From ec405e595d4fa5564765009d4f53fd054bbced89 Mon Sep 17 00:00:00 2001 From: altay Date: Wed, 23 Feb 2022 00:27:19 +0800 Subject: [PATCH] Description:add interface permission Sig:SIG_ApplicationFramework Feature or Bugfix:Feature Binary Source:No Signed-off-by: altay Change-Id: Ib9313012161fbd2e2c67e06296c08f7c61963dc0 --- .../include/appmgr/ams_mgr_interface.h | 10 +- .../include/appmgr/ams_mgr_proxy.h | 9 +- .../include/appmgr/app_mgr_client.h | 26 +- .../include/appmgr/app_mgr_interface.h | 32 +-- .../include/appmgr/app_mgr_proxy.h | 29 +- .../app_manager/include/appmgr/app_mgr_stub.h | 5 +- .../app_manager/src/appmgr/ams_mgr_proxy.cpp | 23 +- .../app_manager/src/appmgr/ams_mgr_stub.cpp | 10 +- .../app_manager/src/appmgr/app_mgr_client.cpp | 35 +-- .../app_manager/src/appmgr/app_mgr_proxy.cpp | 70 +---- .../app_manager/src/appmgr/app_mgr_stub.cpp | 33 +-- services/BUILD.gn | 1 + services/abilitymgr/BUILD.gn | 1 + .../include/ability_connect_manager.h | 10 +- .../include/ability_manager_service.h | 7 + .../abilitymgr/include/data_ability_manager.h | 4 +- .../abilitymgr/include/mission_list_manager.h | 4 +- .../src/ability_connect_manager.cpp | 118 ++++---- .../src/ability_manager_service.cpp | 234 +++++++++------- .../abilitymgr/src/data_ability_manager.cpp | 27 +- .../abilitymgr/src/mission_list_manager.cpp | 28 +- .../src/appmgr/app_mgr_client.cpp | 17 +- .../BUILD.gn | 3 +- .../BUILD.gn | 3 +- .../ability_connect_manage_test/BUILD.gn | 3 +- .../unittest/phone/ability_dump_test/BUILD.gn | 3 +- .../phone/ability_manager_proxy_test/BUILD.gn | 3 +- .../ability_manager_service_test/BUILD.gn | 3 +- .../phone/ability_manager_stub_test/BUILD.gn | 3 +- .../phone/ability_record_test/BUILD.gn | 3 +- .../ability_scheduler_proxy_test/BUILD.gn | 3 +- .../ability_scheduler_stub_test/BUILD.gn | 3 +- .../phone/ability_service_start_test/BUILD.gn | 3 +- .../phone/ability_stack_manager_test/BUILD.gn | 3 +- .../phone/ability_token_proxy_test/BUILD.gn | 3 +- .../phone/ability_token_stub_test/BUILD.gn | 3 +- .../ability_with_applications_test/BUILD.gn | 3 +- .../phone/abilityms_appms_test/BUILD.gn | 3 +- .../phone/app_scheduler_test/BUILD.gn | 3 +- .../phone/configuration_test/BUILD.gn | 3 +- .../phone/connection_record_test/BUILD.gn | 3 +- .../phone/data_ability_manager_test/BUILD.gn | 3 +- .../phone/data_ability_record_test/BUILD.gn | 3 +- .../test/unittest/phone/info_test/BUILD.gn | 3 +- .../kernal_system_app_manager_test/BUILD.gn | 3 +- .../phone/lifecycle_deal_test/BUILD.gn | 3 +- .../unittest/phone/lifecycle_test/BUILD.gn | 3 +- .../lock_screen_white_list_test/BUILD.gn | 3 +- .../unittest/phone/mission_list_test/BUILD.gn | 3 +- .../phone/mission_record_test/BUILD.gn | 3 +- .../phone/mission_stack_test/BUILD.gn | 3 +- .../test/unittest/phone/mission_test/BUILD.gn | 3 +- .../phone/pending_want_key_test/BUILD.gn | 3 +- .../phone/pending_want_manager_test/BUILD.gn | 3 +- .../phone/pending_want_record_test/BUILD.gn | 3 +- .../resume_mission_container_test/BUILD.gn | 3 +- .../phone/screenshot_handler_test/BUILD.gn | 3 +- .../unittest/phone/sender_info_test/BUILD.gn | 3 +- .../phone/terminate_ability_test/BUILD.gn | 3 +- .../phone/want_receiver_proxy_test/BUILD.gn | 3 +- .../phone/want_receiver_stub_test/BUILD.gn | 3 +- .../phone/want_sender_info_test/BUILD.gn | 3 +- .../phone/want_sender_proxy_test/BUILD.gn | 3 +- .../phone/want_sender_stub_test/BUILD.gn | 3 +- .../unittest/phone/wants_info_test/BUILD.gn | 3 +- .../unittest/phone/window_info_test/BUILD.gn | 3 +- services/appmgr/BUILD.gn | 2 + services/appmgr/include/ams_mgr_scheduler.h | 9 +- services/appmgr/include/app_mgr_service.h | 29 +- .../appmgr/include/app_mgr_service_inner.h | 42 +-- services/appmgr/include/process_optimizer.h | 4 +- .../appmgr/include/process_optimizer_uba.h | 4 +- services/appmgr/src/ams_mgr_scheduler.cpp | 11 +- services/appmgr/src/app_mgr_service.cpp | 28 +- services/appmgr/src/app_mgr_service_inner.cpp | 251 +++++++++++++----- services/appmgr/src/process_optimizer.cpp | 25 +- services/appmgr/src/process_optimizer_uba.cpp | 22 +- .../ams_ability_running_record_test/BUILD.gn | 1 + .../ams_app_death_recipient_test/BUILD.gn | 1 + .../unittest/ams_app_life_cycle_test/BUILD.gn | 1 + .../ams_app_life_cycle_test.cpp | 17 +- .../unittest/ams_app_mgr_client_test/BUILD.gn | 3 +- .../ams_app_running_record_test/BUILD.gn | 1 + .../unittest/ams_app_workflow_test/BUILD.gn | 1 + .../ams_ipc_appmgr_interface_test.cpp | 29 +- .../ams_mgr_scheduler_test.cpp | 28 +- .../ams_recent_app_list_test/BUILD.gn | 1 + .../BUILD.gn | 1 + .../ams_service_event_drive_test/BUILD.gn | 1 + .../ams_service_event_drive_test.cpp | 70 +---- .../BUILD.gn | 1 + .../ams_service_startup_test/BUILD.gn | 1 + .../BUILD.gn | 1 + services/common/BUILD.gn | 28 +- .../common/include/permission_constants.h | 32 +++ .../common/include/permission_verification.h | 42 +++ .../common/src/permission_verification.cpp | 72 +++++ services/formmgr/BUILD.gn | 2 + services/formmgr/include/form_info_mgr.h | 2 + services/formmgr/include/form_mgr_service.h | 12 - services/formmgr/src/form_info_mgr.cpp | 62 ++++- services/formmgr/src/form_mgr_service.cpp | 33 +-- .../ability_mgr_service_test/BUILD.gn | 1 + .../moduletest/ability_record_test/BUILD.gn | 1 + .../moduletest/ability_stack_test/BUILD.gn | 1 + .../ams/ability_running_record_test/BUILD.gn | 7 +- .../common/ams/app_life_cycle_test/BUILD.gn | 7 +- .../ams_app_life_cycle_module_test.cpp | 8 - .../common/ams/app_mgr_service_test/BUILD.gn | 3 +- .../ams_app_mgr_service_module_test.cpp | 36 --- .../common/ams/app_recent_list_test/BUILD.gn | 7 +- .../ams/app_running_record_test/BUILD.gn | 7 +- .../common/ams/app_service_flow_test/BUILD.gn | 7 +- .../common/ams/ipc_ams_mgr_test/BUILD.gn | 3 +- .../common/ams/ipc_app_mgr_test/BUILD.gn | 7 +- .../ams_ipc_app_mgr_module_test.cpp | 31 --- .../ams/ipc_app_scheduler_test/BUILD.gn | 7 +- .../ams/process_optimizer_uba_test/BUILD.gn | 5 +- .../service_app_spawn_client_test/BUILD.gn | 3 +- .../ams/service_event_drive_test/BUILD.gn | 3 +- .../ams/service_start_process_test/BUILD.gn | 3 +- .../test/moduletest/dump_module_test/BUILD.gn | 3 +- .../ipc_ability_connect_test/BUILD.gn | 3 +- .../moduletest/ipc_ability_mgr_test/BUILD.gn | 3 +- .../ipc_ability_scheduler_test/BUILD.gn | 3 +- .../panding_want_manager_test/BUILD.gn | 1 + 126 files changed, 875 insertions(+), 1020 deletions(-) create mode 100644 services/common/include/permission_constants.h create mode 100644 services/common/include/permission_verification.h create mode 100644 services/common/src/permission_verification.cpp diff --git a/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_interface.h b/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_interface.h index 0656a1b6243..28d20995083 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_interface.h +++ b/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -80,13 +80,6 @@ public: */ virtual void RegisterAppStateCallback(const sptr &callback) = 0; - /** - * Reset,call Reset() through the proxy object, reset DFX of AppMgr. - * - * @return - */ - virtual void Reset() = 0; - /** * AbilityBehaviorAnalysis,call AbilityBehaviorAnalysis() through the proxy object, * ability behavior analysis assistant process optimization. @@ -185,7 +178,6 @@ public: UPDATE_ABILITY_STATE, UPDATE_EXTENSION_STATE, REGISTER_APP_STATE_CALLBACK, - RESET, ABILITY_BEHAVIOR_ANALYSIS, KILL_PEOCESS_BY_ABILITY_TOKEN, KILL_PROCESSES_BY_USERID, diff --git a/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_proxy.h b/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_proxy.h index ef95912b1a2..4be57ed5e91 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_proxy.h +++ b/interfaces/innerkits/app_manager/include/appmgr/ams_mgr_proxy.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -74,13 +74,6 @@ public: */ virtual void RegisterAppStateCallback(const sptr &callback) override; - /** - * Reset,call Reset() through the proxy object, reset DFX of AppMgr. - * - * @return - */ - virtual void Reset() override; - /** * AbilityBehaviorAnalysis,call AbilityBehaviorAnalysis() through the proxy object, * ability behavior analysis assistant process optimization. diff --git a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_client.h b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_client.h index a21c24eea0d..09da10fab88 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_client.h +++ b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_client.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -83,13 +83,6 @@ public: */ virtual AppMgrResultCode ConnectAppMgrService(); - /** - * Ability manager resst. - * - * @return Returns RESULT_OK on success, others on failure. - */ - virtual AppMgrResultCode Reset(); - /** * AbilityBehaviorAnalysis, ability behavior analysis assistant process optimization. * @@ -175,23 +168,6 @@ public: */ virtual AppMgrResultCode GetConfiguration(Configuration& config); - /** - * SetAppSuspendTimes, Setting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual AppMgrResultCode SetAppFreezingTime(int time); - - /** - * GetAppFreezingTime, Getting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual AppMgrResultCode GetAppFreezingTime(int &time); virtual void AbilityAttachTimeOut(const sptr &token); virtual void PrepareTerminate(const sptr &token); diff --git a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_interface.h b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_interface.h index 0ac19509e2e..3fe7b5a3ebf 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_interface.h +++ b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -105,15 +105,6 @@ public: */ virtual int32_t ClearUpApplicationData(const std::string &bundleName) = 0; - /** - * IsBackgroundRunningRestricted, call IsBackgroundRunningRestricted() through proxy project, - * Checks whether the process of this application is forbidden to run in the background. - * - * @param bundleName, bundle name in Application record. - * @return ERR_OK, return back success, others fail. - */ - virtual int IsBackgroundRunningRestricted(const std::string &bundleName) = 0; - /** * GetAllRunningProcesses, call GetAllRunningProcesses() through proxy project. * Obtains information about application processes that are running on the device. @@ -133,24 +124,6 @@ public: */ virtual int GetProcessRunningInfosByUserId(std::vector &info, int32_t userId) = 0; - /** - * SetAppSuspendTimes, Setting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void SetAppFreezingTime(int time) = 0; - - /** - * GetAppFreezingTime, Getting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void GetAppFreezingTime(int &time) = 0; - /** * Get system memory information. * @param SystemMemoryAttr, memory information. @@ -210,11 +183,8 @@ public: APP_ABILITY_CLEANED, APP_GET_MGR_INSTANCE, APP_CLEAR_UP_APPLICATION_DATA, - APP_IS_BACKGROUND_RUNNING_RESTRICTED, APP_GET_ALL_RUNNING_PROCESSES, APP_GET_RUNNING_PROCESSES_BY_USER_ID, - APP_SET_APP_FREEZING_TIME, - APP_GET_APP_FREEZING_TIME, APP_GET_SYSTEM_MEMORY_ATTR, APP_ADD_ABILITY_STAGE_INFO_DONE, STARTUP_RESIDENT_PROCESS, diff --git a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_proxy.h b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_proxy.h index d3db6663ef8..ecbcda54066 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_proxy.h +++ b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_proxy.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -98,15 +98,6 @@ public: */ virtual int32_t ClearUpApplicationData(const std::string &bundleName) override; - /** - * IsBackgroundRunningRestricted, call IsBackgroundRunningRestricted() through proxy project, - * Checks whether the process of this application is forbidden to run in the background. - * - * @param bundleName, bundle name in Application record. - * @return ERR_OK, return back success, others fail. - */ - virtual int32_t IsBackgroundRunningRestricted(const std::string &bundleName) override; - /** * GetAllRunningProcesses, call GetAllRunningProcesses() through proxy project. * Obtains information about application processes that are running on the device. @@ -125,24 +116,6 @@ public: */ virtual int32_t GetProcessRunningInfosByUserId(std::vector &info, int32_t userId) override; - /** - * SetAppSuspendTimes, Setting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void SetAppFreezingTime(int time) override; - - /** - * GetAppFreezingTime, Getting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void GetAppFreezingTime(int &time) override; - /** * Get system memory information. * @param SystemMemoryAttr, memory information. diff --git a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_stub.h b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_stub.h index 0af16c37c81..5cd32d62096 100644 --- a/interfaces/innerkits/app_manager/include/appmgr/app_mgr_stub.h +++ b/interfaces/innerkits/app_manager/include/appmgr/app_mgr_stub.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -63,11 +63,8 @@ private: int32_t HandleAbilityCleaned(MessageParcel &data, MessageParcel &reply); int32_t HandleGetAmsMgr(MessageParcel &data, MessageParcel &reply); int32_t HandleClearUpApplicationData(MessageParcel &data, MessageParcel &reply); - int32_t HandleIsBackgroundRunningRestricted(MessageParcel &data, MessageParcel &reply); int32_t HandleGetAllRunningProcesses(MessageParcel &data, MessageParcel &reply); int32_t HandleGetProcessRunningInfosByUserId(MessageParcel &data, MessageParcel &reply); - int32_t HandleSetAppFreezingTime(MessageParcel &data, MessageParcel &reply); - int32_t HandleGetAppFreezingTime(MessageParcel &data, MessageParcel &reply); int32_t HandleGetSystemMemoryAttr(MessageParcel &data, MessageParcel &reply); int32_t HandleAddAbilityStageDone(MessageParcel &data, MessageParcel &reply); int32_t HandleStartupResidentProcess(MessageParcel &data, MessageParcel &reply); diff --git a/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_proxy.cpp b/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_proxy.cpp index d1b349653f5..f0801563e30 100644 --- a/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_proxy.cpp +++ b/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_proxy.