diff --git a/frameworks/common/include/sandbox_manager_log.h b/frameworks/common/include/sandbox_manager_log.h index 64057a9cdb52bd570f7f22a63ed818dd0ab2266e..72510f457053ae8d789b7c6704af800b02ee8b60 100644 --- a/frameworks/common/include/sandbox_manager_log.h +++ b/frameworks/common/include/sandbox_manager_log.h @@ -16,6 +16,19 @@ #ifndef SANDBOXMANAGER_LOG_H #define SANDBOXMANAGER_LOG_H +#include +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { + +class SandboxManagerLog { +public: + static std::string MaskRealPath(const char *path); +}; +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS + #ifdef HILOG_ENABLE #include "hilog/log.h" diff --git a/frameworks/sandbox_manager/BUILD.gn b/frameworks/sandbox_manager/BUILD.gn index 89a5d2187408c5b63d6cde22e88e9e859a4573f4..42210372df3ff2b4480bf95398ac6fbb4e1950af 100644 --- a/frameworks/sandbox_manager/BUILD.gn +++ b/frameworks/sandbox_manager/BUILD.gn @@ -97,6 +97,7 @@ ohos_shared_library("sandbox_manager_communication_adapter_cxx") { "src/policy_info_parcel.cpp", "src/policy_info_vector_parcel.cpp", "src/sandbox_manager_dfx_helper.cpp", + "src/sandbox_manager_log.cpp", ] external_deps = [ diff --git a/frameworks/sandbox_manager/src/sandbox_manager_log.cpp b/frameworks/sandbox_manager/src/sandbox_manager_log.cpp new file mode 100644 index 0000000000000000000000000000000000000000..914b74db12ccdd7db218d880b6f622cc323f5445 --- /dev/null +++ b/frameworks/sandbox_manager/src/sandbox_manager_log.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include +#include +#include +#include +#include "sandbox_manager_log.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { + +#define MASK_INFO "***" +const std::string CURRENT_DIR = "."; +const std::string PARENT_DIR = ".."; +const std::string EMPTY_PATH = "empty path"; +const std::string NULL_PATH = "null path"; + +std::string SandboxManagerLog::MaskRealPath(const char *path) +{ + if (path == nullptr) { + return NULL_PATH; + } + + if (strlen(path) == 0) { + return EMPTY_PATH; + } + + std::istringstream stream(path); + std::string part; + std::string retStr; + + while (std::getline(stream, part, '/')) { + if (!part.empty()) { + if (part == CURRENT_DIR || part == PARENT_DIR) { + retStr.append(part); + } else { + retStr.push_back(part[0]); + retStr.append(MASK_INFO); + } + retStr.append("/"); + } else { + /* means find "//" */ + retStr.append("/"); + } + } + + if (path[strlen(path) - 1] != '/') { + retStr.pop_back(); + } + + return retStr; +} + +} // namespace SandboxManager +} // namespace AccessControl +} // namespace OHOS diff --git a/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp b/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp index ecf61da94034ceffb5d3c8be78ade81b1d8c83f2..3c03577397411cedfad4ed4c235e9944fd1c3eae 100644 --- a/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp +++ b/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp @@ -304,8 +304,9 @@ int32_t MacAdapter::SetSandboxPolicy(const std::vector &policy, std: info.pathInfos[i].path = const_cast(policy[offset + i].path.c_str()); info.pathInfos[i].pathLen = policy[offset + i].path.length(); info.pathInfos[i].mode = policy[offset + i].mode; - SANDBOXMANAGER_LOG_INFO(LABEL, "Set policy paths target:%{public}u path:%{private}s mode:%{public}d", - macParams.tokenId, info.pathInfos[i].path, info.pathInfos[i].mode); + std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path); + SANDBOXMANAGER_LOG_INFO(LABEL, "Set policy paths target:%{public}u path:%{public}s mode:%{public}d", + macParams.tokenId, maskPath.c_str(), info.pathInfos[i].mode); } if (ioctl(fd_, SET_POLICY_CMD, &info) < 0) { @@ -314,13 +315,19 @@ int32_t MacAdapter::SetSandboxPolicy(const std::vector &policy, std: return SANDBOX_MANAGER_MAC_IOCTL_ERR; } for (size_t i = 0; i < curBatchSize; ++i) { - result[offset + i] = info.pathInfos[i].result ? SANDBOX_MANAGER_OK : POLICY_MAC_FAIL; + if (info.pathInfos[i].result == 0) { + std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Set policy failed at %{public}s", maskPath.c_str()); + result[offset + i] = POLICY_MAC_FAIL; + } else { + result[offset + i] = SANDBOX_MANAGER_OK; + } } } uint32_t failCount = static_cast( std::count_if(result.begin(), result.end(), [](uint32_t res) { return res != SANDBOX_MANAGER_OK; })); if (failCount > 0) { - SANDBOXMANAGER_LOG_WARN(LABEL, "Set policy has failed items, failCount=%{public}u.", failCount); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Set policy has failed items, failCount=%{public}u.", failCount); } return SANDBOX_MANAGER_OK; } @@ -356,13 +363,17 @@ int32_t MacAdapter::QuerySandboxPolicy(uint32_t tokenId, const std::vector(std::count(result.begin(), result.end(), false)); if (failCount > 0) { - SANDBOXMANAGER_LOG_WARN(LABEL, "Query policy has failed items, failCount=%{public}u.", failCount); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Query policy has failed items, failCount=%{public}u.", failCount); } return SANDBOX_MANAGER_OK; } @@ -398,13 +409,17 @@ int32_t MacAdapter::CheckSandboxPolicy(uint32_t tokenId, const std::vector(std::count(result.begin(), result.end(), false)); if (failCount > 0) { - SANDBOXMANAGER_LOG_WARN(LABEL, "Check policy has failed items, failCount=%{public}u.", failCount); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy has failed items, failCount=%{public}u.", failCount); } return SANDBOX_MANAGER_OK; } @@ -444,13 +459,17 @@ int32_t MacAdapter::UnSetSandboxPolicy(uint32_t tokenId, const std::vector(std::count(result.begin(), result.end(), false)); if (failCount > 0) { - SANDBOXMANAGER_LOG_WARN(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount); } return SANDBOX_MANAGER_OK; } @@ -490,13 +509,17 @@ int32_t MacAdapter::UnSetSandboxPolicyByUser(int32_t userId, const std::vector

