!10812 work schedule 增加权限管控

Merge pull request !10812 from gaojiaqi/master

services/abilitymgr/include/ability_manager_service.h

@@ -2315,6 +2315,8 @@ private:
      */
     void ShowDeveloperModeDialog(const std::string &bundleName, const std::string &abilityName);
 
+    bool CheckWorkSchedulerPermission(const sptr<IRemoteObject> &callerToken, const uint32_t uid);
+
     constexpr static int REPOLL_TIME_MICRO_SECONDS = 1000000;
 
     std::shared_ptr<TaskHandlerWrap> taskHandler_;

services/abilitymgr/include/background_task_observer.h

@@ -30,21 +30,37 @@ public:
     BackgroundTaskObserver();
     virtual ~BackgroundTaskObserver();
     bool IsBackgroundTaskUid(const int uid);
+    bool IsEfficiencyResourcesTaskUid(const int uid);
 
     void GetContinuousTaskApps();
+    void GetEfficiencyResourcesTaskApps();
 
 private:
     void OnContinuousTaskStart(const std::shared_ptr<BackgroundTaskMgr::ContinuousTaskCallbackInfo>
-        &continuousTaskCallbackInfo);
+        &continuousTaskCallbackInfo) override;
 
     void OnContinuousTaskStop(const std::shared_ptr<BackgroundTaskMgr::ContinuousTaskCallbackInfo>
-        &continuousTaskCallbackInfo);
+        &continuousTaskCallbackInfo) override;
+
+    void OnAppEfficiencyResourcesApply(
+        const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo) override;
+
+    void OnAppEfficiencyResourcesReset(
+        const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo) override;
+
+    void OnProcEfficiencyResourcesApply(
+        const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo) override;
+
+    void OnProcEfficiencyResourcesReset(
+        const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo) override;
 
     sptr<AppExecFwk::IAppMgr> GetAppManager();
 
 private:
     std::list<int> bgTaskUids_;
     std::mutex bgTaskMutex_;
+    std::list<int> efficiencyUids_;
+    std::mutex efficiencyMutex_;
     sptr<OHOS::AppExecFwk::IAppMgr> appManager_ = nullptr;
 };
 }  // namespace AAFwk

services/abilitymgr/src/ability_manager_service.cpp

@@ -2511,6 +2511,7 @@ void AbilityManagerService::SubscribeBackgroundTask()
         return;
     }
     bgtaskObserver_->GetContinuousTaskApps();
+    bgtaskObserver_->GetEfficiencyResourcesTaskApps();
     TAG_LOGI(AAFwkTag::ABILITYMGR, "%{public}s success", __func__);
 #endif
 }
@@ -2775,6 +2776,26 @@ int AbilityManagerService::ChangeUIAbilityVisibilityBySCB(sptr<SessionInfo> sess
     return uiAbilityManager->ChangeUIAbilityVisibilityBySCB(sessionInfo, isShow);
 }
 
+bool AbilityManagerService::CheckWorkSchedulerPermission(const sptr<IRemoteObject> &callerToken, const uint32_t uid)
+{
+#ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
+    auto abilityRecord = Token::GetAbilityRecordByToken(callerToken);
+    std::unique_lock<ffrt::mutex> lock(bgtaskObserverMutex_);
+    if (bgtaskObserver_ && abilityRecord) {
+        auto callerAbilityInfo = abilityRecord->GetAbilityInfo();
+        if (callerAbilityInfo.extensionAbilityType != AppExecFwk::ExtensionAbilityType::WORK_SCHEDULER) {
+            return true;
+        }
+
+        if (!bgtaskObserver_->IsEfficiencyResourcesTaskUid(uid)) {
+            TAG_LOGE(AAFwkTag::ABILITYMGR, "no permission to start extension by WorkScheduler");
+            return false;
+        }
+    }
+#endif
+    return true;
+}
+
 int32_t AbilityManagerService::StartExtensionAbilityInner(const Want &want, const sptr<IRemoteObject> &callerToken,
     int32_t userId, AppExecFwk::ExtensionAbilityType extensionType, bool checkSystemCaller, bool isImplicit,
     bool isDlp, bool isStartAsCaller)
@@ -2858,6 +2879,9 @@ int32_t AbilityManagerService::StartExtensionAbilityInner(const Want &want, cons
         return result;
     }
 
