openharmony/account_os_account
1
0
Fork 0
mirror of https://gitee.com/openharmony/account_os_account synced 2024-11-27 04:00:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix memory leak and permission check problem

Browse Source 
Signed-off-by: jidong <jidong4@huawei.com>
Change-Id: I08f346dd99b81b800f47d437c5cfd77129a8a456
This commit is contained in:
jidong 2022-09-23 21:46:32 +08:00
parent 75804c29d4
commit 78e7741da4
20 changed files with 192 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dfx/hidumper_adapter/account_dump_helper.cpp
View File

@ -56,7 +56,7 @@ std::string AnonymizeUidStr(const std::string& uidStr)
return uidStr;
}
size_t anonymizeLen = static_cast<size_t>(((double)uidStr.length()) * ANONYMIZE_RATIO);
size_t anonymizeLen = static_cast<size_t>(static_cast<double>(uidStr.length()) * ANONYMIZE_RATIO);
size_t interceptLen = (uidStr.length() - anonymizeLen) / 2; // Half head and half tail
if (anonymizeLen < MIN_ANONYMIZE_PART_LEN || interceptLen == 0) {
return DEFAULT_ANON_STR;
@ -71,7 +71,7 @@ std::string AnonymizeUidStr(const std::string& uidStr)
} // namespace
AccountDumpHelper::AccountDumpHelper(const std::shared_ptr<OhosAccountManager>& ohosAccountMgr,
OsAccountManagerService* osAccountMgrService)
const sptr<OsAccountManagerService> &osAccountMgrService)
{
ohosAccountMgr_ = ohosAccountMgr;
osAccountMgrService_ = osAccountMgrService;

4
dfx/hidumper_adapter/account_dump_helper.h
View File

@ -26,7 +26,7 @@ namespace AccountSA {
class AccountDumpHelper {
public:
AccountDumpHelper(const std::shared_ptr<OhosAccountManager>& ohosAccountMgr,
OsAccountManagerService* osAccountMgrService);
const sptr<OsAccountManagerService> &osAccountMgrService);
~AccountDumpHelper() = default;
void Dump(const std::vector<std::string>& args, std::string& result) const;
@ -36,7 +36,7 @@ private:
void ProcessOneParameter(const std::string& arg, std::string& result) const;
void ProcessTwoParameter(const std::string& arg1, const std::string& arg2, std::string& result) const;
std::weak_ptr<OhosAccountManager> ohosAccountMgr_;
OsAccountManagerService* osAccountMgrService_;
sptr<OsAccountManagerService> osAccountMgrService_;
void ShowOhosAccountInfo(std::string &result) const;
void ShowOsAccountInfo(std::string &result) const;
void SetLogLevel(const std::string& levelStr, std::string& result) const;

2
frameworks/account_iam/src/account_iam_client.cpp
View File

@ -52,6 +52,7 @@ void AccountIAMClient::AddCredential(
return;
}
if ((userId == 0) && (!GetCurrentUserId(userId))) {
ACCOUNT_LOGE("fail to add credential for invalid userId");
return;
}
if (credInfo.authType == AuthType::PIN) {
@ -68,6 +69,7 @@ void AccountIAMClient::UpdateCredential(
return;
}
if ((userId == 0) && (!GetCurrentUserId(userId))) {
ACCOUNT_LOGE("fail to update credential for invalid userId");
return;
}
if (credInfo.authType == AuthType::PIN) {