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -170,27 +170,6 @@ void AmsMgrProxy::RegisterAppStateCallback(const sptr &callba APP_LOGD("end"); } -void AmsMgrProxy::Reset() -{ - APP_LOGD("start"); - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - if (!WriteInterfaceToken(data)) { - return; - } - sptr remote = Remote(); - if (remote == nullptr) { - APP_LOGE("Remote() is NULL"); - return; - } - int32_t ret = remote->SendRequest(static_cast(IAmsMgr::Message::RESET), data, reply, option); - if (ret != NO_ERROR) { - APP_LOGW("SendRequest is failed, error code: %{public}d", ret); - } - APP_LOGD("end"); -} - void AmsMgrProxy::AbilityBehaviorAnalysis(const sptr &token, const sptr &preToken, const int32_t visibility, const int32_t perceptibility, const int32_t connectionState) { diff --git a/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_stub.cpp b/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_stub.cpp index eb7e502a844..ec7cc1ef193 100644 --- a/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_stub.cpp +++ b/interfaces/innerkits/app_manager/src/appmgr/ams_mgr_stub.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -40,7 +40,6 @@ AmsMgrStub::AmsMgrStub() &AmsMgrStub::HandleUpdateExtensionState; memberFuncMap_[static_cast(IAmsMgr::Message::REGISTER_APP_STATE_CALLBACK)] = &AmsMgrStub::HandleRegisterAppStateCallback; - memberFuncMap_[static_cast(IAmsMgr::Message::RESET)] = &AmsMgrStub::HandleReset; memberFuncMap_[static_cast(IAmsMgr::Message::ABILITY_BEHAVIOR_ANALYSIS)] = &AmsMgrStub::HandleAbilityBehaviorAnalysis; memberFuncMap_[static_cast(IAmsMgr::Message::KILL_PEOCESS_BY_ABILITY_TOKEN)] = @@ -156,13 +155,6 @@ ErrCode AmsMgrStub::HandleRegisterAppStateCallback(MessageParcel &data, MessageP return NO_ERROR; } -ErrCode AmsMgrStub::HandleReset(MessageParcel &data, MessageParcel &reply) -{ - BYTRACE(BYTRACE_TAG_APP); - Reset(); - return NO_ERROR; -} - ErrCode AmsMgrStub::HandleAbilityBehaviorAnalysis(MessageParcel &data, MessageParcel &reply) { BYTRACE(BYTRACE_TAG_APP); diff --git a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_client.cpp b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_client.cpp index 2af80c061a4..44259379746 100644 --- a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_client.cpp +++ b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -106,19 +106,6 @@ AppMgrResultCode AppMgrClient::RegisterAppStateCallback(const sptr service = iface_cast(remote_); - if (service != nullptr) { - sptr amsService = service->GetAmsMgr(); - if (amsService != nullptr) { - amsService->Reset(); - return AppMgrResultCode::RESULT_OK; - } - } - return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED; -} - AppMgrResultCode AppMgrClient::AbilityBehaviorAnalysis(const sptr &token, const sptr &preToken, const int32_t visibility, const int32_t perceptibility, const int32_t connectionState) @@ -247,26 +234,6 @@ AppMgrResultCode AppMgrClient::GetConfiguration(Configuration& config) return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED; } -AppMgrResultCode AppMgrClient::SetAppFreezingTime(int time) -{ - sptr service = iface_cast(remote_); - if (service != nullptr) { - service->SetAppFreezingTime(time); - return AppMgrResultCode::RESULT_OK; - } - return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED; -} - -AppMgrResultCode AppMgrClient::GetAppFreezingTime(int &time) -{ - sptr service = iface_cast(remote_); - if (service != nullptr) { - service->GetAppFreezingTime(time); - return AppMgrResultCode::RESULT_OK; - } - return AppMgrResultCode::ERROR_SERVICE_NOT_CONNECTED; -} - AppMgrResultCode AppMgrClient::ConnectAppMgrService() { if (!serviceManager_) { diff --git a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_proxy.cpp b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_proxy.cpp index ac1495cd260..d0a212ee73e 100644 --- a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_proxy.cpp +++ b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_proxy.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -226,34 +226,6 @@ int32_t AppMgrProxy::ClearUpApplicationData(const std::string &bundleName) return reply.ReadInt32(); } -int32_t AppMgrProxy::IsBackgroundRunningRestricted(const std::string &bundleName) -{ - APP_LOGD("start"); - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - if (!WriteInterfaceToken(data)) { - return ERR_FLATTEN_OBJECT; - } - sptr remote = Remote(); - if (remote == nullptr) { - APP_LOGE("Remote() is NULL"); - return ERR_NULL_OBJECT; - } - if (!data.WriteString(bundleName)) { - APP_LOGE("parcel WriteString failed"); - return ERR_FLATTEN_OBJECT; - } - int32_t ret = remote->SendRequest( - static_cast(IAppMgr::Message::APP_IS_BACKGROUND_RUNNING_RESTRICTED), data, reply, option); - if (ret != NO_ERROR) { - APP_LOGW("SendRequest is failed, error code: %{public}d", ret); - return ret; - } - APP_LOGD("end"); - return reply.ReadInt32(); -} - int32_t AppMgrProxy::GetAllRunningProcesses(std::vector &info) { APP_LOGD("start"); @@ -326,46 +298,6 @@ bool AppMgrProxy::SendTransactCmd(IAppMgr::Message code, MessageParcel &data, Me return true; } -void AppMgrProxy::SetAppFreezingTime(int time) -{ - APP_LOGD("start"); - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - if (!WriteInterfaceToken(data)) { - return; - } - - if (!data.WriteInt32(time)) { - APP_LOGE("parcel WriteInt32 failed"); - return; - } - if (!SendTransactCmd(IAppMgr::Message::APP_SET_APP_FREEZING_TIME, data, reply)) { - APP_LOGE("SendTransactCmd faild"); - return; - } - APP_LOGD("end"); -} - -void AppMgrProxy::GetAppFreezingTime(int &time) -{ - APP_LOGD("start"); - MessageParcel data; - MessageParcel reply; - MessageOption option(MessageOption::TF_SYNC); - if (!WriteInterfaceToken(data)) { - APP_LOGE("WriteInterfaceToken faild"); - return; - } - - if (!SendTransactCmd(IAppMgr::Message::APP_GET_APP_FREEZING_TIME, data, reply)) { - APP_LOGE("SendTransactCmd faild"); - return; - } - time = reply.ReadInt32(); - APP_LOGE("get freeze time : %{public}d ", time); -} - /** * Get system memory information. * @param SystemMemoryAttr, memory information. diff --git a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_stub.cpp b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_stub.cpp index cba183d4fc7..880f090d588 100644 --- a/interfaces/innerkits/app_manager/src/appmgr/app_mgr_stub.cpp +++ b/interfaces/innerkits/app_manager/src/appmgr/app_mgr_stub.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -48,16 +48,10 @@ AppMgrStub::AppMgrStub() memberFuncMap_[static_cast(IAppMgr::Message::APP_GET_MGR_INSTANCE)] = &AppMgrStub::HandleGetAmsMgr; memberFuncMap_[static_cast(IAppMgr::Message::APP_CLEAR_UP_APPLICATION_DATA)] = &AppMgrStub::HandleClearUpApplicationData; - memberFuncMap_[static_cast(IAppMgr::Message::APP_IS_BACKGROUND_RUNNING_RESTRICTED)] = - &AppMgrStub::HandleIsBackgroundRunningRestricted; memberFuncMap_[static_cast(IAppMgr::Message::APP_GET_ALL_RUNNING_PROCESSES)] = &AppMgrStub::HandleGetAllRunningProcesses; memberFuncMap_[static_cast(IAppMgr::Message::APP_GET_RUNNING_PROCESSES_BY_USER_ID)] = &AppMgrStub::HandleGetProcessRunningInfosByUserId; - memberFuncMap_[static_cast(IAppMgr::Message::APP_SET_APP_FREEZING_TIME)] = - &AppMgrStub::HandleSetAppFreezingTime; - memberFuncMap_[static_cast(IAppMgr::Message::APP_GET_APP_FREEZING_TIME)] = - &AppMgrStub::HandleGetAppFreezingTime; memberFuncMap_[static_cast(IAppMgr::Message::APP_GET_SYSTEM_MEMORY_ATTR)] = &AppMgrStub::HandleGetSystemMemoryAttr; memberFuncMap_[static_cast(IAppMgr::Message::APP_ADD_ABILITY_STAGE_INFO_DONE)] = @@ -175,15 +169,6 @@ int32_t AppMgrStub::HandleClearUpApplicationData(MessageParcel &data, MessagePar return NO_ERROR; } -int32_t AppMgrStub::HandleIsBackgroundRunningRestricted(MessageParcel &data, MessageParcel &reply) -{ - BYTRACE(BYTRACE_TAG_APP); - std::string bundleName = data.ReadString(); - int32_t result = IsBackgroundRunningRestricted(bundleName); - reply.WriteInt32(result); - return NO_ERROR; -} - int32_t AppMgrStub::HandleGetAllRunningProcesses(MessageParcel &data, MessageParcel &reply) { BYTRACE(BYTRACE_TAG_APP); @@ -219,22 +204,6 @@ int32_t AppMgrStub::HandleGetProcessRunningInfosByUserId(MessageParcel &data, Me return NO_ERROR; } -int32_t AppMgrStub::HandleSetAppFreezingTime(MessageParcel &data, MessageParcel &reply) -{ - BYTRACE(BYTRACE_TAG_APP); - SetAppFreezingTime(data.ReadInt32()); - return NO_ERROR; -} - -int32_t AppMgrStub::HandleGetAppFreezingTime(MessageParcel &data, MessageParcel &reply) -{ - BYTRACE(BYTRACE_TAG_APP); - int time = 0; - GetAppFreezingTime(time); - reply.WriteInt32(time); - return NO_ERROR; -} - int32_t AppMgrStub::HandleGetSystemMemoryAttr(MessageParcel &data, MessageParcel &reply) { BYTRACE(BYTRACE_TAG_APP); diff --git a/services/BUILD.gn b/services/BUILD.gn index c11ef1cb046..5770614a362 100644 --- a/services/BUILD.gn +++ b/services/BUILD.gn @@ -15,6 +15,7 @@ group("services_target") { deps = [ "abilitymgr:abilityms_target", "appmgr:ams_target", + "common:perm_verification", "dataobsmgr:dataobsms", "uripermmgr:upms_target", ] diff --git a/services/abilitymgr/BUILD.gn b/services/abilitymgr/BUILD.gn index abeb67abb71..adb2b46d78f 100644 --- a/services/abilitymgr/BUILD.gn +++ b/services/abilitymgr/BUILD.gn @@ -80,6 +80,7 @@ ohos_shared_library("abilityms") { "${innerkits_path}/base:base", "${innerkits_path}/uri_permission:uri_permission_mgr", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//base/global/i18n_standard/frameworks/intl:intl_util", "//base/hiviewdfx/hiview/adapter/utility:hiview_adapter_utility", diff --git a/services/abilitymgr/include/ability_connect_manager.h b/services/abilitymgr/include/ability_connect_manager.h index 09313891463..99fa6b0c8f4 100644 --- a/services/abilitymgr/include/ability_connect_manager.h +++ b/services/abilitymgr/include/ability_connect_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -183,9 +183,13 @@ public: ConnectListType GetConnectRecordListByCallback(sptr callback); void RemoveAll(); - void GetExtensionRunningInfos(int upperLimit, std::vector &info, const int32_t userId); + void GetExtensionRunningInfos(int upperLimit, std::vector &info, + const int32_t userId, bool isPerm); - void GetAbilityRunningInfos(std::vector &info); + void GetAbilityRunningInfos(std::vector &info, bool isPerm); + + void GetExtensionRunningInfo(std::shared_ptr &abilityRecord, const int32_t userId, + std::vector &info); /** * SetEventHandler. diff --git a/services/abilitymgr/include/ability_manager_service.h b/services/abilitymgr/include/ability_manager_service.h index 29e2bdd55d3..ae23b2ad8c8 100644 --- a/services/abilitymgr/include/ability_manager_service.h +++ b/services/abilitymgr/include/ability_manager_service.h @@ -748,6 +748,9 @@ public: virtual int GetExtensionRunningInfos(int upperLimit, std::vector &info) override; virtual int GetProcessRunningInfos(std::vector &info) override; int GetProcessRunningInfosByUserId(std::vector &info, int32_t userId); + void GetAbilityRunningInfo(std::vector &info, std::shared_ptr &abilityRecord); + void GetExtensionRunningInfo(std::shared_ptr &abilityRecord, const int32_t userId, + std::vector &info); int GetMissionSaveTime() const; @@ -1136,6 +1139,10 @@ private: void StartupResidentProcess(); + int VerifyMissionPermission(); + + int VerifyAccountPermission(int32_t userId); + using DumpFuncType = void (AbilityManagerService::*)(const std::string &args, std::vector &info); std::map dumpFuncMap_; diff --git a/services/abilitymgr/include/data_ability_manager.h b/services/abilitymgr/include/data_ability_manager.h index a3561ea6511..f1ac566670d 100644 --- a/services/abilitymgr/include/data_ability_manager.h +++ b/services/abilitymgr/include/data_ability_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -48,8 +48,8 @@ public: void Dump(const char *func, int line); void DumpState(std::vector &info, const std::string &args = "") const; void DumpSysState(std::vector &info, bool isClient = false, const std::string &args = "") const; - void GetAbilityRunningInfos(std::vector &info); bool ContainsDataAbility(const sptr &scheduler); + void GetAbilityRunningInfos(std::vector &info, bool isPerm); private: using DataAbilityRecordPtr = std::shared_ptr; diff --git a/services/abilitymgr/include/mission_list_manager.h b/services/abilitymgr/include/mission_list_manager.h index 7c6a82afa40..4429bbe219a 100644 --- a/services/abilitymgr/include/mission_list_manager.h +++ b/services/abilitymgr/include/mission_list_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -322,7 +322,7 @@ public: */ bool GetMissionSnapshot(int32_t missionId, const sptr& abilityToken, MissionSnapshot& missionSnapshot); - void GetAbilityRunningInfos(std::vector &info); + void GetAbilityRunningInfos(std::vector &info, bool isPerm); /** * @brief get current top ability by bundle name diff --git a/services/abilitymgr/src/ability_connect_manager.cpp b/services/abilitymgr/src/ability_connect_manager.cpp index 1fe56f890a1..e09a1150e17 100755 --- a/services/abilitymgr/src/ability_connect_manager.cpp +++ b/services/abilitymgr/src/ability_connect_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -990,80 +990,94 @@ void AbilityConnectManager::DumpState(std::vector &info, bool isCli } void AbilityConnectManager::GetExtensionRunningInfos(int upperLimit, std::vector &info, - const int32_t userId) + const int32_t userId, bool isPerm) { HILOG_INFO("Get extension running info."); std::lock_guard guard(Lock_); - auto queryInfo = [&info, upperLimit, userId](ServiceMapType::reference service) { + auto mgr = shared_from_this(); + auto queryInfo = [&info, upperLimit, userId, isPerm, mgr](ServiceMapType::reference service) { if (static_cast(info.size()) >= upperLimit) { return; } auto abilityRecord = service.second; CHECK_POINTER(abilityRecord); - ExtensionRunningInfo extensionInfo; - AppExecFwk::RunningProcessInfo processInfo; - extensionInfo.extension = abilityRecord->GetWant().GetElement(); - auto bms = AbilityUtil::GetBundleManager(); - CHECK_POINTER(bms); - std::vector extensionInfos; - bool queryResult = bms->QueryExtensionAbilityInfos(abilityRecord->GetWant(), - AppExecFwk::AbilityInfoFlag::GET_ABILITY_INFO_WITH_APPLICATION, userId, extensionInfos); - if (queryResult) { - HILOG_INFO("Query Extension Ability Infos Success."); - auto abilityInfo = abilityRecord->GetAbilityInfo(); - auto isExist = [&abilityInfo](const AppExecFwk::ExtensionAbilityInfo &extensionInfo) { - HILOG_INFO("%{public}s, %{public}s", extensionInfo.bundleName.c_str(), extensionInfo.name.c_str()); - return extensionInfo.bundleName == abilityInfo.bundleName && extensionInfo.name == abilityInfo.name - && extensionInfo.applicationInfo.uid == abilityInfo.applicationInfo.uid; - }; - auto infoIter = std::find_if(extensionInfos.begin(), extensionInfos.end(), isExist); - if (infoIter != extensionInfos.end()) { - HILOG_INFO("Get target success."); - extensionInfo.type = (*infoIter).type; + + if (isPerm) { + mgr->GetExtensionRunningInfo(abilityRecord, userId, info); + } else { + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenID = abilityRecord->GetApplicationInfo().accessTokenId; + if (callingTokenId == tokenID) { + mgr->GetExtensionRunningInfo(abilityRecord, userId, info); } } - DelayedSingleton::GetInstance()-> - GetRunningProcessInfoByToken(abilityRecord->GetToken(), processInfo); - extensionInfo.pid = processInfo.pid_; - extensionInfo.uid = processInfo.uid_; - extensionInfo.processName = processInfo.processName_; - extensionInfo.startTime = abilityRecord->GetStartTime(); - ConnectListType connectRecordList = abilityRecord->GetConnectRecordList(); - for (auto &connectRecord : connectRecordList) { - CHECK_POINTER(connectRecord); - auto callerAbilityRecord = Token::GetAbilityRecordByToken(connectRecord->GetToken()); - CHECK_POINTER(callerAbilityRecord); - std::string package = callerAbilityRecord->GetAbilityInfo().bundleName; - extensionInfo.clientPackage.emplace_back(package); - } - info.emplace_back(extensionInfo); - // extension type }; std::for_each(serviceMap_.begin(), serviceMap_.end(), queryInfo); } -void AbilityConnectManager::GetAbilityRunningInfos(std::vector &info) +void AbilityConnectManager::GetAbilityRunningInfos(std::vector &info, bool isPerm) { HILOG_INFO("Query running ability infos."); std::lock_guard guard(Lock_); - auto queryInfo = [&info](ServiceMapType::reference service) { + auto queryInfo = [&info, isPerm](ServiceMapType::reference service) { auto abilityRecord = service.second; CHECK_POINTER(abilityRecord); - AbilityRunningInfo runningInfo; - AppExecFwk::RunningProcessInfo processInfo; - runningInfo.ability = abilityRecord->GetWant().GetElement(); - DelayedSingleton::GetInstance()-> - GetRunningProcessInfoByToken(abilityRecord->GetToken(), processInfo); - runningInfo.pid = processInfo.pid_; - runningInfo.uid = processInfo.uid_; - runningInfo.processName = processInfo.processName_; - runningInfo.startTime = abilityRecord->GetStartTime(); - runningInfo.abilityState = static_cast(abilityRecord->GetAbilityState()); - info.emplace_back(runningInfo); + + if (isPerm) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, abilityRecord); + } else { + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenID = abilityRecord->GetApplicationInfo().accessTokenId; + if (callingTokenId == tokenID) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, abilityRecord); + } + } }; std::for_each(serviceMap_.begin(), serviceMap_.end(), queryInfo); } + +void AbilityConnectManager::GetExtensionRunningInfo(std::shared_ptr &abilityRecord, const int32_t userId, + std::vector &info) +{ + ExtensionRunningInfo extensionInfo; + AppExecFwk::RunningProcessInfo processInfo; + extensionInfo.extension = abilityRecord->GetWant().GetElement(); + auto bms = AbilityUtil::GetBundleManager(); + CHECK_POINTER(bms); + std::vector extensionInfos; + bool queryResult = bms->QueryExtensionAbilityInfos(abilityRecord->GetWant(), + AppExecFwk::AbilityInfoFlag::GET_ABILITY_INFO_WITH_APPLICATION, userId, extensionInfos); + if (queryResult) { + HILOG_INFO("Query Extension Ability Infos Success."); + auto abilityInfo = abilityRecord->GetAbilityInfo(); + auto isExist = [&abilityInfo](const AppExecFwk::ExtensionAbilityInfo &extensionInfo) { + HILOG_INFO("%{public}s, %{public}s", extensionInfo.bundleName.c_str(), extensionInfo.name.c_str()); + return extensionInfo.bundleName == abilityInfo.bundleName && extensionInfo.name == abilityInfo.name + && extensionInfo.applicationInfo.uid == abilityInfo.applicationInfo.uid; + }; + auto infoIter = std::find_if(extensionInfos.begin(), extensionInfos.end(), isExist); + if (infoIter != extensionInfos.end()) { + HILOG_INFO("Get target success."); + extensionInfo.type = (*infoIter).type; + } + } + DelayedSingleton::GetInstance()-> + GetRunningProcessInfoByToken(abilityRecord->GetToken(), processInfo); + extensionInfo.pid = processInfo.pid_; + extensionInfo.uid = processInfo.uid_; + extensionInfo.processName = processInfo.processName_; + extensionInfo.startTime = abilityRecord->GetStartTime(); + ConnectListType connectRecordList = abilityRecord->GetConnectRecordList(); + for (auto &connectRecord : connectRecordList) { + CHECK_POINTER(connectRecord); + auto callerAbilityRecord = Token::GetAbilityRecordByToken(connectRecord->GetToken()); + CHECK_POINTER(callerAbilityRecord); + std::string package = callerAbilityRecord->GetAbilityInfo().bundleName; + extensionInfo.clientPackage.emplace_back(package); + } + info.emplace_back(extensionInfo); +} } // namespace AAFwk } // namespace OHOS diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp index 6ebfa4f4e01..8e839a9c456 100644 --- a/services/abilitymgr/src/ability_manager_service.cpp +++ b/services/abilitymgr/src/ability_manager_service.cpp @@ -41,6 +41,8 @@ #include "lock_screen_white_list.h" #include "mission/mission_info_converter.h" #include "mission_info_mgr.h" +#include "permission_constants.h" +#include "permission_verification.h" #include "sa_mgr_client.h" #include "softbus_bus_center.h" #include "string_ex.h" @@ -277,9 +279,9 @@ int AbilityManagerService::StartAbilityInner(const Want &want, const sptrAsObject(), ERR_INVALID_VALUE); - if (userId != INVALID_USER_ID && !CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not systemApp"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyAccountPermission(userId) == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } if (CheckIfOperateRemote(want)) { @@ -1410,11 +1412,10 @@ int AbilityManagerService::LockMissionForCleanup(int32_t missionId) HILOG_INFO("request unlock mission for clean up all, id :%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentStackManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } - return currentMissionListManager_->SetMissionLockedState(missionId, true); } @@ -1423,11 +1424,10 @@ int AbilityManagerService::UnlockMissionForCleanup(int32_t missionId) HILOG_INFO("request unlock mission for clean up all, id :%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentStackManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } - return currentMissionListManager_->SetMissionLockedState(missionId, false); } @@ -1435,13 +1435,11 @@ int AbilityManagerService::RegisterMissionListener(const sptr { HILOG_INFO("request RegisterMissionListener "); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } - return currentMissionListManager_->RegisterMissionListener(listener); } @@ -1449,13 +1447,11 @@ int AbilityManagerService::UnRegisterMissionListener(const sptrUnRegisterMissionListener(listener); } @@ -1464,11 +1460,10 @@ int AbilityManagerService::GetMissionInfos(const std::string& deviceId, int32_t { HILOG_INFO("request GetMissionInfos."); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } if (CheckIsRemote(deviceId)) { @@ -1496,11 +1491,10 @@ int AbilityManagerService::GetMissionInfo(const std::string& deviceId, int32_t m { HILOG_INFO("request GetMissionInfo, missionId:%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } if (CheckIsRemote(deviceId)) { @@ -1533,11 +1527,10 @@ int AbilityManagerService::CleanMission(int32_t missionId) { HILOG_INFO("request CleanMission, missionId:%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } return currentMissionListManager_->ClearMission(missionId); @@ -1547,11 +1540,10 @@ int AbilityManagerService::CleanAllMissions() { HILOG_INFO("request CleanAllMissions "); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } return currentMissionListManager_->ClearAllMissions(); @@ -1561,11 +1553,10 @@ int AbilityManagerService::MoveMissionToFront(int32_t missionId) { HILOG_INFO("request MoveMissionToFront, missionId:%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } return currentMissionListManager_->MoveMissionToFront(missionId); @@ -1575,11 +1566,10 @@ int AbilityManagerService::MoveMissionToFront(int32_t missionId, const StartOpti { HILOG_INFO("request MoveMissionToFront, missionId:%{public}d", missionId); CHECK_POINTER_AND_RETURN(currentMissionListManager_, ERR_NO_INIT); - CHECK_POINTER_AND_RETURN(iBundleManager_, ERR_NO_INIT); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not system app"); - return CALLER_ISNOT_SYSTEMAPP; + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; } auto options = std::make_shared(startOptions); @@ -2802,11 +2792,6 @@ bool AbilityManagerService::IsUseNewMission() int AbilityManagerService::KillProcess(const std::string &bundleName) { HILOG_DEBUG("Kill process, bundleName: %{public}s", bundleName.c_str()); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not systemApp"); - return CALLER_ISNOT_SYSTEMAPP; - } - auto bms = GetBundleManager(); CHECK_POINTER_AND_RETURN(bms, KILL_PROCESS_FAILED); int32_t userId = GetUserId(); @@ -2831,10 +2816,6 @@ int AbilityManagerService::KillProcess(const std::string &bundleName) int AbilityManagerService::ClearUpApplicationData(const std::string &bundleName) { HILOG_DEBUG("ClearUpApplicationData, bundleName: %{public}s", bundleName.c_str()); - if (!CheckCallerIsSystemAppByIpc()) { - HILOG_ERROR("caller is not systemApp"); - return CALLER_ISNOT_SYSTEMAPP; - } int ret = DelayedSingleton::GetInstance()->ClearUpApplicationData(bundleName); if (ret != ERR_OK) { return CLEAR_APPLICATION_DATA_FAIL; @@ -2845,6 +2826,13 @@ int AbilityManagerService::ClearUpApplicationData(const std::string &bundleName) int AbilityManagerService::UninstallApp(const std::string &bundleName) { HILOG_DEBUG("Uninstall app, bundleName: %{public}s", bundleName.c_str()); + pid_t callingPid = IPCSkeleton::GetCallingPid(); + pid_t pid = getpid(); + if (callingPid != pid) { + HILOG_ERROR("%{public}s: Not bundleMgr call.", __func__); + return CHECK_PERMISSION_FAILED; + } + CHECK_POINTER_AND_RETURN(currentStackManager_, ERR_NO_INIT); currentStackManager_->UninstallApp(bundleName); CHECK_POINTER_AND_RETURN(pendingWantManager_, ERR_NO_INIT); @@ -3771,6 +3759,12 @@ int AbilityManagerService::SetMissionLabel(const sptr &token, con int AbilityManagerService::StartUser(int userId) { HILOG_DEBUG("%{public}s, userId:%{public}d", __func__, userId); + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (!isSaCall) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; + } + if (userController_) { return userController_->StartUser(userId, true); } @@ -3780,6 +3774,12 @@ int AbilityManagerService::StartUser(int userId) int AbilityManagerService::StopUser(int userId, const sptr &callback) { HILOG_DEBUG("%{public}s", __func__); + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (!isSaCall) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; + } + auto ret = -1; if (userController_) { ret = userController_->StopUser(userId); @@ -3805,28 +3805,16 @@ void AbilityManagerService::OnStartSpecifiedAbilityTimeoutResponse(const AAFwk:: { return; } + int AbilityManagerService::GetAbilityRunningInfos(std::vector &info) { HILOG_DEBUG("Get running ability infos."); - auto bundleMgr = GetBundleManager(); - if (!bundleMgr) { - HILOG_ERROR("bundleMgr is nullptr."); - return INNER_ERR; - } - - auto callerUid = IPCSkeleton::GetCallingUid(); - auto isSystem = bundleMgr->CheckIsSystemAppByUid(callerUid); - HILOG_DEBUG("callerUid : %{public}d, isSystem : %{public}d", callerUid, static_cast(isSystem)); - - if (!isSystem) { - HILOG_ERROR("callar is not system app."); - return INNER_ERR; - } + auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyRunningInfoPerm(); - currentMissionListManager_->GetAbilityRunningInfos(info); + currentMissionListManager_->GetAbilityRunningInfos(info, isPerm); kernalAbilityManager_->GetAbilityRunningInfos(info); - connectManager_->GetAbilityRunningInfos(info); - dataAbilityManager_->GetAbilityRunningInfos(info); + connectManager_->GetAbilityRunningInfos(info, isPerm); + dataAbilityManager_->GetAbilityRunningInfos(info, isPerm); return ERR_OK; } @@ -3834,22 +3822,9 @@ int AbilityManagerService::GetAbilityRunningInfos(std::vector &info) { HILOG_DEBUG("Get extension infos, upperLimit : %{public}d", upperLimit); - auto bundleMgr = GetBundleManager(); - if (!bundleMgr) { - HILOG_ERROR("bundleMgr is nullptr."); - return INNER_ERR; - } + auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyRunningInfoPerm(); - auto callerUid = IPCSkeleton::GetCallingUid(); - auto isSystem = bundleMgr->CheckIsSystemAppByUid(callerUid); - HILOG_DEBUG("callerUid : %{public}d, isSystem : %{public}d", callerUid, static_cast(isSystem)); - - if (!isSystem) { - HILOG_ERROR("callar is not system app."); - return INNER_ERR; - } - - connectManager_->GetExtensionRunningInfos(upperLimit, info, GetUserId()); + connectManager_->GetExtensionRunningInfos(upperLimit, info, GetUserId(), isPerm); return ERR_OK; } @@ -3875,6 +3850,12 @@ void AbilityManagerService::ClearUserData(int32_t userId) int AbilityManagerService::RegisterSnapshotHandler(const sptr& handler) { + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (!isSaCall) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return 0; + } + if (!currentMissionListManager_) { HILOG_ERROR("snapshot: currentMissionListManager_ is nullptr."); return INNER_ERR; @@ -3887,6 +3868,11 @@ int AbilityManagerService::RegisterSnapshotHandler(const sptr& int32_t AbilityManagerService::GetMissionSnapshot(const std::string& deviceId, int32_t missionId, MissionSnapshot& missionSnapshot) { + if (VerifyMissionPermission() == CHECK_PERMISSION_FAILED) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; + } + if (CheckIsRemote(deviceId)) { HILOG_INFO("get remote mission snapshot."); return GetRemoteMissionSnapshotInfo(deviceId, missionId, missionSnapshot); @@ -4153,6 +4139,12 @@ int AbilityManagerService::SetAbilityController(const sptr & int AbilityManagerService::SendANRProcessID(int pid) { + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (!isSaCall) { + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; + } + int anrTimeOut = amsConfigResolver_->GetANRTimeOutTime(); auto timeoutTask = [pid]() { if (kill(pid, SIGKILL) != ERR_OK) { @@ -4605,5 +4597,57 @@ void AbilityManagerService::StartupResidentProcess() DelayedSingleton::GetInstance()->StartupResidentProcess(); } + +int