!125 GetDeferredLink should check bundleName and appIdentifier

Merge pull request !125 from WoHoo/master
2024-12-27 10:56:47 +00:00 · 2024-11-14 11:33:09 +00:00 · 2024-11-14 11:33:09 +00:00 · 42773255d2
commit 42773255d2
parent 9e046df405 87faaf9a5b
3 changed files with 63 additions and 15 deletions
--- a/frameworks/common/src/bms/bundle_info_query.cpp
+++ b/frameworks/common/src/bms/bundle_info_query.cpp
@ -38,8 +38,11 @@ bool BundleInfoQuery::GetBundleInfo(const std::string& bundleName, std::string&
        return false;
    }
    OHOS::AppExecFwk::BundleInfo bundleInfo;
+    // use sa identity
+    std::string identity = IPCSkeleton::ResetCallingIdentity();
    auto ret = bundleMgrProxy->GetBundleInfoV9(bundleName,
        static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), bundleInfo, userId);
+    IPCSkeleton::SetCallingIdentity(identity);
    if (ret != ERR_OK) {
        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "GetBundleInfo failed, ret: %{public}d.", ret);
        return false;
@ -72,7 +75,10 @@ int32_t BundleInfoQuery::GetCurrentAccountId()
 {
    APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MODULE_COMMON, "called");
    std::vector<int32_t> osAccountIds;
+    // use sa identity
+    std::string identity = IPCSkeleton::ResetCallingIdentity();
    ErrCode ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(osAccountIds);
+    IPCSkeleton::SetCallingIdentity(identity);
    if (ret != ERR_OK) {
        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "QueryActiveOsAccountIds failed.");
        return -1;
--- a/services/include/manager/core/app_domain_verify_mgr_service.h
+++ b/services/include/manager/core/app_domain_verify_mgr_service.h
@ -66,6 +66,9 @@ private:
    static int CheckPermission();
    static void CollectDomains(const std::vector<SkillUri>& skillUris, VerifyResultInfo& verifyResultInfo);
    bool IsUrlInBlackList(const std::string& url);
+    // with check caller's bundleName and appIdentifier
+    int QueryVerifiedBundleWithDomains(std::string& bundleName, std::vector<std::string>& domains);
+
 private:
    std::shared_ptr<AppDomainVerifyDataMgr> dataManager_ = nullptr;
    bool InitConfigMgr();
--- a/services/src/manager/core/app_domain_verify_mgr_service.cpp
+++ b/services/src/manager/core/app_domain_verify_mgr_service.cpp
@ -27,7 +27,7 @@
 namespace OHOS {
 namespace AppDomainVerify {
 constexpr const char* GET_DOMAIN_VERIFY_INFO = "ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO";
-const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new AppDomainVerifyMgrService());
+const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new (std::nothrow) AppDomainVerifyMgrService());
 const std::string HTTPS = "https";
 const std::set<std::string> SCHEME_WHITE_SET = { HTTPS };
 const std::string FUZZY_HOST_START = "*.";
@ -332,26 +332,65 @@ void AppDomainVerifyMgrService::CollectDomains(
            make_pair(uri, std::make_tuple(InnerVerifyStatus::UNKNOWN, std::string(), 0)));
    }
 }
+int AppDomainVerifyMgrService::QueryVerifiedBundleWithDomains(
+    std::string& bundleName, std::vector<std::string>& domains)
+{
+    if (!BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName)) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get caller's bundleName error");
+        return CommonErrorCode::E_INTERNAL_ERR;
+    }
+    if (bundleName.empty()) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's bundleName");
+        return CommonErrorCode::E_PARAM_ERROR;
+    }
+    std::string appIdentifier;
+    std::string fingerPrint;
+    if (!BundleInfoQuery::GetBundleInfo(bundleName, appIdentifier, fingerPrint)) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get appIdentifier error");
+        return CommonErrorCode::E_INTERNAL_ERR;
+    }
+    if (appIdentifier.empty()) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's appIdentifier");
+        return CommonErrorCode::E_PARAM_ERROR;
+    }
+    VerifyResultInfo verifyResultInfo;
+    if (!dataManager_->GetVerifyStatus(bundleName, verifyResultInfo)) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get verifyResultInfo");
+        return CommonErrorCode::E_INTERNAL_ERR;
+    }
+    if (verifyResultInfo.appIdentifier != appIdentifier) {
+        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "bundle's appIdentifier not match");
+        return CommonErrorCode::E_PARAM_ERROR;
+    }
+    std::for_each(std::begin(verifyResultInfo.hostVerifyStatusMap), std::end(verifyResultInfo.hostVerifyStatusMap),
+        [&domains](const auto& item) {
+            if (std::get<0>(item.second) == InnerVerifyStatus::STATE_SUCCESS) {
+                domains.push_back(item.first);
+            }
+        });
+    return CommonErrorCode::E_OK;
+}
+
 int AppDomainVerifyMgrService::GetDeferredLink(std::string& link)
 {
    APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "called");
    std::string bundleName;
-    BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName);
-    if (!bundleName.empty()) {
-        std::vector<std::string> domains;
-        if (dataManager_->QueryAssociatedDomains(bundleName, domains) && !domains.empty()) {
-            link = deferredLinkMgr_->GetDeferredLink(bundleName, domains);
-            APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "get link, %{private}s.", link.c_str());
-            return CommonErrorCode::E_OK;
-        } else {
-            APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get associate domains");
-            return CommonErrorCode::E_OK;
-        }
-    } else {
-        APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get bundleName.");
-        return CommonErrorCode::E_PERMISSION_DENIED;
+    std::vector<std::string> domains;
+    auto ret = QueryVerifiedBundleWithDomains(bundleName, domains);
+    if (ret != CommonErrorCode::E_OK) {
+        APP_DOMAIN_VERIFY_HILOGE(
+            APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "QueryVerifiedBundleWithDomains error:%{public}d.", ret);
+        return ret;
    }
+    if (domains.empty()) {
+        APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "domains empty, will return.");
+        return CommonErrorCode::E_OK;
+    }
+    link = deferredLinkMgr_->GetDeferredLink(bundleName, domains);
+    APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "get link, %{private}s.", link.c_str());
+    return CommonErrorCode::E_OK;
 }
+
 bool AppDomainVerifyMgrService::IsUrlInBlackList(const std::string& url)
 {
    return IsAtomicServiceUrl(url);