openharmony/ability_ability_runtime
1
0
Fork 0
mirror of https://gitee.com/openharmony/ability_ability_runtime synced 2024-11-23 07:10:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!11345 支持分身应用URI授权 (挑单5.0.0release)

Browse Source 
Merge pull request !11345 from 段嗣钊/cherry-pick-1729836455
This commit is contained in:
openharmony_ci 2024-10-28 15:24:49 +00:00 committed by Gitee
commit b526e1c653
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 52 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
services/uripermmgr/include/uri_permission_utils.h
View File

@ -32,9 +32,10 @@ public:
static bool IsSAOrSystemAppCall();
static bool IsSystemAppCall(uint32_t tokenId);
static bool CheckIsSystemAppByTokenId(uint32_t tokenId);
static int32_t GetAppIdByBundleName(const std::string &bundleName, std::string &appId);
static bool GetDirByBundleNameAndAppIndex(const std::string &bundleName, int32_t appIndex, std::string &dirName);
static bool GetBundleNameByTokenId(uint32_t tokenId, std::string &bundleName);
static std::string GetCallerNameByTokenId(uint32_t callerTokenId);
static bool GetAlterableBundleNameByTokenId(uint32_t tokenId, std::string &bundleName);
static int32_t GetAppIdByBundleName(const std::string &bundleName, std::string &appId);
static int32_t GetTokenIdByBundleName(const std::string &bundleName, int32_t appIndex, uint32_t &tokenId);
static bool IsDocsCloudUri(Uri &uri);

31
services/uripermmgr/src/uri_permission_manager_stub_impl.cpp
View File

@ -166,10 +166,6 @@ int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivileged(const std::ve
targetBundleName.c_str(), appIndex, uriVec.size());
uint32_t callerTokenId = IPCSkeleton::GetCallingTokenID();
auto callerName = UPMSUtils::GetCallerNameByTokenId(callerTokenId);
TAG_LOGD(AAFwkTag::URIPERMMGR, "callerTokenId: %{public}u, callerName is %{public}s",
callerTokenId, callerName.c_str());
auto permissionName = PermissionConstants::PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED;
if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(callerTokenId, permissionName)) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
@ -216,7 +212,6 @@ int UriPermissionManagerStubImpl::GrantUriPermissionInner(const std::vector<Uri>
if (UPMSUtils::IsFoundationCall()) {
recordId = abilityId;
appTokenId = initiatorTokenId;
auto callerName = UPMSUtils::GetCallerNameByTokenId(appTokenId);
}
if (uriVec.size() == 1) {
return GrantSingleUriPermission(uriVec[0], flag, appTokenId, targetTokenId, recordId);
@ -543,15 +538,15 @@ int UriPermissionManagerStubImpl::RevokeAllUriPermissions(uint32_t tokenId)
TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to revoke all uri permission.");
return CHECK_PERMISSION_FAILED;
}
std::string callerAuthority = "";
UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAuthority);
std::map<uint32_t, std::vector<std::string>> uriLists;
{
std::lock_guard<std::mutex> guard(mutex_);
for (auto iter = uriMap_.begin(); iter != uriMap_.end();) {
uint32_t authorityTokenId = 0;
auto authority = Uri(iter->first).GetAuthority();
auto uriAuthority = Uri(iter->first).GetAuthority();
// uri belong to target tokenId.
auto ret = UPMSUtils::GetTokenIdByBundleName(authority, 0, authorityTokenId);
if (ret == ERR_OK && authorityTokenId == tokenId) {
if (callerAuthority == uriAuthority) {
for (const auto &record : iter->second) {
uriLists[record.targetTokenId].emplace_back(iter->first);
}
@ -606,11 +601,12 @@ int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, co
auto uriStr = uri.ToString();
auto uriInner = uri;
uint32_t authorityTokenId = 0;
UPMSUtils::GetTokenIdByBundleName(uriInner.GetAuthority(), 0, authorityTokenId);
auto uriAuthority = uriInner.GetAuthority();
// uri belong to caller or caller is target.
auto callerTokenId = IPCSkeleton::GetCallingTokenID();
bool isRevokeSelfUri = (callerTokenId == targetTokenId || callerTokenId == authorityTokenId);
std::string callerAuthority = "";
UPMSUtils::GetAlterableBundleNameByTokenId(callerTokenId, callerAuthority);
bool isRevokeSelfUri = (callerTokenId == targetTokenId || callerAuthority == uriAuthority);
std::vector<std::string> uriList;
{
std::lock_guard<std::mutex> guard(mutex_);
@ -652,9 +648,8 @@ int32_t UriPermissionManagerStubImpl::DeleteShareFile(uint32_t targetTokenId, co
std::vector<bool> UriPermissionManagerStubImpl::CheckUriAuthorization(const std::vector<std::string> &uriStrVec,
uint32_t flag, uint32_t tokenId)
{
TAG_LOGI(AAFwkTag::URIPERMMGR,
"tokenId is %{public}u, tokenName is %{public}s, flag is %{public}u, size of uris is %{public}zu",
tokenId, UPMSUtils::GetCallerNameByTokenId(tokenId).c_str(), flag, uriStrVec.size());
TAG_LOGI(AAFwkTag::URIPERMMGR, "tokenId:%{public}u, flag:%{public}u, size of uris:%{public}zu",
tokenId, flag, uriStrVec.size());
if (!UPMSUtils::IsSAOrSystemAppCall()) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA or SystemApp");
std::vector<bool> result(uriStrVec.size(), false);
@ -813,8 +808,8 @@ std::vector<bool> UriPermissionManagerStubImpl::CheckUriPermission(TokenIdPermis
std::vector<Uri> mediaUris;
std::vector<int32_t> mediaUriIndexs;
bool isFoundationCall = UPMSUtils::IsFoundationCall();
std::string callerBundleName;
UPMSUtils::GetBundleNameByTokenId(tokenId, callerBundleName);
std::string callerAlterableBundleName;
UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAlterableBundleName);
for (size_t i = 0; i < uriVec.size(); i++) {
auto uri = uriVec[i];
auto &&scheme = uri.GetScheme();
@ -838,7 +833,7 @@ std::vector<bool> UriPermissionManagerStubImpl::CheckUriPermission(TokenIdPermis
mediaUriIndexs.emplace_back(i);
continue;
}
result[i] = (authority == callerBundleName);
result[i] = (authority == callerAlterableBundleName);
}
if (!mediaUris.empty()) {
auto mediaUriResult = MediaPermissionManager::GetInstance().CheckUriPermission(mediaUris, tokenId, flag);

