diff --git a/frameworks/common/account_error/include/account_error_no.h b/frameworks/common/account_error/include/account_error_no.h index 6f7a2240c..ac795e1ca 100755 --- a/frameworks/common/account_error/include/account_error_no.h +++ b/frameworks/common/account_error/include/account_error_no.h @@ -295,8 +295,9 @@ enum { ERR_OS_ACCOUNT_SERVICE_MANAGER_PHOTO_SIZE_OVERFLOW_ERROR, ERR_OS_ACCOUNT_SERVICE_MANAGER_DOMAIN_SIZE_OVERFLOW_ERROR, ERR_OS_ACCOUNT_SERVICE_MANAGER_ID_ERROR, + ERR_OS_ACCOUNT_SERVICE_MANAGER_CANNOT_HIDE_INTERFACE_ERROR, ERR_OS_ACCOUNT_SERVICE_MANAGER_CREATE_OSACCOUNT_TYPE_ERROR, - // 4653077 + // 4653078 ERR_OS_ACCOUNT_SERVICE_INNER_SELECT_OSACCOUNT_BYID_ERROR, ERR_OS_ACCOUNT_SERVICE_INNER_CREATE_OVERFLOW_OSACCOUNTMAX_ERROR, ERR_OS_ACCOUNT_SERVICE_INNER_CANNOT_CREATE_ADMIN_ACCOUNT_ERROR, @@ -333,7 +334,7 @@ enum { ERR_OS_ACCOUNT_SERVICE_INNER_CANNOT_REMOVE_ADMIN_ERROR, ERR_OS_ACCOUNT_SERVICE_INNER_DONNOT_HAVE_PHOTO_ERROR, ERR_OS_ACCOUNT_SERVICE_INNER_SER_CONSTRAINTS_ERROR, - // 4653113 + // 4653114 ERR_OS_ACCOUNT_SERVICE_CONTROL_FIND_AVAILABLE_ID_ERROR, ERR_OS_ACCOUNT_SERVICE_CONTROL_UPDATE_OSACCOUNT_ERROR, ERR_OS_ACCOUNT_SERVICE_CONTROL_CREATE_OSACCOUNT_ERROR, @@ -356,7 +357,7 @@ enum { ERR_OS_ACCOUNT_SERVICE_CONTROL_ID_CANNOT_CREATE_ERROR, ERR_OS_ACCOUNT_SERVICE_CONTROL_CANNOT_DELETE_ID_ERROR, ERR_OS_ACCOUNT_SERVICE_CONTROL_DONNOT_HAVE_ALLOW_SERIAL_ERROR, - // 4653135 + // 4653136 ERR_OS_ACCOUNT_SERVICE_FILE_DELE_ERROR, ERR_OS_ACCOUNT_SERVICE_FILE_FIND_DIR_ERROR, ERR_OS_ACCOUNT_SERVICE_FILE_FIND_FILE_ERROR, @@ -367,7 +368,7 @@ enum { ERR_ACCOUNT_SERVICE_DATA_STORAGE_KEY_EXISTED_ERROR, ERR_OS_ACCOUNT_SERVICE_FILE_CREATE_FILE_FAILED_ERROR, ERR_OSACCOUNT_SERVICE_CREATE_EVENT_HANDLER, - // 4653145 + // 4653146 ERR_OS_ACCOUNT_SERVICE_INTERFACE_TO_CE_ACCOUNT_CREATE_ERROR, ERR_OS_ACCOUNT_SERVICE_INTERFACE_TO_CE_ACCOUNT_DELETE_ERROR, ERR_OS_ACCOUNT_SERVICE_INTERFACE_TO_CE_ACCOUNT_SWITCHED_ERROR, diff --git a/frameworks/osaccount/native/test/moduletest/os_account_manager_module_test.cpp b/frameworks/osaccount/native/test/moduletest/os_account_manager_module_test.cpp index decc93058..a5ea22f21 100644 --- a/frameworks/osaccount/native/test/moduletest/os_account_manager_module_test.cpp +++ b/frameworks/osaccount/native/test/moduletest/os_account_manager_module_test.cpp @@ -673,7 +673,7 @@ HWTEST_F(OsAccountManagerModuleTest, OsAccountManagerModuleTest037, TestSize.Lev { int id = 0; EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdBySerialNumber( - Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID, id), + Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + 1, id), ERR_OK); EXPECT_EQ(id, Constants::START_USER_ID); } @@ -701,7 +701,7 @@ HWTEST_F(OsAccountManagerModuleTest, OsAccountManagerModuleTest039, TestSize.Lev int64_t serialNumber; EXPECT_EQ(OsAccountManager::GetSerialNumberByOsAccountLocalId(Constants::START_USER_ID, serialNumber), ERR_OK); EXPECT_EQ( - serialNumber, Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID); + serialNumber, Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + 1); } /** diff --git a/interfaces/innerkits/osaccount/native/include/os_account_constants.h b/interfaces/innerkits/osaccount/native/include/os_account_constants.h index 2e2e5ffab..9424923e2 100644 --- a/interfaces/innerkits/osaccount/native/include/os_account_constants.h +++ b/interfaces/innerkits/osaccount/native/include/os_account_constants.h @@ -31,7 +31,7 @@ const std::string