(std::count(result.begin(), result.end(), false)); if (failCount > 0) { - SANDBOXMANAGER_LOG_WARN(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount); } return SANDBOX_MANAGER_OK; } @@ -519,7 +542,9 @@ int32_t MacAdapter::UnSetSandboxPolicy(uint32_t tokenId, const PolicyInfo &polic info.pathInfos[0].path, info.pathInfos[0].mode); if (ioctl(fd_, UN_SET_POLICY_CMD, &info) < 0) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy failed, errno=%{public}d.", errno); + std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[0].path); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy failed, errno=%{public}d. path = %{public}s", + errno, maskPath.c_str()); return SANDBOX_MANAGER_MAC_IOCTL_ERR; } diff --git a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp index 77ce987ace5ffa86e4b857d9426b8fcb7b148274..7e318c76f808746b05e5ad721434209f15365ad9 100644 --- a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp +++ b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp @@ -511,6 +511,202 @@ HWTEST_F(PolicyInfoManagerTest, DenyTest010, TestSize.Level1) #endif #endif +/** + * @tc.name: MaskRealPath001 + * @tc.desc: normal path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath001, TestSize.Level1) +{ + std::string input1 = "/aa/bb/cc/dd.txt"; + std::string expect = "/a***/b***/c***/d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath002 + * @tc.desc: normal path short name + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath002, TestSize.Level1) +{ + std::string input1 = "/aa/bb/cc/d.txt"; + std::string expect = "/a***/b***/c***/d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath003 + * @tc.desc: short path and short name + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath003, TestSize.Level1) +{ + std::string input1 = "/aa/dd.txt"; + std::string expect = "/a***/d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath004 + * @tc.desc: path with more '/' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath004, TestSize.Level1) +{ + std::string input1 = "/aa/////bb/cc/dd.txt"; + std::string expect = "/a***/////b***/c***/d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath005 + * @tc.desc: path begin without '/' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath005, TestSize.Level1) +{ + std::string input1 = "aa/bb"; + std::string expect = "a***/b***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath006 + * @tc.desc: path without info + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath006, TestSize.Level1) +{ + std::string input1 = ""; + std::string expect = "empty path"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath007 + * @tc.desc: path only '/' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath007, TestSize.Level1) +{ + std::string input1 = "/"; + std::string expect = "/"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath008 + * @tc.desc: path only '.' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath008, TestSize.Level1) +{ + std::string input1 = "."; + std::string expect = "."; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath009 + * @tc.desc: path start with '.' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath009, TestSize.Level1) +{ + std::string input1 = "/./test"; + std::string expect = "/./t***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath010 + * @tc.desc: path start with '..' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath010, TestSize.Level1) +{ + std::string input1 = "/../test"; + std::string expect = "/../t***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath011 + * @tc.desc: path with '.' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath011, TestSize.Level1) +{ + std::string input1 = "/aa/../d.txt"; + std::string expect = "/a***/../d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath012 + * @tc.desc: path with '.' and ".." + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath012, TestSize.Level1) +{ + std::string input1 = "/aa/.././bb/cc/dd.txt"; + std::string expect = "/a***/.././b***/c***/d***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath013 + * @tc.desc: file name with more '.' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath013, TestSize.Level1) +{ + std::string input1 = "/aa/.././cc/aa.bb.txt"; + std::string expect = "/a***/.././c***/a***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + +/** + * @tc.name: MaskRealPath014 + * @tc.desc: file name start with '.' + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(PolicyInfoManagerTest, MaskRealPath014, TestSize.Level1) +{ + std::string input1 = "/aa/.././cc/.aa.bb.txt"; + std::string expect = "/a***/.././c***/.***"; + std::string path = SandboxManagerLog::MaskRealPath(input1.c_str()); + EXPECT_EQ(true, expect == path); +} + /** * @tc.name: PolicyInfoManagerTest012 * @tc.desc: Test PolicyInfoManager - MAC not supported