57
services/uripermmgr/src/uri_permission_utils.cpp
View File

@ -17,6 +17,7 @@
#include "ability_manager_errors.h"
#include "accesstoken_kit.h"
#include "bundle_mgr_client.h"
#include "global_constant.h"
#include "hilog_tag_wrapper.h"
#include "in_process_call_wrapper.h"
@ -179,6 +180,36 @@ bool UPMSUtils::CheckIsSystemAppByTokenId(uint32_t tokenId)
return false;
}
bool UPMSUtils::GetDirByBundleNameAndAppIndex(const std::string &bundleName, int32_t appIndex, std::string &dirName)
{
auto bmsClient = DelayedSingleton<AppExecFwk::BundleMgrClient>::GetInstance();
if (bmsClient == nullptr) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "bundleMgrClient is nullptr.");
return false;
}
auto bmsRet = bmsClient->GetDirByBundleNameAndAppIndex(bundleName, appIndex, dirName);
if (bmsRet != ERR_OK) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "GetDirByBundleNameAndAppIndex failed, ret:%{public}d", bmsRet);
return false;
}
return true;
}
bool UPMSUtils::GetAlterableBundleNameByTokenId(uint32_t tokenId, std::string &bundleName)
{
auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
Security::AccessToken::HapTokenInfo hapInfo;
auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo);
if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret is %{public}d.", ret);
return false;
}
return GetDirByBundleNameAndAppIndex(hapInfo.bundleName, hapInfo.instIndex, bundleName);
}
return false;
}
bool UPMSUtils::GetBundleNameByTokenId(uint32_t tokenId, std::string &bundleName)
{
auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
@ -212,32 +243,6 @@ int32_t UPMSUtils::GetAppIdByBundleName(const std::string &bundleName, std::stri
return ERR_OK;
}
std::string UPMSUtils::GetCallerNameByTokenId(uint32_t tokenId)
{
auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
// for SA, return process name
Security::AccessToken::NativeTokenInfo nativeInfo;
auto result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(tokenId, nativeInfo);
if (result != ERR_OK) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "GetNativeTokenInfo failed, tokenId is %{public}u.", tokenId);
return "";
}
return nativeInfo.processName;
}
if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
// for application, return bundle name
Security::AccessToken::HapTokenInfo hapInfo;
auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo);
if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret is %{public}d.", ret);
return "";
}
return hapInfo.bundleName;
}
return "";
}
int32_t UPMSUtils::GetTokenIdByBundleName(const std::string &bundleName, int32_t appIndex, uint32_t &tokenId)
{
TAG_LOGD(AAFwkTag::URIPERMMGR, "BundleName is %{public}s, appIndex is %{public}d.", bundleName.c_str(), appIndex);

6
test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp
View File

@ -295,11 +295,15 @@ HWTEST_F(UriPermissionImplTest, Upms_RevokeUriPermissionManually_001, TestSize.L
std::string targetBundleName = "com.example.testB1002";
GrantInfo info = { flagRead, fromTokenId, targetTokenId };
std::list<GrantInfo> infoList = { info };
auto uriStr = "file://com.example.testA/data/storage/el2/base/haps/entry/files/test_A.txt";
auto uriStr = "file://com.example.app1001/data/storage/el2/base/haps/entry/files/test_A.txt";
auto uri = Uri(uriStr);
upms->uriMap_.emplace(uriStr, infoList);
IPCSkeleton::callerTokenId = fromTokenId;
MyFlag::tokenInfos[1001] = TokenInfo(1001, MyATokenTypeEnum::TOKEN_HAP, "", "com.example.app1001");
upms->RevokeUriPermissionManually(uri, targetBundleName, appIndex);
auto ret = upms->VerifyUriPermission(uri, flagRead, targetTokenId);
IPCSkeleton::callerTokenId = 0;
MyFlag::tokenInfos.clear();
ASSERT_EQ(ret, false);
}