USER_PHOTO_FILE_JPG_NAME = "fase.jpg"; const std::string USER_PHOTO_BASE_JPG_HEAD = "data:image/jpeg;base64,"; const std::string USER_PHOTO_BASE_PNG_HEAD = "data:image/png;base64,"; const std::string USER_INFO_FILE_NAME = "account_info.json"; -constexpr std::int32_t UID_TRANSFORM_DIVISOR = 100000; +constexpr std::int32_t UID_TRANSFORM_DIVISOR = 1000000; // distributed database const std::string APP_ID = "os_account_mgr_service"; const std::string STORE_ID = "os_account_info"; @@ -39,6 +39,7 @@ const bool SYNC_OS_ACCOUNT_DATABSE = false; // uid judgment const std::int32_t APP_UID_START = 2100; +const std::int32_t MAX_SYSTEM_UID_NUM = 2899; // subscribe const int SUBSCRIBER_MAX_SIZE = 100; @@ -55,7 +56,7 @@ const int STANDARD_TYPE = 0; const int START_USER_ID = 100; const int MAX_USER_ID = 999; const int64_t SERIAL_NUMBER_NUM_START_FOR_ADMIN = 20210231; -const int64_t SERIAL_NUMBER_NUM_START = 101; +const int64_t SERIAL_NUMBER_NUM_START = 1; const int64_t CARRY_NUM = 100000000; const bool IS_SERIAL_NUMBER_FULL_INIT_VALUE = false; @@ -64,7 +65,6 @@ const std::string USER_CONSTRATINTS_TEMPLATE = "UserConstraintsTemplate"; const std::string TYPE_LIST = "TypeList"; const std::string ACCOUNT_LIST = "AccountList"; const std::string COUNT_ACCOUNT_NUM = "CountAccountNum"; -const std::string NOW_ALLOW_CREATE_ACCOUNT_NUM = "NowAllowCreateAccountNum"; const std::string MAX_ALLOW_CREATE_ACCOUNT_NUM = "MaxAllowCreateAccountNum"; const std::string SERIAL_NUMBER_NUM = "SerialNumber"; const std::string IS_MULTI_OS_ACCOUNT_ENABLE = "IsMultiOsAccountEnable"; diff --git a/interfaces/kits/napi/osaccount/include/napi_os_account_common.h b/interfaces/kits/napi/osaccount/include/napi_os_account_common.h index b8fbecdb6..97026e351 100644 --- a/interfaces/kits/napi/osaccount/include/napi_os_account_common.h +++ b/interfaces/kits/napi/osaccount/include/napi_os_account_common.h @@ -26,6 +26,7 @@ namespace AccountJsKit { #define PARAM0 0 #define PARAM1 1 constexpr std::int32_t MAX_VALUE_LEN = 4096; +constexpr std::int32_t MAX_SUBSCRIBER_NAME_LEN = 1024; constexpr const std::int32_t STR_MAX_SIZE = 256; constexpr int PARAMZERO = 0; constexpr int PARAMONE = 1; diff --git a/interfaces/kits/napi/osaccount/src/napi_os_account.cpp b/interfaces/kits/napi/osaccount/src/napi_os_account.cpp index 2c46fc86d..48a7e84d4 100644 --- a/interfaces/kits/napi/osaccount/src/napi_os_account.cpp +++ b/interfaces/kits/napi/osaccount/src/napi_os_account.cpp @@ -51,7 +51,6 @@ napi_value osAccountInit(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("getOsAccountTypeFromProcess", GetOsAccountTypeFromProcess), DECLARE_NAPI_FUNCTION("isMultiOsAccountEnable", IsMultiOsAccountEnable), DECLARE_NAPI_FUNCTION("isOsAccountVerified", IsOsAccountVerified), - DECLARE_NAPI_FUNCTION("getApplicationConstraints", GetApplicationConstraints), DECLARE_NAPI_FUNCTION("getOsAccountLocalIdBySerialNumber", GetOsAccountLocalIdBySerialNumber), DECLARE_NAPI_FUNCTION("getSerialNumberByOsAccountLocalId", GetSerialNumberByOsAccountLocalId), DECLARE_NAPI_FUNCTION("isTestOsAccount", IsTestOsAccount), @@ -838,12 +837,6 @@ napi_value IsOsAccountVerified(napi_env env, napi_callback_info cbInfo) return result; } -napi_value GetApplicationConstraints(napi_env env, napi_callback_info cbInfo) -{ - ACCOUNT_LOGI("enter"); - return nullptr; -} - napi_value GetOsAccountLocalIdBySerialNumber(napi_env env, napi_callback_info cbInfo) { ACCOUNT_LOGI("enter"); @@ -1188,7 +1181,7 @@ void UnsubscribeCallbackCompletedCB(napi_env