10
frameworks/appaccount/native/src/app_account.cpp
View File

@ -383,8 +383,6 @@ ErrCode AppAccount::GetAllAccessibleAccounts(std::vector<AppAccountInfo> &appAcc
ErrCode AppAccount::SubscribeAppAccount(const std::shared_ptr<AppAccountSubscriber> &subscriber)
{
ACCOUNT_LOGD("enter");
if (subscriber == nullptr) {
ACCOUNT_LOGE("subscriber is nullptr");
return ERR_APPACCOUNT_KIT_SUBSCRIBER_IS_NULLPTR;
@ -431,7 +429,11 @@ ErrCode AppAccount::SubscribeAppAccount(const std::shared_ptr<AppAccountSubscrib
sptr<IRemoteObject> appAccountEventListener = nullptr;
ErrCode subscribeState = CreateAppAccountEventListener(subscriber, appAccountEventListener);
if (subscribeState == INITIAL_SUBSCRIPTION) {
return appAccountProxy_->SubscribeAppAccount(subscribeInfo, appAccountEventListener);
subscribeState = appAccountProxy_->SubscribeAppAccount(subscribeInfo, appAccountEventListener);
if (subscribeState != ERR_OK) {
eventListeners_.erase(subscriber);
}
return subscribeState;
} else if (subscribeState == ALREADY_SUBSCRIBED) {
return ERR_OK;
} else {
@ -530,12 +532,14 @@ ErrCode AppAccount::GetAppAccountProxy()
appAccountProxy_ = iface_cast<IAppAccount>(appAccountRemoteObject);
if ((!appAccountProxy_) || (!appAccountProxy_->AsObject())) {
ACCOUNT_LOGE("failed to cast app account proxy");
appAccountProxy_ = nullptr;
return ERR_APPACCOUNT_KIT_GET_APP_ACCOUNT_PROXY;
}
deathRecipient_ = new (std::nothrow) AppAccountDeathRecipient();
if (!deathRecipient_) {
ACCOUNT_LOGE("failed to create app account death recipient");
appAccountProxy_ = nullptr;
return ERR_APPACCOUNT_KIT_CREATE_APP_ACCOUNT_DEATH_RECIPIENT;
}

7
frameworks/appaccount/native/src/app_account_common.cpp
View File

@ -21,6 +21,10 @@
namespace OHOS {
namespace AccountSA {
namespace {
constexpr const uint32_t MAX_OPTION_SIZE = 1024;
}
bool SelectAccountsOptions::Marshalling(Parcel &parcel) const
{
if (!parcel.WriteBool(hasAccounts) || !parcel.WriteBool(hasOwners) || !parcel.WriteBool(hasLabels)) {
@ -58,6 +62,9 @@ bool SelectAccountsOptions::ReadFromParcel(Parcel &parcel)
if (!parcel.ReadUint32(size)) {
return false;
}
if (size > MAX_OPTION_SIZE) {
return false;
}
std::string name;
std::string type;
for (uint32_t i = 0; i < size; ++i) {

4
frameworks/appaccount/native/src/app_account_info.cpp
View File

@ -688,6 +688,10 @@ bool AppAccountInfo::ReadTokenInfos(std::map<std::string, OAuthTokenInfo> &token
ACCOUNT_LOGE("failed to ReadInt32 for size");
return false;
}
if (size > MAX_TOKEN_NUMBER) {
ACCOUNT_LOGE("invalid token number");
return false;
}
tokenInfos.clear();
for (int32_t index = 0; index < size; ++index) {
OAuthTokenInfo tokenInfo;

4
frameworks/common/account_error/include/account_error_no.h
View File

@ -449,7 +449,7 @@ enum {
constexpr ErrCode ACCOUNT_IAM_KIT_ERR_OFFSET =
ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_KIT);
enum {
ERR_ACCOUNT_IAM_KIT_SEND_REQUEST,
ERR_ACCOUNT_IAM_KIT_SEND_REQUEST = ACCOUNT_IAM_KIT_ERR_OFFSET + 0x0001,
ERR_ACCOUNT_IAM_KIT_READ_PARCEL_FAIL,
};
@ -457,7 +457,7 @@ enum {
constexpr ErrCode ACCOUNT_IAM_SERVICE_ERR_OFFSET =
ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_SERVICE);
enum {
ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED,
ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED = ACCOUNT_IAM_SERVICE_ERR_OFFSET + 0x0001,
ERR_ACCOUNT_IAM_SERVICE_GET_STORAGE_SYSTEM_ABILITY,
ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR,
ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL

