openharmony/ability_ability_runtime
1
0
Fork 0
mirror of https://gitee.com/openharmony/ability_ability_runtime synced 2025-01-06 17:10:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!2616 dlp权限校验

Browse Source 
Merge pull request !2616 from jerry/master
This commit is contained in:
openharmony_ci 2022-08-05 10:14:46 +00:00 committed by Gitee
commit fcf4b1c3e0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
services/abilitymgr/include/dlp_utils.h
View File

@ -16,12 +16,12 @@
#ifndef OHOS_ABILITY_RUNTIME_DLP_UTILS_H
#define OHOS_ABILITY_RUNTIME_DLP_UTILS_H
#ifdef WITH_DLP
#include "ability_record.h"
#ifdef WITH_DLP
#include "dlp_permission_kit.h"
#include "permission_verification.h"
#endif // WITH_DLP
#include "iremote_object.h"
#include "permission_verification.h"
#include "want.h"
namespace OHOS {
@ -65,6 +65,18 @@ static bool DlpAccessOtherAppsCheck(const sptr<IRemoteObject> &callerToken, cons
#endif // WITH_DLP
return true;
}
static bool OtherAppsAccessDlpCheck(const sptr<IRemoteObject> &callerToken, const Want &want)
{
if (callerToken != nullptr) {
auto abilityRecord = Token::GetAbilityRecordByToken(callerToken);
if (abilityRecord != nullptr && abilityRecord->GetAppIndex() != 0) {
return true;
}
}
return PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want));
}
} // namespace DlpUtils
} // namespace AAFwk
} // namespace OHOS

12
services/abilitymgr/src/ability_manager_service.cpp
View File

@ -338,7 +338,7 @@ int AbilityManagerService::StartAbilityInner(const Want &want, const sptr<IRemot
{
HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
@ -504,7 +504,7 @@ int AbilityManagerService::StartAbility(const Want &want, const AbilityStartSett
AAFWK::EventReport::SendAbilityEvent(AAFWK::START_ABILITY,
HiSysEventType::BEHAVIOR, eventInfo);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed", __func__);
@ -662,7 +662,7 @@ int AbilityManagerService::StartAbility(const Want &want, const StartOptions &st
AAFWK::EventReport::SendAbilityEvent(AAFWK::START_ABILITY,
HiSysEventType::BEHAVIOR, eventInfo);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed", __func__);
@ -893,7 +893,7 @@ int AbilityManagerService::StartExtensionAbility(const Want &want, const sptr<IR
eventInfo.extensionType = (int32_t)extensionType;
AAFWK::EventReport::SendExtensionEvent(AAFWK::START_SERVICE,
HiSysEventType::BEHAVIOR, eventInfo);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
@ -994,7 +994,7 @@ int AbilityManagerService::StopExtensionAbility(const Want &want, const sptr<IRe
eventInfo.extensionType = (int32_t)extensionType;
AAFWK::EventReport::SendExtensionEvent(AAFWK::STOP_SERVICE,
HiSysEventType::BEHAVIOR, eventInfo);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed.", __func__);
@ -1411,7 +1411,7 @@ int AbilityManagerService::ConnectAbility(
AAFWK::EventReport::SendExtensionEvent(AAFWK::CONNECT_SERVICE, HiSysEventType::BEHAVIOR,
eventInfo);
if (!PermissionVerification::GetInstance()->VerifyDlpPermission(const_cast<Want &>(want)) ||
if (!DlpUtils::OtherAppsAccessDlpCheck(callerToken, want) ||
VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED ||
!DlpUtils::DlpAccessOtherAppsCheck(callerToken, want)) {
HILOG_ERROR("%{public}s: Permission verification failed", __func__);