add apl check

Signed-off-by: zero-cyc <chenlien@huawei.com>
Change-Id: I960897e617dee801cfcff3be0ddf167a56006a95
This commit is contained in:
zero-cyc
2022-06-01 13:56:48 +08:00
parent e5ede327f3
commit 483be5896d
5 changed files with 44 additions and 8 deletions
@@ -34,6 +34,7 @@ public:
static bool VerifyCallerPermission(
const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission);
static bool VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken);
static bool IsSystemHap();
};
} // namespace Notification
} // namespace OHOS
+32 -7
View File
@@ -15,20 +15,45 @@
#include "access_token_helper.h"
#include "ans_log_wrapper.h"
#include "ipc_skeleton.h"
using namespace OHOS::Security::AccessToken;
namespace OHOS {
namespace Notification {
bool AccessTokenHelper::VerifyCallerPermission(
const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission)
const AccessTokenID &tokenCaller, const std::string &permission)
{
int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
return (result == Security::AccessToken::PERMISSION_GRANTED);
int result = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
return (result == PERMISSION_GRANTED);
}
bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken)
bool AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
{
Security::AccessToken::ATokenTypeEnum tokenType =
Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
return tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE;
ATokenTypeEnum tokenType = AccessTokenKit::GetTokenTypeFlag(callerToken);
return tokenType == ATokenTypeEnum::TOKEN_NATIVE;
}
bool AccessTokenHelper::IsSystemHap()
{
AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
if (type == ATokenTypeEnum::TOKEN_NATIVE) {
return true;
}
if (type == ATokenTypeEnum::TOKEN_HAP) {
HapTokenInfo info;
AccessTokenKit::GetHapTokenInfo(tokenId, info);
if (info.apl == ATokenAplEnum::APL_SYSTEM_CORE || info.apl == ATokenAplEnum::APL_SYSTEM_BASIC) {
return true;
}
pid_t pid = IPCSkeleton::GetCallingPid();
pid_t uid = IPCSkeleton::GetCallingUid();
ANS_LOGW("apl not match, info.apl=%{public}d, type=%{public}d, pid=%{public}d, uid=%{public}d",
info.apl, type, pid, uid);
}
return false;
}
} // namespace Notification
} // namespace OHOS
@@ -124,7 +124,7 @@ inline bool IsSystemApp()
isSystemApp = bundleManager->IsSystemApp(callingUid);
}
return isSystemApp;
return isSystemApp || AccessTokenHelper::IsSystemHap();
}
inline int64_t ResetSeconds(int64_t date)
@@ -28,5 +28,10 @@ bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTok
{
return callerToken == NATIVE_TOKEN;
}
bool AccessTokenHelper::IsSystemHap()
{
return true;
}
} // namespace Notification
} // namespace OHOS
@@ -27,5 +27,10 @@ bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTok
{
return true;
}
bool AccessTokenHelper::IsSystemHap()
{
return true;
}
} // namespace Notification
} // namespace OHOS