mirror of
https://gitee.com/openharmony/bundlemanager_app_domain_verify
synced 2025-01-15 04:57:57 +00:00
!125 GetDeferredLink should check bundleName and appIdentifier
Merge pull request !125 from WoHoo/master
This commit is contained in:
commit
42773255d2
@ -38,8 +38,11 @@ bool BundleInfoQuery::GetBundleInfo(const std::string& bundleName, std::string&
|
||||
return false;
|
||||
}
|
||||
OHOS::AppExecFwk::BundleInfo bundleInfo;
|
||||
// use sa identity
|
||||
std::string identity = IPCSkeleton::ResetCallingIdentity();
|
||||
auto ret = bundleMgrProxy->GetBundleInfoV9(bundleName,
|
||||
static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), bundleInfo, userId);
|
||||
IPCSkeleton::SetCallingIdentity(identity);
|
||||
if (ret != ERR_OK) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "GetBundleInfo failed, ret: %{public}d.", ret);
|
||||
return false;
|
||||
@ -72,7 +75,10 @@ int32_t BundleInfoQuery::GetCurrentAccountId()
|
||||
{
|
||||
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MODULE_COMMON, "called");
|
||||
std::vector<int32_t> osAccountIds;
|
||||
// use sa identity
|
||||
std::string identity = IPCSkeleton::ResetCallingIdentity();
|
||||
ErrCode ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(osAccountIds);
|
||||
IPCSkeleton::SetCallingIdentity(identity);
|
||||
if (ret != ERR_OK) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "QueryActiveOsAccountIds failed.");
|
||||
return -1;
|
||||
|
@ -66,6 +66,9 @@ private:
|
||||
static int CheckPermission();
|
||||
static void CollectDomains(const std::vector<SkillUri>& skillUris, VerifyResultInfo& verifyResultInfo);
|
||||
bool IsUrlInBlackList(const std::string& url);
|
||||
// with check caller's bundleName and appIdentifier
|
||||
int QueryVerifiedBundleWithDomains(std::string& bundleName, std::vector<std::string>& domains);
|
||||
|
||||
private:
|
||||
std::shared_ptr<AppDomainVerifyDataMgr> dataManager_ = nullptr;
|
||||
bool InitConfigMgr();
|
||||
|
@ -27,7 +27,7 @@
|
||||
namespace OHOS {
|
||||
namespace AppDomainVerify {
|
||||
constexpr const char* GET_DOMAIN_VERIFY_INFO = "ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO";
|
||||
const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new AppDomainVerifyMgrService());
|
||||
const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new (std::nothrow) AppDomainVerifyMgrService());
|
||||
const std::string HTTPS = "https";
|
||||
const std::set<std::string> SCHEME_WHITE_SET = { HTTPS };
|
||||
const std::string FUZZY_HOST_START = "*.";
|
||||
@ -332,26 +332,65 @@ void AppDomainVerifyMgrService::CollectDomains(
|
||||
make_pair(uri, std::make_tuple(InnerVerifyStatus::UNKNOWN, std::string(), 0)));
|
||||
}
|
||||
}
|
||||
int AppDomainVerifyMgrService::QueryVerifiedBundleWithDomains(
|
||||
std::string& bundleName, std::vector<std::string>& domains)
|
||||
{
|
||||
if (!BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName)) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get caller's bundleName error");
|
||||
return CommonErrorCode::E_INTERNAL_ERR;
|
||||
}
|
||||
if (bundleName.empty()) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's bundleName");
|
||||
return CommonErrorCode::E_PARAM_ERROR;
|
||||
}
|
||||
std::string appIdentifier;
|
||||
std::string fingerPrint;
|
||||
if (!BundleInfoQuery::GetBundleInfo(bundleName, appIdentifier, fingerPrint)) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get appIdentifier error");
|
||||
return CommonErrorCode::E_INTERNAL_ERR;
|
||||
}
|
||||
if (appIdentifier.empty()) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's appIdentifier");
|
||||
return CommonErrorCode::E_PARAM_ERROR;
|
||||
}
|
||||
VerifyResultInfo verifyResultInfo;
|
||||
if (!dataManager_->GetVerifyStatus(bundleName, verifyResultInfo)) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get verifyResultInfo");
|
||||
return CommonErrorCode::E_INTERNAL_ERR;
|
||||
}
|
||||
if (verifyResultInfo.appIdentifier != appIdentifier) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "bundle's appIdentifier not match");
|
||||
return CommonErrorCode::E_PARAM_ERROR;
|
||||
}
|
||||
std::for_each(std::begin(verifyResultInfo.hostVerifyStatusMap), std::end(verifyResultInfo.hostVerifyStatusMap),
|
||||
[&domains](const auto& item) {
|
||||
if (std::get<0>(item.second) == InnerVerifyStatus::STATE_SUCCESS) {
|
||||
domains.push_back(item.first);
|
||||
}
|
||||
});
|
||||
return CommonErrorCode::E_OK;
|
||||
}
|
||||
|
||||
int AppDomainVerifyMgrService::GetDeferredLink(std::string& link)
|
||||
{
|
||||
APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "called");
|
||||
std::string bundleName;
|
||||
BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName);
|
||||
if (!bundleName.empty()) {
|
||||
std::vector<std::string> domains;
|
||||
if (dataManager_->QueryAssociatedDomains(bundleName, domains) && !domains.empty()) {
|
||||
auto ret = QueryVerifiedBundleWithDomains(bundleName, domains);
|
||||
if (ret != CommonErrorCode::E_OK) {
|
||||
APP_DOMAIN_VERIFY_HILOGE(
|
||||
APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "QueryVerifiedBundleWithDomains error:%{public}d.", ret);
|
||||
return ret;
|
||||
}
|
||||
if (domains.empty()) {
|
||||
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "domains empty, will return.");
|
||||
return CommonErrorCode::E_OK;
|
||||
}
|
||||
link = deferredLinkMgr_->GetDeferredLink(bundleName, domains);
|
||||
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "get link, %{private}s.", link.c_str());
|
||||
return CommonErrorCode::E_OK;
|
||||
} else {
|
||||
APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get associate domains");
|
||||
return CommonErrorCode::E_OK;
|
||||
}
|
||||
} else {
|
||||
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get bundleName.");
|
||||
return CommonErrorCode::E_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
bool AppDomainVerifyMgrService::IsUrlInBlackList(const std::string& url)
|
||||
{
|
||||
return IsAtomicServiceUrl(url);
|
||||
|
Loading…
x
Reference in New Issue
Block a user