AbilityManagerService::VerifyMissionPermission() +{ + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return ERR_OK; + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + PermissionConstants::PERMISSION_MANAGE_MISSION); + if (isCallingPerm) { + HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__); + return ERR_OK; + } + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; +} + +void AbilityManagerService::GetAbilityRunningInfo(std::vector &info, + std::shared_ptr &abilityRecord) +{ + AbilityRunningInfo runningInfo; + AppExecFwk::RunningProcessInfo processInfo; + + runningInfo.ability = abilityRecord->GetWant().GetElement(); + runningInfo.startTime = abilityRecord->GetStartTime(); + runningInfo.abilityState = static_cast(abilityRecord->GetAbilityState()); + + DelayedSingleton::GetInstance()-> + GetRunningProcessInfoByToken(abilityRecord->GetToken(), processInfo); + runningInfo.pid = processInfo.pid_; + runningInfo.uid = processInfo.uid_; + runningInfo.processName = processInfo.processName_; + info.emplace_back(runningInfo); +} + +int AbilityManagerService::VerifyAccountPermission(int32_t userId) +{ + if ((userId < 0) || (userController_ && (userController_->GetCurrentUserId() == userId))) { + return ERR_OK; + } + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return ERR_OK; + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS); + if (isCallingPerm) { + return ERR_OK; + } + HILOG_ERROR("%{public}s: Permission verification failed", __func__); + return CHECK_PERMISSION_FAILED; +} } // namespace AAFwk } // namespace OHOS diff --git a/services/abilitymgr/src/data_ability_manager.cpp b/services/abilitymgr/src/data_ability_manager.cpp index 898ecdb4269..42df78a47da 100644 --- a/services/abilitymgr/src/data_ability_manager.cpp +++ b/services/abilitymgr/src/data_ability_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,6 +18,7 @@ #include #include +#include "ability_manager_service.h" #include "ability_util.h" #include "hilog_wrapper.h" @@ -555,12 +556,12 @@ void DataAbilityManager::DumpSysState(std::vector &info, bool isCli return; } -void DataAbilityManager::GetAbilityRunningInfos(std::vector &info) +void DataAbilityManager::GetAbilityRunningInfos(std::vector &info, bool isPerm) { HILOG_INFO("Get ability running infos"); std::lock_guard locker(mutex_); - auto queryInfo = [&info](DataAbilityRecordPtrMap::reference data) { + auto queryInfo = [&info, isPerm](DataAbilityRecordPtrMap::reference data) { auto dataAbilityRecord = data.second; if (!dataAbilityRecord) { return; @@ -571,17 +572,15 @@ void DataAbilityManager::GetAbilityRunningInfos(std::vector return; } - AbilityRunningInfo runningInfo; - AppExecFwk::RunningProcessInfo processInfo; - runningInfo.ability = abilityRecord->GetWant().GetElement(); - DelayedSingleton::GetInstance()-> - GetRunningProcessInfoByToken(abilityRecord->GetToken(), processInfo); - runningInfo.pid = processInfo.pid_; - runningInfo.uid = processInfo.uid_; - runningInfo.processName = processInfo.processName_; - runningInfo.startTime = abilityRecord->GetStartTime(); - runningInfo.abilityState = static_cast(abilityRecord->GetAbilityState()); - info.emplace_back(runningInfo); + if (isPerm) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, abilityRecord); + } else { + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenID = abilityRecord->GetApplicationInfo().accessTokenId; + if (callingTokenId == tokenID) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, abilityRecord); + } + } }; std::for_each(dataAbilityRecordsLoading_.begin(), dataAbilityRecordsLoading_.end(), queryInfo); diff --git a/services/abilitymgr/src/mission_list_manager.cpp b/services/abilitymgr/src/mission_list_manager.cpp index 356412be329..90f9b63b9aa 100644 --- a/services/abilitymgr/src/mission_list_manager.cpp +++ b/services/abilitymgr/src/mission_list_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -1947,11 +1947,11 @@ bool MissionListManager::GetMissionSnapshot(int32_t missionId, const sptr &info) +void MissionListManager::GetAbilityRunningInfos(std::vector &info, bool isPerm) { std::lock_guard guard(managerLock_); - auto func = [&info](const std::shared_ptr &mission) { + auto func = [&info, isPerm](const std::shared_ptr &mission) { if (!mission) { return; } @@ -1961,19 +1961,15 @@ void MissionListManager::GetAbilityRunningInfos(std::vector return; } - AbilityRunningInfo runningInfo; - AppExecFwk::RunningProcessInfo processInfo; - - runningInfo.ability = ability->GetWant().GetElement(); - runningInfo.startTime = ability->GetStartTime(); - runningInfo.abilityState = static_cast(ability->GetAbilityState()); - - DelayedSingleton::GetInstance()-> - GetRunningProcessInfoByToken(ability->GetToken(), processInfo); - runningInfo.pid = processInfo.pid_; - runningInfo.uid = processInfo.uid_; - runningInfo.processName = processInfo.processName_; - info.emplace_back(runningInfo); + if (isPerm) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, ability); + } else { + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenID = ability->GetApplicationInfo().accessTokenId; + if (callingTokenId == tokenID) { + DelayedSingleton::GetInstance()->GetAbilityRunningInfo(info, ability); + } + } }; if (!(defaultStandardList_->GetAllMissions().empty())) { auto list = defaultStandardList_->GetAllMissions(); diff --git a/services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/app_mgr_client.cpp b/services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/app_mgr_client.cpp index 5166af58d6f..8b67084fd6b 100644 --- a/services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/app_mgr_client.cpp +++ b/services/abilitymgr/test/mock/libs/appexecfwk_core/src/appmgr/app_mgr_client.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -55,11 +55,6 @@ AppMgrResultCode AppMgrClient::RegisterAppStateCallback(const sptr &token, const sptr &preToken, const int32_t visibility, const int32_t perceptibility, const int32_t connectionState) @@ -92,16 +87,6 @@ AppMgrResultCode AppMgrClient::GetAllRunningProcesses(std::vector &callback) override; - /** - * Reset,call Reset() through the proxy object, reset DFX of AppMgr. - * - * @return - */ - virtual void Reset() override; - /** * AbilityBehaviorAnalysis, ability behavior analysis assistant process optimization. * diff --git a/services/appmgr/include/app_mgr_service.h b/services/appmgr/include/app_mgr_service.h index 3ed7ee2b964..558a0c52013 100644 --- a/services/appmgr/include/app_mgr_service.h +++ b/services/appmgr/include/app_mgr_service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -113,15 +113,6 @@ public: */ virtual int32_t ClearUpApplicationData(const std::string &bundleName) override; - /** - * IsBackgroundRunningRestricted, call IsBackgroundRunningRestricted() through proxy project, - * Checks whether the process of this application is forbidden to run in the background. - * - * @param bundleName, bundle name in Application record. - * @return ERR_OK, return back success, others fail. - */ - virtual int32_t IsBackgroundRunningRestricted(const std::string &bundleName) override; - /** * GetAllRunningProcesses, call GetAllRunningProcesses() through proxy project. * Obtains information about application processes that are running on the device. @@ -167,24 +158,6 @@ public: */ virtual sptr GetAmsMgr() override; - /** - * SetAppSuspendTimes, Setting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void SetAppFreezingTime(int time) override; - - /** - * GetAppFreezingTime, Getting the Freezing Time of APP Background. - * - * @param time, The timeout recorded when the application enters the background . - * - * @return Success or Failure . - */ - virtual void GetAppFreezingTime(int &time) override; - /** * Get system memory information. * @param SystemMemoryAttr, memory information. diff --git a/services/appmgr/include/app_mgr_service_inner.h b/services/appmgr/include/app_mgr_service_inner.h index d71d7e6883d..3ff96730200 100644 --- a/services/appmgr/include/app_mgr_service_inner.h +++ b/services/appmgr/include/app_mgr_service_inner.h @@ -121,13 +121,6 @@ public: */ virtual void RegisterAppStateCallback(const sptr &callback); - /** - * StopAllProcess, Terminate all processes. - * - * @return - */ - virtual void StopAllProcess(); - /** * AbilityBehaviorAnalysis, ability behavior analysis assistant process optimization. * @@ -242,16 +235,6 @@ public: */ virtual void ClearUpApplicationData(const std::string &bundleName, const int32_t callerUid, const pid_t callerPid); - /** - * IsBackgroundRunningRestricted, Checks whether the process of this application is forbidden - * to run in the background. - * - * @param bundleName, bundle name in Application record. - * - * @return ERR_OK, return back success, others fail. - */ - virtual int32_t IsBackgroundRunningRestricted(const std::string &bundleName); - /** * GetAllRunningProcesses, Obtains information about application processes that are running on the device. * @@ -451,23 +434,6 @@ public: virtual void OptimizerAppStateChanged( const std::shared_ptr &appRecord, const ApplicationState state); - /** - * SetAppSuspendTimes, Setting the Freezing Time of APP Background. - * - * @param time, The timeout(second) recorded when the application enters the background . - * - * @return Success or Failure . - */ - void SetAppFreezingTime(int time); - - /** - * GetAppFreezingTime, Getting the Freezing Time of APP Background. - * - * @param time, The timeout(second) recorded when the application enters the background . - * - * @return Success or Failure . - */ - void GetAppFreezingTime(int &time); void HandleTimeOut(const InnerEvent::Pointer &event); void SetEventHandler(const std::shared_ptr &handler); @@ -776,6 +742,8 @@ private: void GetGlobalConfiguration(); + void GetRunningProcesses(const std::shared_ptr &appRecord, std::vector &info); + private: /** * ClearUpApplicationData, clear the application data. @@ -790,6 +758,12 @@ private: void ClearUpApplicationDataByUserId(const std::string &bundleName, int32_t callerUid, pid_t callerPid, const int userId); + int VerifyProcessPermission(); + + int VerifyAccountPermission(const std::string &permissionName, const int userId); + + int VerifyObserverPermission(); + private: /** * Notify application status. diff --git a/services/appmgr/include/process_optimizer.h b/services/appmgr/include/process_optimizer.h index 10b4028bcff..6e336b5b17a 100644 --- a/services/appmgr/include/process_optimizer.h +++ b/services/appmgr/include/process_optimizer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -66,8 +66,6 @@ public: virtual void OnAbilityVisibleChanged(const AbilityPtr &ability); virtual void OnAbilityPerceptibleChanged(const AbilityPtr &ability); virtual void OnAbilityRemoved(const AbilityPtr &ability); - virtual void SetAppFreezingTime(int time); - virtual void GetAppFreezingTime(int &time); protected: bool SetAppOomAdj(const AppPtr &app, int oomAdj); diff --git a/services/appmgr/include/process_optimizer_uba.h b/services/appmgr/include/process_optimizer_uba.h index 89c0440afd1..6d34c93c99f 100644 --- a/services/appmgr/include/process_optimizer_uba.h +++ b/services/appmgr/include/process_optimizer_uba.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -55,8 +55,6 @@ public: void OnAbilityVisibleChanged(const AbilityPtr &ability) override; void OnAbilityPerceptibleChanged(const AbilityPtr &ability) override; void OnAbilityRemoved(const AbilityPtr &ability) override; - void SetAppFreezingTime(int time) override; - void GetAppFreezingTime(int &time) override; protected: void OnLowMemoryAlert(const CgroupManager::LowMemoryLevel level) override; diff --git a/services/appmgr/src/ams_mgr_scheduler.cpp b/services/appmgr/src/ams_mgr_scheduler.cpp index 5a91e41d370..44a9928623f 100644 --- a/services/appmgr/src/ams_mgr_scheduler.cpp +++ b/services/appmgr/src/ams_mgr_scheduler.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -110,15 +110,6 @@ void AmsMgrScheduler::RegisterAppStateCallback(const sptr &ca amsHandler_->PostTask(registerAppStateCallbackFunc, TASK_REGISTER_APP_STATE_CALLBACK); } -void AmsMgrScheduler::Reset() -{ - if (!IsReady()) { - return; - } - std::function resetFunc = std::bind(&AppMgrServiceInner::StopAllProcess, amsMgrServiceInner_); - amsHandler_->PostTask(resetFunc, TASK_STOP_ALL_PROCESS); -} - void AmsMgrScheduler::AbilityBehaviorAnalysis(const sptr &token, const sptr &preToken, const int32_t visibility, const int32_t perceptibility, const int32_t connectionState) { diff --git a/services/appmgr/src/app_mgr_service.cpp b/services/appmgr/src/app_mgr_service.cpp index 32ded035fb5..fa6d3bcecc0 100755 --- a/services/appmgr/src/app_mgr_service.cpp +++ b/services/appmgr/src/app_mgr_service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -268,14 +268,6 @@ int32_t AppMgrService::ClearUpApplicationData(const std::string &bundleName) return ERR_OK; } -int32_t AppMgrService::IsBackgroundRunningRestricted(const std::string &bundleName) -{ - if (!IsReady()) { - return ERR_INVALID_OPERATION; - } - return appMgrServiceInner_->IsBackgroundRunningRestricted(bundleName); -} - int32_t AppMgrService::GetAllRunningProcesses(std::vector &info) { if (!IsReady()) { @@ -292,24 +284,6 @@ int32_t AppMgrService::GetProcessRunningInfosByUserId(std::vectorGetProcessRunningInfosByUserId(info, userId); } -void AppMgrService::SetAppFreezingTime(int time) -{ - APP_LOGI("set app freeze time %{public}d", time); - if (!IsReady()) { - return; - } - appMgrServiceInner_->SetAppFreezingTime(time); -} - -void AppMgrService::GetAppFreezingTime(int &time) -{ - if (!IsReady()) { - return; - } - appMgrServiceInner_->GetAppFreezingTime(time); - APP_LOGE("get app freeze time %{public}d ", time); -} - /** * Get system memory information. * @param SystemMemoryAttr, memory information. diff --git a/services/appmgr/src/app_mgr_service_inner.cpp b/services/appmgr/src/app_mgr_service_inner.cpp index bd58cc83bca..cb1ac31e01b 100644 --- a/services/appmgr/src/app_mgr_service_inner.cpp +++ b/services/appmgr/src/app_mgr_service_inner.cpp @@ -18,6 +18,7 @@ #include #include #include +#include #include "app_log_wrapper.h" #include "application_state_observer_stub.h" @@ -35,6 +36,8 @@ #include "ipc_skeleton.h" #include "os_account_manager.h" #include "permission/permission_kit.h" +#include "permission_constants.h" +#include "permission_verification.h" #include "system_ability_definition.h" #include "locale_config.h" #include "uri_permission_manager_client.h" @@ -352,6 +355,11 @@ int32_t AppMgrServiceInner::KillApplication(const std::string &bundleName) return ERR_NO_INIT; } + if (VerifyProcessPermission() == ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } + int result = ERR_OK; int64_t startTime = SystemTimeMillis(); std::list pids; @@ -382,6 +390,12 @@ int32_t AppMgrServiceInner::KillApplicationByUid(const std::string &bundleName, APP_LOGE("appRunningManager_ is nullptr"); return ERR_NO_INIT; } + + if (VerifyProcessPermission() == ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } + int result = ERR_OK; int64_t startTime = SystemTimeMillis(); std::list pids; @@ -419,6 +433,13 @@ int32_t AppMgrServiceInner::KillApplicationByUserId(const std::string &bundleNam APP_LOGE("appRunningManager_ is nullptr"); return ERR_NO_INIT; } + + if (VerifyAccountPermission(AAFwk::PermissionConstants::PERMISSION_CLEAN_BACKGROUND_PROCESSES, userId) == + ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } + int result = ERR_OK; int64_t startTime = SystemTimeMillis(); std::list pids; @@ -462,6 +483,16 @@ int32_t AppMgrServiceInner::KillApplicationByUserId(const std::string &bundleNam void AppMgrServiceInner::ClearUpApplicationData(const std::string &bundleName, int32_t callerUid, pid_t callerPid) { BYTRACE_NAME(BYTRACE_TAG_APP, __PRETTY_FUNCTION__); + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (!isSaCall) { + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_CLEAN_APPLICATION_DATA); + if (!isCallingPerm) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return; + } + } + auto userId = GetUserIdByUid(callerUid); APP_LOGI("userId:%{public}d", userId); ClearUpApplicationDataByUserId(bundleName, callerUid, callerPid, userId); @@ -506,41 +537,30 @@ void AppMgrServiceInner::ClearUpApplicationDataByUserId( NotifyAppStatus(bundleName, EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_DATA_CLEARED); } -int32_t AppMgrServiceInner::IsBackgroundRunningRestricted(const std::string &bundleName) -{ - auto bundleMgr_ = remoteClientManager_->GetBundleManager(); - if (bundleMgr_ == nullptr) { - APP_LOGE("GetBundleManager fail"); - return ERR_DEAD_OBJECT; - } - return bundleMgr_->CheckPermission(bundleName, REQ_PERMISSION); -} - int32_t AppMgrServiceInner::GetAllRunningProcesses(std::vector &info) { - auto bundleMgr_ = remoteClientManager_->GetBundleManager(); - if (bundleMgr_ == nullptr) { - APP_LOGE("GetBundleManager fail"); - return ERR_DEAD_OBJECT; - } + auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyRunningInfoPerm(); + // check permission for (const auto &item : appRunningManager_->GetAppRunningRecordMap()) { const auto &appRecord = item.second; - if (USER_SCALE == 0) { - APP_LOGE("USER_SCALE is not zero"); - return ERR_WOULD_BLOCK; - } int32_t userId = static_cast(appRecord->GetUid() / USER_SCALE); bool isExist = false; auto errCode = AccountSA::OsAccountManager::IsOsAccountActived(userId, isExist); if ((errCode == ERR_OK) && isExist) { - RunningProcessInfo runningProcessInfo; - runningProcessInfo.processName_ = appRecord->GetProcessName(); - runningProcessInfo.pid_ = appRecord->GetPriorityObject()->GetPid(); - runningProcessInfo.uid_ = appRecord->GetUid(); - runningProcessInfo.state_ = static_cast(appRecord->GetState()); - appRecord->GetBundleNames(runningProcessInfo.bundleNames); - info.emplace_back(runningProcessInfo); + if (isPerm) { + GetRunningProcesses(appRecord, info); + } else { + auto applicationInfo = appRecord->GetApplicationInfo(); + if (!applicationInfo) { + continue; + } + auto callingTokenId = IPCSkeleton::GetCallingTokenID(); + auto tokenId = applicationInfo->accessTokenId; + if (callingTokenId == tokenId) { + GetRunningProcesses(appRecord, info); + } + } } } return ERR_OK; @@ -548,32 +568,34 @@ int32_t AppMgrServiceInner::GetAllRunningProcesses(std::vector &info, int32_t userId) { - auto bundleMgr_ = remoteClientManager_->GetBundleManager(); - if (bundleMgr_ == nullptr) { - APP_LOGE("GetBundleManager fail"); - return ERR_DEAD_OBJECT; + if (VerifyAccountPermission(AAFwk::PermissionConstants::PERMISSION_GET_RUNNING_INFO, userId) == + ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; } for (const auto &item : appRunningManager_->GetAppRunningRecordMap()) { const auto &appRecord = item.second; - if (USER_SCALE == 0) { - APP_LOGE("USER_SCALE is not zero"); - return ERR_WOULD_BLOCK; - } int32_t userIdTemp = static_cast(appRecord->GetUid() / USER_SCALE); if (userIdTemp == userId) { - RunningProcessInfo runningProcessInfo; - runningProcessInfo.processName_ = appRecord->GetProcessName(); - runningProcessInfo.pid_ = appRecord->GetPriorityObject()->GetPid(); - runningProcessInfo.uid_ = appRecord->GetUid(); - runningProcessInfo.state_ = static_cast(appRecord->GetState()); - appRecord->GetBundleNames(runningProcessInfo.bundleNames); - info.emplace_back(runningProcessInfo); + GetRunningProcesses(appRecord, info); } } return ERR_OK; } +void AppMgrServiceInner::GetRunningProcesses(const std::shared_ptr &appRecord, + std::vector &info) +{ + RunningProcessInfo runningProcessInfo; + runningProcessInfo.processName_ = appRecord->GetProcessName(); + runningProcessInfo.pid_ = appRecord->GetPriorityObject()->GetPid(); + runningProcessInfo.uid_ = appRecord->GetUid(); + runningProcessInfo.state_ = static_cast(appRecord->GetState()); + appRecord->GetBundleNames(runningProcessInfo.bundleNames); + info.emplace_back(runningProcessInfo); +} + int32_t AppMgrServiceInner::KillProcessByPid(const pid_t pid) const { int32_t ret = -1; @@ -815,19 +837,18 @@ void AppMgrServiceInner::SetBundleManager(sptr bundleManager) void AppMgrServiceInner::RegisterAppStateCallback(const sptr &callback) { + pid_t callingPid = IPCSkeleton::GetCallingPid(); + pid_t pid = getpid(); + if (callingPid != pid) { + APP_LOGE("%{public}s: Not abilityMgr call.", __func__); + return; + } BYTRACE_NAME(BYTRACE_TAG_APP, __PRETTY_FUNCTION__); if (callback != nullptr) { appStateCallbacks_.push_back(callback); } } -void AppMgrServiceInner::StopAllProcess() -{ - BYTRACE_NAME(BYTRACE_TAG_APP, __PRETTY_FUNCTION__); - ClearRecentAppList(); - appRunningManager_->ClearAppRunningRecordMap(); -} - void AppMgrServiceInner::AbilityBehaviorAnalysis(const sptr &token, const sptr &preToken, const int32_t visibility, // 0:false,1:true const int32_t perceptibility, // 0:false,1:true @@ -880,6 +901,11 @@ void AppMgrServiceInner::KillProcessByAbilityToken(const sptr &to return; } + if (VerifyProcessPermission() == ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return; + } + // befor exec ScheduleProcessSecurityExit return // The resident process won't let him die if (appRecord->IsKeepAliveApp()) { @@ -908,6 +934,12 @@ void AppMgrServiceInner::KillProcessesByUserId(int32_t userId) return; } + if (VerifyAccountPermission(AAFwk::PermissionConstants::PERMISSION_CLEAN_BACKGROUND_PROCESSES, userId) == + ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return; + } + int64_t startTime = SystemTimeMillis(); std::list pids; if (!appRunningManager_->GetPidsByUserId(userId, pids)) { @@ -1534,27 +1566,6 @@ void AppMgrServiceInner::OptimizerAppStateChanged( } } -void AppMgrServiceInner::SetAppFreezingTime(int time) -{ - if (!processOptimizerUBA_) { - APP_LOGE("process optimizer is not init"); - return; - } - - std::lock_guard setFreezeTimeLock(serviceLock_); - processOptimizerUBA_->SetAppFreezingTime(time); -} - -void AppMgrServiceInner::GetAppFreezingTime(int &time) -{ - if (!processOptimizerUBA_) { - APP_LOGE("process optimizer is not init"); - return; - } - std::lock_guard getFreezeTimeLock(serviceLock_); - processOptimizerUBA_->GetAppFreezingTime(time); -} - void AppMgrServiceInner::HandleTimeOut(const InnerEvent::Pointer &event) { APP_LOGI("handle time out"); @@ -1718,12 +1729,26 @@ void AppMgrServiceInner::GetRunningProcessInfoByToken( APP_LOGE("appRunningManager_ is nullptr"); return; } + + auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyRunningInfoPerm(); + if (!isPerm) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return; + } + appRunningManager_->GetRunningProcessInfoByToken(token, info); } void AppMgrServiceInner::LoadResidentProcess() { APP_LOGI("%{public}s called", __func__); + pid_t callingPid = IPCSkeleton::GetCallingPid(); + pid_t pid = getpid(); + if (callingPid != pid) { + APP_LOGE("%{public}s: Not SA call.", __func__); + return; + } + if (!CheckRemoteClient()) { APP_LOGE("GetBundleManager fail"); return; @@ -1880,6 +1905,10 @@ void AppMgrServiceInner::NotifyAppStatus(const std::string &bundleName, const st int32_t AppMgrServiceInner::RegisterApplicationStateObserver(const sptr &observer) { APP_LOGI("%{public}s begin", __func__); + if (VerifyObserverPermission() == ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } std::lock_guard lockRegister(observerLock_); if (observer == nullptr) { APP_LOGE("Observer nullptr"); @@ -1898,6 +1927,10 @@ int32_t AppMgrServiceInner::RegisterApplicationStateObserver(const sptr &observer) { APP_LOGI("%{public}s begin", __func__); + if (VerifyObserverPermission() == ERR_PERMISSION_DENIED) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } std::lock_guard lockUnregister(observerLock_); if (observer == nullptr) { APP_LOGE("Observer nullptr"); @@ -1992,6 +2025,12 @@ void AppMgrServiceInner::HandleObserverDiedTask(const sptr &obser int32_t AppMgrServiceInner::GetForegroundApplications(std::vector &list) { APP_LOGI("%{public}s, begin.", __func__); + auto isPerm = AAFwk::PermissionVerification::GetInstance()->VerifyRunningInfoPerm(); + if (!isPerm) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; + } + appRunningManager_->GetForegroundApplications(list); return ERR_OK; } @@ -2122,6 +2161,13 @@ void AppMgrServiceInner::RegisterStartSpecifiedAbilityResponse(const sptrIsSACall(); + if (!isSaCall) { + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_UPDATE_CONFIGURATION); + if (!isCallingPerm) { + APP_LOGE("%{public}s: Permission verification failed", __func__); + return; + } + } + if (!appRunningManager_) { APP_LOGE("appRunningManager_ is null"); return; @@ -2183,5 +2239,62 @@ std::shared_ptr AppMgrServiceInner::GetConfiguration( { return configuration_; } + +int AppMgrServiceInner::VerifyProcessPermission() +{ + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return ERR_OK; + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_CLEAN_BACKGROUND_PROCESSES); + if (isCallingPerm) { + APP_LOGE("%{public}s: Permission verification succeeded", __func__); + return ERR_OK; + } + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; +} + +int AppMgrServiceInner::VerifyAccountPermission(const std::string &permissionName, const int userId) +{ + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return ERR_OK; + } + + const int currentUserId = getuid() / Constants::BASE_USER_RANGE; + if (userId != currentUserId) { + auto isCallingPermAccount = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS); + if (!isCallingPermAccount) { + APP_LOGE("%{public}s: Permission accounts verification failed", __func__); + return ERR_PERMISSION_DENIED; + } + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission(permissionName); + if (isCallingPerm) { + APP_LOGD("%{public}s: Permission verification succeeded", __func__); + return ERR_OK; + } + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; +} + +int AppMgrServiceInner::VerifyObserverPermission() +{ + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return ERR_OK; + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AAFwk::PermissionConstants::PERMISSION_RUNNING_STATE_OBSERVER); + if (isCallingPerm) { + APP_LOGE("%{public}s: Permission verification succeeded", __func__); + return ERR_OK; + } + APP_LOGE("%{public}s: Permission verification failed", __func__); + return ERR_PERMISSION_DENIED; +} } // namespace AppExecFwk } // namespace OHOS diff --git a/services/appmgr/src/process_optimizer.cpp b/services/appmgr/src/process_optimizer.cpp index 534f4cd5df5..f03e0a4e149 100644 --- a/services/appmgr/src/process_optimizer.cpp +++ b/services/appmgr/src/process_optimizer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -61,8 +61,6 @@ constexpr int APP_OOM_ADJ_UNKNOWN_VALUE = 64 * 1024; constexpr std::string_view SYSTEM_UI_BUNDLE_NAME = "com.ohos.systemui"; -constexpr int TIME_ADVANCE_RATE = 1000; - // pressure level low constexpr int LMKS_OOM_ADJ_LOW = 800; // pressure level medium @@ -686,26 +684,5 @@ std::string ProcessOptimizer::GetAppSuspendTimerName(const AppPtr &app) return ret; } - -void ProcessOptimizer::SetAppFreezingTime(int time) -{ - APP_LOGE("input second time:[%{public}d]", time); - - if (time > APP_SUSPEND_TIMEOUT_MAX && time < 0) { - APP_LOGE("input time error."); - return; - } - - suspendTimeout_ = time; - // convert seconds to milliseconds - suspendTimeout_ *= TIME_ADVANCE_RATE; -} - -void ProcessOptimizer::GetAppFreezingTime(int &time) -{ - time = suspendTimeout_ / TIME_ADVANCE_RATE; - APP_LOGE("current freez time:[%{public}d]", time); - return; -} } // namespace AppExecFwk } // namespace OHOS diff --git a/services/appmgr/src/process_optimizer_uba.cpp b/services/appmgr/src/process_optimizer_uba.cpp index 679243386a9..1dfe17b118d 100644 --- a/services/appmgr/src/process_optimizer_uba.cpp +++ b/services/appmgr/src/process_optimizer_uba.