openharmony/ability_dmsfwk
1
0
Fork 0
mirror of https://gitee.com/openharmony/ability_dmsfwk synced 2024-11-23 06:20:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!207 permission check rectification

Browse Source 
Merge pull request !207 from zhangmingxiang/cherry-pick-1649938115
This commit is contained in:
openharmony_ci 2022-04-16 10:37:20 +00:00 committed by Gitee
commit 04994fcd65
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 3 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/dtbschedmgr/src/distributed_sched_permission.cpp
View File

@ -282,8 +282,8 @@ bool DistributedSchedPermission::CheckCustomPermission(const AppExecFwk::Ability
return true; return true;
} }
if (callerInfo.accessToken == 0) { if (callerInfo.accessToken == 0) {
HILOGW("kernel is not support or field is not parsed, so granted!"); HILOGW("kernel is not support or field is not parsed, so denied!");
return true; return false;
} }
int64_t begin = GetTickCount(); int64_t begin = GetTickCount();
uint32_t dAccessToken = AccessToken::AccessTokenKit::AllocLocalTokenID( uint32_t dAccessToken = AccessToken::AccessTokenKit::AllocLocalTokenID(

28
services/dtbschedmgr/src/distributed_sched_service.cpp
View File

@ -58,7 +58,6 @@ constexpr int32_t ABILITY_MANAGER_CLEAN_MISSION = 45;
constexpr int32_t BIND_CONNECT_RETRY_TIMES = 3; constexpr int32_t BIND_CONNECT_RETRY_TIMES = 3;
constexpr int32_t BIND_CONNECT_TIMEOUT = 500; // 500ms constexpr int32_t BIND_CONNECT_TIMEOUT = 500; // 500ms
constexpr int32_t MAX_DISTRIBUTED_CONNECT_NUM = 600; constexpr int32_t MAX_DISTRIBUTED_CONNECT_NUM = 600;
constexpr int32_t SYSTEM_UID = 1000;
constexpr int32_t INVALID_CALLER_UID = -1; constexpr int32_t INVALID_CALLER_UID = -1;
} }
@ -125,10 +124,6 @@ int32_t DistributedSchedService::StartRemoteAbility(const OHOS::AAFwk::Want& wan
HILOGE("check deviceId failed"); HILOGE("check deviceId failed");
return INVALID_PARAMETERS_ERR; return INVALID_PARAMETERS_ERR;
} }
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("check uid failed");
return INVALID_PARAMETERS_ERR;
}
sptr<IDistributedSched> remoteDms = GetRemoteDms(deviceId); sptr<IDistributedSched> remoteDms = GetRemoteDms(deviceId);
if (remoteDms == nullptr) { if (remoteDms == nullptr) {
HILOGE("get remoteDms failed"); HILOGE("get remoteDms failed");
@ -294,12 +289,6 @@ int32_t DistributedSchedService::StartContinuation(const OHOS::AAFwk::Want& want
want.GetElement().GetDeviceID().c_str(), want.GetElement().GetDeviceID().c_str(),
want.GetElement().GetBundleName().c_str(), want.GetElement().GetBundleName().c_str(),
want.GetElement().GetAbilityName().c_str()); want.GetElement().GetAbilityName().c_str());
int32_t uid = IPCSkeleton::GetCallingUid();
if (uid != SYSTEM_UID) {
HILOGE("StartContinuation not allowed!");
return INVALID_REMOTE_PARAMETERS_ERR;
}
std::string devId; std::string devId;
if (!GetLocalDeviceId(devId)) { if (!GetLocalDeviceId(devId)) {
HILOGE("StartContinuation get local deviceId failed!"); HILOGE("StartContinuation get local deviceId failed!");
@ -493,10 +482,6 @@ int32_t DistributedSchedService::CheckDistributedConnectLocked(const CallerInfo&
