From 153845b095c467da2a43ba1fa173693d4698389f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AE=B5=E5=97=A3=E9=92=8A?= Date: Thu, 15 May 2025 12:43:56 +0800 Subject: [PATCH] =?UTF-8?q?Active=E6=8E=A5=E5=8F=A3=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E6=9D=83=E9=99=90(=E6=8C=91=E5=8D=955.0.3Release)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 段嗣钊 --- .../src/uri_permission_manager_proxy.cpp | 8 ++-- .../src/uri_permission_manager_stub.cpp | 6 ++- .../common/include/permission_constants.h | 1 + .../src/uri_permission_manager_stub_impl.cpp | 12 ++++- .../mock/include/mock_my_flag.h | 1 + .../mock/src/mock_my_flag.cpp | 1 + .../mock/src/mock_permission_verification.cpp | 4 ++ .../uri_permission_impl_test.cpp | 46 +++++++++++++++++++ 8 files changed, 72 insertions(+), 7 deletions(-) diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp index daa9395c056..c2ba7245b54 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_proxy.cpp @@ -402,11 +402,11 @@ int UriPermissionManagerProxy::Active(const std::vector &policy, std TAG_LOGE(AAFwkTag::URIPERMMGR, "SendRequest fail, error:%{public}d", error); return INNER_ERR; } - auto res = reply.ReadUInt32Vector(&result); - if (res) { - return ERR_OK; + if (!reply.ReadUInt32Vector(&result)) { + TAG_LOGE(AAFwkTag::URIPERMMGR, "ReadUInt32Vector failed"); + return INNER_ERR; } - return INNER_ERR; + return reply.ReadInt32(); } #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER } // namespace AAFwk diff --git a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp index 6c926ae86f2..f54999fd732 100644 --- a/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp +++ b/interfaces/inner_api/uri_permission/src/uri_permission_manager_stub.cpp @@ -235,10 +235,14 @@ int UriPermissionManagerStub::HandleActive(MessageParcel &data, MessageParcel &r std::vector result; int res = Active(policy, result); if (!reply.WriteUInt32Vector(result)) { + TAG_LOGE(AAFwkTag::URIPERMMGR, "Write result failed"); + return ERR_DEAD_OBJECT; + } + if (!reply.WriteInt32(res)) { TAG_LOGE(AAFwkTag::URIPERMMGR, "Write res failed"); return ERR_DEAD_OBJECT; } - return res; + return ERR_OK; } #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER } // namespace AAFwk diff --git a/services/common/include/permission_constants.h b/services/common/include/permission_constants.h index 2444a9ba0fc..4e0f6729654 100644 --- a/services/common/include/permission_constants.h +++ b/services/common/include/permission_constants.h @@ -64,6 +64,7 @@ constexpr const char* PERMISSION_KILL_PROCESS_DEPENDED_ON_WEB = "ohos.permission constexpr const char* PERMISSION_PRE_START_ATOMIC_SERVICE = "ohos.permission.PRE_START_ATOMIC_SERVICE"; constexpr const char* PERMISSION_START_NATIVE_CHILD_PROCESS = "ohos.permission.START_NATIVE_CHILD_PROCESS"; constexpr const char* PERMISSION_GET_TELEPHONY_STATE = "ohos.permission.GET_TELEPHONY_STATE"; +constexpr const char* PERMISSION_FILE_ACCESS_PERSIST = "ohos.permission.FILE_ACCESS_PERSIST"; } // namespace PermissionConstants } // namespace AAFwk } // namespace OHOS diff --git a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp index f18c6da0e10..5c764f38295 100644 --- a/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp +++ b/services/uripermmgr/src/uri_permission_manager_stub_impl.cpp @@ -50,6 +50,9 @@ constexpr uint32_t FLAG_READ_URI = Want::FLAG_AUTH_READ_URI_PERMISSION; constexpr const char* CLOUND_DOCS_URI_MARK = "?networkid="; constexpr uint32_t INVALID_ABILITYID = -1; constexpr const char* FOUNDATION_PROCESS = "foundation"; +#ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER +constexpr int32_t SANDBOX_MANAGER_PERMISSION_DENIED = 1; +#endif } bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, uint32_t flag, uint32_t tokenId) @@ -908,6 +911,13 @@ int32_t UriPermissionManagerStubImpl::Active(const std::vector &poli { HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__); TAG_LOGD(AAFwkTag::URIPERMMGR, "call"); + auto tokenId = IPCSkeleton::GetCallingTokenID(); + TAG_LOGD(AAFwkTag::URIPERMMGR, "active %{private}d permission", tokenId); + auto permissionName = PermissionConstants::PERMISSION_FILE_ACCESS_PERSIST; + if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(tokenId, permissionName)) { + TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call"); + return SANDBOX_MANAGER_PERMISSION_DENIED; + } std::lock_guard lock(ptMapMutex_); auto callingPid = IPCSkeleton::GetCallingPid(); ConnectManager(appMgr_, APP_MGR_SERVICE_ID); @@ -926,8 +936,6 @@ int32_t UriPermissionManagerStubImpl::Active(const std::vector &poli } uint64_t timeNow = std::chrono::duration_cast( std::chrono::high_resolution_clock::now().time_since_epoch()).count(); - auto tokenId = IPCSkeleton::GetCallingTokenID(); - TAG_LOGD(AAFwkTag::URIPERMMGR, "active %{private}d permission", tokenId); auto ret = SandboxManagerKit::StartAccessingPolicy(policy, result, false, tokenId, timeNow); TAG_LOGI(AAFwkTag::URIPERMMGR, "active permission end"); if (ret != ERR_OK) { diff --git a/test/unittest/uri_permission_impl_test/mock/include/mock_my_flag.h b/test/unittest/uri_permission_impl_test/mock/include/mock_my_flag.h index 4dfe16ce314..8f7300a840d 100644 --- a/test/unittest/uri_permission_impl_test/mock/include/mock_my_flag.h +++ b/test/unittest/uri_permission_impl_test/mock/include/mock_my_flag.h @@ -86,6 +86,7 @@ public: static bool permissionReadWriteDesktop_; static bool permissionReadWriteDocuments_; static bool IsSystempAppCall_; + static bool permissionFileAccessPersist_; static TokenInfoMap tokenInfos; }; diff --git a/test/unittest/uri_permission_impl_test/mock/src/mock_my_flag.cpp b/test/unittest/uri_permission_impl_test/mock/src/mock_my_flag.cpp index be44cef7430..4dd4374277c 100644 --- a/test/unittest/uri_permission_impl_test/mock/src/mock_my_flag.cpp +++ b/test/unittest/uri_permission_impl_test/mock/src/mock_my_flag.cpp @@ -31,6 +31,7 @@ bool MyFlag::permissionReadWriteDownload_ = false; bool MyFlag::permissionReadWriteDesktop_ = false; bool MyFlag::permissionReadWriteDocuments_ = false; bool MyFlag::IsSystempAppCall_ = false; +bool MyFlag::permissionFileAccessPersist_ = false; TokenInfoMap MyFlag::tokenInfos = {}; } // namespace AAFwk } // namespace OHOS \ No newline at end of file diff --git a/test/unittest/uri_permission_impl_test/mock/src/mock_permission_verification.cpp b/test/unittest/uri_permission_impl_test/mock/src/mock_permission_verification.cpp index a2f42e91a5f..6b060713a9d 100644 --- a/test/unittest/uri_permission_impl_test/mock/src/mock_permission_verification.cpp +++ b/test/unittest/uri_permission_impl_test/mock/src/mock_permission_verification.cpp @@ -28,6 +28,7 @@ constexpr const char* PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED = "ohos.permiss constexpr const char* PERMISSION_READ_WRITE_DOWNLOAD = "ohos.permission.READ_WRITE_DOWNLOAD_DIRECTORY"; constexpr const char* PERMISSION_READ_WRITE_DESKTON = "ohos.permission.READ_WRITE_DESKTOP_DIRECTORY"; constexpr const char* PERMISSION_READ_WRITE_DOCUMENTS = "ohos.permission.READ_WRITE_DOCUMENTS_DIRECTORY"; +constexpr const char* PERMISSION_FILE_ACCESS_PERSIST = "ohos.permission.FILE_ACCESS_PERSIST"; } // namespace bool PermissionVerification::VerifyPermissionByTokenId(const int &tokenId, const std::string &permissionName) const @@ -65,6 +66,9 @@ bool PermissionVerification::VerifyPermissionByTokenId(const int &tokenId, const if (permissionName == PERMISSION_READ_WRITE_DOCUMENTS) { return MyFlag::permissionReadWriteDocuments_; } + if (permissionName == PERMISSION_FILE_ACCESS_PERSIST) { + return MyFlag::permissionFileAccessPersist_; + } return false; } bool PermissionVerification::VerifyCallingPermission(const std::string &permissionName) const diff --git a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp index 6d500d83b0b..740fc6775fd 100755 --- a/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp +++ b/test/unittest/uri_permission_impl_test/uri_permission_impl_test.cpp @@ -686,6 +686,52 @@ HWTEST_F(UriPermissionImplTest, RevokeAllUriPermission_002, TestSize.Level1) EXPECT_EQ(ret, CHECK_PERMISSION_FAILED); } +/* + * Feature: UriPermissionManagerStubImpl + * Function: Active + * SubFunction: NA + * FunctionPoints: Active Uri permission without FILE_ACCESS_PERSIST permission. +*/ +HWTEST_F(UriPermissionImplTest, UPMS_Active_001, TestSize.Level1) +{ + auto upms = std::make_unique(); + ASSERT_NE(upms, nullptr); + constexpr int32_t SANDBOX_MANAGER_PERMISSION_DENIED = 1; + PolicyInfo policyInfo; + policyInfo.path = "file://com.example.app1001/data/storage/el2/base/haps/entry/files/test_001.txt"; + policyInfo.mode = 1; + std::vector policyInfoArray = { policyInfo }; + // make param + std::vector result; + // call Active + auto ret = upms->Active(policyInfoArray, result); + EXPECT_EQ(ret, SANDBOX_MANAGER_PERMISSION_DENIED); +} + +/* + * Feature: UriPermissionManagerStubImpl + * Function: Active + * SubFunction: NA + * FunctionPoints: Active Uri permission with FILE_ACCESS_PERSIST permission. +*/ +HWTEST_F(UriPermissionImplTest, UPMS_Active_002, TestSize.Level1) +{ + auto upms = std::make_unique(); + ASSERT_NE(upms, nullptr); + // get policy data + PolicyInfo policyInfo; + policyInfo.path = "file://com.example.app1001/data/storage/el2/base/haps/entry/files/test_001.txt"; + policyInfo.mode = 1; + std::vector policyInfoArray = { policyInfo }; + // make param + std::vector result; + // call Active + MyFlag::permissionFileAccessPersist_ = true; + auto ret = upms->Active(policyInfoArray, result); + MyFlag::permissionFileAccessPersist_ = false; + EXPECT_NE(ret, ERR_OK); +} + /* * Feature: UriPermissionManagerStubImpl * Function: GrantUriPermissionPrivileged -- Gitee