openharmony/ability_ability_runtime
1
0
Fork 0
mirror of https://gitee.com/openharmony/ability_ability_runtime synced 2024-10-07 08:23:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

修改权限管控方式

Browse Source 
Signed-off-by: 段嗣钊 <duansizhao@huawei.com>
Change-Id: If4dea1b9c7500c79fc4ba3351e25358733540bc1
This commit is contained in:
段嗣钊 2024-04-30 14:18:16 +08:00
parent 2ed01d2bc8
commit 7af4710fbb
3 changed files with 3 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/common/include/permission_constants.h
View File

@ -42,7 +42,7 @@ constexpr const char* PERMISSION_WRITE_IMAGEVIDEO = "ohos.permission.WRITE_IMAGE
constexpr const char* PERMISSION_READ_IMAGEVIDEO = "ohos.permission.READ_IMAGEVIDEO";
constexpr const char* PERMISSION_WRITE_AUDIO = "ohos.permission.WRITE_AUDIO";
constexpr const char* PERMISSION_READ_AUDIO = "ohos.permission.READ_AUDIO";
constexpr const char* PERMISSION_GRANT_URI_PERMISSION = "ohos.permission.GRANT_URI_PERMISSION_PRIVILEGED";
constexpr const char* PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED = "ohos.permission.GRANT_URI_PERMISSION_PRIVILEGED";
constexpr const char* PERMISSION_EXEMPT_AS_CALLER = "ohos.permission.EXEMPT_AS_CALLER";
constexpr const char* PERMISSION_EXEMPT_AS_TARGET = "ohos.permission.EXEMPT_AS_TARGET";
constexpr const char* PERMISSION_PREPARE_TERMINATE = "ohos.permission.PREPARE_APP_TERMINATE";

2
services/uripermmgr/include/uri_permission_manager_stub_impl.h
View File

@ -126,8 +126,6 @@ private:
int32_t CheckProxyUriPermission(TokenIdPermission &tokenIdPermission, const Uri &uri, uint32_t flag);
bool VerifyPermissionByTokenId(uint32_t tokenId, const std::string &permissionName);
bool AccessMediaUriPermission(TokenIdPermission &tokenIdPermission, const Uri &uri, uint32_t flag);
bool AccessDocsUriPermission(TokenIdPermission &tokenIdPermission, const Uri &uri, uint32_t flag);

25
services/uripermmgr/src/uri_permission_manager_stub_impl.cpp
View File

@ -47,9 +47,6 @@ constexpr int32_t ERR_OK = 0;
constexpr uint32_t FLAG_READ_WRITE_URI = Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION;
constexpr const char* CLOUND_DOCS_URI_MARK = "?networkid=";
constexpr const char* FOUNDATION_PROCESS_NAME = "foundation";
constexpr const char* UDMF_PROCESS_NAME = "distributeddata";
constexpr const char* PASTE_BOARD_SERVICE = "pasterboard_service";
constexpr const char* BROKER = "broker";
}
bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, uint32_t flag, uint32_t tokenId)
@ -135,7 +132,8 @@ int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivileged(const std::ve
auto callerName = GetTokenName(callerTokenId);
TAG_LOGD(AAFwkTag::URIPERMMGR, "callerTokenId is %{public}u, callerName is %{public}s",
callerTokenId, callerName.c_str());
if (!VerifyPermissionByTokenId(callerTokenId, PermissionConstants::PERMISSION_GRANT_URI_PERMISSION)) {
auto permissionName = PermissionConstants::PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED;
if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(callerTokenId, permissionName)) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call.");
return CHECK_PERMISSION_FAILED;
}
@ -946,25 +944,6 @@ bool UriPermissionManagerStubImpl::CheckUriPermission(Uri uri, uint32_t flag, To
return CheckProxyUriPermission(tokenIdPermission, uri, flag);
}
bool UriPermissionManagerStubImpl::VerifyPermissionByTokenId(uint32_t tokenId, const std::string &permissionName)
{
// temporary method.
if (permissionName == PermissionConstants::PERMISSION_GRANT_URI_PERMISSION) {
Security::AccessToken::NativeTokenInfo nativeInfo;
auto result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(tokenId, nativeInfo);
if (result != ERR_OK) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "GetNativeTokenInfo failed, tokenId is %{public}u.", tokenId);
return false;
}
auto callerName = nativeInfo.processName;
TAG_LOGI(AAFwkTag::URIPERMMGR, "Caller process name : %{public}s", callerName.c_str());
// waiting accessToken permission request.
return callerName == BROKER || callerName == PASTE_BOARD_SERVICE || callerName == UDMF_PROCESS_NAME ||
callerName == FOUNDATION_PROCESS_NAME;
}
return PermissionVerification::GetInstance()->VerifyPermissionByTokenId(tokenId, permissionName);
}
bool UriPermissionManagerStubImpl::AccessMediaUriPermission(TokenIdPermission &tokenIdPermission,
const Uri &uri, uint32_t flag)
{