UIExtension安全整改

Signed-off-by: x00838529 <xuya@huawei.com>

test/fuzztest/window_scene/sessioninterface_fuzzer/sessioninterface_fuzzer.cpp

@@ -153,8 +153,6 @@ void IPCSpecificInterfaceFuzzTest2(sptr<IRemoteObject> proxy, MessageParcel& sen
         sendData, reply, option);
     proxy->SendRequest(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_TRANSFER_EXTENSION_DATA),
         sendData, reply, option);
-    proxy->SendRequest(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_REMOTE_READY),
-        sendData, reply, option);
     proxy->SendRequest(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_EXTENSION_DIED),
         sendData, reply, option);
 }
@@ -266,7 +264,6 @@ void ProxyInterfaceFuzzTestPart3(const uint8_t* data, size_t size)
 
     sptr<AAFwk::WantParams> wantParams = UnmarshallingDataTo<AAFwk::WantParams>(data, size);
     proxy->TransferExtensionData(*wantParams);
-    proxy->NotifyRemoteReady();
     proxy->NotifyExtensionDied();
     int32_t errorCode = 1;
     proxy->NotifyExtensionTimeout(errorCode);

test/fuzztest/window_scene/sessionstubextension_fuzzer/sessionstubextension_fuzzer.cpp

@@ -42,9 +42,6 @@ void SessionStubTestExtensionCode(sptr<Session> sessionStub, MessageParcel& parc
     sessionStub->OnRemoteRequest(
         static_cast<uint32_t>(Rosen::SessionInterfaceCode::TRANS_ID_TRANSFER_EXTENSION_DATA),
         parcel, reply, option);
-    sessionStub->OnRemoteRequest(
-        static_cast<uint32_t>(Rosen::SessionInterfaceCode::TRANS_ID_NOTIFY_REMOTE_READY),
-        parcel, reply, option);
     sessionStub->OnRemoteRequest(
         static_cast<uint32_t>(Rosen::SessionInterfaceCode::TRANS_ID_NOTIFY_EXTENSION_DIED),
         parcel, reply, option);

window_scene/session/host/include/extension_session.h

@@ -87,7 +87,6 @@ public:
                                           AAFwk::WantParams& reWantParams);
     WSError TransferAccessibilityEvent(const Accessibility::AccessibilityEventInfo& info,
         int64_t uiExtensionIdLevel) override;
-    void NotifyRemoteReady() override;
     void NotifySyncOn() override;
     void NotifyAsyncOn() override;
     WSError NotifyDensityFollowHost(bool isFollowHost, float densityValue = 1.0f);

window_scene/session/host/include/zidl/session_interface.h

@@ -76,7 +76,6 @@ public:
     {
         return WSError::WS_OK;
     }
-    virtual void NotifyRemoteReady() {}
     virtual void NotifyExtensionDied() {}
     virtual void NotifyExtensionTimeout(int32_t errorCode) {}
     virtual void TriggerBindModalUIExtension() {}

window_scene/session/host/include/zidl/session_ipc_interface_code.h

@@ -61,8 +61,7 @@ enum class SessionInterfaceCode {
     // Extension
     TRANS_ID_TRANSFER_ABILITY_RESULT = 500,
     TRANS_ID_TRANSFER_EXTENSION_DATA = 501,
-    TRANS_ID_NOTIFY_REMOTE_READY = 502,
-    TRANS_ID_NOTIFY_EXTENSION_DIED = 503,
+    TRANS_ID_NOTIFY_EXTENSION_DIED,
     TRANS_ID_NOTIFY_ASYNC_ON,
     TRANS_ID_NOTIFY_SYNC_ON,
     TRANS_ID_NOTIFY_REPORT_ACCESSIBILITY_EVENT,

window_scene/session/host/include/zidl/session_proxy.h

@@ -64,7 +64,6 @@ public:
     WSError TransferExtensionData(const AAFwk::WantParams& wantParams) override;
     WSError TransferAccessibilityEvent(const Accessibility::AccessibilityEventInfo& info,
         int64_t uiExtensionIdLevel) override;
-    void NotifyRemoteReady() override;
     void NotifySyncOn() override;
     void NotifyAsyncOn() override;
     void NotifyExtensionDied() override;

window_scene/session/host/include/zidl/session_stub.h

@@ -75,7 +75,6 @@ private:
     // extension extension
     int HandleTransferAbilityResult(MessageParcel& data, MessageParcel& reply);
     int HandleTransferExtensionData(MessageParcel& data, MessageParcel& reply);
-    int HandleNotifyRemoteReady(MessageParcel& data, MessageParcel& reply);
     int HandleNotifySyncOn(MessageParcel& data, MessageParcel& reply);
     int HandleNotifyAsyncOn(MessageParcel& data, MessageParcel& reply);
     int HandleNotifyExtensionDied(MessageParcel& data, MessageParcel& reply);

window_scene/session/host/src/extension_session.cpp

@@ -228,14 +228,6 @@ WSErrorCode ExtensionSession::TransferComponentDataSync(const AAFwk::WantParams&
     return sessionStage_->NotifyTransferComponentDataSync(wantParams, reWantParams);
 }
 
