From 1bc5ae485f58f9baed8f0b88562fef7271013b00 Mon Sep 17 00:00:00 2001 From: xuyong Date: Mon, 9 Sep 2024 22:10:33 +0800 Subject: [PATCH 1/3] add event query&subscribe control for shell user Signed-off-by: xuyong --- .../plugins/eventservice/service/idl/BUILD.gn | 3 +- .../idl/include/compliant_event_checker.h | 37 +++++++++ .../idl/include/event_query_wrapper_builder.h | 14 +++- .../idl/include/sys_event_service_ohos.h | 11 ++- .../idl/src/compliant_event_checker.cpp | 75 +++++++++++++++++++ .../idl/src/event_query_wrapper_builder.cpp | 29 ++++--- .../idl/src/sys_event_service_ohos.cpp | 27 ++++--- .../eventservice/service/test/BUILD.gn | 34 ++++++++- .../unittest/common/event_checker_test.cpp | 70 +++++++++++++++++ .../test/unittest/common/event_checker_test.h | 33 ++++++++ base/libhiviewbase.map | 2 + 11 files changed, 309 insertions(+), 26 deletions(-) create mode 100644 adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h create mode 100644 adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp create mode 100644 adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp create mode 100644 adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.h diff --git a/adapter/plugins/eventservice/service/idl/BUILD.gn b/adapter/plugins/eventservice/service/idl/BUILD.gn index e983b127..c7f88f32 100644 --- a/adapter/plugins/eventservice/service/idl/BUILD.gn +++ b/adapter/plugins/eventservice/service/idl/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2023 Huawei Device Co., Ltd. +# Copyright (c) 2021-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -40,6 +40,7 @@ ohos_source_set("sys_event_service_ohos") { sources = [ "src/ash_mem_utils.cpp", + "src/compliant_event_checker.cpp", "src/data_publisher.cpp", "src/data_publisher_sys_event_callback.cpp", "src/data_share_dao.cpp", diff --git a/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h new file mode 100644 index 00000000..6a5c294a --- /dev/null +++ b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_HIVIEWDFX_COMPLIANT_EVENT_CHECKER_H +#define OHOS_HIVIEWDFX_COMPLIANT_EVENT_CHECKER_H + +#include + +namespace OHOS { +namespace HiviewDFX { +class CompliantEventChecker { +public: + CompliantEventChecker(); + ~CompliantEventChecker() = default; + +public: + bool IsInCompliantEvent(const std::string& domain, const std::string& eventName); + +private: + int64_t secureVal_ = 0; +}; +} // namespace HiviewDFX +} // namespace OHOS + +#endif // OHOS_HIVIEWDFX_COMPLIANT_EVENT_CHECKER_H \ No newline at end of file diff --git a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h index c5b6c824..25846c60 100644 --- a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h +++ b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,6 +18,7 @@ #include +#include "compliant_event_checker.h" #include "data_share_common.h" #include "iquery_base_callback.h" #include "json/json.h" @@ -51,7 +52,7 @@ private: class BaseEventQueryWrapper { public: - BaseEventQueryWrapper(std::shared_ptr query) : query_(query) {} + BaseEventQueryWrapper(std::shared_ptr query); virtual ~BaseEventQueryWrapper() {} public: @@ -72,6 +73,13 @@ public: bool IsQueryComplete() const; bool NeedStartNextQuery(); +protected: + struct QuerierInfo { + int32_t uid; + int32_t pid; + std::string processName; + }; + protected: virtual void BuildQuery() = 0; virtual void Order() = 0; @@ -91,6 +99,8 @@ protected: int32_t ignoredEventCnt_ = 0; std::shared_ptr query_ = nullptr; std::vector queryRules_; + QuerierInfo querierInfo_; + CompliantEventChecker eventChecker_; private: bool isFirstPartialQuery_ = true; diff --git a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h index d9c5f7c4..79a34c5b 100644 --- a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h +++ b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h @@ -18,6 +18,8 @@ #include #include +#include +#include #include #include @@ -40,7 +42,13 @@ using CallbackObjectOhos = OHOS::sptr; using SysEventCallbackPtrOhos = OHOS::sptr; using SysEventRuleGroupOhos = std::vector; using SysEventQueryRuleGroupOhos = std::vector; -using RegisteredListeners = std::map>; + +struct ListenerInfo { + int32_t pid; + int32_t uid; + SysEventRuleGroupOhos rules; +}; +using RegisteredListeners = std::map; namespace OHOS { namespace HiviewDFX { @@ -105,6 +113,7 @@ private: static OHOS::HiviewDFX::NotifySysEvent gISysEventNotify_; std::mutex publisherMutex_; std::shared_ptr dataPublisher_; + CompliantEventChecker eventChecker_; private: static sptr instance; diff --git a/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp new file mode 100644 index 00000000..e5c98802 --- /dev/null +++ b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "compliant_event_checker.h" + +#include +#include + +#include "hiview_logger.h" +#include "parameter_ex.h" + +namespace OHOS { +namespace HiviewDFX { +namespace { +DEFINE_LOG_TAG("CompliantEventChecker"); + +constexpr int64_t SECURE_DISBALED_VAL = 0; +constexpr int64_t SECURE_ENABALED_VAL = 1; + +std::unordered_map> COMPLIANT_EVENT_CONFIGS { + {"AAFWK", { "START_ABILITY", "ABILITY_ONFOREGROUND", "ABILITY_ONBACKGROUND", "ABILITY_ONACTIVE", + "ABILITY_ONINACTIVE", "TERMINATE_ABILITY"}}, + {"ACE", {"INTERACTION_COMPLETED_LATENCY"}}, + {"AV_CODEC", {"CODEC_START_INFO"}}, + {"GRAPHIC", {"INTERACTION_COMPLETED_LATENCY"}}, + {"LOCATION", {"GNSS_STATE"}}, + {"PERFORMANCE", {}}, + {"RELIBILITY", {}}, + {"STABILITY", {"JS_ERROR", "CPP_CRASH", "APP_FREEZE", "MEMORY_LEAK", "FD_LEAK", "THREAD_LEAK", "ADDR_SANITIZER"}}, + {"WORKSCHEDULER", {"WORK_ADD", "WORK_REMOVE", "WORK_START", "WORK_STOP"}}, +}; +} + +CompliantEventChecker::CompliantEventChecker() +{ + secureVal_ = Parameter::GetInteger("const.secure", SECURE_ENABALED_VAL); + HIVIEW_LOGD("value of const.secure is %{public}" PRId64 "", secureVal_); +} + +bool CompliantEventChecker::IsInCompliantEvent(const std::string& domain, const std::string& eventName) +{ + if (secureVal_ == SECURE_DISBALED_VAL) { + return false; + } + for (const auto& compliantConfig : COMPLIANT_EVENT_CONFIGS) { + if (compliantConfig.first != domain) { + continue; + } + if (compliantConfig.second.empty()) { + HIVIEW_LOGD("event with domain [%{public}s] is compliant", domain.c_str()); + return false; + } + auto findRet = std::find(compliantConfig.second.begin(), compliantConfig.second.end(), eventName); + if (findRet != compliantConfig.second.end()) { + HIVIEW_LOGD("event [%{public}s|%{public}s] is compliant", domain.c_str(), eventName.c_str()); + return false; + } + return true; + } + return true; +} +} // namespace HiviewDFX +} // namespace OHOS \ No newline at end of file diff --git a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp index 03405fd2..8b46eb85 100644 --- a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp +++ b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -39,13 +39,7 @@ constexpr int32_t IGNORED_DEFAULT_CNT = 0; constexpr int MAX_QUERY_EVENTS = 1000; // The maximum number of queries is 1000 at one time constexpr int MAX_TRANS_BUF = 1024 * 770; // Max transmission at one time: 384KB * 2 + 2KB for extra fields constexpr size_t U16_CHAR_SIZE = sizeof(char16_t); - -EventStore::QueryProcessInfo GetCallingProcessInfo() -{ - std::string processName = CommonUtils::GetProcNameByPid(IPCSkeleton::GetCallingPid()); - processName = processName.empty() ? "unknown" : processName; - return std::make_pair(IPCSkeleton::GetCallingPid(), processName); -} +constexpr int32_t HID_SHELL = 2000; } bool ConditionParser::ParseCondition(const std::string& condStr, EventStore::Cond& condition) @@ -179,6 +173,17 @@ bool ConditionParser::ParseQueryCondition(const std::string& condStr, EventStore return true; } +BaseEventQueryWrapper::BaseEventQueryWrapper(std::shared_ptr query) +{ + query_ = query; + + querierInfo_.uid = IPCSkeleton::GetCallingUid(); + querierInfo_.pid = IPCSkeleton::GetCallingPid(); + querierInfo_.processName = CommonUtils::GetProcNameByPid(querierInfo_.pid); + HIVIEW_LOGI("uid is %{public}d, pid is %{public}d and process name of querier is %{public}s", + querierInfo_.uid, querierInfo_.pid, querierInfo_.processName.c_str()); +} + void BaseEventQueryWrapper::Query(const OHOS::sptr& eventQueryCallback, int32_t& queryResult) { @@ -193,7 +198,8 @@ void BaseEventQueryWrapper::Query(const OHOS::sptrExecute(queryLimit_, { false, isFirstPartialQuery_ }, GetCallingProcessInfo(), + auto resultSet = query_->Execute(queryLimit_, { false, isFirstPartialQuery_ }, + std::make_pair(querierInfo_.pid, querierInfo_.processName), [&queryResult] (EventStore::DbQueryStatus status) { std::unordered_map statusToCode { { EventStore::DbQueryStatus::CONCURRENT, ERR_TOO_MANY_CONCURRENT_QUERIES }, @@ -257,6 +263,11 @@ void BaseEventQueryWrapper::TransportSysEvent(OHOS::HiviewDFX::EventStore::Resul if (eventJsonStr.empty()) { continue; } + if ((querierInfo_.uid == HID_SHELL) && eventChecker_.IsInCompliantEvent(iter->domain_, iter->eventName_)) { + HIVIEW_LOGD("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", + iter->domain_.c_str(), iter->eventName_.c_str(), querierInfo_.uid); + continue; + } std::u16string curJson = Str8ToStr16(eventJsonStr); int32_t eventJsonSize = static_cast((curJson.size() + 1) * U16_CHAR_SIZE); // 1 for '\0' if (eventJsonSize > MAX_TRANS_BUF) { // too large events, drop diff --git a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp index 950e6ddc..1b314f3e 100644 --- a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp +++ b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp @@ -20,6 +20,7 @@ #include #include "accesstoken_kit.h" +#include "compliant_event_checker.h" #include "data_publisher.h" #include "event_query_wrapper_builder.h" #include "if_system_ability_manager.h" @@ -179,10 +180,15 @@ void SysEventServiceOhos::OnSysEvent(std::shared_ptr& HIVIEW_LOGE("interface is null, no need to match rules."); continue; } - bool isMatched = MatchRules(listener->second.second, event->domain_, event->eventName_, + if ((listener->second.uid == HID_SHELL) && + eventChecker_.IsInCompliantEvent(event->domain_, event->eventName_)) { + HIVIEW_LOGW("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", + event->domain_.c_str(), event->eventName_.c_str(), listener->second.uid); + continue; + } + bool isMatched = MatchRules(listener->second.rules, event->domain_, event->eventName_, event->GetTag(), event->eventType_); - HIVIEW_LOGD("pid %{public}d rules match %{public}s.", listener->second.first, - isMatched ? "success" : "fail"); + HIVIEW_LOGD("pid %{public}d rules match %{public}s.", listener->second.pid, isMatched ? "success" : "fail"); if (isMatched) { callback->Handle(Str8ToStr16(event->domain_), Str8ToStr16(event->eventName_), static_cast(event->eventType_), Str8ToStr16(event->AsJsonStr())); @@ -216,7 +222,7 @@ void SysEventServiceOhos::OnRemoteDied(const wptr& remote) auto listener = registeredListeners_.find(remoteObject); if (listener != registeredListeners_.end()) { listener->first->RemoveDeathRecipient(deathRecipient_); - HIVIEW_LOGE("pid %{public}d has died and remove listener.", listener->second.first); + HIVIEW_LOGE("pid %{public}d has died and remove listener.", listener->second.pid); registeredListeners_.erase(listener); } } @@ -271,21 +277,20 @@ int32_t SysEventServiceOhos::AddListener(const std::vector& rules, HIVIEW_LOGE("subscribe fail, object in callback is null."); return ERR_LISTENER_STATUS_INVALID; } - int32_t uid = IPCSkeleton::GetCallingUid(); - int32_t pid = IPCSkeleton::GetCallingPid(); - pair rulesPair(pid, rules); + ListenerInfo listenerInfo {IPCSkeleton::GetCallingPid(), IPCSkeleton::GetCallingUid(), rules}; if (registeredListeners_.find(callbackObject) != registeredListeners_.end()) { - registeredListeners_[callbackObject] = rulesPair; - HIVIEW_LOGD("uid %{public}d pid %{public}d listener has been added and update rules.", uid, pid); + registeredListeners_[callbackObject] = listenerInfo; + HIVIEW_LOGD("uid %{public}d pid %{public}d listener has been added and update rules.", + listenerInfo.uid, listenerInfo.pid); return IPC_CALL_SUCCEED; } if (!callbackObject->AddDeathRecipient(deathRecipient_)) { HIVIEW_LOGE("subscribe fail, can not add death recipient."); return ERR_ADD_DEATH_RECIPIENT; } - registeredListeners_.insert(make_pair(callbackObject, rulesPair)); + registeredListeners_.insert(make_pair(callbackObject, listenerInfo)); HIVIEW_LOGD("uid %{public}d pid %{public}d listener is added successfully, total is %{public}zu.", - uid, pid, registeredListeners_.size()); + listenerInfo.uid, listenerInfo.pid, registeredListeners_.size()); return IPC_CALL_SUCCEED; } diff --git a/adapter/plugins/eventservice/service/test/BUILD.gn b/adapter/plugins/eventservice/service/test/BUILD.gn index 95fbaf60..3802f7ea 100644 --- a/adapter/plugins/eventservice/service/test/BUILD.gn +++ b/adapter/plugins/eventservice/service/test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,7 +18,10 @@ module_output_path = "hiview/hiview" group("unittest") { testonly = true - deps = [ ":SysEventServiceOhosUnitTest" ] + deps = [ + ":EventCheckerUnitTest", + ":SysEventServiceOhosUnitTest", + ] } config("unittest_config") { @@ -65,3 +68,30 @@ ohos_unittest("SysEventServiceOhosUnitTest") { "samgr:samgr_proxy", ] } + +ohos_unittest("EventCheckerUnitTest") { + module_out_path = module_output_path + configs = [ ":unittest_config" ] + + sources = [ "unittest/common/event_checker_test.cpp" ] + + cflags_cc = [ "-DTEST_LOCAL_SRC" ] + + deps = [ + "$hiview_adapter/plugins/eventservice/service:sys_event_service_adapter", + "$hiview_base:hiview_base", + "$hiview_core:hiview_core", + ] + + external_deps = [ + "googletest:gtest_main", + "hilog:libhilog", + "init:libbeget_proxy", + "init:libbegetutil", + "ipc:ipc_single", + "jsoncpp:jsoncpp", + "relational_store:native_rdb", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] +} diff --git a/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp new file mode 100644 index 00000000..122a877c --- /dev/null +++ b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "event_checker_test.h" + +#include "parameter_ex.h" +#include "compliant_event_checker.h" + +namespace OHOS { +namespace HiviewDFX { + +void EventCheckerTest::SetUpTestCase() {} + +void EventCheckerTest::TearDownTestCase() {} + +void EventCheckerTest::SetUp() {} + +void EventCheckerTest::TearDown() {} + +/** + * @tc.name: EventCheckerTest001 + * @tc.desc: Test isCompliantRule apis of RuleChecker + * @tc.type: FUNC + * @tc.require: issueIAPJKN + */ +HWTEST_F(EventCheckerTest, EventCheckerTest001, testing::ext::TestSize.Level3) +{ + CompliantEventChecker eventChecker; + if (Parameter::GetInteger("const.secure", 1) == 0) { // 1 and 0 is test value + ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "START_ABILITY")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("AV_CODEC", "CODEC_START_INFO")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("LOCATION", "GNSS_STATE")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("PERFORMANCE", "")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("RELIBILITY", "")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR_INVALID")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("WORKSCHEDULER", "WORK_ADD")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "WORK_ADD_INVALID")); + } else { + ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("AAFWK", "START_ABILITY")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("AV_CODEC", "CODEC_START_INFO")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("LOCATION", "GNSS_STATE")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("PERFORMANCE", "")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("RELIBILITY", "")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR_INVALID")); + ASSERT_TRUE(eventChecker.IsInCompliantEvent("WORKSCHEDULER", "WORK_ADD")); + ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "WORK_ADD_INVALID")); + } +} +} // +} // \ No newline at end of file diff --git a/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.h b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.h new file mode 100644 index 00000000..2062cf51 --- /dev/null +++ b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HIVIEWDFX_EVENT_CHECKER_TEST_H +#define HIVIEWDFX_EVENT_CHECKER_TEST_H + +#include + +namespace OHOS { +namespace HiviewDFX { +class EventCheckerTest : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; +} // namespace HiviewDFX +} // namespace OHOS + +#endif // HIVIEWDFX_EVENT_CHECKER_TEST_H \ No newline at end of file diff --git a/base/libhiviewbase.map b/base/libhiviewbase.map index fd675f42..82437a86 100644 --- a/base/libhiviewbase.map +++ b/base/libhiviewbase.map @@ -427,6 +427,8 @@ "OHOS::HiviewDFX::HiViewConfigUtil::GetConfigFilePath(std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator> const&)"; "OHOS::HiviewDFX::HiviewUnzipUnit::UnzipFile() const"; "OHOS::HiviewDFX::HiviewUnzipUnit::~HiviewUnzipUnit()"; + "OHOS::HiviewDFX::Parameter::GetInteger(std::__h::basic_string, std::__h::allocator> const&, long long)"; + "OHOS::HiviewDFX::Parameter::GetInteger(std::__h::basic_string, std::__h::allocator> const&, long)"; }; local: *; From 30398c1221ae5fef0a972b75fe9befc9764b8f89 Mon Sep 17 00:00:00 2001 From: xuyong Date: Wed, 11 Sep 2024 11:16:21 +0800 Subject: [PATCH 2/3] add event query&subscribe control for shell user Signed-off-by: xuyong --- .../idl/include/compliant_event_checker.h | 4 +- .../idl/include/event_query_wrapper_builder.h | 2 - .../idl/include/sys_event_service_ohos.h | 55 ++++++++----------- .../idl/src/compliant_event_checker.cpp | 12 ++-- .../idl/src/event_query_wrapper_builder.cpp | 5 +- .../idl/src/sys_event_service_ohos.cpp | 41 +++++++------- .../unittest/common/event_checker_test.cpp | 48 ++++++++-------- 7 files changed, 80 insertions(+), 87 deletions(-) diff --git a/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h index 6a5c294a..421dea24 100644 --- a/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h +++ b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h @@ -26,10 +26,10 @@ public: ~CompliantEventChecker() = default; public: - bool IsInCompliantEvent(const std::string& domain, const std::string& eventName); + bool IsCompliantEvent(const std::string& domain, const std::string& eventName); private: - int64_t secureVal_ = 0; + int64_t secureVal_ = 1; // 1 means system isn't rooted }; } // namespace HiviewDFX } // namespace OHOS diff --git a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h index 25846c60..130a8b9c 100644 --- a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h +++ b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h @@ -18,7 +18,6 @@ #include -#include "compliant_event_checker.h" #include "data_share_common.h" #include "iquery_base_callback.h" #include "json/json.h" @@ -100,7 +99,6 @@ protected: std::shared_ptr query_ = nullptr; std::vector queryRules_; QuerierInfo querierInfo_; - CompliantEventChecker eventChecker_; private: bool isFirstPartialQuery_ = true; diff --git a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h index 79a34c5b..198218b4 100644 --- a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h +++ b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h @@ -18,8 +18,6 @@ #include #include -#include -#include #include #include @@ -38,18 +36,6 @@ #include "sys_event_service_stub.h" #include "system_ability.h" -using CallbackObjectOhos = OHOS::sptr; -using SysEventCallbackPtrOhos = OHOS::sptr; -using SysEventRuleGroupOhos = std::vector; -using SysEventQueryRuleGroupOhos = std::vector; - -struct ListenerInfo { - int32_t pid; - int32_t uid; - SysEventRuleGroupOhos rules; -}; -using RegisteredListeners = std::map; - namespace OHOS { namespace HiviewDFX { using NotifySysEvent = std::function)>; @@ -76,28 +62,34 @@ public: virtual ~SysEventServiceOhos() = default; static sptr GetInstance(); - static void StartService(SysEventServiceBase* service, - const OHOS::HiviewDFX::NotifySysEvent notify); - static SysEventServiceBase* GetSysEventService( - OHOS::HiviewDFX::SysEventServiceBase* service = nullptr); - void OnSysEvent(std::shared_ptr& sysEvent); - int32_t AddListener(const SysEventRuleGroupOhos& rules, const SysEventCallbackPtrOhos& callback) override; - int32_t RemoveListener(const SysEventCallbackPtrOhos& callback) override; - int32_t Query(const QueryArgument& queryArgument, const SysEventQueryRuleGroupOhos& rules, - const OHOS::sptr& callback) override; - int32_t SetDebugMode(const SysEventCallbackPtrOhos& callback, bool mode) override; - void OnRemoteDied(const wptr &remote); + static void StartService(SysEventServiceBase* service, const NotifySysEvent notify); + static SysEventServiceBase* GetSysEventService(SysEventServiceBase* service = nullptr); + void OnSysEvent(std::shared_ptr& sysEvent); + int32_t AddListener(const std::vector& rules, const OHOS::sptr& callback) override; + int32_t RemoveListener(const OHOS::sptr& callback) override; + int32_t Query(const QueryArgument& queryArgument, const std::vector& rules, + const OHOS::sptr& callback) override; + int32_t SetDebugMode(const OHOS::sptr& callback, bool mode) override; + void OnRemoteDied(const wptr& remote); void BindGetTagFunc(const GetTagByDomainNameFunc& getTagFunc); void BindGetTypeFunc(const GetTypeByDomainNameFunc& getTypeFunc); - int32_t Dump(int32_t fd, const std::vector &args) override; - int64_t AddSubscriber(const SysEventQueryRuleGroupOhos &rules) override; + int32_t Dump(int32_t fd, const std::vector& args) override; + int64_t AddSubscriber(const std::vector& rules) override; int32_t RemoveSubscriber() override; - int64_t Export(const QueryArgument &queryArgument, const SysEventQueryRuleGroupOhos &rules) override; + int64_t Export(const QueryArgument& queryArgument, const std::vector& rules) override; void SetWorkLoop(std::shared_ptr looper); +private: + struct ListenerInfo { + int32_t pid; + int32_t uid; + std::vector rules; + }; + private: bool HasAccessPermission() const; - bool BuildEventQuery(std::shared_ptr builder, const SysEventQueryRuleGroupOhos& rules); + bool BuildEventQuery(std::shared_ptr builder, + const std::vector& rules); std::string GetTagByDomainAndName(const std::string& eventDomain, const std::string& eventName); uint32_t GetTypeByDomainAndName(const std::string& eventDomain, const std::string& eventName); void MergeEventList(const std::vector& rules, std::vector& events) const; @@ -105,15 +97,14 @@ private: private: sptr deathRecipient_; std::mutex listenersMutex_; - RegisteredListeners registeredListeners_; + std::map, ListenerInfo> registeredListeners_; bool isDebugMode_; - SysEventCallbackPtrOhos debugModeCallback_; + OHOS::sptr debugModeCallback_; GetTagByDomainNameFunc getTagFunc_; GetTypeByDomainNameFunc getTypeFunc_; static OHOS::HiviewDFX::NotifySysEvent gISysEventNotify_; std::mutex publisherMutex_; std::shared_ptr dataPublisher_; - CompliantEventChecker eventChecker_; private: static sptr instance; diff --git a/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp index e5c98802..399c6ccb 100644 --- a/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp +++ b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp @@ -49,10 +49,10 @@ CompliantEventChecker::CompliantEventChecker() HIVIEW_LOGD("value of const.secure is %{public}" PRId64 "", secureVal_); } -bool CompliantEventChecker::IsInCompliantEvent(const std::string& domain, const std::string& eventName) +bool CompliantEventChecker::IsCompliantEvent(const std::string& domain, const std::string& eventName) { if (secureVal_ == SECURE_DISBALED_VAL) { - return false; + return true; } for (const auto& compliantConfig : COMPLIANT_EVENT_CONFIGS) { if (compliantConfig.first != domain) { @@ -60,16 +60,16 @@ bool CompliantEventChecker::IsInCompliantEvent(const std::string& domain, const } if (compliantConfig.second.empty()) { HIVIEW_LOGD("event with domain [%{public}s] is compliant", domain.c_str()); - return false; + return true; } auto findRet = std::find(compliantConfig.second.begin(), compliantConfig.second.end(), eventName); if (findRet != compliantConfig.second.end()) { HIVIEW_LOGD("event [%{public}s|%{public}s] is compliant", domain.c_str(), eventName.c_str()); - return false; + return true; } - return true; + return false; } - return true; + return false; } } // namespace HiviewDFX } // namespace OHOS \ No newline at end of file diff --git a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp index 8b46eb85..845ecd80 100644 --- a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp +++ b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp @@ -18,6 +18,7 @@ #include #include +#include "compliant_event_checker.h" #include "common_utils.h" #include "data_publisher.h" #include "hiview_event_common.h" @@ -257,13 +258,15 @@ void BaseEventQueryWrapper::TransportSysEvent(OHOS::HiviewDFX::EventStore::Resul const OHOS::sptr& callback, std::pair& details) { OHOS::HiviewDFX::EventStore::ResultSet::RecordIter iter; + CompliantEventChecker compliantEventChecker; while (result.HasNext() && argument_.maxEvents > 0) { iter = result.Next(); auto eventJsonStr = iter->AsJsonStr(); if (eventJsonStr.empty()) { continue; } - if ((querierInfo_.uid == HID_SHELL) && eventChecker_.IsInCompliantEvent(iter->domain_, iter->eventName_)) { + if ((querierInfo_.uid == HID_SHELL) && + !compliantEventChecker.IsCompliantEvent(iter->domain_, iter->eventName_)) { HIVIEW_LOGD("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", iter->domain_.c_str(), iter->eventName_.c_str(), querierInfo_.uid); continue; diff --git a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp index 1b314f3e..969e9ff4 100644 --- a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp +++ b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp @@ -87,7 +87,7 @@ bool IsMatchedRule(const OHOS::HiviewDFX::SysEventRule& rule, const string& doma && MatchEventType(rule.eventType, eventType); } -bool MatchRules(const SysEventRuleGroupOhos& rules, const string& domain, const string& eventName, +bool MatchRules(const std::vector& rules, const string& domain, const string& eventName, const string& tag, uint32_t eventType) { return any_of(rules.begin(), rules.end(), [domain, eventName, tag, eventType] (auto& rule) { @@ -113,26 +113,26 @@ int32_t CheckEventSubscriberAddingValidity(const std::vector& event return IPC_CALL_SUCCEED; } -int32_t CheckEventQueryingValidity(const SysEventQueryRuleGroupOhos& rules, size_t limit) +int32_t CheckEventQueryingValidity(const std::vector& rules, size_t limit) { if (rules.size() > limit) { - OHOS::HiviewDFX::RunningStatusLogUtil::LogTooManyQueryRules(rules); + RunningStatusLogUtil::LogTooManyQueryRules(rules); return ERR_TOO_MANY_QUERY_RULES; } return IPC_CALL_SUCCEED; } } -OHOS::HiviewDFX::NotifySysEvent SysEventServiceOhos::gISysEventNotify_; -sptr SysEventServiceOhos::instance(new SysEventServiceOhos); +NotifySysEvent SysEventServiceOhos::gISysEventNotify_; +sptr SysEventServiceOhos::instance(new SysEventServiceOhos); -sptr SysEventServiceOhos::GetInstance() +sptr SysEventServiceOhos::GetInstance() { return instance; } void SysEventServiceOhos::StartService(SysEventServiceBase *service, - const OHOS::HiviewDFX::NotifySysEvent notify) + const NotifySysEvent notify) { gISysEventNotify_ = notify; GetSysEventService(service); @@ -167,21 +167,22 @@ uint32_t SysEventServiceOhos::GetTypeByDomainAndName(const string& eventDomain, return getTypeFunc_(eventDomain, eventName); } -void SysEventServiceOhos::OnSysEvent(std::shared_ptr& event) +void SysEventServiceOhos::OnSysEvent(std::shared_ptr& event) { { lock_guard lock(publisherMutex_); dataPublisher_->OnSysEvent(event); } lock_guard lock(listenersMutex_); + CompliantEventChecker compliantEventChecker; for (auto listener = registeredListeners_.begin(); listener != registeredListeners_.end(); ++listener) { - SysEventCallbackPtrOhos callback = iface_cast(listener->first); + OHOS::sptr callback = iface_cast(listener->first); if (callback == nullptr) { HIVIEW_LOGE("interface is null, no need to match rules."); continue; } if ((listener->second.uid == HID_SHELL) && - eventChecker_.IsInCompliantEvent(event->domain_, event->eventName_)) { + !compliantEventChecker.IsCompliantEvent(event->domain_, event->eventName_)) { HIVIEW_LOGW("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", event->domain_.c_str(), event->eventName_.c_str(), listener->second.uid); continue; @@ -208,7 +209,7 @@ void SysEventServiceOhos::OnRemoteDied(const wptr& remote) return; } if (debugModeCallback_ != nullptr) { - CallbackObjectOhos callbackObject = debugModeCallback_->AsObject(); + OHOS::sptr callbackObject = debugModeCallback_->AsObject(); if (callbackObject == remoteObject && isDebugMode_) { HIVIEW_LOGE("quit debugmode."); auto event = std::make_shared("SysEventSource"); @@ -272,7 +273,7 @@ int32_t SysEventServiceOhos::AddListener(const std::vector& rules, HIVIEW_LOGE("subscribe fail, callback is null."); return ERR_LISTENER_NOT_EXIST; } - CallbackObjectOhos callbackObject = callback->AsObject(); + OHOS::sptr callbackObject = callback->AsObject(); if (callbackObject == nullptr) { HIVIEW_LOGE("subscribe fail, object in callback is null."); return ERR_LISTENER_STATUS_INVALID; @@ -294,7 +295,7 @@ int32_t SysEventServiceOhos::AddListener(const std::vector& rules, return IPC_CALL_SUCCEED; } -int32_t SysEventServiceOhos::RemoveListener(const SysEventCallbackPtrOhos& callback) +int32_t SysEventServiceOhos::RemoveListener(const OHOS::sptr& callback) { if (!HasAccessPermission()) { return ERR_NO_PERMISSION; @@ -308,7 +309,7 @@ int32_t SysEventServiceOhos::RemoveListener(const SysEventCallbackPtrOhos& callb HIVIEW_LOGE("callback is null."); return ERR_LISTENER_NOT_EXIST; } - CallbackObjectOhos callbackObject = callback->AsObject(); + OHOS::sptr callbackObject = callback->AsObject(); if (callbackObject == nullptr) { HIVIEW_LOGE("object in callback is null."); return ERR_LISTENER_STATUS_INVALID; @@ -336,7 +337,7 @@ int32_t SysEventServiceOhos::RemoveListener(const SysEventCallbackPtrOhos& callb } bool