HILOGE("uid %d is invalid", callerInfo.uid); HILOGE("uid %d is invalid", callerInfo.uid);
return BIND_ABILITY_UID_INVALID_ERR; return BIND_ABILITY_UID_INVALID_ERR;
} }
if (callerInfo.uid == SYSTEM_UID) {
return ERR_OK;
}
auto it = trackingUidMap_.find(callerInfo.uid); auto it = trackingUidMap_.find(callerInfo.uid);
if (it != trackingUidMap_.end() && it->second >= MAX_DISTRIBUTED_CONNECT_NUM) { if (it != trackingUidMap_.end() && it->second >= MAX_DISTRIBUTED_CONNECT_NUM) {
HILOGE("uid %{public}d connected too much abilities, it maybe leak", callerInfo.uid); HILOGE("uid %{public}d connected too much abilities, it maybe leak", callerInfo.uid);
@ -541,10 +526,6 @@ int32_t DistributedSchedService::ConnectRemoteAbility(const OHOS::AAFwk::Want& w
HILOGE("ConnectRemoteAbility check deviceId failed"); HILOGE("ConnectRemoteAbility check deviceId failed");
return INVALID_PARAMETERS_ERR; return INVALID_PARAMETERS_ERR;
} }
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("ConnectRemoteAbility check uid failed");
return INVALID_PARAMETERS_ERR;
}
CallerInfo callerInfo = { callerUid, callerPid, CALLER_TYPE_HARMONY, localDeviceId }; CallerInfo callerInfo = { callerUid, callerPid, CALLER_TYPE_HARMONY, localDeviceId };
callerInfo.accessToken = accessToken; callerInfo.accessToken = accessToken;
{ {
@ -692,10 +673,6 @@ int32_t DistributedSchedService::StartRemoteAbilityByCall(const OHOS::AAFwk::Wan
HILOGE("StartRemoteAbilityByCall check deviceId failed"); HILOGE("StartRemoteAbilityByCall check deviceId failed");
return INVALID_PARAMETERS_ERR; return INVALID_PARAMETERS_ERR;
} }
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("StartRemoteAbilityByCall check system uid failed");
return INVALID_PARAMETERS_ERR;
}
CallerInfo callerInfo; CallerInfo callerInfo;
callerInfo = { callerUid, callerPid }; callerInfo = { callerUid, callerPid };
callerInfo.sourceDeviceId = localDeviceId; callerInfo.sourceDeviceId = localDeviceId;
@ -961,11 +938,6 @@ int32_t DistributedSchedService::DisconnectRemoteAbility(const sptr<IRemoteObjec
HILOGE("DisconnectRemoteAbility connect is null"); HILOGE("DisconnectRemoteAbility connect is null");
return INVALID_PARAMETERS_ERR; return INVALID_PARAMETERS_ERR;
} }
if (IPCSkeleton::GetCallingUid() != SYSTEM_UID) {
HILOGE("DisconnectRemoteAbility check uid failed");
return INVALID_PARAMETERS_ERR;
}
std::list<ConnectAbilitySession> sessionsList; std::list<ConnectAbilitySession> sessionsList;
{ {
std::lock_guard<std::mutex> autoLock(distributedLock_); std::lock_guard<std::mutex> autoLock(distributedLock_);

2
services/dtbschedmgr/test/unittest/distributed_sched_permission_test.cpp
View File

@ -224,7 +224,7 @@ HWTEST_F(DistributedSchedPermissionTest, CheckDPermission_008, TestSize.Level0)
* @tc.name: CheckDPermission_009 * @tc.name: CheckDPermission_009
* @tc.desc: call CheckDPermission with illegal account info * @tc.desc: call CheckDPermission with illegal account info
* @tc.type: FUNC * @tc.type: FUNC
* @tc.require: AR000H23VS * @tc.require: AR000H1RID
*/ */
HWTEST_F(DistributedSchedPermissionTest, CheckDPermission_009, TestSize.Level1) HWTEST_F(DistributedSchedPermissionTest, CheckDPermission_009, TestSize.Level1)
{ {