From 3703a1f5fb886ea73713bd2bb18666fb89ac65fb Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Mon, 30 May 2022 10:33:01 +0800 Subject: [PATCH 1/6] Signed-off-by: zhangjunxi Changes to be committed: modified: services/time_manager/src/time_service.cpp modified: utils/native/include/time_permission.h modified: utils/native/src/time_permission.cpp --- services/time_manager/src/time_service.cpp | 10 +-- utils/native/include/time_permission.h | 19 +++-- utils/native/src/time_permission.cpp | 85 ++++++++-------------- 3 files changed, 45 insertions(+), 69 deletions(-) diff --git a/services/time_manager/src/time_service.cpp b/services/time_manager/src/time_service.cpp index 44e80c49..1a70a9c1 100644 --- a/services/time_manager/src/time_service.cpp +++ b/services/time_manager/src/time_service.cpp @@ -306,10 +306,9 @@ bool TimeService::DestroyTimer(uint64_t timerId) int32_t TimeService::SetTime(const int64_t time) { - std::int32_t uid = IPCSkeleton::GetCallingUid(); - auto hasPerm = DelayedSingleton::GetInstance()->CheckCallingPermission(uid, setTimePermName_); + auto hasPerm = DelayedSingleton::GetInstance()->CheckCallingPermission(setTimePermName_); if (!hasPerm) { - TIME_HILOGE(TIME_MODULE_SERVICE, "Permission check failed, uid : %{public}d", uid); + TIME_HILOGE(TIME_MODULE_SERVICE, "Permission check setTime failed"); return E_TIME_NO_PERMISSION; } TIME_HILOGI(TIME_MODULE_SERVICE, "Setting time of day to milliseconds: %{public}" PRId64 "", time); @@ -438,10 +437,9 @@ int TimeService::get_wall_clock_rtc_id() int32_t TimeService::SetTimeZone(const std::string timeZoneId) { - std::int32_t uid = IPCSkeleton::GetCallingUid(); - auto hasPerm = DelayedSingleton::GetInstance()->CheckCallingPermission(uid, setTimezonePermName_); + auto hasPerm = DelayedSingleton::GetInstance()->CheckCallingPermission(setTimezonePermName_); if (!hasPerm) { - TIME_HILOGE(TIME_MODULE_SERVICE, "Permission check failed, uid : %{public}d", uid); + TIME_HILOGE(TIME_MODULE_SERVICE, "Permission check setTimezone failed"); return E_TIME_NO_PERMISSION; } diff --git a/utils/native/include/time_permission.h b/utils/native/include/time_permission.h index 5d15d5a4..40d10ae0 100644 --- a/utils/native/include/time_permission.h +++ b/utils/native/include/time_permission.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -28,16 +28,15 @@ namespace OHOS { namespace MiscServices { -class TimePermission : public std::enable_shared_from_this { - DECLARE_DELAYED_SINGLETON(TimePermission) -public: - bool CheckSelfPermission(const std::string permName); - bool CheckCallingPermission(const int32_t uid, const std::string permName); + namespace Permission { + static const std::string SET_TIME = "ohos.permission.SET_TIME"; + static const std::string SET_TIME_ZONE = "ohos.permission.SET_TIME_ZONE"; + } -private: - sptr GetBundleManager(); - bool IsSystemUid(const int32_t &uid) const; - static sptr bundleMgrProxy_; +class TimePermission { +public: + static bool GetBundleNameByUid(int32_t uid, std::string &bundleName); + static bool CheckCallingPermission(const std::string &permissionName); }; } // namespace MiscServices } // namespace OHOS diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index c70ecbf1..15d9ec07 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,69 +19,48 @@ namespace OHOS { namespace MiscServices { -namespace { -constexpr int32_t SYSTEM_UID = 1000; -constexpr int32_t ROOT_UID = 0; -constexpr int32_t MIN_SYSTEM_UID = 2100; -constexpr int32_t MAX_SYSTEM_UID = 2899; -} -sptr TimePermission::bundleMgrProxy_; - -TimePermission::TimePermission() {}; -TimePermission::~TimePermission() {}; - -bool TimePermission::CheckSelfPermission(std::string permName) -{ - return true; -} - -bool TimePermission::CheckCallingPermission(int32_t uid, std::string permName) +bool TimePermission::GetBundleNameByUid(int32_t uid, std::string &bundleName) { - if ((uid == SYSTEM_UID) || (uid == ROOT_UID)) { - TIME_HILOGD(TIME_MODULE_COMMON, "root uid return true"); - return true; - } - if (IsSystemUid(uid)) { - TIME_HILOGD(TIME_MODULE_COMMON, "system uid 2100 ~ 2899"); - return true; - } - auto callingToken = IPCSkeleton::GetCallingTokenID(); + sptr systemAbilityManager = + SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + sptr remoteObject = + systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callingToken); - if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - TIME_HILOGD(TIME_MODULE_COMMON, "native taskId."); - return true; - } - auto