From 8a185151ef3b2ef203d2d3531fa7a28fd7c5cea9 Mon Sep 17 00:00:00 2001 From: baiwei Date: Thu, 4 Aug 2022 20:56:51 +0800 Subject: [PATCH] update codecheck Signed-off-by: baiwei Change-Id: If6e3e2f181afce1f6ad941bb175520e64e1691e1 --- services/ipc/inc/ipc_common.h | 2 -- services/ipc/src/ipc_common.cpp | 27 ++++---------------------- services/ipc/src/user_auth_service.cpp | 5 ----- 3 files changed, 4 insertions(+), 30 deletions(-) diff --git a/services/ipc/inc/ipc_common.h b/services/ipc/inc/ipc_common.h index 25cac864b..84511a945 100644 --- a/services/ipc/inc/ipc_common.h +++ b/services/ipc/inc/ipc_common.h @@ -66,8 +66,6 @@ public: private: static bool CheckNativeCallingProcessWhiteList(IPCObjectStub &stub, const std::string &whiteList); static bool CheckHapCallingBundleNameWhiteList(IPCObjectStub &stub, const std::string &whiteList); - static bool CheckManagerUserIdmPermission(IPCObjectStub &stub, const std::string &permission); - static bool CheckEnforceUserIdmPermission(IPCObjectStub &stub, const std::string &permission); static bool CheckDirectCallerAndFirstCallerIfSet(IPCObjectStub &stub, const std::string &permission); static bool CheckDirectCaller(IPCObjectStub &stub, const std::string &permission); }; diff --git a/services/ipc/src/ipc_common.cpp b/services/ipc/src/ipc_common.cpp index 941c16e95..23ca70c77 100644 --- a/services/ipc/src/ipc_common.cpp +++ b/services/ipc/src/ipc_common.cpp @@ -99,7 +99,8 @@ bool IpcCommon::CheckPermission(IPCObjectStub &stub, Permission permission) { switch (permission) { case MANAGE_USER_IDM_PERMISSION: - return CheckManagerUserIdmPermission(stub, PermissionString::MANAGE_USER_IDM_PERMISSION); + return CheckDirectCallerAndFirstCallerIfSet(stub, PermissionString::MANAGE_USER_IDM_PERMISSION) && + CheckHapCallingBundleNameWhiteList(stub, SETTINGS_BUNDLE_NAME); case USE_USER_IDM_PERMISSION: return CheckDirectCallerAndFirstCallerIfSet(stub, PermissionString::USE_USER_IDM_PERMISSION); case ACCESS_USER_AUTH_INTERNAL_PERMISSION: @@ -109,7 +110,8 @@ bool IpcCommon::CheckPermission(IPCObjectStub &stub, Permission permission) case ACCESS_AUTH_RESPOOL: return CheckDirectCaller(stub, PermissionString::ACCESS_AUTH_RESPOOL); case ENFORCE_USER_IDM: - return CheckEnforceUserIdmPermission(stub, PermissionString::ENFORCE_USER_IDM); + return CheckDirectCaller(stub, PermissionString::ENFORCE_USER_IDM) && + CheckNativeCallingProcessWhiteList(stub, ACCOUNT_PROCESS_NAME); default: IAM_LOGE("failed to check permission"); return false; @@ -161,27 +163,6 @@ bool IpcCommon::CheckHapCallingBundleNameWhiteList(IPCObjectStub &stub, const st return hapTokenInfo.bundleName == whiteList; } -bool IpcCommon::CheckManagerUserIdmPermission(IPCObjectStub &stub, const std::string &permission) -{ - uint32_t firstTokenId = stub.GetFirstTokenID(); - uint32_t callingTokenId = stub.GetCallingTokenID(); - using namespace Security::AccessToken; - if ((firstTokenId != 0 && AccessTokenKit::VerifyAccessToken(firstTokenId, permission) != RET_SUCCESS) || - AccessTokenKit::VerifyAccessToken(callingTokenId, permission) != RET_SUCCESS) { - IAM_LOGE("failed to check permission"); - return false; - } - return CheckHapCallingBundleNameWhiteList(stub, SETTINGS_BUNDLE_NAME); -} - -bool IpcCommon::CheckEnforceUserIdmPermission(IPCObjectStub &stub, const std::string &permission) -{ - uint32_t callingTokenId = stub.GetCallingTokenID(); - using namespace Security::AccessToken; - return AccessTokenKit::VerifyAccessToken(callingTokenId, permission) != RET_SUCCESS && - CheckNativeCallingProcessWhiteList(stub, ACCOUNT_PROCESS_NAME); -} - bool IpcCommon::CheckDirectCallerAndFirstCallerIfSet(IPCObjectStub &stub, const std::string &permission) { uint32_t firstTokenId = stub.GetFirstTokenID(); diff --git a/services/ipc/src/user_auth_service.cpp b/services/ipc/src/user_auth_service.cpp index 2253d2b46..9d63da34a 100644 --- a/services/ipc/src/user_auth_service.cpp +++ b/services/ipc/src/user_auth_service.cpp @@ -191,11 +191,6 @@ uint64_t UserAuthService::AuthUser(std::optional userId, const std::vec IAM_LOGE("callback is nullptr"); return BAD_CONTEXT_ID; } - if (!IpcCommon::CheckPermission(*this, ACCESS_USER_AUTH_INTERNAL_PERMISSION)) { - IAM_LOGE("permission check failed"); - callback->OnResult(CHECK_PERMISSION_FAILED, extraInfo); - return BAD_CONTEXT_ID; - } auto contextCallback = ContextCallback::NewInstance(callback, TRACE_AUTH_USER); if (contextCallback == nullptr) { IAM_LOGE("failed to construct context callback");