mirror of
https://github.com/openharmony/ability_dmsfwk_lite.git
synced 2026-06-30 20:57:55 -04:00
!130 merge master_bugfix into master
缓冲区越界读风险修复 Created-by: weixin_55426550 Commit-by: Administrator Merged-by: openharmony_ci Description: ### 一、内容说明(相关的Issue) https://gitcode.com/openharmony/ability_dmsfwk_lite/issues/36 ### 二、建议测试周期和提测地址 建议测试完成时间:xxxx.xx.xx 投产上线时间:xxxx.xx.xx 提测地址:CI环境/压测环境 测试账号: ### 三、变更内容 * 3.1 关联PR列表 * 3.2 数据库和部署说明 1. 常规更新 2. 重启unicorn 3. 重启sidekiq 4. 迁移任务:是否有迁移任务,没有写 "无" 5. rake脚本:`bundle exec xxx RAILS_ENV = production`;没有写 "无" * 3.4 其他技术优化内容(做了什么,变更了什么) - 重构了 xxxx 代码 - xxxx 算法优化 * 3.5 废弃通知(什么字段、方法弃用?) * 3.6 后向不兼容变更(是否有无法向后兼容的变更?) ### 四、研发自测点(自测哪些?冒烟用例全部自测?) 自测测试结论: ### 五、测试关注点(需要提醒QA重点关注的、可能会忽略的地方) 检查点: | 需求名称 | 是否影响xx公共模块 | 是否需要xx功能 | 需求升级是否依赖其他子产品 | |------|------------|----------|---------------| | xxx | 否 | 需要 | 不需要 | | | | | | 接口测试: 性能测试: 并发测试: 其他: See merge request: openharmony/ability_dmsfwk_lite!130
This commit is contained in:
+65
-33
@@ -60,6 +60,59 @@ static bool GetBmsInterface(struct BmsServerProxy **bmsInterface)
|
||||
}
|
||||
#endif
|
||||
|
||||
static int32_t GetCalleeBundleInfo(const char *calleeBundleName, BundleInfo *bundleInfo)
|
||||
{
|
||||
int32_t errCode;
|
||||
#ifndef WEARABLE_PRODUCT
|
||||
uid_t callerUid = getuid();
|
||||
if (callerUid == FOUNDATION_UID) {
|
||||
struct BmsServerProxy *bmsInterface = NULL;
|
||||
if (!GetBmsInterface(&bmsInterface)) {
|
||||
HILOGE("[GetBmsInterface query null]");
|
||||
return DMS_EC_GET_BMS_FAILURE;
|
||||
}
|
||||
if (calleeBundleName == NULL) {
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
errCode = bmsInterface->GetBundleInfo(calleeBundleName,
|
||||
GET_BUNDLE_WITHOUT_ABILITIES, bundleInfo);
|
||||
} else if (callerUid == SHELL_UID) {
|
||||
errCode = GetBundleInfo(calleeBundleName, GET_BUNDLE_WITHOUT_ABILITIES, bundleInfo);
|
||||
} else {
|
||||
errCode = EC_FAILURE;
|
||||
}
|
||||
#else
|
||||
errCode = GetBundleInfo(calleeBundleName, GET_BUNDLE_WITHOUT_ABILITIES, bundleInfo);
|
||||
#endif
|
||||
if (errCode != EC_SUCCESS) {
|
||||
HILOGE("[GetBundleInfo errCode = %d]", errCode);
|
||||
return DMS_EC_GET_BUNDLEINFO_FAILURE;
|
||||
}
|
||||
return DMS_EC_SUCCESS;
|
||||
}
|
||||
|
||||
static int32_t ExtractCalleeSignature(const BundleInfo *bundleInfo, const char *calleeBundleName,
|
||||
const char **calleeSignature)
|
||||
{
|
||||
if (bundleInfo == NULL || bundleInfo->appId == NULL || calleeBundleName == NULL) {
|
||||
HILOGE("[Invalid parameter]");
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
size_t bundleNameLen = strlen(calleeBundleName);
|
||||
size_t appIdLen = strlen(bundleInfo->appId);
|
||||
if (bundleNameLen + DELIMITER_LENGTH >= appIdLen) {
|
||||
HILOGE("[Invalid appId format]");
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
if (strncmp(bundleInfo->appId, calleeBundleName, bundleNameLen) != 0 ||
|
||||
bundleInfo->appId[bundleNameLen] != '_') {
|
||||