env, napi_status status, void *data if (unsubscribeCBInfo->argc >= ARGS_SIZE_THREE) { napi_value result = nullptr; - napi_get_null(env, &result); + napi_create_int32(env, 0, &result); napi_value undefined = nullptr; napi_get_undefined(env, &undefined); diff --git a/interfaces/kits/napi/osaccount/src/napi_os_account_common.cpp b/interfaces/kits/napi/osaccount/src/napi_os_account_common.cpp index 609de8e41..74d657b2f 100644 --- a/interfaces/kits/napi/osaccount/src/napi_os_account_common.cpp +++ b/interfaces/kits/napi/osaccount/src/napi_os_account_common.cpp @@ -340,8 +340,8 @@ void CBOrPromiseToRemoveOA(napi_env env, const RemoveOAAsyncContext *removeOACB, void ParseParaSetOAName(napi_env env, napi_callback_info cbInfo, SetOANameAsyncContext *setOANameCB) { ACCOUNT_LOGI("enter"); - size_t argc = ARGS_SIZE_TWO; - napi_value argv[ARGS_SIZE_TWO] = {0}; + size_t argc = ARGS_SIZE_THREE; + napi_value argv[ARGS_SIZE_THREE] = {0}; napi_get_cb_info(env, cbInfo, &argc, argv, nullptr, nullptr); for (size_t i = 0; i < argc; i++) { @@ -1848,6 +1848,9 @@ void ParseParaToSubscriber(const napi_env &env, const napi_value (&argv)[ARGS_SI napi_typeof(env, argv[1], &valuetype); if (valuetype == napi_string) { onName = GetStringProperty(env, argv[1]); + if (onName.size() == 0 || onName.size() > MAX_SUBSCRIBER_NAME_LEN) { + return; + } } else { ACCOUNT_LOGE("Type matching failed"); } diff --git a/services/accountmgr/include/account_permission_manager.h b/services/accountmgr/include/account_permission_manager.h index e6c75746e..6c898df6b 100644 --- a/services/accountmgr/include/account_permission_manager.h +++ b/services/accountmgr/include/account_permission_manager.h @@ -26,6 +26,7 @@ public: AccountPermissionManager(); ~AccountPermissionManager(); + bool IsSystemUid(const uid_t &uid) const; ErrCode VerifyPermission(const uid_t &uid, const std::string &permissionName, const std::string &bundleName); static const std::string DISTRIBUTED_DATASYNC; @@ -33,6 +34,10 @@ public: static const std::string MANAGE_LOCAL_ACCOUNTS; static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION; static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS; + +private: + static constexpr uid_t MIN_SYSTEM_UID = 2100; + static constexpr uid_t MAX_SYSTEM_UID = 2899; }; } // namespace AccountSA } // namespace OHOS diff --git a/services/accountmgr/src/account_permission_manager.cpp b/services/accountmgr/src/account_permission_manager.cpp index 8ac0e3a34..b545ccdce 100644 --- a/services/accountmgr/src/account_permission_manager.cpp +++ b/services/accountmgr/src/account_permission_manager.cpp @@ -42,6 +42,17 @@ AccountPermissionManager::~AccountPermissionManager() ACCOUNT_LOGI("enter"); } +bool AccountPermissionManager::IsSystemUid(const uid_t &uid) const +{ + ACCOUNT_LOGI("enter"); + + if (uid >= MIN_SYSTEM_UID && uid <= MAX_SYSTEM_UID) { + return true; + } + + return false; +} + ErrCode AccountPermissionManager::VerifyPermission( const uid_t &uid, const std::string &permissionName, const std::string &bundleName) { diff --git a/services/accountmgr/src/osaccount/inner_os_account_manager.cpp b/services/accountmgr/src/osaccount/inner_os_account_manager.cpp index 91ce9da07..347891df2 100644 --- a/services/accountmgr/src/osaccount/inner_os_account_manager.cpp +++ b/services/accountmgr/src/osaccount/inner_os_account_manager.cpp @@ -57,8 +57,8 @@ void IInnerOsAccountManager::CreateBaseStandardAccount() bool isExistsAccount = false; osAccountControl_->IsOsAccountExists(Constants::START_USER_ID, isExistsAccount); if (!isExistsAccount) { - int64_t serialNumber = - Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID; + int64_t serialNumber = 0; + osAccountControl_->GetSerialNumber(serialNumber); OsAccountInfo osAccountInfo( Constants::START_USER_ID, Constants::STANDARD_LOCAL_NAME, OsAccountType::ADMIN, serialNumber); std::vector constants; diff --git a/services/accountmgr/src/osaccount/os_account_control_database_manager.cpp b/services/accountmgr/src/osaccount/os_account_control_database_manager.cpp index 4f1a0cb1a..1e2add690 100644 --- a/services/accountmgr/src/osaccount/os_account_control_database_manager.cpp +++ b/services/accountmgr/src/osaccount/os_account_control_database_manager.cpp @@ -39,7 +39,6 @@ void OsAccountControlDatabaseManager::Init() Json accountList = Json { {Constants::ACCOUNT_LIST, accountListt}, {Constants::COUNT_ACCOUNT_NUM, 0}, - {Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM, Constants::START_USER_ID}, {Constants::MAX_ALLOW_CREATE_ACCOUNT_NUM, Constants::MAX_USER_ID}, {Constants::SERIAL_NUMBER_NUM, Constants::SERIAL_NUMBER_NUM_START}, }; @@ -85,7 +84,7 @@ ErrCode OsAccountControlDatabaseManager::InsertOsAccount(OsAccountInfo &osAccoun ACCOUNT_LOGE("OsAccountControlDatabaseManager insert ERR"); return errCode; } - if (osAccountInfo.GetLocalId() > Constants::START_USER_ID - 1) { + if (osAccountInfo.GetLocalId() >= Constants::START_USER_ID) { ACCOUNT_LOGE("OsAccountControlDatabaseManager is ordinary account"); Json accountListJson; if (GetAccountList(accountListJson) != ERR_OK) { @@ -100,10 +99,6 @@ ErrCode OsAccountControlDatabaseManager::InsertOsAccount(OsAccountInfo &osAccoun accountIdList.push_back(osAccountInfo.GetPrimeKey()); accountListJson[Constants::ACCOUNT_LIST] = accountIdList; accountListJson[Constants::COUNT_ACCOUNT_NUM] = accountIdList.size(); - int maxId = Constants::MAX_USER_ID + Constants::START_USER_ID; - int num = osAccountInfo.GetLocalId(); - num = num + 1; - accountListJson[Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM] = num > maxId ? Constants::START_USER_ID : num; if (SaveAccountList(accountListJson) != ERR_OK) { ACCOUNT_LOGE("OsAccountControlDatabaseManager save account List Err"); return ERR_OS_ACCOUNT_SERVICE_CONTROL_INSERT_OS_ACCOUNT_LIST_ERROR; @@ -203,31 +198,19 @@ ErrCode OsAccountControlDatabaseManager::GetAllowCreateId(int &id) auto jsonEnd = accountListJson.end(); OHOS::AccountSA::GetDataByType( accountListJson, jsonEnd, Constants::COUNT_ACCOUNT_NUM, countCreatedNum, OHOS::AccountSA::JsonType::NUMBER); - if (countCreatedNum > Constants::MAX_USER_ID) { + if (countCreatedNum >= Constants::MAX_USER_ID - Constants::START_USER_ID) { return ERR_OS_ACCOUNT_SERVICE_CONTROL_MAX_CAN_CREATE_ERROR; } std::vector accountIdList; OHOS::AccountSA::GetDataByType>( accountListJson, jsonEnd, Constants::ACCOUNT_LIST, accountIdList, OHOS::AccountSA::JsonType::ARRAY); - OHOS::AccountSA::GetDataByType( - accountListJson, jsonEnd, Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM, id, OHOS::AccountSA::JsonType::NUMBER); - bool findFlag = false; - int maxId = Constants::START_USER_ID + Constants::MAX_USER_ID; - for (; id <= maxId; id++) { - if (accountIdList.end() == std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id))) { - findFlag = true; - break; - } + id = Constants::START_USER_ID + 1; + while (std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id)) != accountIdList.end() && + id != Constants::MAX_USER_ID + 1) { + id++; } - if (!findFlag) { - for (id = Constants::START_USER_ID; id <= maxId; id++) { - if (accountIdList.end() == std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id))) { - findFlag = true; - break; - } - } - } - if (!findFlag) { + if (id == Constants::MAX_USER_ID + 1) { + id = -1; return ERR_OS_ACCOUNT_SERVICE_CONTROL_SELECT_CAN_USE_ID_ERROR; } return ERR_OK; diff --git a/services/accountmgr/src/osaccount/os_account_control_file_manager.cpp b/services/accountmgr/src/osaccount/os_account_control_file_manager.cpp index bc6915a8e..721d142bf 100644 --- a/services/accountmgr/src/osaccount/os_account_control_file_manager.cpp +++ b/services/accountmgr/src/osaccount/os_account_control_file_manager.cpp @@ -33,13 +33,12 @@ void OsAccountControlFileManager::Init() ACCOUNT_LOGE("OsAccountControlFileManager Init start"); osAccountFileOperator_->Init(); if (!accountFileOperator_->IsExistFile( - Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + Constants::USER_LIST_FILE_NAME)) { + Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + Constants::USER_LIST_FILE_NAME)) { ACCOUNT_LOGE("OsAccountControlFileManager there is not have account list"); std::vector accountListt; Json accountList = Json { {Constants::ACCOUNT_LIST, accountListt}, {Constants::COUNT_ACCOUNT_NUM, 0}, - {Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM, Constants::START_USER_ID}, {Constants::MAX_ALLOW_CREATE_ACCOUNT_NUM, Constants::MAX_USER_ID}, {Constants::SERIAL_NUMBER_NUM, Constants::SERIAL_NUMBER_NUM_START}, {Constants::IS_SERIAL_NUMBER_FULL, Constants::IS_SERIAL_NUMBER_FULL_INIT_VALUE}, @@ -122,7 +121,7 @@ ErrCode OsAccountControlFileManager::InsertOsAccount(OsAccountInfo &osAccountInf ACCOUNT_LOGE("OsAccountControlFileManager InsertOsAccount"); return ERR_OS_ACCOUNT_SERVICE_CONTROL_INSERT_OS_ACCOUNT_FILE_ERROR; } - if (osAccountInfo.GetLocalId() > Constants::START_USER_ID - 1) { + if (osAccountInfo.GetLocalId() >= Constants::START_USER_ID) { Json accountListJson; if (GetAccountList(accountListJson) != ERR_OK) { ACCOUNT_LOGE("OsAccountControlFileManager get account List Err"); @@ -135,9 +134,6 @@ ErrCode OsAccountControlFileManager::InsertOsAccount(OsAccountInfo &osAccountInf accountIdList.push_back(osAccountInfo.GetPrimeKey()); accountListJson[Constants::ACCOUNT_LIST] = accountIdList; accountListJson[Constants::COUNT_ACCOUNT_NUM] = accountIdList.size(); - int num = osAccountInfo.GetLocalId() + 1; - accountListJson[Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM] = - num > Constants::MAX_USER_ID ? Constants::START_USER_ID : num; if (SaveAccountList(accountListJson) != ERR_OK) { ACCOUNT_LOGE("OsAccountControlFileManager save account List Err"); return ERR_OS_ACCOUNT_SERVICE_CONTROL_INSERT_OS_ACCOUNT_LIST_ERROR; @@ -269,31 +265,19 @@ ErrCode OsAccountControlFileManager::GetAllowCreateId(int &id) auto jsonEnd = accountListJson.end(); OHOS::AccountSA::GetDataByType( accountListJson, jsonEnd, Constants::COUNT_ACCOUNT_NUM, countCreatedNum, OHOS::AccountSA::JsonType::NUMBER); - if (countCreatedNum == Constants::MAX_USER_ID - Constants::START_USER_ID + 1) { + if (countCreatedNum >= Constants::MAX_USER_ID - Constants::START_USER_ID) { return ERR_OS_ACCOUNT_SERVICE_CONTROL_MAX_CAN_CREATE_ERROR; } std::vector accountIdList; OHOS::AccountSA::GetDataByType>( accountListJson, jsonEnd, Constants::ACCOUNT_LIST, accountIdList, OHOS::AccountSA::JsonType::ARRAY); - OHOS::AccountSA::GetDataByType( - accountListJson, jsonEnd, Constants::NOW_ALLOW_CREATE_ACCOUNT_NUM, id, OHOS::AccountSA::JsonType::NUMBER); - bool