result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callingToken, permName); - if (result == Security::AccessToken::TypePermissionState::PERMISSION_DENIED) { + sptr iBundleMgr = iface_cast(remoteObject); + if (iBundleMgr == nullptr) { + TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, cannot get IBundleMgr."); return false; } - return true; + return iBundleMgr->GetBundleNameForUid(uid, bundleName); } -sptr TimePermission::GetBundleManager() +bool TimePermission::CheckCallingPermission(const std::string &permissionName) { - if (bundleMgrProxy_ == nullptr) { - sptr systemManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (systemManager != nullptr) { - bundleMgrProxy_ = - iface_cast(systemManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID)); - } else { - TIME_HILOGE(TIME_MODULE_COMMON, "fail to get SAMGR"); - } + if (permissionName.empty()) { + TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed,permission name is empty."); + return false; } - return bundleMgrProxy_; -} -bool TimePermission::IsSystemUid(const int32_t &uid) const -{ - TIME_HILOGE(TIME_MODULE_COMMON, "enter"); + auto callerToken = IPCSkeleton::GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + int result = Security::AccessToken::PERMISSION_DENIED; - if (uid >= MIN_SYSTEM_UID && uid <= MAX_SYSTEM_UID) { - return true; + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + } else if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { + result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + } else { + TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, callerToken:%{public}u, tokenType:%{public}d", + callerToken, tokenType); } - return false; + if (result != Security::AccessToken::PERMISSION_GRANTED) { + TIME_HILOGE(TIME_MODULE_COMMON, + "permission check failed, permission:%{public}s, callerToken:%{public}u, tokenType:%{public}d", + permissionName.c_str(), callerToken, tokenType); + return false; + } + return true; } } // namespace MiscServices -} // namespace OHOS +} // namespace OHOS \ No newline at end of file -- Gitee From 218944dcc9d6a4e43ae7418487fb461cdae43b51 Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Wed, 1 Jun 2022 12:22:57 +0800 Subject: [PATCH 2/6] Signed-off-by: zhangjunxi Changes to be committed: modified: utils/native/include/time_permission.h modified: utils/native/src/time_permission.cpp --- utils/native/include/time_permission.h | 6 ---- utils/native/src/time_permission.cpp | 40 ++++++-------------------- 2 files changed, 8 insertions(+), 38 deletions(-) diff --git a/utils/native/include/time_permission.h b/utils/native/include/time_permission.h index 40d10ae0..c6bacf1f 100644 --- a/utils/native/include/time_permission.h +++ b/utils/native/include/time_permission.h @@ -28,14 +28,8 @@ namespace OHOS { namespace MiscServices { - namespace Permission { - static const std::string SET_TIME = "ohos.permission.SET_TIME"; - static const std::string SET_TIME_ZONE = "ohos.permission.SET_TIME_ZONE"; - } - class TimePermission { public: - static bool GetBundleNameByUid(int32_t uid, std::string &bundleName); static bool CheckCallingPermission(const std::string &permissionName); }; } // namespace MiscServices diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index 15d9ec07..5b91a83e 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -19,21 +19,6 @@ namespace OHOS { namespace MiscServices { -bool TimePermission::GetBundleNameByUid(int32_t uid, std::string &bundleName) -{ - sptr systemAbilityManager = - SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - sptr remoteObject = - systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); - - sptr iBundleMgr = iface_cast(remoteObject); - if (iBundleMgr == nullptr) { - TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, cannot get IBundleMgr."); - return false; - } - return iBundleMgr->GetBundleNameForUid(uid, bundleName); -} - bool TimePermission::CheckCallingPermission(const std::string &permissionName) { if (permissionName.empty()) { @@ -42,25 +27,16 @@ bool TimePermission::CheckCallingPermission(const std::string &permissionName) } auto callerToken = IPCSkeleton::GetCallingTokenID(); - auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); - int result = Security::AccessToken::PERMISSION_DENIED; - - if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { - result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); - } else if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) { - result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + if (result == PERMISSION_GRANTED) { + TIME_HILOGE(TIME_MODULE_COMMON, "permission check Success."); + return true; } else { - TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, callerToken:%{public}u, tokenType:%{public}d", - callerToken, tokenType); - } - - if (result != Security::AccessToken::PERMISSION_GRANTED) { - TIME_HILOGE(TIME_MODULE_COMMON, - "permission check failed, permission:%{public}s, callerToken:%{public}u, tokenType:%{public}d", - permissionName.c_str(), callerToken, tokenType); + TIME_HILOGE(TIME_MODULE_COMMON, + "permission check failed, permission:%{public}s, callerToken:%{public}u", + permissionName.c_str(), callerToken); return false; - } - return true; + } } } // namespace MiscServices } // namespace OHOS \ No newline at end of file -- Gitee From 2389f6a3a13d1b09c0a4825c7ee8cc8af1bf49f2 Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Wed, 1 Jun 2022 14:09:59 +0800 Subject: [PATCH 3/6] Signed-off-by: zhangjunxi Changes to be committed: modified: time_permission.cpp --- utils/native/src/time_permission.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index 5b91a83e..3d938380 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -32,8 +32,7 @@ bool TimePermission::CheckCallingPermission(const std::string &permissionName) TIME_HILOGE(TIME_MODULE_COMMON, "permission check Success."); return true; } else { - TIME_HILOGE(TIME_MODULE_COMMON, - "permission check failed, permission:%{public}s, callerToken:%{public}u", + TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, permission:%{public}s, callerToken:%{public}u", permissionName.c_str(), callerToken); return false; } -- Gitee From 6ff3283fef035708016d7f3d8f54173e5026d628 Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Wed, 1 Jun 2022 16:30:12 +0800 Subject: [PATCH 4/6] Signed-off-by: zhangjunxi Changes to be committed: modified: utils/native/src/time_permission.cpp --- utils/native/src/time_permission.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index 3d938380..dfcc3f8f 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -27,8 +27,8 @@ bool TimePermission::CheckCallingPermission(const std::string &permissionName) } auto callerToken = IPCSkeleton::GetCallingTokenID(); - int result = AccessTokenKit::VerifyAccessToken(callerToken, permissionName); - if (result == PERMISSION_GRANTED) { + int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + if (result == Security::AccessToken::PERMISSION_GRANTED) { TIME_HILOGE(TIME_MODULE_COMMON, "permission check Success."); return true; } else { -- Gitee From 59a158ac9b8f6554a403fc89c1a8c858b49c2c36 Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Wed, 1 Jun 2022 16:46:22 +0800 Subject: [PATCH 5/6] Signed-off-by: zhangjunxi Changes to be committed: modified: time_permission.cpp --- utils/native/src/time_permission.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index dfcc3f8f..8f1ed26f 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -35,7 +35,7 @@ bool TimePermission::CheckCallingPermission(const std::string &permissionName) TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, permission:%{public}s, callerToken:%{public}u", permissionName.c_str(), callerToken); return false; - } + } } } // namespace MiscServices } // namespace OHOS \ No newline at end of file -- Gitee From 655256f4d1599913329714ebe2adec7160cc9f07 Mon Sep 17 00:00:00 2001 From: zhangjunxi Date: Thu, 2 Jun 2022 08:58:34 +0800 Subject: [PATCH 6/6] Signed-off-by: zhangjunxi Changes to be committed: modified: utils/native/src/time_permission.cpp --- utils/native/src/time_permission.cpp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/utils/native/src/time_permission.cpp b/utils/native/src/time_permission.cpp index 8f1ed26f..c2db4ff9 100644 --- a/utils/native/src/time_permission.cpp +++ b/utils/native/src/time_permission.cpp @@ -28,14 +28,11 @@ bool TimePermission::CheckCallingPermission(const std::string &permissionName) auto callerToken = IPCSkeleton::GetCallingTokenID(); int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); - if (result == Security::AccessToken::PERMISSION_GRANTED) { - TIME_HILOGE(TIME_MODULE_COMMON, "permission check Success."); - return true; - } else { + if (result != Security::AccessToken::PERMISSION_GRANTED) { TIME_HILOGE(TIME_MODULE_COMMON, "permission check failed, permission:%{public}s, callerToken:%{public}u", permissionName.c_str(), callerToken); - return false; } + return result == Security::AccessToken::PERMISSION_GRANTED; } } // namespace MiscServices } // namespace OHOS \ No newline at end of file -- Gitee