From 75bfe9f771198cf9a025d0c59a946b570abe5c90 Mon Sep 17 00:00:00 2001 From: zhaolinglan Date: Mon, 10 Jun 2024 09:53:46 +0800 Subject: [PATCH] modify code Signed-off-by: zhaolinglan --- common/include/message_handler.h | 1 + .../imf_ext_secure_mode.seccomp.policy | 13 -- services/include/im_common_event_manager.h | 1 + .../include/input_method_system_ability.h | 5 +- services/src/im_common_event_manager.cpp | 19 ++ services/src/input_method_system_ability.cpp | 35 ++- .../src/input_method_ext_seccomp_test.cpp | 212 +++++++++++++++--- 7 files changed, 224 insertions(+), 62 deletions(-) diff --git a/common/include/message_handler.h b/common/include/message_handler.h index d4650cfe..f0a2fda0 100644 --- a/common/include/message_handler.h +++ b/common/include/message_handler.h @@ -32,6 +32,7 @@ enum { MSG_ID_USER_START = 0, // a user started MSG_ID_USER_REMOVED, // a user removed MSG_ID_PACKAGE_REMOVED, // a package is removed + MSG_ID_BUNDLE_SCAN_FINISHED, // bundle scan finished, ready to create data share helper MSG_ID_SELECT_BY_RANGE, MSG_ID_SELECT_BY_MOVEMENT, MSG_ID_HANDLE_EXTEND_ACTION, diff --git a/seccomp_policy/imf_ext_secure_mode.seccomp.policy b/seccomp_policy/imf_ext_secure_mode.seccomp.policy index 8a64c2fd..04dbab7f 100644 --- a/seccomp_policy/imf_ext_secure_mode.seccomp.policy +++ b/seccomp_policy/imf_ext_secure_mode.seccomp.policy @@ -90,11 +90,9 @@ pread64;all pwrite64;all preadv;all pwritev;all -sendfile;all pselect6;all ppoll;all signalfd4;all -vmsplice;all splice;all tee;all readlinkat;all @@ -178,19 +176,12 @@ getegid;arm64 gettid;all sysinfo;all socket;all -socketpair;all bind;all -listen;all -accept;all connect;all -getsockname;all -getpeername;all sendto;all recvfrom;all setsockopt;all getsockopt;all -shutdown;all -sendmsg;all recvmsg;all readahead;all brk;all @@ -209,8 +200,6 @@ mincore;all madvise;all rt_tgsigqueueinfo;all perf_event_open;all -accept4;all -recvmmsg;all wait4;all prlimit64;all syncfs;all @@ -277,7 +266,6 @@ getresuid32;arm getresgid32;arm chown32;arm fcntl64;arm -sendfile64;arm epoll_create;arm epoll_wait;arm remap_file_pages;arm @@ -300,7 +288,6 @@ timerfd_settime64;arm utimensat_time64;arm pselect6_time64;arm ppoll_time64;arm -recvmmsg_time64;arm semtimedop_time64;arm rt_sigtimedwait_time64;arm futex_time64;arm diff --git a/services/include/im_common_event_manager.h b/services/include/im_common_event_manager.h index 25eef573..72d8545c 100644 --- a/services/include/im_common_event_manager.h +++ b/services/include/im_common_event_manager.h @@ -54,6 +54,7 @@ public: void RemovePackage(const EventFwk::CommonEventData &data); void StartUser(const EventFwk::CommonEventData &data); void RemoveUser(const EventFwk::CommonEventData &data); + void OnBundleScanFinished(const EventFwk::CommonEventData &data); private: using EventListenerFunc = void (EventSubscriber::*)(const EventFwk::CommonEventData &data); diff --git a/services/include/input_method_system_ability.h b/services/include/input_method_system_ability.h index 655b04b4..8bfaf1e7 100644 --- a/services/include/input_method_system_ability.h +++ b/services/include/input_method_system_ability.h @@ -123,6 +123,7 @@ private: int32_t RestartCurrentIme(); void HandleWmsReady(int32_t userId); int32_t InitAccountMonitor(); + int32_t RegisterDataShareObserver(); static std::shared_ptr serviceHandler_; int32_t userId_; static constexpr const char *SELECT_DIALOG_ACTION = "action.system.inputmethodchoose"; @@ -162,8 +163,8 @@ private: std::atomic targetSwitchCount_ = 0; std::mutex modeChangeMutex_; - std::atomic isChangeHandling_{ false }; - std::atomic hasPendingChanges_{ false }; + bool isChangeHandling_ = false; + bool hasPendingChanges_ = false; }; } // namespace MiscServices } // namespace OHOS diff --git a/services/src/im_common_event_manager.cpp b/services/src/im_common_event_manager.cpp index 78bb48fc..c9db8eca 100644 --- a/services/src/im_common_event_manager.cpp +++ b/services/src/im_common_event_manager.cpp @@ -60,6 +60,7 @@ bool ImCommonEventManager::SubscribeEvent(const std::string &event) matchingSkills.AddEvent(event); matchingSkills.AddEvent(CommonEventSupport::COMMON_EVENT_USER_REMOVED); matchingSkills.AddEvent(CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED); + matchingSkills.AddEvent(CommonEventSupport::COMMON_EVENT_BUNDLE_SCAN_FINISHED); EventFwk::CommonEventSubscribeInfo subscriberInfo(matchingSkills); @@ -198,6 +199,7 @@ ImCommonEventManager::EventSubscriber::EventSubscriber(const