From 9f278e905de1d8d4b5f8ac09068443278c54a021 Mon Sep 17 00:00:00 2001 From: zhangzezhong Date: Fri, 13 Jun 2025 11:40:34 +0800 Subject: [PATCH] =?UTF-8?q?application=E9=97=AE=E9=A2=98=E5=8D=95=E4=BB=A3?= =?UTF-8?q?=E7=A0=81=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhangzezhong --- frameworks/ets/ani/application/BUILD.gn | 3 + .../ani/application/src/ets_application.cpp | 127 +++++++++++++----- 2 files changed, 97 insertions(+), 33 deletions(-) diff --git a/frameworks/ets/ani/application/BUILD.gn b/frameworks/ets/ani/application/BUILD.gn index 8eeeeaaf6f3..63cd47ad6f8 100644 --- a/frameworks/ets/ani/application/BUILD.gn +++ b/frameworks/ets/ani/application/BUILD.gn @@ -43,8 +43,11 @@ ohos_shared_library("application_ani") { external_deps = [ "ability_base:configuration", + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "bundle_framework:appexecfwk_core", "hilog:libhilog", + "ipc:ipc_core", "napi:ace_napi", "runtime_core:ani", ] diff --git a/frameworks/ets/ani/application/src/ets_application.cpp b/frameworks/ets/ani/application/src/ets_application.cpp index de59116f3bf..807ff46b881 100644 --- a/frameworks/ets/ani/application/src/ets_application.cpp +++ b/frameworks/ets/ani/application/src/ets_application.cpp @@ -12,17 +12,82 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "ets_application.h" -#include "sts_error_utils.h" +#include "accesstoken_kit.h" #include "ani_base_context.h" #include "ani_common_util.h" -#include "sts_context_utils.h" #include "application_context.h" #include "context_impl.h" +#include "ets_application.h" #include "hilog_tag_wrapper.h" +#include "ipc_skeleton.h" +#include "sts_context_utils.h" +#include "sts_error_utils.h" +#include "tokenid_kit.h" namespace OHOS { namespace AbilityRuntime { +namespace { +constexpr const char* PERMISSION_GET_BUNDLE_INFO = "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED"; +} + +ani_object GetNullObject(ani_env *env) +{ + ani_class cls = nullptr; + ani_status status = env->FindClass("Lapplication/Context/Context;", &cls); + if (status != ANI_OK) { + TAG_LOGE(AAFwkTag::APPKIT, "find Context failed status: %{public}d", status); + } + ani_method method = nullptr; + status = env->Class_FindMethod(cls, "", ":V", &method); + if (status != ANI_OK) { + TAG_LOGE(AAFwkTag::APPKIT, "Class_FindMethod ctor failed status: %{public}d", status); + } + ani_object objValue = nullptr; + if (env->Object_New(cls, method, &objValue) != ANI_OK) { + TAG_LOGE(AAFwkTag::APPKIT, "Object_New failed status: %{public}d", status); + } + return objValue; +} + +bool CheckCallerIsSystemApp() +{ + auto selfToken = IPCSkeleton::GetSelfTokenID(); + if (!Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(selfToken)) { + return false; + } + return true; +} + +bool CheckCallerPermission(const std::string &permission) +{ + auto selfToken = IPCSkeleton::GetSelfTokenID(); + int ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(selfToken, permission); + if (ret != Security::AccessToken::PermissionState::PERMISSION_GRANTED) { + return false; + } + return true; +} + +bool CheckCaller(ani_env *env, ani_object callback) +{ + if (!CheckCallerIsSystemApp()) { + TAG_LOGE(AAFwkTag::APPKIT, "no system app"); + auto emptyObject = GetNullObject(env); + AppExecFwk::AsyncCallback(env, callback, CreateStsError(env, + static_cast(AbilityErrorCode::ERROR_CODE_NOT_SYSTEM_APP), + "The application is not system-app, can not use system-api."), emptyObject); + return false; + } + if (!CheckCallerPermission(PERMISSION_GET_BUNDLE_INFO)) { + TAG_LOGE(AAFwkTag::APPKIT, "no permission"); + auto emptyObject = GetNullObject(env); + AppExecFwk::AsyncCallback(env, callback, + CreateStsNoPermissionError(env, PERMISSION_GET_BUNDLE_INFO), emptyObject); + return false; + } + return true; +} + bool SetNativeContextLong(ani_env *env, std::shared_ptr context, ani_class& cls, ani_object& contextObj) { if (env == nullptr || context == nullptr) { @@ -33,30 +98,25 @@ bool SetNativeContextLong(ani_env *env, std::shared_ptr context, ani_cl ani_method method {}; if ((status = env->Class_FindMethod(cls, "", ":V", &method)) != ANI_OK) { TAG_LOGE(AAFwkTag::APPKIT, "status: %{public}d", status); - ThrowStsInvalidParamError(env, "find method failed."); return false; } if ((status = env->Object_New(cls, method, &contextObj)) != ANI_OK) { TAG_LOGE(AAFwkTag::APPKIT, "status: %{public}d", status); - ThrowStsInvalidParamError(env, "new object failed."); return false; } ani_field field = nullptr; if ((status = env->Class_FindField(cls, "nativeContext", &field)) != ANI_OK) { TAG_LOGE(AAFwkTag::APPKIT, "status: %{public}d", status); - ThrowStsInvalidParamError(env, "find nativeContext failed."); return false; } auto workContext = new (std::nothrow) std::weak_ptr(context); if (workContext == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "workContext nullptr"); - ThrowStsInvalidParamError(env, "workContext is null."); return false; } ani_long nativeContextLong = (ani_long)workContext; if ((status = env->Object_SetField_Long(contextObj, field, nativeContextLong)) != ANI_OK) { TAG_LOGE(AAFwkTag::APPKIT, "status: %{public}d", status); - ThrowStsInvalidParamError(env, "set field failed."); delete workContext; workContext = nullptr; return false; @@ -73,29 +133,15 @@ void SetCreateCompleteCallback(ani_env *env, std::shared_ptrFindClass("Lapplication/Context/Context;", &cls); - if (status != ANI_OK) { - TAG_LOGE(AAFwkTag::APPKIT, "find Context failed status: %{public}d", status); - } - ani_method method = nullptr; - status = env->Class_FindMethod(cls, "", ":V", &method); - if (status != ANI_OK) { - TAG_LOGE(AAFwkTag::APPKIT, "Class_FindMethod ctor failed status: %{public}d", status); - } - ani_object objValue = nullptr; - if (env->Object_New(cls, method, &objValue) != ANI_OK) { - TAG_LOGE(AAFwkTag::APPKIT, "Object_New failed status: %{public}d", status); - } + auto emptyObject = GetNullObject(env); AppExecFwk::AsyncCallback(env, callback, CreateStsError(env, - AbilityErrorCode::ERROR_CODE_INVALID_PARAM), objValue); + AbilityErrorCode::ERROR_CODE_INVALID_PARAM), emptyObject); return; } ani_class cls {}; ani_status status = ANI_ERROR; if ((status = env->FindClass("Lapplication/Context/Context;", &cls)) != ANI_OK) { TAG_LOGE(AAFwkTag::APPKIT, "status: %{public}d", status); - ThrowStsInvalidParamError(env, "find class failed."); return; } ani_object contextObj = nullptr; @@ -106,7 +152,6 @@ void SetCreateCompleteCallback(ani_env *env, std::shared_ptrGetApplicationContext(); if (application == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "application is null"); - ThrowStsInvalidParamError(env, "application is nullptr."); return; } ContextUtil::StsCreatContext(env, cls, contextObj, application->GetApplicationCtxObjRef(), context); @@ -121,6 +166,7 @@ static void CreateModuleContext([[maybe_unused]] ani_env *env, TAG_LOGE(AAFwkTag::APPKIT, "null env"); return; } + ani_object emptyObject = GetNullObject(env); std::string stdBundleName = ""; std::string stdModuleName = ""; AppExecFwk::GetStdString(env, bundleName, stdBundleName); @@ -129,32 +175,39 @@ static void CreateModuleContext([[maybe_unused]] ani_env *env, ani_status status = OHOS::AbilityRuntime::IsStageContext(env, contextObj, stageMode); if (status != ANI_OK || !stageMode) { TAG_LOGE(AAFwkTag::APPKIT, "not stageMode"); - ThrowStsInvalidParamError(env, "Parse param context failed, must be a context of stageMode."