8
frameworks/osaccount/core/src/os_account.cpp
View File

@ -416,7 +416,11 @@ ErrCode OsAccount::SubscribeOsAccount(const std::shared_ptr<OsAccountSubscriber>
sptr<IRemoteObject> osAccountEventListener = nullptr;
ErrCode subscribeState = CreateOsAccountEventListener(subscriber, osAccountEventListener);
if (subscribeState == INITIAL_SUBSCRIPTION) {
return osAccountProxy_->SubscribeOsAccount(subscribeInfo, osAccountEventListener);
subscribeState = osAccountProxy_->SubscribeOsAccount(subscribeInfo, osAccountEventListener);
if (subscribeState != ERR_OK) {
eventListeners_.erase(subscriber);
}
return subscribeState;
} else if (subscribeState == ALREADY_SUBSCRIBED) {
return ERR_OK;
} else {
@ -557,12 +561,14 @@ ErrCode OsAccount::GetOsAccountProxy()
osAccountProxy_ = iface_cast<IOsAccount>(osAccountRemoteObject);
if ((!osAccountProxy_) || (!osAccountProxy_->AsObject())) {
ACCOUNT_LOGE("failed to cast os account proxy");
osAccountProxy_ = nullptr;
return ERR_OSACCOUNT_KIT_GET_APP_ACCOUNT_PROXY_ERROR;
}
deathRecipient_ = new (std::nothrow) OsAccountDeathRecipient();
if (!deathRecipient_) {
ACCOUNT_LOGE("failed to create os account death recipient");
osAccountProxy_ = nullptr;
return ERR_OSACCOUNT_KIT_CREATE_APP_ACCOUNT_DEATH_RECIPIENT_ERROR;
}

1
interfaces/kits/napi/appaccount/include/napi_app_account_authenticator.h
View File

@ -76,6 +76,7 @@ public:
private:
static napi_value JsConstructor(napi_env env, napi_callback_info cbinfo);
static napi_value GetRemoteObject(napi_env env, napi_callback_info cbInfo);
static napi_status GetNamedFunction(napi_env env, napi_value value, const std::string &name, napi_ref *result);
static void CallJsFunction(napi_env env, napi_ref funcRef, napi_value *argv, size_t argc);
static void CreateAuthenticatorCallback(napi_env env, sptr<IRemoteObject> nativeCallback, napi_value *jsCallback);
static void CreateJsVerifyCredentialOptions(napi_env env, VerifyCredentialOptions &options, napi_value *jsOptions);

70
interfaces/kits/napi/appaccount/src/napi_app_account_authenticator.cpp
View File

@ -387,59 +387,59 @@ void NapiAppAccountAuthenticator::SetJsRemoteObject(napi_value remoteObject)
napi_value NapiAppAccountAuthenticator::GetRemoteObject(napi_env env, napi_callback_info cbInfo)
{
ACCOUNT_LOGD("enter");
napi_value jsFunc = nullptr;
napi_value thisVar = nullptr;
napi_get_cb_info(env, cbInfo, nullptr, nullptr, &thisVar, nullptr);
JsAuthenticator jsAuthenticator;
napi_get_named_property(env, thisVar, "addAccountImplicitly", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.addAccountImplicitly);
napi_get_named_property(env, thisVar, "authenticate", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.authenticate);
napi_get_named_property(env, thisVar, "verifyCredential", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.verifyCredential);
napi_get_named_property(env, thisVar, "checkAccountLabels", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.checkAccountLabels);
napi_get_named_property(env, thisVar, "isAccountRemovable", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.isAccountRemovable);
napi_get_named_property(env, thisVar, "setProperties", &jsFunc);
napi_create_reference(env, jsFunc, 1, &jsAuthenticator.setProperties);
sptr<NapiAppAccountAuthenticator> authenticator =
new (std::nothrow) NapiAppAccountAuthenticator(env, jsAuthenticator);
if (authenticator == nullptr) {
ACCOUNT_LOGD("failed to construct NapiAppAccountAuthenticator");
return nullptr;
}
return NAPI_ohos_rpc_CreateJsRemoteObject(env, authenticator->AsObject());
return thisVar;
}
napi_value NapiAppAccountAuthenticator::Init(napi_env env, napi_value exports)
{
ACCOUNT_LOGD("enter");
const std::string className = "Authenticator";
napi_property_descriptor properties[] = {
DECLARE_NAPI_FUNCTION("getRemoteObject", GetRemoteObject),
};
napi_value constructor = nullptr;
napi_define_class(env, className.c_str(), className.length(), JsConstructor, nullptr,
sizeof(properties) / sizeof(properties[0]), properties, &constructor);
0, nullptr, &constructor);
NAPI_ASSERT(env, constructor != nullptr, "define js class Authenticator failed");
napi_status status = napi_set_named_property(env, exports, className.c_str(), constructor);
NAPI_ASSERT(env, status == napi_ok, "set property Authenticator to exports failed");
napi_value global = nullptr;
status = napi_get_global(env, &global);
NAPI_ASSERT(env, status == napi_ok, "get napi global failed");
status = napi_set_named_property(env, global, "AuthenticatorConstructor_", constructor);
NAPI_ASSERT(env, status == napi_ok, "set stub constructor failed");
return exports;
}
napi_status NapiAppAccountAuthenticator::GetNamedFunction(
napi_env env, napi_value value, const std::string &name, napi_ref *result)
{
napi_value jsFunc = nullptr;
napi_get_named_property(env, value, name.c_str(), &jsFunc);
return napi_create_reference(env, jsFunc, 1, result);
}
napi_value NapiAppAccountAuthenticator::JsConstructor(napi_env env, napi_callback_info info)
{
ACCOUNT_LOGD("enter");
napi_value thisVar = nullptr;
napi_get_cb_info(env, info, nullptr, nullptr, &thisVar, nullptr);
return thisVar;
napi_status status = napi_get_cb_info(env, info, nullptr, nullptr, &thisVar, nullptr);
NAPI_ASSERT(env, status == napi_ok, "get callback info failed");
JsAuthenticator jsAuthenticator;
GetNamedFunction(env, thisVar, "addAccountImplicitly", &jsAuthenticator.addAccountImplicitly);
GetNamedFunction(env, thisVar, "authenticate", &jsAuthenticator.authenticate);
GetNamedFunction(env, thisVar, "verifyCredential", &jsAuthenticator.verifyCredential);
GetNamedFunction(env, thisVar, "checkAccountLabels", &jsAuthenticator.checkAccountLabels);
GetNamedFunction(env, thisVar, "isAccountRemovable", &jsAuthenticator.isAccountRemovable);
GetNamedFunction(env, thisVar, "setProperties", &jsAuthenticator.setProperties);
napi_value object = nullptr;
napi_create_object(env, &object);
NAPIRemoteObjectExport(env, object);
sptr<NapiAppAccountAuthenticator> authenticator =
new (std::nothrow) NapiAppAccountAuthenticator(env, jsAuthenticator);
if (authenticator == nullptr) {
ACCOUNT_LOGE("failed to construct NapiAppAccountAuthenticator");
return nullptr;
}
napi_value napiRemoteObj = NAPI_ohos_rpc_CreateJsRemoteObject(env, authenticator->AsObject());
napi_value func = nullptr;
napi_create_function(env, "getRemoteObject", 0, GetRemoteObject, nullptr, &func);
NAPI_ASSERT(env, func != nullptr, "create function getRemoteObject failed");
status = napi_set_named_property(env, napiRemoteObj, "getRemoteObject", func);
NAPI_ASSERT(env, status == napi_ok, "set property getRemoteObject failed");
return napiRemoteObj;
}
} // namespace AccountJsKit
} // namespace OHOS