SysEventServiceOhos::BuildEventQuery(std::shared_ptr builder, - const SysEventQueryRuleGroupOhos& rules) + const std::vector& rules) { if (builder == nullptr) { return false; @@ -374,8 +375,8 @@ bool SysEventServiceOhos::BuildEventQuery(std::shared_ptr& callback) +int32_t SysEventServiceOhos::Query(const QueryArgument& queryArgument, const std::vector& rules, + const OHOS::sptr& callback) { if (callback == nullptr) { return ERR_LISTENER_NOT_EXIST; @@ -429,7 +430,7 @@ bool SysEventServiceOhos::HasAccessPermission() const return false; } -int32_t SysEventServiceOhos::SetDebugMode(const SysEventCallbackPtrOhos& callback, bool mode) +int32_t SysEventServiceOhos::SetDebugMode(const OHOS::sptr& callback, bool mode) { if (!HasAccessPermission()) { return ERR_NO_PERMISSION; @@ -469,7 +470,7 @@ void CallbackDeathRecipient::OnRemoteDied(const wptr& remote) service->OnRemoteDied(remote); } -int64_t SysEventServiceOhos::AddSubscriber(const SysEventQueryRuleGroupOhos &rules) +int64_t SysEventServiceOhos::AddSubscriber(const std::vector& rules) { if (!HasAccessPermission()) { return ERR_NO_PERMISSION; @@ -514,7 +515,7 @@ int32_t SysEventServiceOhos::RemoveSubscriber() return IPC_CALL_SUCCEED; } -int64_t SysEventServiceOhos::Export(const QueryArgument &queryArgument, const SysEventQueryRuleGroupOhos &rules) +int64_t SysEventServiceOhos::Export(const QueryArgument &queryArgument, const std::vector& rules) { if (!HasAccessPermission()) { return ERR_NO_PERMISSION; diff --git a/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp index 122a877c..67720a19 100644 --- a/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp +++ b/adapter/plugins/eventservice/service/test/unittest/common/event_checker_test.cpp @@ -39,31 +39,31 @@ HWTEST_F(EventCheckerTest, EventCheckerTest001, testing::ext::TestSize.Level3) { CompliantEventChecker eventChecker; if (Parameter::GetInteger("const.secure", 1) == 0) { // 1 and 0 is test value - ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "START_ABILITY")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("AV_CODEC", "CODEC_START_INFO")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("LOCATION", "GNSS_STATE")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("PERFORMANCE", "")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("RELIBILITY", "")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR_INVALID")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("WORKSCHEDULER", "WORK_ADD")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "WORK_ADD_INVALID")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("AAFWK", "")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("AAFWK", "START_ABILITY")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("AV_CODEC", "CODEC_START_INFO")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("LOCATION", "GNSS_STATE")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("PERFORMANCE", "")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("RELIBILITY", "")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("STABILITY", "JS_ERROR")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("STABILITY", "JS_ERROR_INVALID")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("WORKSCHEDULER", "WORK_ADD")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("STABILITY", "WORK_ADD_INVALID")); } else { - ASSERT_FALSE(eventChecker.IsInCompliantEvent("AAFWK", "")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("AAFWK", "START_ABILITY")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("AV_CODEC", "CODEC_START_INFO")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("LOCATION", "GNSS_STATE")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("PERFORMANCE", "")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("RELIBILITY", "")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "JS_ERROR_INVALID")); - ASSERT_TRUE(eventChecker.IsInCompliantEvent("WORKSCHEDULER", "WORK_ADD")); - ASSERT_FALSE(eventChecker.IsInCompliantEvent("STABILITY", "WORK_ADD_INVALID")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("AAFWK", "")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("AAFWK", "START_ABILITY")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("ACE", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("AV_CODEC", "CODEC_START_INFO")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("GRAPHIC", "INTERACTION_COMPLETED_LATENCY")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("LOCATION", "GNSS_STATE")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("PERFORMANCE", "")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("RELIBILITY", "")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("STABILITY", "JS_ERROR")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("STABILITY", "JS_ERROR_INVALID")); + ASSERT_FALSE(eventChecker.IsCompliantEvent("WORKSCHEDULER", "WORK_ADD")); + ASSERT_TRUE(eventChecker.IsCompliantEvent("STABILITY", "WORK_ADD_INVALID")); } } } // From 6f4f433ef88c1f702cebaab6c873dff416d75ba3 Mon Sep 17 