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must be a context of stageMode."), emptyObject); return; } auto context = OHOS::AbilityRuntime::GetStageModeContext(env, contextObj); if (context == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "null context"); - ThrowStsInvalidParamError(env, "Parse param context failed, must not be nullptr."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must not be nullptr."), emptyObject); return; } auto inputContextPtr = Context::ConvertTo(context); if (inputContextPtr == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "Convert to context failed"); - ThrowStsInvalidParamError(env, "Parse param context failed, must be a context."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must be a context."), emptyObject); return; } std::shared_ptr> moduleContext = std::make_shared>(); std::shared_ptr contextImpl = std::make_shared(); if (contextImpl == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "null contextImpl"); - ThrowStsInvalidParamError(env, "create context failed."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "create context failed."), emptyObject); return; } contextImpl->SetProcessName(context->GetProcessName()); if (stdBundleName.empty()) { *moduleContext = contextImpl->CreateModuleContext(stdModuleName, inputContextPtr); } else { + if (!CheckCaller(env, callback)) { + TAG_LOGE(AAFwkTag::APPKIT, "CheckCaller failed"); + } *moduleContext = contextImpl->CreateModuleContext(stdBundleName, stdModuleName, inputContextPtr); } SetCreateCompleteCallback(env, moduleContext, callback); @@ -168,32 +221,40 @@ static void CreateBundleContext([[maybe_unused]] ani_env *env, TAG_LOGE(AAFwkTag::APPKIT, "null env"); return; } + if (!CheckCaller(env, callback)) { + TAG_LOGE(AAFwkTag::APPKIT, "CheckCaller failed"); + return; + } std::string stdBundleName = ""; AppExecFwk::GetStdString(env, bundleName, stdBundleName); ani_boolean stageMode = false; ani_status status = OHOS::AbilityRuntime::IsStageContext(env, contextObj, stageMode); if (status != ANI_OK || !stageMode) { TAG_LOGE(AAFwkTag::APPKIT, "not stageMode"); - ThrowStsInvalidParamError(env, "Parse param context failed, must be a context of stageMode."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must be a context of stageMode."), emptyObject); return; } auto context = OHOS::AbilityRuntime::GetStageModeContext(env, contextObj); if (context == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "null context"); - ThrowStsInvalidParamError(env, "Parse param context failed, must not be nullptr."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must not be nullptr."), emptyObject); return; } auto inputContextPtr = Context::ConvertTo(context); if (inputContextPtr == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "Convert to context failed"); - ThrowStsInvalidParamError(env, "Parse param context failed, must be a context."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "Parse param context failed, must be a context."), emptyObject); return; } auto bundleContext = std::make_shared>(); std::shared_ptr contextImpl = std::make_shared(); if (contextImpl == nullptr) { TAG_LOGE(AAFwkTag::APPKIT, "null contextImpl"); - ThrowStsInvalidParamError(env, "create context failed."); + AppExecFwk::AsyncCallback(env, callback, CreateStsInvalidParamError(env, + "create context failed."), emptyObject); return; } contextImpl->SetProcessName(context->GetProcessName()); -- Gitee