4
services/accountmgr/BUILD.gn
View File

@ -270,6 +270,10 @@ ohos_shared_library("accountmgr") {
external_deps += [ "hisysevent_native:libhisysevent" ]
}
if (use_musl) {
cflags_cc += [ "-DUSE_MUSL" ]
}
external_deps += [ "hitrace_native:hitrace_meter" ]
part_name = "os_account"

1
services/accountmgr/include/account_iam/account_iam_mgr_stub.h
View File

@ -49,6 +49,7 @@ private:
ErrCode ProcGetAccountState(MessageParcel &data, MessageParcel &reply);
ErrCode ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType);
ErrCode AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd = true);
bool CheckPermission(const std::string &permission);
private:
static const std::map<uint32_t, MessageProcFunction> messageProcMap_;

10
services/accountmgr/include/account_mgr_service.h
View File

@ -22,6 +22,9 @@
#include "account_dump_helper.h"
#include "account_event_provider.h"
#include "account_info.h"
#if defined(HAS_USER_AUTH_PART)
#include "account_iam_service.h"
#endif
#include "account_stub.h"
#include "app_account_manager_service.h"
#include "os_account_manager_service.h"
@ -73,10 +76,9 @@ private:
std::unique_ptr<AccountDumpHelper> dumpHelper_{};
std::shared_ptr<OhosAccountManager> ohosAccountMgr_{};
sptr<IRemoteObject> appAccountManagerService_ = nullptr;
sptr<IRemoteObject> osAccountManagerService_ = nullptr;
sptr<IRemoteObject> accountIAMService_ = nullptr;
OsAccountManagerService* osAccountManagerServiceOrg_ = nullptr;
sptr<AppAccountManagerService> appAccountManagerService_ = nullptr;
sptr<OsAccountManagerService> osAccountManagerService_ = nullptr;
sptr<AccountIAMService> accountIAMService_ = nullptr;
};
} // namespace AccountSA
} // namespace OHOS

