IssueNo:#I5N0FN

Description:Add permission check to updateConfiguration().
Sig:SIG_ApplicationFramework
Feature or BugFix: Feature
Binary Source: No

Signed-off-by: zhangyafei.echo <zhangyafei12@huawei.com>
Change-Id: I1bcd79483af8300bd8f461ba963d689b7bf5633a

services/appmgr/src/app_mgr_service_inner.cpp

@@ -2118,6 +2118,11 @@ int32_t AppMgrServiceInner::UpdateConfiguration(const Configuration &config)
         return ERR_INVALID_VALUE;
     }
 
+    auto ret = AAFwk::PermissionVerification::GetInstance()->VerifyUpdateConfigurationPerm();
+    if (ret != ERR_OK) {
+        return ret;
+    }
+
     std::vector<std::string> changeKeyV;
     configuration_->CompareDifferent(changeKeyV, config);
     uint32_t size = changeKeyV.size();

services/common/include/permission_verification.h

@@ -41,9 +41,11 @@ public:
     int VerifyAccountPermission();
 
     bool VerifyMissionPermission();
-    
+
     int VerifyAppStateObserverPermission();
 
+    int32_t VerifyUpdateConfigurationPerm();
+
 private:
     DISALLOW_COPY_AND_MOVE(PermissionVerification);
     unsigned int GetCallingTokenID();

services/common/src/permission_verification.cpp

@@ -152,6 +152,17 @@ int PermissionVerification::VerifyAppStateObserverPermission()
     return ERR_PERMISSION_DENIED;
 }
 
+int32_t PermissionVerification::VerifyUpdateConfigurationPerm()
+{
+    if (IsSACall() || VerifyCallingPermission(PermissionConstants::PERMISSION_UPDATE_CONFIGURATION)) {
+        HILOG_INFO("Verify permission %{public}s succeed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
+        return ERR_OK;
+    }
+
+    HILOG_ERROR("Verify permission %{public}s failed.", PermissionConstants::PERMISSION_UPDATE_CONFIGURATION);
+    return ERR_PERMISSION_DENIED;
+}
+
 unsigned int PermissionVerification::GetCallingTokenID()
 {
     auto callerToken = IPCSkeleton::GetCallingTokenID();