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -384,25 +384,5 @@ UbaServicePtr ProcessOptimizerUBA::GetUbaService() // try to get uba service here. return nullptr; } - -void ProcessOptimizerUBA::SetAppFreezingTime(int time) -{ - auto ubaService = GetUbaService(); - if (ubaService) { - APP_LOGI("ubaService implement."); - } else { - ProcessOptimizer::SetAppFreezingTime(time); - } -} - -void ProcessOptimizerUBA::GetAppFreezingTime(int &time) -{ - auto ubaService = GetUbaService(); - if (ubaService) { - APP_LOGI("ubaService implement."); - } else { - ProcessOptimizer::GetAppFreezingTime(time); - } -} } // namespace AppExecFwk } // namespace OHOS diff --git a/services/appmgr/test/unittest/ams_ability_running_record_test/BUILD.gn b/services/appmgr/test/unittest/ams_ability_running_record_test/BUILD.gn index cd40ee74bbb..7bc452ee09f 100644 --- a/services/appmgr/test/unittest/ams_ability_running_record_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_ability_running_record_test/BUILD.gn @@ -55,6 +55,7 @@ ohos_unittest("AmsAbilityRunningRecordTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/services/appmgr:libams", diff --git a/services/appmgr/test/unittest/ams_app_death_recipient_test/BUILD.gn b/services/appmgr/test/unittest/ams_app_death_recipient_test/BUILD.gn index d405e30a4a4..dc221c935c3 100644 --- a/services/appmgr/test/unittest/ams_app_death_recipient_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_app_death_recipient_test/BUILD.gn @@ -59,6 +59,7 @@ ohos_unittest("AppDeathRecipientTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/interfaces/innerkits/base:base", diff --git a/services/appmgr/test/unittest/ams_app_life_cycle_test/BUILD.gn b/services/appmgr/test/unittest/ams_app_life_cycle_test/BUILD.gn index 1d45a37a3d2..7e331cba35c 100644 --- a/services/appmgr/test/unittest/ams_app_life_cycle_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_app_life_cycle_test/BUILD.gn @@ -58,6 +58,7 @@ ohos_unittest("AmsAppLifeCycleTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/interfaces/innerkits/base:base", diff --git a/services/appmgr/test/unittest/ams_app_life_cycle_test/ams_app_life_cycle_test.cpp b/services/appmgr/test/unittest/ams_app_life_cycle_test/ams_app_life_cycle_test.cpp index cafc0b13ea6..37a4c51cb24 100644 --- a/services/appmgr/test/unittest/ams_app_life_cycle_test/ams_app_life_cycle_test.cpp +++ b/services/appmgr/test/unittest/ams_app_life_cycle_test/ams_app_life_cycle_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -1898,21 +1898,6 @@ HWTEST_F(AmsAppLifeCycleTest, ClearUpApplicationData_001, TestSize.Level1) serviceInner_->ClearUpApplicationData(appRecord->GetBundleName(), appRecord->GetUid(), NEW_PID); } -/* - * Feature: AMS - * Function: AppLifeCycle::IsBackgroundRunningRestricted - * SubFunction: bundleMgr CheckPermission - * FunctionPoints: UnsuspendApplication - * CaseDescription: Check if there is background operation permission - */ -HWTEST_F(AmsAppLifeCycleTest, IsBackgroundRunningRestricted_001, TestSize.Level1) -{ - sptr bundleMgr = new BundleMgrService(); - serviceInner_->SetBundleManager(bundleMgr); - EXPECT_CALL(*bundleMgr, CheckPermission(_, _)).Times(1).WillOnce(Return(ERR_OK)); - EXPECT_EQ(ERR_OK, serviceInner_->IsBackgroundRunningRestricted("bundle")); -} - /* * Feature: AMS * Function: AppLifeCycle::CreateAppRunningRecord diff --git a/services/appmgr/test/unittest/ams_app_mgr_client_test/BUILD.gn b/services/appmgr/test/unittest/ams_app_mgr_client_test/BUILD.gn index 3f49da62496..370e73e780d 100644 --- a/services/appmgr/test/unittest/ams_app_mgr_client_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_app_mgr_client_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -47,6 +47,7 @@ ohos_unittest("AmsAppMgrClientTest") { "${aafwk_path}/interfaces/innerkits/app_manager:app_manager", "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/want:want", "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core", diff --git a/services/appmgr/test/unittest/ams_app_running_record_test/BUILD.gn b/services/appmgr/test/unittest/ams_app_running_record_test/BUILD.gn index 77f587aadce..3d86925999e 100644 --- a/services/appmgr/test/unittest/ams_app_running_record_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_app_running_record_test/BUILD.gn @@ -53,6 +53,7 @@ ohos_unittest("AmsAppRunningRecordTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/services/appmgr:libams", "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core", diff --git a/services/appmgr/test/unittest/ams_app_workflow_test/BUILD.gn b/services/appmgr/test/unittest/ams_app_workflow_test/BUILD.gn index 694353fa851..a9f9237c6e9 100644 --- a/services/appmgr/test/unittest/ams_app_workflow_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_app_workflow_test/BUILD.gn @@ -56,6 +56,7 @@ ohos_unittest("AmsWorkFlowTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/base:base", "//foundation/aafwk/standard/interfaces/innerkits/want:want", diff --git a/services/appmgr/test/unittest/ams_ipc_interface_test/ams_ipc_appmgr_interface_test.cpp b/services/appmgr/test/unittest/ams_ipc_interface_test/ams_ipc_appmgr_interface_test.cpp index 4b7f1e95471..9bfd1a4b3ea 100644 --- a/services/appmgr/test/unittest/ams_ipc_interface_test/ams_ipc_appmgr_interface_test.cpp +++ b/services/appmgr/test/unittest/ams_ipc_interface_test/ams_ipc_appmgr_interface_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -213,33 +213,6 @@ HWTEST_F(AmsIpcAppMgrInterfaceTest, ClearUpApplicationData_008, TestSize.Level1) APP_LOGD("ClearUpApplicationData_008 end"); } -/* - * Feature: AMS - * Function: IPC IsBackgroundRunningRestricted - * SubFunction: appmgr interface - * FunctionPoints: Check background operation - * CaseDescription: test IPC can transact data - */ -HWTEST_F(AmsIpcAppMgrInterfaceTest, IsBackgroundRunningRestricted_009, TestSize.Level1) -{ - APP_LOGD("IsBackgroundRunningRestricted_009 start"); - - sptr mockAppMgr(new MockAppMgrService()); - sptr appMgrClient = iface_cast(mockAppMgr); - - EXPECT_CALL(*mockAppMgr, IsBackgroundRunningRestricted(_)).Times(1).WillOnce(Return(OHOS::NO_ERROR)); - - int32_t ret = appMgrClient->IsBackgroundRunningRestricted("PROCESS"); - - EXPECT_EQ(ret, OHOS::NO_ERROR); - // Returns 32 when the bundle name is empty - EXPECT_CALL(*mockAppMgr, IsBackgroundRunningRestricted(_)).Times(1).WillOnce(Return(32)); - ret = appMgrClient->IsBackgroundRunningRestricted(""); - - EXPECT_EQ(ret, 32); - APP_LOGD("IsBackgroundRunningRestricted_009 end"); -} - /* * Feature: AMS * Function: IPC diff --git a/services/appmgr/test/unittest/ams_mgr_scheduler_test/ams_mgr_scheduler_test.cpp b/services/appmgr/test/unittest/ams_mgr_scheduler_test/ams_mgr_scheduler_test.cpp index 85f35cacbda..0a99396ef84 100644 --- a/services/appmgr/test/unittest/ams_mgr_scheduler_test/ams_mgr_scheduler_test.cpp +++ b/services/appmgr/test/unittest/ams_mgr_scheduler_test/ams_mgr_scheduler_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -238,32 +238,6 @@ HWTEST_F(AmsMgrSchedulerTest, AmsMgrScheduler_005, TestSize.Level1) APP_LOGD("AmsMgrScheduler_005 end."); } -/* - * Feature: AMS - * Function: AmsMgrScheduler - * SubFunction: Reset - * FunctionPoints: Act normal - * EnvConditions: Mobile that can run ohos test framework. - * CaseDescription: Verify the function Reset can works. - */ -HWTEST_F(AmsMgrSchedulerTest, AmsMgrScheduler_006, TestSize.Level1) -{ - APP_LOGD("AmsMgrScheduler_006 start."); - - auto mockAppMgrServiceInner = GetMockAppMgrServiceInner(); - auto amsEventHandler = GetAmsEventHandler(); - std::unique_ptr amsMgrScheduler = - std::make_unique(mockAppMgrServiceInner, amsEventHandler); - - sptr appStateCallbackHost = new AppStateCallbackHost(); - EXPECT_CALL(*mockAppMgrServiceInner, StopAllProcess()) - .WillOnce(InvokeWithoutArgs(mockAppMgrServiceInner.get(), &MockAppMgrServiceInner::Post)); - amsMgrScheduler->Reset(); - mockAppMgrServiceInner->Wait(); - - APP_LOGD("AmsMgrScheduler_006 end."); -} - /* * Feature: AMS * Function: AmsMgrScheduler diff --git a/services/appmgr/test/unittest/ams_recent_app_list_test/BUILD.gn b/services/appmgr/test/unittest/ams_recent_app_list_test/BUILD.gn index 10d50345d28..0543e6c207d 100644 --- a/services/appmgr/test/unittest/ams_recent_app_list_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_recent_app_list_test/BUILD.gn @@ -56,6 +56,7 @@ ohos_unittest("AmsRecentAppListTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/interfaces/innerkits/base:base", diff --git a/services/appmgr/test/unittest/ams_service_app_spawn_client_test/BUILD.gn b/services/appmgr/test/unittest/ams_service_app_spawn_client_test/BUILD.gn index c09f3a61dce..477e6e2c17c 100644 --- a/services/appmgr/test/unittest/ams_service_app_spawn_client_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_service_app_spawn_client_test/BUILD.gn @@ -54,6 +54,7 @@ ohos_unittest("AmsServiceAppSpawnClientTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/base:base", "//foundation/aafwk/standard/interfaces/innerkits/want:want", diff --git a/services/appmgr/test/unittest/ams_service_event_drive_test/BUILD.gn b/services/appmgr/test/unittest/ams_service_event_drive_test/BUILD.gn index 48fba9708ff..4c7f3d6470d 100644 --- a/services/appmgr/test/unittest/ams_service_event_drive_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_service_event_drive_test/BUILD.gn @@ -56,6 +56,7 @@ ohos_unittest("AmsServiceEventDriveTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/base:base", "//foundation/aafwk/standard/interfaces/innerkits/want:want", diff --git a/services/appmgr/test/unittest/ams_service_event_drive_test/ams_service_event_drive_test.cpp b/services/appmgr/test/unittest/ams_service_event_drive_test/ams_service_event_drive_test.cpp index f17bbdbe689..576239b3274 100644 --- a/services/appmgr/test/unittest/ams_service_event_drive_test/ams_service_event_drive_test.cpp +++ b/services/appmgr/test/unittest/ams_service_event_drive_test/ams_service_event_drive_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2021-2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -226,30 +226,6 @@ HWTEST_F(AmsServiceEventDriveTest, EventDrive_006, TestSize.Level1) APP_LOGI("ams_service_event_drive_test_006 end"); } -/* - * Feature: AppMgrService - * Function: Service - * SubFunction: EventDrive - * FunctionPoints: AppMgrService event drive program model - * EnvConditions: Mobile that can run ohos test framework - * CaseDescription: Verify if post IsBackgroundRunningRestricted task success - */ -HWTEST_F(AmsServiceEventDriveTest, EventDrive_007, TestSize.Level1) -{ - APP_LOGI("ams_service_event_drive_test_007 start"); - - std::shared_ptr innerService = std::make_shared(); - appMgrService_->SetInnerService(innerService); - appMgrService_->OnStart(); - - EXPECT_CALL(*innerService, IsBackgroundRunningRestricted(_)).WillOnce(Return(0)); - - std::string appName = "appName"; - EXPECT_EQ(0, appMgrService_->IsBackgroundRunningRestricted(appName)); - - APP_LOGI("ams_service_event_drive_test_007 end"); -} - /* * Feature: AppMgrService * Function: Service @@ -418,28 +394,6 @@ HWTEST_F(AmsServiceEventDriveTest, EventDrive_014, TestSize.Level1) APP_LOGI("ams_service_event_drive_test_014 end"); } -/* - * Feature: AppMgrService - * Function: Service - * SubFunction: EventDrive - * FunctionPoints: AppMgrService event drive program model - * EnvConditions: Mobile that can run ohos test framework - * CaseDescription: Verify if IsBackgroundRunningRestricted act normal after AppMgrService stopped - */ -HWTEST_F(AmsServiceEventDriveTest, EventDrive_015, TestSize.Level1) -{ - APP_LOGI("ams_service_event_drive_test_015 start"); - - appMgrService_->OnStop(); - std::shared_ptr innerService = std::make_shared(); - appMgrService_->SetInnerService(innerService); - - std::string appName = "appName"; - EXPECT_EQ(OHOS::ERR_INVALID_OPERATION, appMgrService_->IsBackgroundRunningRestricted(appName)); - - APP_LOGI("ams_service_event_drive_test_015 end"); -} - /* * Feature: AppMgrService * Function: Service @@ -610,28 +564,6 @@ HWTEST_F(AmsServiceEventDriveTest, EventDrive_022, TestSize.Level1) APP_LOGI("ams_service_event_drive_test_022 end"); } -/* - * Feature: AppMgrService - * Function: Service - * SubFunction: EventDrive - * FunctionPoints: AppMgrService event drive program model - * EnvConditions: Mobile that can run ohos test framework - * CaseDescription: Verify if IsBackgroundRunningRestricted act normal after AppMgrService stopped - */ -HWTEST_F(AmsServiceEventDriveTest, EventDrive_023, TestSize.Level1) -{ - APP_LOGI("ams_service_event_drive_test_023 start"); - std::shared_ptr innerService = std::make_shared(); - appMgrService_->SetInnerService(innerService); - appMgrService_->OnStart(); - appMgrService_->OnStop(); - - std::string appName = "appName"; - EXPECT_EQ(OHOS::ERR_INVALID_OPERATION, appMgrService_->IsBackgroundRunningRestricted(appName)); - - APP_LOGI("ams_service_event_drive_test_023 end"); -} - /* * Feature: AppMgrService * Function: Service diff --git a/services/appmgr/test/unittest/ams_service_load_ability_process_test/BUILD.gn b/services/appmgr/test/unittest/ams_service_load_ability_process_test/BUILD.gn index 367663fa6a5..ad1d2e452e8 100644 --- a/services/appmgr/test/unittest/ams_service_load_ability_process_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_service_load_ability_process_test/BUILD.gn @@ -60,6 +60,7 @@ ohos_unittest("AmsServiceLoadAbilityProcessTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/base:base", "//foundation/aafwk/standard/interfaces/innerkits/want:want", diff --git a/services/appmgr/test/unittest/ams_service_startup_test/BUILD.gn b/services/appmgr/test/unittest/ams_service_startup_test/BUILD.gn index fc65f97e04a..d34b4169490 100644 --- a/services/appmgr/test/unittest/ams_service_startup_test/BUILD.gn +++ b/services/appmgr/test/unittest/ams_service_startup_test/BUILD.gn @@ -51,6 +51,7 @@ ohos_unittest("AmsServiceStartupTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/interfaces/innerkits/base:base", diff --git a/services/appmgr/test/unittest/app_mgr_service_event_handler_test/BUILD.gn b/services/appmgr/test/unittest/app_mgr_service_event_handler_test/BUILD.gn index 914c579d618..635e47a975f 100644 --- a/services/appmgr/test/unittest/app_mgr_service_event_handler_test/BUILD.gn +++ b/services/appmgr/test/unittest/app_mgr_service_event_handler_test/BUILD.gn @@ -59,6 +59,7 @@ ohos_unittest("AMSEventHandlerTest") { "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${innerkits_path}/uri_permission:uri_permission_mgr", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", "//foundation/aafwk/standard/interfaces/innerkits/base:base", diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 28587377112..60e148c9e31 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -1,5 +1,5 @@ # -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,3 +29,29 @@ ohos_source_set("abilitymgr_common") { external_deps = [ "hiviewdfx_hilog_native:libhilog" ] } + +config("perm_verification_config") { + visibility = [ ":*" ] + include_dirs = [ "include" ] + cflags = [] + if (target_cpu == "arm") { + cflags += [ "-DBINDER_IPC_32BIT" ] + } +} + +#build so +ohos_shared_library("perm_verification") { + public_configs = [ ":perm_verification_config" ] + + sources = [ "src/permission_verification.cpp" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "hiviewdfx_hilog_native:libhilog", + "ipc:ipc_core", + "utils_base:utils", + ] + + subsystem_name = "aafwk" + part_name = "ability_runtime" +} diff --git a/services/common/include/permission_constants.h b/services/common/include/permission_constants.h new file mode 100644 index 00000000000..fce13bd70ba --- /dev/null +++ b/services/common/include/permission_constants.