1
services/accountmgr/include/account_permission_manager.h
View File

@ -35,6 +35,7 @@ public:
static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS;
static const std::string ACCESS_USER_AUTH_INTERNAL;
static const std::string MANAGE_USER_IDM;
static const std::string USE_USER_IDM;
};
} // namespace AccountSA
} // namespace OHOS

57
services/accountmgr/src/account_iam/account_iam_mgr_stub.cpp
View File

@ -17,6 +17,7 @@
#include "access_token.h"
#include "account_log_wrapper.h"
#include "account_permission_manager.h"
#include "iaccount_iam_callback.h"
#include "ipc_skeleton.h"
#include "token_setproc.h"
@ -109,6 +110,9 @@ std::int32_t AccountIAMMgrStub::OnRemoteRequest(
ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -121,6 +125,9 @@ ErrCode AccountIAMMgrStub::ProcOpenSession(MessageParcel &data, MessageParcel &r
ErrCode AccountIAMMgrStub::ProcCloseSession(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -145,7 +152,9 @@ ErrCode AccountIAMMgrStub::ReadUserIdAndAuthType(MessageParcel &data, int32_t &u
ErrCode AccountIAMMgrStub::AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd)
{
ACCOUNT_LOGD("isAddCredential: %{public}d", isAdd);
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
int32_t authType;
ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
@ -189,6 +198,9 @@ ErrCode AccountIAMMgrStub::ProcUpdateCredential(MessageParcel &data, MessageParc
ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -215,6 +227,9 @@ ErrCode AccountIAMMgrStub::ProcDelCred(MessageParcel &data, MessageParcel &reply
ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -236,6 +251,9 @@ ErrCode AccountIAMMgrStub::ProcDelUser(MessageParcel &data, MessageParcel &reply
ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::MANAGE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -252,6 +270,9 @@ ErrCode AccountIAMMgrStub::ProcCancel(MessageParcel &data, MessageParcel &reply)
ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::USE_USER_IDM)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
int32_t authType;
ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
@ -269,6 +290,9 @@ ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessagePar
ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
if (!data.ReadInt32(userId)) {
ACCOUNT_LOGD("failed to read userId");
@ -301,6 +325,9 @@ ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &repl
ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
uint64_t contextId;
if (!data.ReadUint64(contextId)) {
ACCOUNT_LOGD("failed to read contextId");
@ -312,6 +339,9 @@ ErrCode AccountIAMMgrStub::ProcCancelAuth(MessageParcel &data, MessageParcel &re
ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t authType;
if (!data.ReadInt32(authType)) {
ACCOUNT_LOGD("failed to read authType for GetAvailableStatus");
@ -328,11 +358,13 @@ ErrCode AccountIAMMgrStub::ProcGetAvailableStatus(MessageParcel &data, MessagePa
ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
int32_t authType;
ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
if (ret != ERR_OK) {
return ret;
if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
}
std::vector<uint32_t> keys;
if (!data.ReadUInt32Vector(&keys)) {
@ -355,11 +387,13 @@ ErrCode AccountIAMMgrStub::ProcGetProperty(MessageParcel &data, MessageParcel &r
ErrCode AccountIAMMgrStub::ProcSetProperty(MessageParcel &data, MessageParcel &reply)
{
if (!CheckPermission(AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL)) {
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
int32_t userId;
int32_t authType;
ErrCode ret = ReadUserIdAndAuthType(data, userId, authType);
if (ret != ERR_OK) {
return ret;
if (ReadUserIdAndAuthType(data, userId, authType) != ERR_OK) {
return ERR_ACCOUNT_IAM_SERVICE_READ_PARCEL_FAIL;
}
std::vector<uint8_t> attr;
if (!data.ReadUInt8Vector(&attr)) {
@ -389,5 +423,14 @@ ErrCode AccountIAMMgrStub::ProcGetAccountState(MessageParcel &data, MessageParce
IAMState state = GetAccountState(userId);
return reply.WriteInt32(state);
}
bool AccountIAMMgrStub::CheckPermission(const std::string &permission)
{
if (AccountPermissionManager::GetInstance()->VerifyPermission(permission) != ERR_OK) {
ACCOUNT_LOGE("check permission failed, permission name: %{public}s", permission.c_str());
return false;
}
return true;
}
} // AccountSA
} // OHOS

