增加socket权限管控

Merge pull request  from maosiping/master
This commit is contained in:
openharmony_ci 2022-07-27 13:07:35 +00:00 committed by Gitee
commit 8e60454f4e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 17 additions and 0 deletions

View File

@ -39,6 +39,10 @@ struct AppSpawnStartMsg {
int32_t code = 0; // 0: DEFAULT; 1: GET_RENDER_TERMINATION_STATUS
uint32_t flags;
int32_t bundleIndex; // when dlp launch another app used, default is 0
uint8_t setAllowInternet;
uint8_t allowInternet; // hap sockect allowed
uint8_t reserved1;
uint8_t reserved2;
};
using AppSpawnMsg = AppSpawn::ClientSocket::AppProperty;

View File

@ -70,6 +70,7 @@ const std::string SO_PATH = "system/lib64/libmapleappkit.z.so";
const std::string RENDER_PARAM = "invalidparam";
const std::string COLD_START = "coldStart";
const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index";
const std::string PERMISSION_INTERNET = "ohos.permission.INTERNET";
const std::string DLP_PARAMS_SECURITY_FLAG = "ohos.dlp.params.securityFlag";
const int32_t SIGNAL_KILL = 9;
constexpr int32_t USER_SCALE = 200000;
@ -1241,6 +1242,14 @@ void AppMgrServiceInner::StartProcess(const std::string &appName, const std::str
HILOG_ERROR("Get target fail.");
return;
}
uint8_t setAllowInternet = 0;
uint8_t allowInternet = 1;
auto token = (*bundleInfoIter).applicationInfo.accessTokenId;
int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(token, PERMISSION_INTERNET);
if (result != Security::AccessToken::PERMISSION_GRANTED) {
setAllowInternet = 1;
allowInternet = 0;
}
startMsg.uid = (*bundleInfoIter).uid;
startMsg.gid = (*bundleInfoIter).gid;
startMsg.accessTokenId = (*bundleInfoIter).applicationInfo.accessTokenId;
@ -1249,6 +1258,8 @@ void AppMgrServiceInner::StartProcess(const std::string &appName, const std::str
startMsg.renderParam = RENDER_PARAM;
startMsg.flags = startFlags;
startMsg.bundleIndex = bundleIndex;
startMsg.setAllowInternet = setAllowInternet;
startMsg.allowInternet = allowInternet;
HILOG_DEBUG("Start process, apl is %{public}s, bundleName is %{public}s, startFlags is %{public}d.",
startMsg.apl.c_str(), bundleName.c_str(), startFlags);

View File

@ -48,6 +48,8 @@ bool AppSpawnMsgWrapper::AssembleMsg(const AppSpawnStartMsg &startMsg)
msg_->gid = startMsg.gid;
msg_->gidCount = startMsg.gids.size();
msg_->bundleIndex = startMsg.bundleIndex;
msg_->setAllowInternet = startMsg.setAllowInternet;
msg_->allowInternet = startMsg.allowInternet;
for (uint32_t i = 0; i < msg_->gidCount; ++i) {
msg_->gidTable[i] = startMsg.gids[i];
}