findFlag = false; - int maxId = Constants::MAX_USER_ID; - for (; id <= maxId; id++) { - if (accountIdList.end() == std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id))) { - findFlag = true; - break; - } + id = Constants::START_USER_ID + 1; + while (std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id)) != accountIdList.end() && + id != Constants::MAX_USER_ID + 1) { + id++; } - if (!findFlag) { - for (id = Constants::START_USER_ID; id <= maxId; id++) { - if (accountIdList.end() == std::find(accountIdList.begin(), accountIdList.end(), std::to_string(id))) { - findFlag = true; - break; - } - } - } - if (!findFlag) { + if (id == Constants::MAX_USER_ID + 1) { + id = -1; return ERR_OS_ACCOUNT_SERVICE_CONTROL_SELECT_CAN_USE_ID_ERROR; } return ERR_OK; diff --git a/services/accountmgr/src/osaccount/os_account_manager_service.cpp b/services/accountmgr/src/osaccount/os_account_manager_service.cpp index 07b881fc6..0f5c7bad6 100644 --- a/services/accountmgr/src/osaccount/os_account_manager_service.cpp +++ b/services/accountmgr/src/osaccount/os_account_manager_service.cpp @@ -63,7 +63,7 @@ ErrCode OsAccountManagerService::CreateOsAccount( result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -99,7 +99,7 @@ ErrCode OsAccountManagerService::RemoveOsAccount(const int id) result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -239,6 +239,10 @@ ErrCode OsAccountManagerService::GetOsAccountLocalIdFromUid(const int uid, int & ErrCode OsAccountManagerService::QueryMaxOsAccountNumber(int &maxOsAccountNumber) { + auto callingUid = IPCSkeleton::GetCallingUid(); + if (callingUid > Constants::MAX_SYSTEM_UID_NUM) { + return ERR_OS_ACCOUNT_SERVICE_MANAGER_CANNOT_HIDE_INTERFACE_ERROR; + } return innerManager_->QueryMaxOsAccountNumber(maxOsAccountNumber); } @@ -269,6 +273,10 @@ ErrCode OsAccountManagerService::GetOsAccountAllConstraints(const int id, std::v ErrCode OsAccountManagerService::QueryAllCreatedOsAccounts(std::vector &osAccountInfos) { + auto callingUid = IPCSkeleton::GetCallingUid(); + if (callingUid > Constants::MAX_SYSTEM_UID_NUM) { + return ERR_OS_ACCOUNT_SERVICE_MANAGER_CANNOT_HIDE_INTERFACE_ERROR; + } return innerManager_->QueryAllCreatedOsAccounts(osAccountInfos); } @@ -314,7 +322,7 @@ ErrCode OsAccountManagerService::QueryOsAccountById(const int id, OsAccountInfo callingUid, AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, bundleName); ErrCode errCode = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, bundleName); - if (result != ERR_OK && errCode != ERR_OK) { + if ((result != ERR_OK && errCode != ERR_OK) || permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC and " "INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, result = %{public}d", result); @@ -351,7 +359,7 @@ ErrCode OsAccountManagerService::GetOsAccountProfilePhoto(const int id, std::str result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -369,6 +377,10 @@ ErrCode OsAccountManagerService::IsMultiOsAccountEnable(bool &isMultiOsAccountEn ErrCode OsAccountManagerService::SetOsAccountName(const int id, const std::string &name) { + auto callingUid = IPCSkeleton::GetCallingUid(); + if (callingUid > Constants::MAX_SYSTEM_UID_NUM) { + return ERR_OS_ACCOUNT_SERVICE_MANAGER_CANNOT_HIDE_INTERFACE_ERROR; + } if (name.size() > Constants::LOCAL_NAME_MAX_SIZE) { return