51
services/accountmgr/src/account_mgr_service.cpp
View File

@ -16,9 +16,6 @@
#include "account_mgr_service.h"
#include <cerrno>
#include "account_dump_helper.h"
#if defined(HAS_USER_AUTH_PART)
#include "account_iam_service.h"
#endif
#include "account_log_wrapper.h"
#include "app_account_manager_service.h"
#include "datetime_ex.h"
@ -107,23 +104,26 @@ std::int32_t AccountMgrService::QueryDeviceAccountId(std::int32_t &accountId)
sptr<IRemoteObject> AccountMgrService::GetAppAccountService()
{
ACCOUNT_LOGD("enter");
return appAccountManagerService_;
if (appAccountManagerService_ != nullptr) {
return appAccountManagerService_->AsObject();
}
return nullptr;
}
sptr<IRemoteObject> AccountMgrService::GetOsAccountService()
{
ACCOUNT_LOGD("enter");
return osAccountManagerService_;
if (osAccountManagerService_ != nullptr) {
return osAccountManagerService_->AsObject();
}
return nullptr;
}
sptr<IRemoteObject> AccountMgrService::GetAccountIAMService()
{
ACCOUNT_LOGD("enter");
return accountIAMService_;
if (accountIAMService_ != nullptr) {
return accountIAMService_->AsObject();
}
return nullptr;
}
bool AccountMgrService::IsServiceStarted(void) const
@ -152,7 +152,7 @@ void AccountMgrService::OnStart()
state_ = ServiceRunningState::STATE_RUNNING;
// create and start basic accounts
osAccountManagerServiceOrg_->CreateBasicAccounts();
osAccountManagerService_->CreateBasicAccounts();
ACCOUNT_LOGI("AccountMgrService::OnStart start service finished.");
FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER);
}
@ -194,27 +194,27 @@ bool AccountMgrService::Init()
}
IAccountContext::SetInstance(this);
auto appAccountManagerService = new (std::nothrow) AppAccountManagerService();
if (appAccountManagerService == nullptr) {
appAccountManagerService_ = new (std::nothrow) AppAccountManagerService();
if (appAccountManagerService_ == nullptr) {
ReportServiceStartFail(ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR,
"Insufficient memory to create app account manager service");
ACCOUNT_LOGE("memory alloc failed for appAccountManagerService!");
return false;
}
osAccountManagerServiceOrg_ = new (std::nothrow) OsAccountManagerService();
if (osAccountManagerServiceOrg_ == nullptr) {
ACCOUNT_LOGE("memory alloc failed for osAccountManagerServiceOrg_!");
delete appAccountManagerService;
osAccountManagerService_ = new (std::nothrow) OsAccountManagerService();
if (osAccountManagerService_ == nullptr) {
ACCOUNT_LOGE("memory alloc failed for osAccountManagerService_!");
appAccountManagerService_ = nullptr;
ReportServiceStartFail(ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR,
"Insufficient memory to create os account manager service");
return false;
}
if (!CreateIAMService()) {
appAccountManagerService_ = nullptr;
osAccountManagerService_ = nullptr;
return false;
}
dumpHelper_ = std::make_unique<AccountDumpHelper>(ohosAccountMgr_, osAccountManagerServiceOrg_);
appAccountManagerService_ = appAccountManagerService->AsObject();
osAccountManagerService_ = osAccountManagerServiceOrg_->AsObject();
dumpHelper_ = std::make_unique<AccountDumpHelper>(ohosAccountMgr_, osAccountManagerService_);
ACCOUNT_LOGI("init end success");
return true;
}
@ -222,12 +222,13 @@ bool AccountMgrService::Init()
bool AccountMgrService::CreateIAMService()
{
#if defined(HAS_USER_AUTH_PART)
auto accountIAMService = new (std::nothrow) AccountIAMService();
if (accountIAMService == nullptr) {
accountIAMService_ = new (std::nothrow) AccountIAMService();
if (accountIAMService_ == nullptr) {
ACCOUNT_LOGE("memory alloc for AccountIAMService failed!");
ReportServiceStartFail(ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR,
"Insufficient memory to create account iam service");
return false;
}
accountIAMService_ = accountIAMService->AsObject();
#endif
return true;
}

1
services/accountmgr/src/account_permission_manager.cpp
View File

@ -32,6 +32,7 @@ const std::string AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS =
"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
const std::string AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
const std::string AccountPermissionManager::MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
const std::string AccountPermissionManager::USE_USER_IDM = "ohos.permission.USE_USER_IDM";
AccountPermissionManager::AccountPermissionManager()
{

