openharmony/ability_dmsfwk
1
0
Fork 0
mirror of https://gitee.com/openharmony/ability_dmsfwk synced 2024-11-23 06:20:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!207 permission check rectification

Browse Source 
Merge pull request !207 from zhangmingxiang/cherry-pick-1649938115
This commit is contained in:
openharmony_ci 2022-04-16 10:37:20 +00:00 committed by Gitee
commit 04994fcd65
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 3 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/dtbschedmgr/src/distributed_sched_permission.cpp
View File

@ -282,8 +282,8 @@ bool DistributedSchedPermission::CheckCustomPermission(const AppExecFwk::Ability
return true;
}
if (callerInfo.accessToken == 0) {
HILOGW("kernel is not support or field is not parsed, so granted!");
return true;
HILOGW("kernel is not support or field is not parsed, so denied!");
return false;
}
int64_t begin = GetTickCount();
uint32_t dAccessToken = AccessToken::AccessTokenKit::AllocLocalTokenID(

28
services/dtbschedmgr/src/distributed_sched_service.cpp
View File

@ -58,7 +58,6 @@ constexpr int32_t ABILITY_MANAGER_CLEAN_MISSION = 45;
constexpr int32_t BIND_CONNECT_RETRY_TIMES = 3;
constexpr int32_t BIND_CONNECT_TIMEOUT = 500; // 500ms
constexpr int32_t MAX_DISTRIBUTED_CONNECT_NUM = 600;
constexpr int32_t SYSTEM_UID = 1000;
constexpr int32_t INVALID_CALLER_UID = -1;
}
@ -125,10 +124,6 @@ int32_t DistributedSchedService::StartRemoteAbility(const OHOS::AAFwk::Want& wan
HILOGE("check deviceId failed");
return INVALID_PARAMETERS_ERR;
}
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("check uid failed");
return INVALID_PARAMETERS_ERR;
}
sptr<IDistributedSched> remoteDms = GetRemoteDms(deviceId);
if (remoteDms == nullptr) {
HILOGE("get remoteDms failed");
@ -294,12 +289,6 @@ int32_t DistributedSchedService::StartContinuation(const OHOS::AAFwk::Want& want
want.GetElement().GetDeviceID().c_str(),
want.GetElement().GetBundleName().c_str(),
want.GetElement().GetAbilityName().c_str());
int32_t uid = IPCSkeleton::GetCallingUid();
if (uid != SYSTEM_UID) {
HILOGE("StartContinuation not allowed!");
return INVALID_REMOTE_PARAMETERS_ERR;
}
std::string devId;
if (!GetLocalDeviceId(devId)) {
HILOGE("StartContinuation get local deviceId failed!");
@ -493,10 +482,6 @@ int32_t DistributedSchedService::CheckDistributedConnectLocked(const CallerInfo&
HILOGE("uid %d is invalid", callerInfo.uid);
return BIND_ABILITY_UID_INVALID_ERR;
}
if (callerInfo.uid == SYSTEM_UID) {
return ERR_OK;
}
auto it = trackingUidMap_.find(callerInfo.uid);
if (it != trackingUidMap_.end() && it->second >= MAX_DISTRIBUTED_CONNECT_NUM) {
HILOGE("uid %{public}d connected too much abilities, it maybe leak", callerInfo.uid);
@ -541,10 +526,6 @@ int32_t DistributedSchedService::ConnectRemoteAbility(const OHOS::AAFwk::Want& w
HILOGE("ConnectRemoteAbility check deviceId failed");
return INVALID_PARAMETERS_ERR;
}
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("ConnectRemoteAbility check uid failed");
return INVALID_PARAMETERS_ERR;
}
CallerInfo callerInfo = { callerUid, callerPid, CALLER_TYPE_HARMONY, localDeviceId };
callerInfo.accessToken = accessToken;
{
@ -692,10 +673,6 @@ int32_t DistributedSchedService::StartRemoteAbilityByCall(const OHOS::AAFwk::Wan
HILOGE("StartRemoteAbilityByCall check deviceId failed");
return INVALID_PARAMETERS_ERR;
}
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("StartRemoteAbilityByCall check system uid failed");
return INVALID_PARAMETERS_ERR;
}
CallerInfo callerInfo;
callerInfo = { callerUid, callerPid };
callerInfo.sourceDeviceId = localDeviceId;
@ -961,11 +938,6 @@ int32_t DistributedSchedService::DisconnectRemoteAbility(const sptr<IRemoteObjec
HILOGE("DisconnectRemoteAbility connect is null");
return INVALID_PARAMETERS_ERR;
}
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("DisconnectRemoteAbility check uid failed");
return INVALID_PARAMETERS_ERR;
}
std::list<ConnectAbilitySession> sessionsList;
{
std::lock_guard<std::mutex> autoLock(distributedLock_);

2
services/dtbschedmgr/test/unittest/distributed_sched_permission_test.cpp
View File

@ -224,7 +224,7 @@ HWTEST_F(DistributedSchedPermissionTest, CheckDPermission_008, TestSize.Level0)
* @tc.name: CheckDPermission_009
* @tc.desc: call CheckDPermission with illegal account info
* @tc.type: FUNC
* @tc.require: AR000H23VS
* @tc.require: AR000H1RID
*/
HWTEST_F(DistributedSchedPermissionTest, CheckDPermission_009, TestSize.Level1)
{