00:00:00 2001 From: xuyong Date: Thu, 12 Sep 2024 22:12:30 +0800 Subject: [PATCH 3/3] add event query&subscribe control for shell user Signed-off-by: xuyong --- .../idl/include/compliant_event_checker.h | 2 +- .../idl/include/event_query_wrapper_builder.h | 4 +-- .../idl/include/sys_event_service_ohos.h | 4 +-- .../idl/src/compliant_event_checker.cpp | 31 +++++++++---------- .../idl/src/event_query_wrapper_builder.cpp | 3 +- .../idl/src/sys_event_service_ohos.cpp | 2 +- 6 files changed, 21 insertions(+), 25 deletions(-) diff --git a/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h index 421dea24..ff79cc5f 100644 --- a/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h +++ b/adapter/plugins/eventservice/service/idl/include/compliant_event_checker.h @@ -29,7 +29,7 @@ public: bool IsCompliantEvent(const std::string& domain, const std::string& eventName); private: - int64_t secureVal_ = 1; // 1 means system isn't rooted + bool isSecureEnabeled_ = false; }; } // namespace HiviewDFX } // namespace OHOS diff --git a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h index 130a8b9c..f9c96d55 100644 --- a/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h +++ b/adapter/plugins/eventservice/service/idl/include/event_query_wrapper_builder.h @@ -74,8 +74,8 @@ public: protected: struct QuerierInfo { - int32_t uid; - int32_t pid; + int32_t uid = 0; + int32_t pid = 0; std::string processName; }; diff --git a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h index 198218b4..5cdd302c 100644 --- a/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h +++ b/adapter/plugins/eventservice/service/idl/include/sys_event_service_ohos.h @@ -81,8 +81,8 @@ public: private: struct ListenerInfo { - int32_t pid; - int32_t uid; + int32_t pid = 0; + int32_t uid = 0; std::vector rules; }; diff --git a/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp index 399c6ccb..663c028d 100644 --- a/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp +++ b/adapter/plugins/eventservice/service/idl/src/compliant_event_checker.cpp @@ -26,7 +26,6 @@ namespace HiviewDFX { namespace { DEFINE_LOG_TAG("CompliantEventChecker"); -constexpr int64_t SECURE_DISBALED_VAL = 0; constexpr int64_t SECURE_ENABALED_VAL = 1; std::unordered_map> COMPLIANT_EVENT_CONFIGS { @@ -45,30 +44,28 @@ std::unordered_map> COMPLIANT_EVENT_CONFIGS CompliantEventChecker::CompliantEventChecker() { - secureVal_ = Parameter::GetInteger("const.secure", SECURE_ENABALED_VAL); - HIVIEW_LOGD("value of const.secure is %{public}" PRId64 "", secureVal_); + isSecureEnabeled_ = (Parameter::GetInteger("const.secure", SECURE_ENABALED_VAL) == SECURE_ENABALED_VAL); + HIVIEW_LOGD("value of const.secure is %{public}d", isSecureEnabeled_); } bool CompliantEventChecker::IsCompliantEvent(const std::string& domain, const std::string& eventName) { - if (secureVal_ == SECURE_DISBALED_VAL) { + if (!isSecureEnabeled_) { return true; } - for (const auto& compliantConfig : COMPLIANT_EVENT_CONFIGS) { - if (compliantConfig.first != domain) { - continue; - } - if (compliantConfig.second.empty()) { - HIVIEW_LOGD("event with domain [%{public}s] is compliant", domain.c_str()); - return true; - } - auto findRet = std::find(compliantConfig.second.begin(), compliantConfig.second.end(), eventName); - if (findRet != compliantConfig.second.end()) { - HIVIEW_LOGD("event [%{public}s|%{public}s] is compliant", domain.c_str(), eventName.c_str()); - return true; - } + auto iter = COMPLIANT_EVENT_CONFIGS.find(domain); + if (iter == COMPLIANT_EVENT_CONFIGS.end()) { return false; } + if (iter->second.empty()) { + HIVIEW_LOGD("event with domain [%{public}s] is compliant", domain.c_str()); + return true; + } + auto findRet = std::find(iter->second.begin(), iter->second.end(), eventName); + if (findRet != iter->second.end()) { + HIVIEW_LOGD("event [%{public}s|%{public}s] is compliant", domain.c_str(), eventName.c_str()); + return true; + } return false; } } // namespace HiviewDFX diff --git a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp index 845ecd80..c78179f6 100644 --- a/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp +++ b/adapter/plugins/eventservice/service/idl/src/event_query_wrapper_builder.cpp @@ -181,8 +181,7 @@ BaseEventQueryWrapper::BaseEventQueryWrapper(std::shared_ptr& eventQueryCallback, diff --git a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp index 969e9ff4..cb55e3d0 100644 --- a/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp +++ b/adapter/plugins/eventservice/service/idl/src/sys_event_service_ohos.cpp @@ -183,7 +183,7 @@ void SysEventServiceOhos::OnSysEvent(std::shared_ptr& event) } if ((listener->second.uid == HID_SHELL) && !compliantEventChecker.IsCompliantEvent(event->domain_, event->eventName_)) { - HIVIEW_LOGW("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", + HIVIEW_LOGD("event [%{public}s|%{public}s] isn't compliant for the process with uid %{public}d", event->domain_.c_str(), event->eventName_.c_str(), listener->second.uid); continue; }