12
services/accountmgr/src/account_stub.cpp
View File

@ -38,6 +38,11 @@ const std::string OHOS_ACCOUNT_QUIT_TIPS_CONTENT = "";
const std::string PERMISSION_MANAGE_USERS = "ohos.permission.MANAGE_LOCAL_ACCOUNTS";
const std::string PERMISSION_DISTRIBUTED_DATASYNC = "ohos.permission.DISTRIBUTED_DATASYNC";
constexpr std::int32_t ROOT_UID = 0;
#ifdef USE_MUSL
constexpr std::int32_t DSOFTBUS_UID = 1024;
#else
constexpr std::int32_t DSOFTBUS_UID = 5533;
#endif
} // namespace
const std::map<std::uint32_t, AccountStubFunc> AccountStub::stubFuncMap_{
std::make_pair(UPDATE_OHOS_ACCOUNT_INFO, &AccountStub::CmdUpdateOhosAccountInfo),
@ -117,6 +122,13 @@ std::int32_t AccountStub::CmdQueryOhosAccountInfo(MessageParcel &data, MessagePa
std::int32_t AccountStub::CmdQueryOhosAccountInfoByUserId(MessageParcel &data, MessageParcel &reply)
{
if ((!HasAccountRequestPermission(PERMISSION_MANAGE_USERS)) &&
(!HasAccountRequestPermission(PERMISSION_DISTRIBUTED_DATASYNC)) &&
(IPCSkeleton::GetCallingUid() != DSOFTBUS_UID)) {
ACCOUNT_LOGE("Check permission failed");
return ERR_ACCOUNT_ZIDL_CHECK_PERMISSION_ERROR;
}
std::int32_t userId = data.ReadInt32();
if (userId < 0) {
ACCOUNT_LOGE("negative userID %{public}d detected!", userId);

18
services/accountmgr/src/appaccount/app_account_authenticator_session_manager.cpp
View File

@ -18,6 +18,7 @@
#include "account_log_wrapper.h"
#include "app_account_authenticator_session.h"
#include "app_account_check_labels_session.h"
#include "app_mgr_constants.h"
#include "iservice_registry.h"
#include "system_ability_definition.h"
@ -39,13 +40,10 @@ void SessionAppStateObserver::OnAbilityStateChanged(const AppExecFwk::AbilitySta
}
AppAccountAuthenticatorSessionManager::AppAccountAuthenticatorSessionManager()
{
ACCOUNT_LOGD("enter");
}
{}
AppAccountAuthenticatorSessionManager::~AppAccountAuthenticatorSessionManager()
{
ACCOUNT_LOGD("enter");
UnregisterApplicationStateObserver();
sessionMap_.clear();
abilitySessions_.clear();
@ -146,7 +144,7 @@ ErrCode AppAccountAuthenticatorSessionManager::OpenSession(
}
result = session->Open();
if (result != ERR_OK) {
ACCOUNT_LOGE("failed to open session, result: %{public}d.", result);
ACCOUNT_LOGE("failed to open session, result: %{private}d.", result);
return result;
}
if (sessionMap_.size() == 0) {
@ -179,6 +177,7 @@ std::shared_ptr<AppAccountAuthenticatorSession> AppAccountAuthenticatorSessionMa
}
return it->second;
}
ErrCode AppAccountAuthenticatorSessionManager::GetAuthenticatorCallback(
const AuthenticatorSessionRequest &request, sptr<IRemoteObject> &callback)
{
@ -186,7 +185,7 @@ ErrCode AppAccountAuthenticatorSessionManager::GetAuthenticatorCallback(
std::lock_guard<std::mutex> lock(mutex_);
auto it = sessionMap_.find(request.sessionId);
if ((it == sessionMap_.end()) || (it->second == nullptr)) {
ACCOUNT_LOGE("failed to find a session by id=%{public}s.", request.sessionId.c_str());
ACCOUNT_LOGE("failed to find a session by id=%{private}s.", request.sessionId.c_str());
return ERR_APPACCOUNT_SERVICE_OAUTH_SESSION_NOT_EXIST;
}
return it->second->GetAuthenticatorCallback(request, callback);
@ -194,7 +193,7 @@ ErrCode AppAccountAuthenticatorSessionManager::GetAuthenticatorCallback(
void AppAccountAuthenticatorSessionManager::OnAbilityStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
{
if (abilityStateData.abilityState != Constants::ABILITY_STATE_TERMINATED) {
if (abilityStateData.abilityState != static_cast<int32_t>(AppExecFwk::AbilityState::ABILITY_STATE_TERMINATED)) {
return;
}
std::string key = abilityStateData.abilityName + std::to_string(abilityStateData.uid);
@ -206,7 +205,7 @@ void AppAccountAuthenticatorSessionManager::OnAbilityStateChanged(const AppExecF
for (auto sessionId : it->second) {
auto sessionIt = sessionMap_.find(sessionId);
if (sessionIt != sessionMap_.end()) {
ACCOUNT_LOGI("session{id=%{public}s} will be cleared", sessionId.c_str());
ACCOUNT_LOGI("session{id=%{private}s} will be cleared", sessionId.c_str());
sessionMap_.erase(sessionIt);
}
}
@ -267,11 +266,10 @@ void AppAccountAuthenticatorSessionManager::OnSessionRequestContinued(const std:
void AppAccountAuthenticatorSessionManager::CloseSession(const std::string &sessionId)
{
ACCOUNT_LOGD("enter");
std::lock_guard<std::mutex> lock(mutex_);
auto it = sessionMap_.find(sessionId);
if (it == sessionMap_.end()) {
ACCOUNT_LOGI("session not exist, sessionId=%{public}s", sessionId.c_str());
ACCOUNT_LOGI("session not exist, sessionId=%{private}s", sessionId.c_str());
return;
}
AuthenticatorSessionRequest request;