EventFwk::CommonEve EventManagerFunc_[CommonEventSupport::COMMON_EVENT_USER_SWITCHED] = &EventSubscriber::StartUser; EventManagerFunc_[CommonEventSupport::COMMON_EVENT_USER_REMOVED] = &EventSubscriber::RemoveUser; EventManagerFunc_[CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED] = &EventSubscriber::RemovePackage; + EventManagerFunc_[CommonEventSupport::COMMON_EVENT_BUNDLE_SCAN_FINISHED] = &EventSubscriber::OnBundleScanFinished; } void ImCommonEventManager::EventSubscriber::OnReceiveEvent(const EventFwk::CommonEventData &data) @@ -225,6 +227,23 @@ void ImCommonEventManager::EventSubscriber::StartUser(const CommonEventData &dat MessageHandler::Instance()->SendMessage(msg); } +void ImCommonEventManager::EventSubscriber::OnBundleScanFinished(const EventFwk::CommonEventData &data) +{ + IMSA_HILOGI("ImCommonEventManager in"); + auto parcel = new (std::nothrow) MessageParcel(); + if (parcel == nullptr) { + IMSA_HILOGE("failed to create MessageParcel"); + return; + } + auto msg = new (std::nothrow) Message(MessageID::MSG_ID_BUNDLE_SCAN_FINISHED, parcel); + if (msg == nullptr) { + IMSA_HILOGE("failed to create Message"); + delete parcel; + return; + } + MessageHandler::Instance()->SendMessage(msg); +} + void ImCommonEventManager::EventSubscriber::RemoveUser(const CommonEventData &data) { auto userId = data.GetCode(); diff --git a/services/src/input_method_system_ability.cpp b/services/src/input_method_system_ability.cpp index 03e745e0..e56683b6 100644 --- a/services/src/input_method_system_ability.cpp +++ b/services/src/input_method_system_ability.cpp @@ -842,6 +842,10 @@ void InputMethodSystemAbility::WorkThread() userSession_->OnHideSoftKeyBoardSelf(); break; } + case MSG_ID_BUNDLE_SCAN_FINISHED: { + RegisterDataShareObserver(); + break; + } default: { IMSA_HILOGD("the message is %{public}d.", msg->msgId_); break; @@ -974,30 +978,30 @@ void InputMethodSystemAbility::DealSecurityChange() { { std::lock_guard lock(modeChangeMutex_); - if (isChangeHandling_.load()) { + if (isChangeHandling_) { IMSA_HILOGI("already has mode change task."); - hasPendingChanges_.store(true); + hasPendingChanges_ = true; return; } else { - isChangeHandling_.store(true); - hasPendingChanges_.store(true); + isChangeHandling_ = true; + hasPendingChanges_ = true; } } auto changeTask = [this]() { + pthread_setname_np(pthread_self(), "SecurityChange"); auto checkChangeCount = [this]() { std::lock_guard lock(modeChangeMutex_); - if (hasPendingChanges_.load()) { + if (hasPendingChanges_) { return true; } - isChangeHandling_.store(false); + isChangeHandling_ = false; return false; }; do { OnSecurityModeChange(); } while (checkChangeCount()); }; - // 0 means delay time is 0. - serviceHandler_->PostTask(changeTask, "SecurityChangeTask", 0, AppExecFwk::EventQueue::Priority::IMMEDIATE); + std::thread(changeTask).detach(); } void InputMethodSystemAbility::DealSwitchRequest() @@ -1118,13 +1122,24 @@ void InputMethodSystemAbility::InitMonitors() IMSA_HILOGW("Enter enable mode"); EnableImeDataParser::GetInstance()->Initialize(userId_); enableImeOn_ = true; - RegisterEnableImeObserver(); } if (ImeInfoInquirer::GetInstance().IsEnableSecurityMode()) { IMSA_HILOGW("Enter security mode"); enableSecurityMode_ = true; + } + RegisterDataShareObserver(); +} + +int32_t InputMethodSystemAbility::RegisterDataShareObserver() +{ + IMSA_HILOGD("in"); + if (enableImeOn_) { + RegisterEnableImeObserver(); + } + if (enableSecurityMode_) { RegisterSecurityModeObserver(); } + return ErrorCode::NO_ERROR; } int32_t InputMethodSystemAbility::InitAccountMonitor() @@ -1221,7 +1236,7 @@ void InputMethodSystemAbility::OnSecurityModeChange() { { std::lock_guard lock(modeChangeMutex_); - hasPendingChanges_.store(false); + hasPendingChanges_ = false; } auto currentIme = ImeCfgManager::GetInstance().GetCurrentImeCfg(userId_); auto oldMode = SecurityModeParser::GetInstance()->GetSecurityMode(currentIme->bundleName, userId_); diff --git a/test/unittest/cpp_test/src/input_method_ext_seccomp_test.cpp b/test/unittest/cpp_test/src/input_method_ext_seccomp_test.cpp index 20b4da3f..d8066665 100644 --- a/test/unittest/cpp_test/src/input_method_ext_seccomp_test.cpp +++ b/test/unittest/cpp_test/src/input_method_ext_seccomp_test.cpp @@ -13,23 +13,23 @@ * limitations under the License. */ -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include -#include -#include +#include +#include #include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include #include "seccomp_policy.h" @@ -44,10 +44,10 @@ namespace OHOS { namespace MiscServices { class SeccompUnitTest : public testing::Test { public: - SeccompUnitTest() {}; - virtual ~SeccompUnitTest() {}; - static void SetUpTestCase() {}; - static void TearDownTestCase() {}; + SeccompUnitTest(){}; + virtual ~SeccompUnitTest(){}; + static void SetUpTestCase(){}; + static void TearDownTestCase(){}; void SetUp() { @@ -59,8 +59,8 @@ public: sleep(SLEEP_TIME_1S); }; - void TearDown() {}; - void TestBody(void) {}; + void TearDown(){}; + void TestBody(void){}; static pid_t StartChild(SeccompFilterType type, const char *filterName, SyscallFunc func) { @@ -96,8 +96,8 @@ public: if (WIFSIGNALED(status)) { if (WTERMSIG(status) == SIGSYS) { - std::cout << "child process exit with SIGSYS" << std::endl; - return isAllow ? -1 : 0; + std::cout << "child process exit with SIGSYS" << std::endl; + return isAllow ? -1 : 0; } } else { std::cout << "child process finished normally" << std::endl; @@ -113,7 +113,7 @@ public: int status; pid_t pid; int flag = 0; - struct timespec waitTime = {5, 0}; + struct timespec waitTime = { 5, 0 }; sigemptyset(&set); sigaddset(&set, SIGCHLD); @@ -156,6 +156,115 @@ public: return CheckStatus(status, isAllow); } + static bool CheckSendfile() + { + int ret = syscall(__NR_sendfile, 0, 0, nullptr, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckVmsplice() + { + int ret = syscall(__NR_vmsplice, 0, nullptr, 0, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckSocketpair() + { + int ret = syscall(__NR_socketpair, 0, 0, 0, nullptr); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckListen() + { + int ret = syscall(__NR_listen, 0, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckAccept() + { + int ret = syscall(__NR_accept, 0, nullptr, nullptr); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckAccept4() + { + int ret = syscall(__NR_accept4, 0, nullptr, nullptr, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckGetsockname() + { + int ret = syscall(__NR_getsockname, 0, nullptr, nullptr); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckGetpeername() + { + int ret = syscall(__NR_getpeername, 0, nullptr, nullptr); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckShutdown() + { + int ret = syscall(__NR_shutdown, 0, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckSendmsg() + { + int ret = syscall(__NR_sendmsg, 0, nullptr, 0); + if (ret == 0) { + return true; + } + + return false; + } + + static bool CheckRecvmmsg() + { + int ret = syscall(__NR_recvmmsg, 0, nullptr, 0, 0, nullptr); + if (ret == 0) { + return true; + } + + return false; + } #if defined __aarch64__ static bool CheckSetuid() { @@ -166,12 +275,6 @@ public: return false; } - void TestInputMethodExtSycall() - { - // system blocklist - int ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSetuid, false); - EXPECT_EQ(ret, 0); - } #elif defined __arm__ static bool CheckSetuid32() @@ -183,13 +286,49 @@ public: return false; } - void TestInputMethodExtSycall() + static bool CheckSendfile64() { - // system blocklist - int ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSetuid32, false); - EXPECT_EQ(ret, 0); + int ret = syscall(__NR_sendfile64, 0, 0, nullptr, 0); + if (ret == 0) { + return true; + } + + return false; + } + static bool CheckRecvmmsgTime64() + { + int ret = syscall(__NR_recvmmsg_time64, 0, nullptr, 0, 0, nullptr); + if (ret == 0) { + return true; + } + + return false; } #endif + + void TestInputMethodExtSycall() + { + int ret = -1; + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSendfile, false); + EXPECT_EQ(ret, 0); + + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckVmsplice, false); + EXPECT_EQ(ret, 0); + +#if defined __aarch64__ + // system blocklist + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSetuid, false); + EXPECT_EQ(ret, 0); +#elif defined __arm__ + // system blocklist + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSetuid32, false); + EXPECT_EQ(ret, 0); + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckSendfile64, false); + EXPECT_EQ(ret, 0); + ret = CheckSyscall(APP, IMF_EXTENTOIN_NAME, CheckRecvmmsgTime64, false); + EXPECT_EQ(ret, 0); +#endif + } }; /** @@ -203,6 +342,5 @@ HWTEST_F(SeccompUnitTest, TestInputMethodExtSycall, TestSize.Level1) SeccompUnitTest test; test.TestInputMethodExtSycall(); } -} -} - +} // namespace MiscServices +} // namespace OHOS