!125 GetDeferredLink should check bundleName and appIdentifier

Merge pull request !125 from WoHoo/master
This commit is contained in:
openharmony_ci 2024-11-14 11:33:09 +00:00 committed by Gitee
commit 42773255d2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 63 additions and 15 deletions

View File

@ -38,8 +38,11 @@ bool BundleInfoQuery::GetBundleInfo(const std::string& bundleName, std::string&
return false;
}
OHOS::AppExecFwk::BundleInfo bundleInfo;
// use sa identity
std::string identity = IPCSkeleton::ResetCallingIdentity();
auto ret = bundleMgrProxy->GetBundleInfoV9(bundleName,
static_cast<int32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_SIGNATURE_INFO), bundleInfo, userId);
IPCSkeleton::SetCallingIdentity(identity);
if (ret != ERR_OK) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "GetBundleInfo failed, ret: %{public}d.", ret);
return false;
@ -72,7 +75,10 @@ int32_t BundleInfoQuery::GetCurrentAccountId()
{
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_MODULE_COMMON, "called");
std::vector<int32_t> osAccountIds;
// use sa identity
std::string identity = IPCSkeleton::ResetCallingIdentity();
ErrCode ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(osAccountIds);
IPCSkeleton::SetCallingIdentity(identity);
if (ret != ERR_OK) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MODULE_COMMON, "QueryActiveOsAccountIds failed.");
return -1;

View File

@ -66,6 +66,9 @@ private:
static int CheckPermission();
static void CollectDomains(const std::vector<SkillUri>& skillUris, VerifyResultInfo& verifyResultInfo);
bool IsUrlInBlackList(const std::string& url);
// with check caller's bundleName and appIdentifier
int QueryVerifiedBundleWithDomains(std::string& bundleName, std::vector<std::string>& domains);
private:
std::shared_ptr<AppDomainVerifyDataMgr> dataManager_ = nullptr;
bool InitConfigMgr();

View File

@ -27,7 +27,7 @@
namespace OHOS {
namespace AppDomainVerify {
constexpr const char* GET_DOMAIN_VERIFY_INFO = "ohos.permission.GET_APP_DOMAIN_BUNDLE_INFO";
const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new AppDomainVerifyMgrService());
const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(new (std::nothrow) AppDomainVerifyMgrService());
const std::string HTTPS = "https";
const std::set<std::string> SCHEME_WHITE_SET = { HTTPS };
const std::string FUZZY_HOST_START = "*.";
@ -332,26 +332,65 @@ void AppDomainVerifyMgrService::CollectDomains(
make_pair(uri, std::make_tuple(InnerVerifyStatus::UNKNOWN, std::string(), 0)));
}
}
int AppDomainVerifyMgrService::QueryVerifiedBundleWithDomains(
std::string& bundleName, std::vector<std::string>& domains)
{
if (!BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName)) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get caller's bundleName error");
return CommonErrorCode::E_INTERNAL_ERR;
}
if (bundleName.empty()) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's bundleName");
return CommonErrorCode::E_PARAM_ERROR;
}
std::string appIdentifier;
std::string fingerPrint;
if (!BundleInfoQuery::GetBundleInfo(bundleName, appIdentifier, fingerPrint)) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "get appIdentifier error");
return CommonErrorCode::E_INTERNAL_ERR;
}
if (appIdentifier.empty()) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get caller's appIdentifier");
return CommonErrorCode::E_PARAM_ERROR;
}
VerifyResultInfo verifyResultInfo;
if (!dataManager_->GetVerifyStatus(bundleName, verifyResultInfo)) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "can not get verifyResultInfo");
return CommonErrorCode::E_INTERNAL_ERR;
}
if (verifyResultInfo.appIdentifier != appIdentifier) {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "bundle's appIdentifier not match");
return CommonErrorCode::E_PARAM_ERROR;
}
std::for_each(std::begin(verifyResultInfo.hostVerifyStatusMap), std::end(verifyResultInfo.hostVerifyStatusMap),
[&domains](const auto& item) {
if (std::get<0>(item.second) == InnerVerifyStatus::STATE_SUCCESS) {
domains.push_back(item.first);
}
});
return CommonErrorCode::E_OK;
}
int AppDomainVerifyMgrService::GetDeferredLink(std::string& link)
{
APP_DOMAIN_VERIFY_HILOGI(APP_DOMAIN_VERIFY_MGR_MODULE_SERVICE, "called");
std::string bundleName;
BundleInfoQuery::GetBundleNameForUid(IPCSkeleton::GetCallingUid(), bundleName);
if (!bundleName.empty()) {
std::vector<std::string> domains;
if (dataManager_->QueryAssociatedDomains(bundleName, domains) && !domains.empty()) {
auto ret = QueryVerifiedBundleWithDomains(bundleName, domains);
if (ret != CommonErrorCode::E_OK) {
APP_DOMAIN_VERIFY_HILOGE(
APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "QueryVerifiedBundleWithDomains error:%{public}d.", ret);
return ret;
}
if (domains.empty()) {
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "domains empty, will return.");
return CommonErrorCode::E_OK;
}
link = deferredLinkMgr_->GetDeferredLink(bundleName, domains);
APP_DOMAIN_VERIFY_HILOGD(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "get link, %{private}s.", link.c_str());
return CommonErrorCode::E_OK;
} else {
APP_DOMAIN_VERIFY_HILOGW(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get associate domains");
return CommonErrorCode::E_OK;
}
} else {
APP_DOMAIN_VERIFY_HILOGE(APP_DOMAIN_VERIFY_AGENT_MODULE_SERVICE, "can not get bundleName.");
return CommonErrorCode::E_PERMISSION_DENIED;
}
}
bool AppDomainVerifyMgrService::IsUrlInBlackList(const std::string& url)
{
return IsAtomicServiceUrl(url);