21
services/accountmgr/test/moduletest/app_account/app_account_manager_service_module_test.cpp
View File

@ -1926,7 +1926,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_SelectAcco
options.allowedAccounts.emplace_back("test_key","value");
options.allowedOwners = TEST_LABELS;
options.requiredLabels = TEST_LABELS;
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->SelectAccountsByOptions(options, callback);
EXPECT_EQ(result, ERR_OK);
}
@ -1946,7 +1947,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_VerifyCred
options.credential = STRING_CREDENTIAL;
AAFwk::WantParams want;
options.parameters = want;
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->VerifyCredential(STRING_NAME, STRING_OWNER, options, callback);
EXPECT_NE(result, ERR_OK);
}
@ -1966,7 +1968,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_VerifyCred
options.credential = STRING_CREDENTIAL;
AAFwk::WantParams want;
options.parameters = want;
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->AddAccount(STRING_NAME, STRING_EXTRA_INFO);
EXPECT_EQ(result, ERR_OK);
result = g_accountManagerService->VerifyCredential(STRING_NAME, STRING_OWNER, options, callback);
@ -1985,7 +1988,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_VerifyCred
HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_CheckAccountLabels_0100, TestSize.Level1)
{
ACCOUNT_LOGI("AppAccountManagerService_CheckAccountLabels_0100");
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->AddAccount(STRING_NAME, STRING_EXTRA_INFO);
EXPECT_EQ(result, ERR_OK);
result = g_accountManagerService->CheckAccountLabels(STRING_NAME, STRING_OWNER, TEST_LABELS, callback);
@ -2004,7 +2008,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_CheckAccou
HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_CheckAccountLabels_0200, TestSize.Level1)
{
ACCOUNT_LOGI("AppAccountManagerService_CheckAccountLabels_0200");
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->CheckAccountLabels(STRING_NAME, STRING_OWNER, TEST_LABELS, callback);
EXPECT_NE(result, ERR_OK);
}
@ -2020,7 +2025,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_SetAuthent
{
ACCOUNT_LOGI("AppAccountManagerService_SetAuthenticatorProperties_0100");
SetPropertiesOptions options;
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->SetAuthenticatorProperties(STRING_OWNER, options, callback);
EXPECT_NE(result, ERR_OK);
}
@ -2038,7 +2044,8 @@ HWTEST_F(AppAccountManagerServiceModuleTest, AppAccountManagerService_SetAuthent
SetPropertiesOptions options;
AAFwk::WantParams want;
options.properties = want;
sptr<IRemoteObject> callback = new MockAuthenticatorCallback();
sptr<IRemoteObject> callback = new (std::nothrow)MockAuthenticatorCallback();
ASSERT_NE(callback, nullptr);
ErrCode result = g_accountManagerService->SetAuthenticatorProperties(STRING_OWNER, options, callback);
EXPECT_NE(result, ERR_OK);
}