-void ExtensionSession::NotifyRemoteReady()
-{
-    if (extSessionEventCallback_ != nullptr &&
-        extSessionEventCallback_->notifyRemoteReadyFunc_ != nullptr) {
-        extSessionEventCallback_->notifyRemoteReadyFunc_();
-    }
-}
-
 void ExtensionSession::NotifySyncOn()
 {
     if (extSessionEventCallback_ != nullptr &&

window_scene/session/host/src/session.cpp

@@ -26,6 +26,7 @@
 #include <ui/rs_surface_node.h>
 #include "proxy/include/window_info.h"
 
+#include "common/include/session_permission.h"
 #include "anr_manager.h"
 #include "session_helper.h"
 #include "surface_capture_future.h"
@@ -363,6 +364,10 @@ void Session::NotifyDisconnect()
 
 void Session::NotifyExtensionDied()
 {
+    if (!SessionPermission::IsSystemCalling()) {
+        TLOGE(WmsLogTag::WMS_UIEXT, "permission denied!");
+        return;
+    }
     TLOGI(WmsLogTag::WMS_UIEXT, "NotifyExtensionDied called in session(persistentId:%{public}d).", persistentId_);
     auto lifecycleListeners = GetListeners<ILifecycleListener>();
     std::lock_guard<std::recursive_mutex> lock(lifecycleListenersMutex_);
@@ -375,6 +380,10 @@ void Session::NotifyExtensionDied()
 
 void Session::NotifyExtensionTimeout(int32_t errorCode)
 {
+    if (!SessionPermission::IsSystemCalling()) {
+        TLOGE(WmsLogTag::WMS_UIEXT, "permission denied!");
+        return;
+    }
     TLOGI(WmsLogTag::WMS_UIEXT, "NotifyExtensionTimeout(errorCode:%{public}d) in session(persistentId:%{public}d).",
         errorCode, persistentId_);
     auto lifecycleListeners = GetListeners<ILifecycleListener>();

window_scene/session/host/src/zidl/session_proxy.cpp

@@ -850,22 +850,6 @@ WSError SessionProxy::TransferExtensionData(const AAFwk::WantParams& wantParams)
     return static_cast<WSError>(ret);
 }
 
-void SessionProxy::NotifyRemoteReady()
-{
-    MessageParcel data;
-    MessageParcel reply;
-    MessageOption option(MessageOption::TF_ASYNC);
-    if (!data.WriteInterfaceToken(GetDescriptor())) {
-        WLOGFE("WriteInterfaceToken failed");
-        return;
-    }
-    if (Remote()->SendRequest(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_REMOTE_READY),
-        data, reply, option) != ERR_NONE) {
-        WLOGFE("SendRequest failed");
-        return;
-    }
-}
-
 void SessionProxy::NotifySyncOn()
 {
     MessageParcel data;

window_scene/session/host/src/zidl/session_stub.cpp

@@ -109,8 +109,6 @@ const std::map<uint32_t, SessionStubFunc> SessionStub::stubFuncMap_ {
         &SessionStub::HandleTransferAbilityResult),
     std::make_pair(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_TRANSFER_EXTENSION_DATA),
         &SessionStub::HandleTransferExtensionData),
-    std::make_pair(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_REMOTE_READY),
-        &SessionStub::HandleNotifyRemoteReady),
     std::make_pair(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_ASYNC_ON),
         &SessionStub::HandleNotifyAsyncOn),
     std::make_pair(static_cast<uint32_t>(SessionInterfaceCode::TRANS_ID_NOTIFY_SYNC_ON),
@@ -551,13 +549,6 @@ int SessionStub::HandleTransferExtensionData(MessageParcel& data, MessageParcel&
     return ERR_NONE;
 }
 
-int SessionStub::HandleNotifyRemoteReady(MessageParcel& data, MessageParcel& reply)
-{
-    WLOGFD("HandleNotifyRemoteReady!");
-    NotifyRemoteReady();
-    return ERR_NONE;
-}
-
 int SessionStub::HandleNotifySyncOn(MessageParcel& data, MessageParcel& reply)
 {
     NotifySyncOn();

window_scene/session_manager/src/scene_session_manager.cpp

@@ -8100,13 +8100,14 @@ void SceneSessionManager::HandleSpecialExtWindowFlagsChange(int32_t persistentId
 