HILOGE("[AppId does not start with calleeBundleName_]");
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
*calleeSignature = bundleInfo->appId + bundleNameLen + DELIMITER_LENGTH;
|
||||
return DMS_EC_SUCCESS;
|
||||
}
|
||||
|
||||
int32_t CheckRemotePermission(const PermissionCheckInfo *permissionCheckInfo)
|
||||
{
|
||||
if (permissionCheckInfo == NULL) {
|
||||
@@ -70,48 +123,27 @@ int32_t CheckRemotePermission(const PermissionCheckInfo *permissionCheckInfo)
|
||||
HILOGE("[bundleInfo memset failed]");
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
int32_t errCode;
|
||||
#ifndef WEARABLE_PRODUCT
|
||||
uid_t callerUid = getuid();
|
||||
if (callerUid == FOUNDATION_UID) {
|
||||
/* inner-process mode */
|
||||
struct BmsServerProxy *bmsInterface = NULL;
|
||||
if (!GetBmsInterface(&bmsInterface)) {
|
||||
HILOGE("[GetBmsInterface query null]");
|
||||
return DMS_EC_GET_BMS_FAILURE;
|
||||
}
|
||||
if (permissionCheckInfo->calleeBundleName == NULL) {
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
errCode = bmsInterface->GetBundleInfo(permissionCheckInfo->calleeBundleName,
|
||||
GET_BUNDLE_WITHOUT_ABILITIES, &bundleInfo);
|
||||
} else if (callerUid == SHELL_UID) {
|
||||
/* inter-process mode (mainly called in xts testsuit process started by shell) */
|
||||
errCode = GetBundleInfo(permissionCheckInfo->calleeBundleName,
|
||||
GET_BUNDLE_WITHOUT_ABILITIES, &bundleInfo);
|
||||
} else {
|
||||
errCode = EC_FAILURE;
|
||||
int32_t ret = GetCalleeBundleInfo(permissionCheckInfo->calleeBundleName, &bundleInfo);
|
||||
if (ret != DMS_EC_SUCCESS) {
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
errCode = GetBundleInfo(permissionCheckInfo->calleeBundleName,
|
||||
GET_BUNDLE_WITHOUT_ABILITIES, &bundleInfo);
|
||||
#endif
|
||||
if (errCode != EC_SUCCESS) {
|
||||
HILOGE("[GetBundleInfo errCode = %d]", errCode);
|
||||
return DMS_EC_GET_BUNDLEINFO_FAILURE;
|
||||
const char *calleeSignature = NULL;
|
||||
ret = ExtractCalleeSignature(&bundleInfo, permissionCheckInfo->calleeBundleName, &calleeSignature);
|
||||
if (ret != DMS_EC_SUCCESS) {
|
||||
ClearBundleInfo(&bundleInfo);
|
||||
return ret;
|
||||
}
|
||||
/* appId: bundleName + "_" + signature */
|
||||
const char *calleeSignature = bundleInfo.appId + strlen(permissionCheckInfo->calleeBundleName)
|
||||
+ DELIMITER_LENGTH;
|
||||
ClearBundleInfo(&bundleInfo);
|
||||
if ((permissionCheckInfo->callerSignature == NULL) || (calleeSignature == NULL)) {
|
||||
if (permissionCheckInfo->callerSignature == NULL || calleeSignature == NULL) {
|
||||
HILOGE("[Signature is null]");
|
||||
ClearBundleInfo(&bundleInfo);
|
||||
return DMS_EC_FAILURE;
|
||||
}
|
||||
if (strcmp(permissionCheckInfo->callerSignature, calleeSignature) != 0) {
|
||||
HILOGE("[Signature unmatched]");
|
||||
ClearBundleInfo(&bundleInfo);
|
||||
return DMS_EC_CHECK_PERMISSION_FAILURE;
|
||||
}
|
||||
ClearBundleInfo(&bundleInfo);
|
||||
return DMS_EC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user