diff --git a/services/appmgr/include/app_spawn_msg_wrapper.h b/services/appmgr/include/app_spawn_msg_wrapper.h index 7436445d10..bc012384a2 100644 --- a/services/appmgr/include/app_spawn_msg_wrapper.h +++ b/services/appmgr/include/app_spawn_msg_wrapper.h @@ -39,6 +39,10 @@ struct AppSpawnStartMsg { int32_t code = 0; // 0: DEFAULT; 1: GET_RENDER_TERMINATION_STATUS uint32_t flags; int32_t bundleIndex; // when dlp launch another app used, default is 0 + uint8_t setAllowInternet; + uint8_t allowInternet; // hap sockect allowed + uint8_t reserved1; + uint8_t reserved2; }; using AppSpawnMsg = AppSpawn::ClientSocket::AppProperty; diff --git a/services/appmgr/src/app_mgr_service_inner.cpp b/services/appmgr/src/app_mgr_service_inner.cpp index 360bb191c2..0d09009cb1 100644 --- a/services/appmgr/src/app_mgr_service_inner.cpp +++ b/services/appmgr/src/app_mgr_service_inner.cpp @@ -70,6 +70,7 @@ const std::string SO_PATH = "system/lib64/libmapleappkit.z.so"; const std::string RENDER_PARAM = "invalidparam"; const std::string COLD_START = "coldStart"; const std::string DLP_PARAMS_INDEX = "ohos.dlp.params.index"; +const std::string PERMISSION_INTERNET = "ohos.permission.INTERNET"; const std::string DLP_PARAMS_SECURITY_FLAG = "ohos.dlp.params.securityFlag"; const int32_t SIGNAL_KILL = 9; constexpr int32_t USER_SCALE = 200000; @@ -1241,6 +1242,14 @@ void AppMgrServiceInner::StartProcess(const std::string &appName, const std::str HILOG_ERROR("Get target fail."); return; } + uint8_t setAllowInternet = 0; + uint8_t allowInternet = 1; + auto token = (*bundleInfoIter).applicationInfo.accessTokenId; + int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(token, PERMISSION_INTERNET); + if (result != Security::AccessToken::PERMISSION_GRANTED) { + setAllowInternet = 1; + allowInternet = 0; + } startMsg.uid = (*bundleInfoIter).uid; startMsg.gid = (*bundleInfoIter).gid; startMsg.accessTokenId = (*bundleInfoIter).applicationInfo.accessTokenId; @@ -1249,6 +1258,8 @@ void AppMgrServiceInner::StartProcess(const std::string &appName, const std::str startMsg.renderParam = RENDER_PARAM; startMsg.flags = startFlags; startMsg.bundleIndex = bundleIndex; + startMsg.setAllowInternet = setAllowInternet; + startMsg.allowInternet = allowInternet; HILOG_DEBUG("Start process, apl is %{public}s, bundleName is %{public}s, startFlags is %{public}d.", startMsg.apl.c_str(), bundleName.c_str(), startFlags); diff --git a/services/appmgr/src/app_spawn_msg_wrapper.cpp b/services/appmgr/src/app_spawn_msg_wrapper.cpp index 9af676252c..4670274b67 100644 --- a/services/appmgr/src/app_spawn_msg_wrapper.cpp +++ b/services/appmgr/src/app_spawn_msg_wrapper.cpp @@ -48,6 +48,8 @@ bool AppSpawnMsgWrapper::AssembleMsg(const AppSpawnStartMsg &startMsg) msg_->gid = startMsg.gid; msg_->gidCount = startMsg.gids.size(); msg_->bundleIndex = startMsg.bundleIndex; + msg_->setAllowInternet = startMsg.setAllowInternet; + msg_->allowInternet = startMsg.allowInternet; for (uint32_t i = 0; i < msg_->gidCount; ++i) { msg_->gidTable[i] = startMsg.gids[i]; }