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_AAFWK_PERMISSION_CONSTANTS_H +#define OHOS_AAFWK_PERMISSION_CONSTANTS_H + +namespace OHOS { +namespace AAFwk { +namespace PermissionConstants { +const std::string PERMISSION_CLEAN_BACKGROUND_PROCESSES = "ohos.permission.CLEAN_BACKGROUND_PROCESSES"; +const std::string PERMISSION_INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS"; +const std::string PERMISSION_GET_RUNNING_INFO = "ohos.permission.GET_RUNNING_INFO"; +const std::string PERMISSION_UPDATE_CONFIGURATION = "ohos.permission.UPDATE_CONFIGURATION"; +const std::string PERMISSION_CLEAN_APPLICATION_DATA = "ohos.permission.CLEAN_APPLICATION_DATA"; +const std::string PERMISSION_RUNNING_STATE_OBSERVER = "ohos.permission.RUNNING_STATE_OBSERVER"; +const std::string PERMISSION_MANAGE_MISSION = "ohos.permission.MANAGE_MISSIONS"; +} // namespace PermissionConstants +} // namespace AAFwk +} // namespace OHOS +#endif // OHOS_AAFWK_PERMISSION_CONSTANTS_H \ No newline at end of file diff --git a/services/common/include/permission_verification.h b/services/common/include/permission_verification.h new file mode 100644 index 00000000000..89e6fd773ae --- /dev/null +++ b/services/common/include/permission_verification.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_AAFWK_PERMISSION_VERIFICATION_H +#define OHOS_AAFWK_PERMISSION_VERIFICATION_H + +#include + +#include "singleton.h" + +namespace OHOS { +namespace AAFwk { +class PermissionVerification : public DelayedSingleton { +public: + PermissionVerification() = default; + ~PermissionVerification() = default; + + bool VerifyCallingPermission(const std::string &permissionName); + + bool IsSACall(); + + bool VerifyRunningInfoPerm(); + +private: + DISALLOW_COPY_AND_MOVE(PermissionVerification); + unsigned int GetCallingTokenID(); +}; +} // namespace AAFwk +} // namespace OHOS +#endif // OHOS_AAFWK_PERMISSION_VERIFICATION_H \ No newline at end of file diff --git a/services/common/src/permission_verification.cpp b/services/common/src/permission_verification.cpp new file mode 100644 index 00000000000..10d186be7c3 --- /dev/null +++ b/services/common/src/permission_verification.cpp @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "permission_verification.h" + +#include "accesstoken_kit.h" +#include "hilog_wrapper.h" +#include "ipc_skeleton.h" +#include "permission_constants.h" + +namespace OHOS { +namespace AAFwk { +bool PermissionVerification::VerifyCallingPermission(const std::string &permissionName) +{ + HILOG_DEBUG("VerifyCallingPermission permission %{public}s", permissionName.c_str()); + auto callerToken = GetCallingTokenID(); + int32_t ret = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); + if (ret == Security::AccessToken::PermissionState::PERMISSION_DENIED) { + HILOG_ERROR("permission %{public}s: PERMISSION_DENIED", permissionName.c_str()); + return false; + } + HILOG_DEBUG("verify AccessToken success"); + return true; +} + +bool PermissionVerification::IsSACall() +{ + HILOG_DEBUG("AmsMgrScheduler::IsSACall is called."); + auto callerToken = GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + HILOG_DEBUG("caller tokenType is native, verify success"); + return true; + } + HILOG_DEBUG("Not SA called."); + return false; +} + +bool PermissionVerification::VerifyRunningInfoPerm() +{ + if (IsSACall()) { + HILOG_DEBUG("%{public}s: the interface called by SA.", __func__); + return true; + } + if (VerifyCallingPermission(PermissionConstants::PERMISSION_GET_RUNNING_INFO)) { + HILOG_DEBUG("%{public}s: Permission verification succeeded.", __func__); + return true; + } + HILOG_ERROR("%{public}s: Permission verification failed.", __func__); + return false; +} + +unsigned int PermissionVerification::GetCallingTokenID() +{ + auto callerToken = IPCSkeleton::GetCallingTokenID(); + HILOG_DEBUG("callerToken : %{public}u", callerToken); + return callerToken; +} +} // namespace AAFwk +} // namespace OHOS \ No newline at end of file diff --git a/services/formmgr/BUILD.gn b/services/formmgr/BUILD.gn index cc0963ffc1e..1df7b815b4e 100644 --- a/services/formmgr/BUILD.gn +++ b/services/formmgr/BUILD.gn @@ -30,6 +30,7 @@ group("fms_target") { ohos_shared_library("libfms") { include_dirs = [ + "${services_path}/common:perm_verification", "//foundation/appexecfwk/standard/interfaces/innerkits/libeventhandler/include", "//foundation/aafwk/standard/interfaces/innerkits/ability_manager/include", "//base/security/permission/interfaces/innerkits/permission_standard/permissionsdk/main/cpp/include", @@ -90,6 +91,7 @@ ohos_shared_library("libfms") { deps = [ "${appexecfwk_path}/common:libappexecfwk_common", "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", + "${services_path}/common:perm_verification", "//base/miscservices/time/services:time_service", "//foundation/aafwk/standard/frameworks/kits/appkit:app_context", "//foundation/aafwk/standard/frameworks/kits/wantagent:wantagent_innerkits", diff --git a/services/formmgr/include/form_info_mgr.h b/services/formmgr/include/form_info_mgr.h index 42bfdb441b6..74bdb8db553 100644 --- a/services/formmgr/include/form_info_mgr.h +++ b/services/formmgr/include/form_info_mgr.h @@ -79,6 +79,8 @@ public: private: std::shared_ptr GetOrCreateBundleFromInfo(const std::string &bundleName); + bool IsCaller(std::string bundleName); + bool CheckBundlePermission(); mutable std::shared_timed_mutex bundleFormInfoMapMutex_ {}; std::unordered_map> bundleFormInfoMap_ {}; diff --git a/services/formmgr/include/form_mgr_service.h b/services/formmgr/include/form_mgr_service.h index ffb36aa484b..400a368f640 100644 --- a/services/formmgr/include/form_mgr_service.h +++ b/services/formmgr/include/form_mgr_service.h @@ -233,19 +233,7 @@ private: */ ErrCode Init(); - /** - * @brief Permission check by callingUid. - * @param formId the id of the form. - * @return Returns true on success, false on failure. - */ bool CheckFormPermission(); - - /** - * @brief Permission check. - * @param bundleName bundleName. - * @return Returns true on success, false on failure. - */ - bool CheckFormPermission(const std::string &bundleName) const; private: ServiceRunningState state_; diff --git a/services/formmgr/src/form_info_mgr.cpp b/services/formmgr/src/form_info_mgr.cpp index 370e25f7951..d4a988f3c38 100644 --- a/services/formmgr/src/form_info_mgr.cpp +++ b/services/formmgr/src/form_info_mgr.cpp @@ -23,7 +23,9 @@ #include "form_bms_helper.h" #include "form_info_storage_mgr.h" #include "form_util.h" +#include "ipc_skeleton.h" #include "json_serializer.h" +#include "permission_verification.h" namespace OHOS { namespace AppExecFwk { @@ -274,10 +276,22 @@ ErrCode FormInfoMgr::Remove(const std::string &bundleName) ErrCode FormInfoMgr::GetAllFormsInfo(std::vector &formInfos) { + bool hasPermission = CheckBundlePermission(); std::shared_lock guard(bundleFormInfoMapMutex_); - for (const auto &bundleFormInfo: bundleFormInfoMap_) { - if (bundleFormInfo.second != nullptr) { - bundleFormInfo.second->GetAllFormsInfo(formInfos); + if (hasPermission) { + for (const auto &bundleFormInfo: bundleFormInfoMap_) { + if (bundleFormInfo.second != nullptr) { + bundleFormInfo.second->GetAllFormsInfo(formInfos); + } + } + } else { + for (const auto &bundleFormInfo: bundleFormInfoMap_) { + if (IsCaller(bundleFormInfo.first)) { + if (bundleFormInfo.second != nullptr) { + bundleFormInfo.second->GetAllFormsInfo(formInfos); + } + return ERR_OK; + } } } return ERR_OK; @@ -290,6 +304,10 @@ ErrCode FormInfoMgr::GetFormsInfoByBundle(const std::string &bundleName, std::ve return ERR_APPEXECFWK_FORM_INVALID_PARAM; } + if (!CheckBundlePermission() && !IsCaller(bundleName)) { + return ERR_APPEXECFWK_FORM_PERMISSION_DENY; + } + std::shared_lock guard(bundleFormInfoMapMutex_); auto bundleFormInfoIter = bundleFormInfoMap_.find(bundleName); if (bundleFormInfoIter == bundleFormInfoMap_.end()) { @@ -311,6 +329,10 @@ ErrCode FormInfoMgr::GetFormsInfoByModule(const std::string &bundleName, const s return ERR_APPEXECFWK_FORM_INVALID_PARAM; } + if (!CheckBundlePermission() && !IsCaller(bundleName)) { + return ERR_APPEXECFWK_FORM_PERMISSION_DENY; + } + std::shared_lock guard(bundleFormInfoMapMutex_); auto bundleFormInfoIter = bundleFormInfoMap_.find(bundleName); if (bundleFormInfoIter == bundleFormInfoMap_.end()) { @@ -347,5 +369,39 @@ std::shared_ptr FormInfoMgr::GetOrCreateBundleFromInfo(const std bundleFormInfoMap_[bundleName] = bundleFormInfoPtr; return bundleFormInfoPtr; } + +bool FormInfoMgr::IsCaller(std::string bundleName) +{ + auto bms = FormBmsHelper::GetInstance().GetBundleMgr(); + if (!bms) { + return false; + } + AppExecFwk::BundleInfo bundleInfo; + bool ret = bms->GetBundleInfo(bundleName, GET_BUNDLE_DEFAULT, bundleInfo, FormUtil::GetCurrentAccountId()); + if (!ret) { + APP_LOGE("Failed to get bundle info."); + return false; + } + auto callerToken = IPCSkeleton::GetCallingTokenID(); + if (bundleInfo.applicationInfo.accessTokenId == callerToken) { + return true; + } + return false; +} + +bool FormInfoMgr::CheckBundlePermission() +{ + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return true; + } + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AppExecFwk::Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED); + if (isCallingPerm) { + return true; + } + APP_LOGE("Permission verification failed"); + return false; +} } // namespace AppExecFwk } // namespace OHOS diff --git a/services/formmgr/src/form_mgr_service.cpp b/services/formmgr/src/form_mgr_service.cpp index e61d0f15ae9..cf1ed09d0d2 100644 --- a/services/formmgr/src/form_mgr_service.cpp +++ b/services/formmgr/src/form_mgr_service.cpp @@ -37,6 +37,7 @@ #include "iservice_registry.h" #include "permission/permission.h" #include "permission/permission_kit.h" +#include "permission_verification.h" #include "string_ex.h" #include "system_ability_definition.h" @@ -141,10 +142,6 @@ int FormMgrService::ReleaseForm(const int64_t formId, const sptr int FormMgrService::UpdateForm(const int64_t formId, const std::string &bundleName, const FormProviderData &formBindingData) { - if (!CheckFormPermission()) { - APP_LOGE("%{public}s fail, update form permission denied", __func__); - return ERR_APPEXECFWK_FORM_PERMISSION_DENY; - } return FormMgrAdapter::GetInstance().UpdateForm(formId, bundleName, formBindingData); } @@ -394,28 +391,20 @@ ErrCode FormMgrService::Init() APP_LOGI("init success"); return ERR_OK; } -/** - * @brief Permission check by callingUid. - * @param formId the id of the form. - * @return Returns true on success, false on failure. - */ -bool FormMgrService::CheckFormPermission() -{ - return true; -} -bool FormMgrService::CheckFormPermission(const std::string &bundleName) const +bool FormMgrService::CheckFormPermission() { - if (bundleName.empty()) { - APP_LOGE("%{public}s fail, bundleName can not be empty", __func__); - return false; + auto isSaCall = AAFwk::PermissionVerification::GetInstance()->IsSACall(); + if (isSaCall) { + return true; } - int result = PermissionKit::VerifyPermission(bundleName, Constants::PERMISSION_REQUIRE_FORM, 0); - if (result != PermissionState::PERMISSION_GRANTED) { - APP_LOGW("permission = %{public}s, bundleName = %{public}s, result = %{public}d", - Constants::PERMISSION_REQUIRE_FORM.c_str(), bundleName.c_str(), result); + auto isCallingPerm = AAFwk::PermissionVerification::GetInstance()->VerifyCallingPermission( + AppExecFwk::Constants::PERMISSION_REQUIRE_FORM); + if (isCallingPerm) { + return true; } - return result == PermissionState::PERMISSION_GRANTED; + APP_LOGE("Permission verification failed"); + return false; } /** diff --git a/services/test/moduletest/ability_mgr_service_test/BUILD.gn b/services/test/moduletest/ability_mgr_service_test/BUILD.gn index 7114e02f0f5..0f142f544ad 100644 --- a/services/test/moduletest/ability_mgr_service_test/BUILD.gn +++ b/services/test/moduletest/ability_mgr_service_test/BUILD.gn @@ -89,6 +89,7 @@ ohos_moduletest("ability_mgr_module_test") { "${aafwk_path}/interfaces/innerkits/app_manager:app_manager", "${innerkits_path}/uri_permission:uri_permission_mgr", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//base/global/i18n_standard/frameworks/intl:intl_util", "//foundation/aafwk/standard/frameworks/kits/ability/native:abilitykit_native", diff --git a/services/test/moduletest/ability_record_test/BUILD.gn b/services/test/moduletest/ability_record_test/BUILD.gn index 7c35ff46dcb..23d3e600049 100644 --- a/services/test/moduletest/ability_record_test/BUILD.gn +++ b/services/test/moduletest/ability_record_test/BUILD.gn @@ -92,6 +92,7 @@ ohos_moduletest("AbilityRecordModuleTest") { "${innerkits_path}/base:base", "${innerkits_path}/uri_permission:uri_permission_mgr", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//base/global/i18n_standard/frameworks/intl:intl_util", "//foundation/aafwk/standard/frameworks/kits/ability/native:abilitykit_native", diff --git a/services/test/moduletest/ability_stack_test/BUILD.gn b/services/test/moduletest/ability_stack_test/BUILD.gn index 59960e6fc51..c2abfb5fdaf 100644 --- a/services/test/moduletest/ability_stack_test/BUILD.gn +++ b/services/test/moduletest/ability_stack_test/BUILD.gn @@ -91,6 +91,7 @@ ohos_moduletest("ability_stack_module_test") { "${innerkits_path}/base:base", "${innerkits_path}/uri_permission:uri_permission_mgr", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//base/global/i18n_standard/frameworks/intl:intl_util", "//foundation/aafwk/standard/frameworks/kits/ability/native:abilitykit_native", diff --git a/services/test/moduletest/common/ams/ability_running_record_test/BUILD.gn b/services/test/moduletest/common/ams/ability_running_record_test/BUILD.gn index 16ca5ba126c..d7c077e9022 100755 --- a/services/test/moduletest/common/ams/ability_running_record_test/BUILD.gn +++ b/services/test/moduletest/common/ams/ability_running_record_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -24,7 +24,10 @@ ohos_moduletest("AmsAbilityRunningRecordModuleTest") { ] sources = [ "ams_ability_running_record_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/app_life_cycle_test/BUILD.gn b/services/test/moduletest/common/ams/app_life_cycle_test/BUILD.gn index 0a03ebe4df9..690a1c2feda 100755 --- a/services/test/moduletest/common/ams/app_life_cycle_test/BUILD.gn +++ b/services/test/moduletest/common/ams/app_life_cycle_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -25,7 +25,10 @@ ohos_moduletest("AmsAppLifeCycleModuleTest") { ] sources = [ "ams_app_life_cycle_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/app_life_cycle_test/ams_app_life_cycle_module_test.cpp b/services/test/moduletest/common/ams/app_life_cycle_test/ams_app_life_cycle_module_test.cpp index d6b39eb5764..745b7d82bfe 100755 --- a/services/test/moduletest/common/ams/app_life_cycle_test/ams_app_life_cycle_module_test.cpp +++ b/services/test/moduletest/common/ams/app_life_cycle_test/ams_app_life_cycle_module_test.cpp @@ -920,14 +920,6 @@ HWTEST_F(AmsAppLifeCycleModuleTest, StateChange_010, TestSize.Level3) std::vector allRunningProcessInfo; serviceInner_->GetAllRunningProcesses(allRunningProcessInfo); EXPECT_EQ(allRunningProcessInfo.size(), size_t(APPLICATION_NUM)); - - serviceInner_->StopAllProcess(); - - for (int i = 0; i < APPLICATION_NUM; i++) { - serviceInner_->OnRemoteDied(mockAppScheduler[i]); // A faked death recipient. - auto record = serviceInner_->GetAppRunningRecordByAppRecordId(recordId[i]); - EXPECT_EQ(nullptr, record); - } } /* diff --git a/services/test/moduletest/common/ams/app_mgr_service_test/BUILD.gn b/services/test/moduletest/common/ams/app_mgr_service_test/BUILD.gn index d14fc2bb5af..6d701509807 100755 --- a/services/test/moduletest/common/ams/app_mgr_service_test/BUILD.gn +++ b/services/test/moduletest/common/ams/app_mgr_service_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -28,6 +28,7 @@ ohos_moduletest("AmsAppMgrServiceModuleTest") { ] deps = [ + "${services_path}/common:perm_verification", "${services_path}/test/moduletest/common/ams:appmgr_mst_source", "//base/global/i18n_standard/frameworks/intl:intl_util", ] diff --git a/services/test/moduletest/common/ams/app_mgr_service_test/ams_app_mgr_service_module_test.cpp b/services/test/moduletest/common/ams/app_mgr_service_test/ams_app_mgr_service_module_test.cpp index abb68fa83aa..c590912c289 100644 --- a/services/test/moduletest/common/ams/app_mgr_service_test/ams_app_mgr_service_module_test.cpp +++ b/services/test/moduletest/common/ams/app_mgr_service_test/ams_app_mgr_service_module_test.cpp @@ -327,42 +327,6 @@ HWTEST_F(AppMgrServiceModuleTest, ClearUpApplicationData_001, TestSize.Level1) } } -/* - * Feature: AppMgrService - * Function: IsBackgroundRunningRestricted - * SubFunction: NA - * FunctionPoints: AppMgrService => AppMgrServiceInner: IsBackgroundRunningRestricted - * CaseDescription: Check IsBackgroundRunningRestricted. - */ -HWTEST_F(AppMgrServiceModuleTest, IsBackgroundRunningRestricted_001, TestSize.Level1) -{ - EXPECT_TRUE(appMgrService_); - EXPECT_TRUE(mockAppMgrServiceInner_); - - std::string testAppName("testApp"); - bool testResult = false; - Semaphore sem(0); - - auto mockHandler = [&testResult, testAppName, &sem](const std::string &appName) { - testResult = (appName == testAppName); - sem.Post(); - return ERR_OK; - }; - - for (int i = 0; i < COUNT; ++i) { - testResult = false; - - EXPECT_CALL(*mockAppMgrServiceInner_, IsBackgroundRunningRestricted(_)).Times(1).WillOnce(Invoke(mockHandler)); - - auto result = appMgrService_->IsBackgroundRunningRestricted(testAppName); - - sem.Wait(); - - EXPECT_TRUE(testResult); - EXPECT_EQ(result, ERR_OK); - } -} - /* * Feature: AppMgrService * Function: GetAllRunningProcesses diff --git a/services/test/moduletest/common/ams/app_recent_list_test/BUILD.gn b/services/test/moduletest/common/ams/app_recent_list_test/BUILD.gn index fc6c4758cf3..b174fb58595 100755 --- a/services/test/moduletest/common/ams/app_recent_list_test/BUILD.gn +++ b/services/test/moduletest/common/ams/app_recent_list_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -24,7 +24,10 @@ ohos_moduletest("AmsAppRecentListModuleTest") { ] sources = [ "ams_app_recent_list_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/app_running_record_test/BUILD.gn b/services/test/moduletest/common/ams/app_running_record_test/BUILD.gn index 5a949c9b30c..a300e9b5f69 100755 --- a/services/test/moduletest/common/ams/app_running_record_test/BUILD.gn +++ b/services/test/moduletest/common/ams/app_running_record_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -25,7 +25,10 @@ ohos_moduletest("AmsAppRunningRecordModuleTest") { ] sources = [ "ams_app_running_record_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/app_service_flow_test/BUILD.gn b/services/test/moduletest/common/ams/app_service_flow_test/BUILD.gn index 71c4adaef32..c88dc7bf73b 100755 --- a/services/test/moduletest/common/ams/app_service_flow_test/BUILD.gn +++ b/services/test/moduletest/common/ams/app_service_flow_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -23,7 +23,10 @@ ohos_moduletest("AmsAppServiceFlowModuleTest") { [ "//base/hiviewdfx/hilog/interfaces/native/innerkits/include/" ] sources = [ "ams_app_service_flow_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/ipc_ams_mgr_test/BUILD.gn b/services/test/moduletest/common/ams/ipc_ams_mgr_test/BUILD.gn index 81dff48201c..2f17712cfc4 100755 --- a/services/test/moduletest/common/ams/ipc_ams_mgr_test/BUILD.gn +++ b/services/test/moduletest/common/ams/ipc_ams_mgr_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,6 +33,7 @@ ohos_moduletest("AmsIpcAmsmgrModuleTest") { deps = [ "${appexecfwk_path}/libs/libeventhandler:libeventhandler_target", "${services_path}/appmgr/test:appmgr_test_source", + "${services_path}/common:perm_verification", "${services_path}/test/moduletest/common/ams:appmgr_mst_source", ] diff --git a/services/test/moduletest/common/ams/ipc_app_mgr_test/BUILD.gn b/services/test/moduletest/common/ams/ipc_app_mgr_test/BUILD.gn index 7e8d7036999..d177076a30c 100755 --- a/services/test/moduletest/common/ams/ipc_app_mgr_test/BUILD.gn +++ b/services/test/moduletest/common/ams/ipc_app_mgr_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -23,7 +23,10 @@ ohos_moduletest("AmsIpcAppmgrModuleTest") { sources = [ "ams_ipc_app_mgr_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/ipc_app_mgr_test/ams_ipc_app_mgr_module_test.cpp b/services/test/moduletest/common/ams/ipc_app_mgr_test/ams_ipc_app_mgr_module_test.cpp index caf863ae46c..d161ac57593 100644 --- a/services/test/moduletest/common/ams/ipc_app_mgr_test/ams_ipc_app_mgr_module_test.cpp +++ b/services/test/moduletest/common/ams/ipc_app_mgr_test/ams_ipc_app_mgr_module_test.cpp @@ -231,37 +231,6 @@ HWTEST_F(AmsIpcAppmgrModuleTest, ExcuteAppmgrIPCInterface_007, TestSize.Level3) } } -/* - * Feature: ApplicationFramework - * Function: AppManagerService - * SubFunction: AppmgrIPCInterface - * FunctionPoints: test IsBackgroundRunningRestricted API,then check the function whether is good or not - * EnvConditions: system running normally - * CaseDescription: excute IsBackgroundRunningRestricted API 10000 times - */ -HWTEST_F(AmsIpcAppmgrModuleTest, ExcuteAppmgrIPCInterface_008, TestSize.Level3) -{ - for (int i = 0; i < COUNT; i++) { - sptr mockMockAppMgr(new MockMockAppMgrService()); - sptr appMgrClient = iface_cast(mockMockAppMgr); - std::string testBundleName("testApp"); - bool testResult = false; - - auto mockHandler = [&](const std::string &name) { - testResult = (name == testBundleName); - mockMockAppMgr->Post(); - return 0; - }; - - EXPECT_CALL(*mockMockAppMgr, IsBackgroundRunningRestricted(_)).WillOnce(Invoke(mockHandler)); - - appMgrClient->IsBackgroundRunningRestricted(testBundleName); - mockMockAppMgr->Wait(); - - EXPECT_TRUE(testResult); - } -} - /* * Feature: ApplicationFramework * Function: AppManagerService diff --git a/services/test/moduletest/common/ams/ipc_app_scheduler_test/BUILD.gn b/services/test/moduletest/common/ams/ipc_app_scheduler_test/BUILD.gn index 2f51d57cbe1..f7a3e7f6f67 100755 --- a/services/test/moduletest/common/ams/ipc_app_scheduler_test/BUILD.gn +++ b/services/test/moduletest/common/ams/ipc_app_scheduler_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -22,7 +22,10 @@ ohos_moduletest("AmsIpcAppSchedulerModuleTest") { include_dirs = [] sources = [ "ams_ipc_app_scheduler_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "ipc:ipc_core" ] } diff --git a/services/test/moduletest/common/ams/process_optimizer_uba_test/BUILD.gn b/services/test/moduletest/common/ams/process_optimizer_uba_test/BUILD.gn index 8277f2720da..4274b41385e 100644 --- a/services/test/moduletest/common/ams/process_optimizer_uba_test/BUILD.gn +++ b/services/test/moduletest/common/ams/process_optimizer_uba_test/BUILD.gn @@ -29,7 +29,10 @@ ohos_moduletest("AmsProcessOptimizerModuleTest") { sources = [ "ams_process_optimizer_uba_module_test.cpp" ] - deps = [ "${services_path}/test/moduletest/common/ams:appmgr_mst_source" ] + deps = [ + "${services_path}/common:perm_verification", + "${services_path}/test/moduletest/common/ams:appmgr_mst_source", + ] external_deps = [ "hiviewdfx_hilog_native:libhilog", diff --git a/services/test/moduletest/common/ams/service_app_spawn_client_test/BUILD.gn b/services/test/moduletest/common/ams/service_app_spawn_client_test/BUILD.gn index b81874150a2..6240f1cf721 100755 --- a/services/test/moduletest/common/ams/service_app_spawn_client_test/BUILD.gn +++ b/services/test/moduletest/common/ams/service_app_spawn_client_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -29,6 +29,7 @@ ohos_moduletest("AmsServiceAppSpawnClientModuleTest") { ] deps = [ + "${services_path}/common:perm_verification", "${services_path}/test/moduletest/common/ams:appmgr_mst_source", "//base/global/i18n_standard/frameworks/intl:intl_util", ] diff --git a/services/test/moduletest/common/ams/service_event_drive_test/BUILD.gn b/services/test/moduletest/common/ams/service_event_drive_test/BUILD.gn index 42b2dec3580..46b188d1397 100755 --- a/services/test/moduletest/common/ams/service_event_drive_test/BUILD.gn +++ b/services/test/moduletest/common/ams/service_event_drive_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -30,6 +30,7 @@ ohos_moduletest("AmsServiceEventDriveModuleTest") { ] deps = [ + "${services_path}/common:perm_verification", "${services_path}/test/moduletest/common/ams:appmgr_mst_source", "//base/global/i18n_standard/frameworks/intl:intl_util", ] diff --git a/services/test/moduletest/common/ams/service_start_process_test/BUILD.gn b/services/test/moduletest/common/ams/service_start_process_test/BUILD.gn index b66d65a9261..8074d13a603 100755 --- a/services/test/moduletest/common/ams/service_start_process_test/BUILD.gn +++ b/services/test/moduletest/common/ams/service_start_process_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -27,6 +27,7 @@ ohos_moduletest("AmsServiceStartModuleTest") { ] deps = [ + "${services_path}/common:perm_verification", "${services_path}/test/moduletest/common/ams:appmgr_mst_source", "//base/global/i18n_standard/frameworks/intl:intl_util", ] diff --git a/services/test/moduletest/dump_module_test/BUILD.gn b/services/test/moduletest/dump_module_test/BUILD.gn index 3dda95945a9..39647a0f3cf 100755 --- a/services/test/moduletest/dump_module_test/BUILD.gn +++ b/services/test/moduletest/dump_module_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -48,6 +48,7 @@ ohos_moduletest("dump_module_test") { "${services_path}/abilitymgr/test/mock/appmgr_test_service:appmgr_test_service", "${services_path}/abilitymgr/test/mock/libs/appexecfwk_core:appexecfwk_appmgr_mock", "${services_path}/abilitymgr/test/mock/libs/appexecfwk_core:appexecfwk_bundlemgr_mock", + "${services_path}/common:perm_verification", "//base/global/i18n_standard/frameworks/intl:intl_util", "//foundation/aafwk/standard/frameworks/kits/ability/native:abilitykit_native", "//foundation/aafwk/standard/frameworks/kits/ability/native:dummy_classes", diff --git a/services/test/moduletest/ipc_ability_connect_test/BUILD.gn b/services/test/moduletest/ipc_ability_connect_test/BUILD.gn index 639d6687c5d..487dc498f07 100644 --- a/services/test/moduletest/ipc_ability_connect_test/BUILD.gn +++ b/services/test/moduletest/ipc_ability_connect_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -31,6 +31,7 @@ ohos_moduletest("IpcAbilityConnectModuleTest") { } deps = [ "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base", "//third_party/googletest:gmock_main", "//third_party/googletest:gtest_main", diff --git a/services/test/moduletest/ipc_ability_mgr_test/BUILD.gn b/services/test/moduletest/ipc_ability_mgr_test/BUILD.gn index 56cbc739203..9341420fdc0 100644 --- a/services/test/moduletest/ipc_ability_mgr_test/BUILD.gn +++ b/services/test/moduletest/ipc_ability_mgr_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -33,6 +33,7 @@ ohos_moduletest("IpcAbilityMgrServiceModuleTest") { deps = [ "${aafwk_path}/interfaces/innerkits/app_manager:app_manager", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//foundation/aafwk/standard/services/abilitymgr:abilityms", "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_base:appexecfwk_base", "//foundation/appexecfwk/standard/interfaces/innerkits/appexecfwk_core:appexecfwk_core", diff --git a/services/test/moduletest/ipc_ability_scheduler_test/BUILD.gn b/services/test/moduletest/ipc_ability_scheduler_test/BUILD.gn index 4d0ca27ff79..9c07fbc05ca 100644 --- a/services/test/moduletest/ipc_ability_scheduler_test/BUILD.gn +++ b/services/test/moduletest/ipc_ability_scheduler_test/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2021-2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -46,6 +46,7 @@ ohos_moduletest("IpcAbilitySchedulerModuleTest") { } deps = [ "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//foundation/aafwk/standard/frameworks/kits/ability/native:abilitykit_native", "//foundation/aafwk/standard/frameworks/kits/ability/native:dummy_classes", "//foundation/aafwk/standard/interfaces/innerkits/app_manager:app_manager", diff --git a/services/test/moduletest/panding_want_manager_test/BUILD.gn b/services/test/moduletest/panding_want_manager_test/BUILD.gn index 95956bf4669..f3d2d19d6af 100755 --- a/services/test/moduletest/panding_want_manager_test/BUILD.gn +++ b/services/test/moduletest/panding_want_manager_test/BUILD.gn @@ -51,6 +51,7 @@ ohos_moduletest("PandingWantMgrTest") { "${innerkits_path}/base:base", "${innerkits_path}/uri_permission:uri_permission_mgr", "${innerkits_path}/want:want", + "${services_path}/common:perm_verification", "//base/account/os_account/frameworks/osaccount/native:os_account_innerkits", "//base/global/i18n_standard/frameworks/intl:intl_util", "//base/hiviewdfx/hiview/adapter/utility:hiview_adapter_utility", -- Gitee