ERR_OS_ACCOUNT_SERVICE_MANAGER_NAME_SIZE_OVERFLOW_ERROR; } @@ -396,7 +408,7 @@ ErrCode OsAccountManagerService::SetOsAccountConstraints( result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::MANAGE_LOCAL_ACCOUNTS, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -471,7 +483,7 @@ ErrCode OsAccountManagerService::ActivateOsAccount(const int id) result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -548,7 +560,7 @@ ErrCode OsAccountManagerService::SubscribeOsAccount( result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -571,7 +583,7 @@ ErrCode OsAccountManagerService::UnsubscribeOsAccount(const sptr result = permissionManagerPtr_->VerifyPermission( callingUid, AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION, bundleName); - if (result != ERR_OK) { + if (result != ERR_OK || !permissionManagerPtr_->IsSystemUid(callingUid)) { ACCOUNT_LOGI("failed to verify permission for DISTRIBUTED_DATASYNC, result = %{public}d", result); return result; } @@ -582,11 +594,14 @@ ErrCode OsAccountManagerService::UnsubscribeOsAccount(const sptr ErrCode OsAccountManagerService::GetOsAccountLocalIdBySerialNumber(const int64_t serialNumber, int &id) { ACCOUNT_LOGI("enter"); - if (serialNumber < - Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID) { + ErrCode errCode = innerManager_->GetOsAccountLocalIdBySerialNumber(serialNumber, id); + if (errCode != ERR_OK) { + return errCode; + } + if (id < Constants::START_USER_ID) { return ERR_OS_ACCOUNT_SERVICE_MANAGER_ID_ERROR; } - return innerManager_->GetOsAccountLocalIdBySerialNumber(serialNumber, id); + return ERR_OK; } ErrCode OsAccountManagerService::GetSerialNumberByOsAccountLocalId(const int &id, int64_t &serialNumber) diff --git a/services/accountmgr/test/moduletest/os_account/os_account_manager_service_module_test.cpp b/services/accountmgr/test/moduletest/os_account/os_account_manager_service_module_test.cpp index 91181545a..903fcb083 100644 --- a/services/accountmgr/test/moduletest/os_account/os_account_manager_service_module_test.cpp +++ b/services/accountmgr/test/moduletest/os_account/os_account_manager_service_module_test.cpp @@ -707,7 +707,7 @@ HWTEST_F(OsAccountManagerServiceModuleTest, OsAccountManagerServiceModuleTest038 { int id = 0; EXPECT_EQ(osAccountManagerService_->GetOsAccountLocalIdBySerialNumber( - Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID, id), + Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + 1, id), ERR_OK); EXPECT_EQ(id, Constants::START_USER_ID); } @@ -735,8 +735,7 @@ HWTEST_F(OsAccountManagerServiceModuleTest, OsAccountManagerServiceModuleTest040 int64_t serialNumber; EXPECT_EQ( osAccountManagerService_->GetSerialNumberByOsAccountLocalId(Constants::START_USER_ID, serialNumber), ERR_OK); - EXPECT_EQ( - serialNumber, Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + Constants::START_USER_ID); + EXPECT_EQ(serialNumber, Constants::CARRY_NUM * Constants::SERIAL_NUMBER_NUM_START_FOR_ADMIN + 1); } /** diff --git a/tools/acm/include/account_command.h b/tools/acm/include/account_command.h index a1f310943..df30f8312 100644 --- a/tools/acm/include/account_command.h +++ b/tools/acm/include/account_command.h @@ -37,7 +37,8 @@ const std::string HELP_MSG_CREATE = "usage: acm create \n" "options list:\n" " -h, --help list available commands\n" - " -n -t create a local account with a name and a type\n"; + " -n -t create a local account with a name and a type\n" + " : admin, normal, guest\n"; const std::string HELP_MSG_DELETE = "usage: acm delete \n"