef ACCESS_TOKEN_ENABLE +#include "accesstoken_kit.h" +#endif #ifdef WITH_SELINUX #include "service_checker.h" #endif @@ -99,7 +101,9 @@ namespace { } } +#ifdef ACCESS_TOKEN_ENABLE using namespace OHOS::Security; +#endif namespace OHOS { SystemAbilityManagerStub::SystemAbilityManagerStub() { @@ -982,10 +986,14 @@ int32_t SystemAbilityManagerStub::GetOnDemandSystemAbilityIdsInner(MessageParcel bool SystemAbilityManagerStub::CanRequest() { +#ifdef ACCESS_TOKEN_ENABLE auto accessTokenId = IPCSkeleton::GetCallingTokenID(); AccessToken::ATokenTypeEnum tokenType = AccessToken::AccessTokenKit::GetTokenTypeFlag(accessTokenId); HILOGD("SystemAbilityManagerStub::CanRequest tokenId:%{private}u, tokenType:%{public}d", accessTokenId, tokenType); return (tokenType == AccessToken::ATokenTypeEnum::TOKEN_NATIVE); +#else + return true; // if not support access_token, not check access_token +#endif } } // namespace OHOS diff --git a/services/samgr/var.gni b/services/samgr/var.gni index 9a976c9d12ccb28164feb58f9370b0512c238ff4..2700b4d93b05213e2df4dc20203bcdd47fb627d1 100644 --- a/services/samgr/var.gni +++ b/services/samgr/var.gni @@ -15,6 +15,7 @@ declare_args() { hicollie_able = true preferences_enable = true ressched_able = true + samgr_feature_access_token_enable = true support_device_manager = false support_common_event = false if (!defined(global_parts_info) || @@ -29,6 +30,10 @@ declare_args() { !defined(global_parts_info.resourceschedule_resource_schedule_service)) { ressched_able = false } + if (defined(global_parts_info) && + !defined(global_parts_info.security_access_token)) { + samgr_feature_access_token_enable = false + } if (defined(global_parts_info) && defined(global_parts_info.distributedhardware_device_manager)) { support_device_manager = true