+    if (!CheckWorkSchedulerPermission(callerToken, abilityRequest.abilityInfo.applicationInfo.uid)) {
+        return CHECK_PERMISSION_FAILED;
+    }
     auto abilityInfo = abilityRequest.abilityInfo;
     validUserId = abilityInfo.applicationInfo.singleton ? U0_USER_ID : validUserId;
     TAG_LOGD(AAFwkTag::ABILITYMGR, "userId is : %{public}d, singleton is : %{public}d",

services/abilitymgr/src/background_task_observer.cpp

@@ -18,6 +18,7 @@
 #include "hilog_tag_wrapper.h"
 #include "sa_mgr_client.h"
 #include "system_ability_definition.h"
+#include "resource_type.h"
 
 namespace OHOS {
 namespace AAFwk {
@@ -56,6 +57,42 @@ void BackgroundTaskObserver::OnContinuousTaskStop(const std::shared_ptr<Backgrou
     }
 }
 
+void BackgroundTaskObserver::OnProcEfficiencyResourcesApply(
+    const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo)
+{
+    if (!resourceInfo || (resourceInfo->GetResourceNumber() & BackgroundTaskMgr::ResourceType::WORK_SCHEDULER) == 0) {
+        return;
+    }
+    std::lock_guard<std::mutex> lock(efficiencyMutex_);
+    efficiencyUids_.push_back(resourceInfo->GetUid());
+}
+
+void BackgroundTaskObserver::OnProcEfficiencyResourcesReset(
+    const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo)
+{
+    if (!resourceInfo || (resourceInfo->GetResourceNumber() & BackgroundTaskMgr::ResourceType::WORK_SCHEDULER) == 0) {
+        return;
+    }
+    std::lock_guard<std::mutex> lock(efficiencyMutex_);
+    int32_t uid = resourceInfo->GetUid();
+    auto iter = std::find(efficiencyUids_.begin(), efficiencyUids_.end(), uid);
+    if (iter != efficiencyUids_.end()) {
+        efficiencyUids_.erase(iter);
+    }
+}
+
+void BackgroundTaskObserver::OnAppEfficiencyResourcesApply(
+    const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo)
+{
+    OnProcEfficiencyResourcesApply(resourceInfo);
+}
+
+void BackgroundTaskObserver::OnAppEfficiencyResourcesReset(
+    const std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo> &resourceInfo)
+{
+    OnProcEfficiencyResourcesReset(resourceInfo);
+}
+
 void BackgroundTaskObserver::GetContinuousTaskApps()
 {
     std::vector<std::shared_ptr<BackgroundTaskMgr::ContinuousTaskCallbackInfo>> continuousTasks;
@@ -71,6 +108,35 @@ void BackgroundTaskObserver::GetContinuousTaskApps()
     }
 }
 
+void BackgroundTaskObserver::GetEfficiencyResourcesTaskApps()
+{
+    std::vector<std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo>> appList;
+    std::vector<std::shared_ptr<BackgroundTaskMgr::ResourceCallbackInfo>> procList;
+    ErrCode result = BackgroundTaskMgr::BackgroundTaskMgrHelper::GetEfficiencyResourcesInfos(appList, procList);
+    if (result != ERR_OK) {
+        TAG_LOGE(AAFwkTag::ABILITYMGR, "failed to GetEfficiencyResourcesInfos, err: %{public}d", result);
+        return;
+    }
+    std::lock_guard<std::mutex> lock(efficiencyMutex_);
+    efficiencyUids_.clear();
+    for (auto& info : appList) {
+        if (info == nullptr) {
+            continue;
+        }
+        if ((info->GetResourceNumber() & BackgroundTaskMgr::ResourceType::WORK_SCHEDULER) != 0) {
+            efficiencyUids_.push_back(info->GetUid());
+        }
+    }
+    for (auto& info : procList) {
+        if (info == nullptr) {
+            continue;
+        }
+        if ((info->GetResourceNumber() & BackgroundTaskMgr::ResourceType::WORK_SCHEDULER) != 0) {
+            efficiencyUids_.push_back(info->GetUid());
+        }
+    }
+}
+
 bool BackgroundTaskObserver::IsBackgroundTaskUid(const int uid)
 {
     std::lock_guard<std::mutex> lock(bgTaskMutex_);
@@ -81,6 +147,16 @@ bool BackgroundTaskObserver::IsBackgroundTaskUid(const int uid)
     return false;
 }
 
+bool BackgroundTaskObserver::IsEfficiencyResourcesTaskUid(const int uid)
+{
+    std::lock_guard<std::mutex> lock(efficiencyMutex_);
+    auto iter = std::find(efficiencyUids_.begin(), efficiencyUids_.end(), uid);
+    if (iter != efficiencyUids_.end()) {
+        return true;
+    }
+    return false;
+}
+
 sptr<AppExecFwk::IAppMgr> BackgroundTaskObserver::GetAppManager()
 {
     if (appManager_ == nullptr) {