 WSError SceneSessionManager::AddOrRemoveSecureSession(int32_t persistentId, bool shouldHide)
 {
+    const auto callingPid = IPCSkeleton::GetCallingRealPid();
     TLOGI(WmsLogTag::WMS_UIEXT, "persistentId=%{public}d, shouldHide=%{public}u", persistentId, shouldHide);
     if (!SessionPermission::IsSystemCalling()) {
         TLOGE(WmsLogTag::WMS_UIEXT, "HideNonSecureWindows permission denied!");
         return WSError::WS_ERROR_NOT_SYSTEM_APP;
     }
 
-    auto task = [this, persistentId, shouldHide]() {
+    auto task = [this, persistentId, shouldHide, callingPid]() {
         std::shared_lock<std::shared_mutex> lock(sceneSessionMapMutex_);
         auto iter = sceneSessionMap_.find(persistentId);
         if (iter == sceneSessionMap_.end()) {
@@ -8114,8 +8115,15 @@ WSError SceneSessionManager::AddOrRemoveSecureSession(int32_t persistentId, bool
                 persistentId);
             return WSError::WS_ERROR_INVALID_SESSION;
         }
-
         auto sceneSession = iter->second;
+        if (sceneSession == nullptr) {
+            TLOGE(WmsLogTag::WMS_UIEXT, "AddOrRemoveSecureSession: sceneSession is nullptr.");
+            return WSError::WS_ERROR_NULLPTR;
+        }
+        if (callingPid != sceneSession->GetCallingPid()) {
+            TLOGE(WmsLogTag::WMS_UIEXT, "AddOrRemoveSecureSession: Permission denied");
+            return WSError::WS_ERROR_INVALID_PERMISSION;
+        }
         sceneSession->SetShouldHideNonSecureWindows(shouldHide);
         return HandleSecureSessionShouldHide(sceneSession);
     };

window_scene/test/mock/mock_session_stub.h

@@ -67,7 +67,6 @@ public:
     MOCK_METHOD2(HandleSessionException, int(MessageParcel& data, MessageParcel& reply));
     MOCK_METHOD2(HandleTransferAbilityResult, int(MessageParcel& data, MessageParcel& reply));
     MOCK_METHOD2(HandleTransferExtensionData, int(MessageParcel& data, MessageParcel& reply));
-    MOCK_METHOD2(HandleNotifyRemoteReady, int(MessageParcel& data, MessageParcel& reply));
     MOCK_METHOD2(HandleNotifyExtensionDied, int(MessageParcel& data, MessageParcel& reply));
     MOCK_METHOD2(HandleNotifyExtensionTimeout, int(MessageParcel& data, MessageParcel& reply));
 };

window_scene/test/unittest/extension_session_test.cpp

@@ -171,30 +171,6 @@ HWTEST_F(ExtensionSessionTest, TransferExtensionData, Function | SmallTest | Lev
     ASSERT_EQ(result, WSError::WS_OK);
 }
 
-/**
- * @tc.name: NotifyRemoteReady
- * @tc.desc: test function : NotifyRemoteReady
- * @tc.type: FUNC
- */
-HWTEST_F(ExtensionSessionTest, NotifyRemoteReady, Function | SmallTest | Level1)
-{
-    MockFunction<void()> mockNotifyRemoteReadyFunc;
-    extSessionEventCallback_->notifyRemoteReadyFunc_ = mockNotifyRemoteReadyFunc.AsStdFunction();
-    extensionSession_->RegisterExtensionSessionEventCallback(extSessionEventCallback_);
-    EXPECT_CALL(mockNotifyRemoteReadyFunc, Call()).Times(1);
-    extensionSession_->NotifyRemoteReady();
-
-    extSessionEventCallback_->notifyRemoteReadyFunc_ = nullptr;
-    extensionSession_->RegisterExtensionSessionEventCallback(extSessionEventCallback_);
-    EXPECT_CALL(mockNotifyRemoteReadyFunc, Call()).Times(0);
-    extensionSession_->NotifyRemoteReady();
-
-    extSessionEventCallback_ = nullptr;
-    extensionSession_->RegisterExtensionSessionEventCallback(extSessionEventCallback_);
-    EXPECT_CALL(mockNotifyRemoteReadyFunc, Call()).Times(0);
-    extensionSession_->NotifyRemoteReady();
-}
-
 /**
  * @tc.name: TransferComponentData
  * @tc.desc: test function : TransferComponentData

window_scene/test/unittest/session_stub_test.cpp

@@ -166,8 +166,6 @@ HWTEST_F(SessionStubTest, sessionStubTest02, Function | SmallTest | Level2)
     ASSERT_EQ(22, res);
     res = session_->HandleTransferExtensionData(data, reply);
     ASSERT_EQ(22, res);
-    res = session_->HandleNotifyRemoteReady(data, reply);
-    ASSERT_EQ(0, res);
     res = session_->HandleNotifyExtensionDied(data, reply);
     ASSERT_EQ(0, res);
     res = session_->HandleNotifyExtensionTimeout(data, reply);