From 453921577aa9240551988770b1817473cea038fa Mon Sep 17 00:00:00 2001 From: wangchen Date: Mon, 19 May 2025 15:45:44 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=AA=92=E4=BD=93=E5=BA=93?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E8=83=BD=E5=8A=9B=E5=88=A4=E6=96=AD=20close?= =?UTF-8?q?=20#IC8SX6=20Signed-off-by:=20wangchen=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cpp/include/media/media_path_support.h | 6 +- .../main/cpp/src/media/media_path_support.cpp | 101 +++++++++++++----- .../cpp/src/service/policy_info_manager.cpp | 24 +++-- 3 files changed, 95 insertions(+), 36 deletions(-) diff --git a/services/sandbox_manager/main/cpp/include/media/media_path_support.h b/services/sandbox_manager/main/cpp/include/media/media_path_support.h index d66ab11..2e8784e 100644 --- a/services/sandbox_manager/main/cpp/include/media/media_path_support.h +++ b/services/sandbox_manager/main/cpp/include/media/media_path_support.h @@ -36,9 +36,13 @@ public: int32_t CheckPolicyBeforeGrant(uint32_t tokenId, std::vector &mediaPaths, std::vector &needGrantUris, std::vector &mode, std::vector &mediaBool, std::vector &type); + int32_t CheckPolicyBeforeCancel(uint32_t tokenId, std::vector &mediaPaths, + std::vector &needCancelUris, std::vector &mode, std::vector &mediaBool, + std::vector &operationMode); int32_t AddMediaPolicy(uint32_t tokenId, const std::vector &mediaPolicy, std::vector &mediaPolicyIndex, std::vector &mediaResults); - int32_t RemoveMediaPolicy(uint32_t tokenId, const std::vector &mediaPolicy); + int32_t RemoveMediaPolicy(uint32_t tokenId, const std::vector &mediaPolicy, + std::vector &result); /** * @brief called by StartAccessingPolicy/StopAccessingPolicy/MatchPolicy * @param tokenId token id of the object diff --git a/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp b/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp index 8af3348..8c21606 100644 --- a/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp +++ b/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp @@ -41,7 +41,6 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { static std::mutex g_instanceMutex; inline static const std::string MEDIA_PATH_1 = "/data/storage/el2/media"; inline static const bool CANCEL_PERSIST_FLAG = true; // true means persist -inline static const bool CANCEL_POLICY_FLAG = false; // false means temporary } SandboxManagerMedia &SandboxManagerMedia::GetInstance() @@ -128,13 +127,13 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeGrant(uint32_t tokenId, std::vecto int32_t ret = media_->GetUrisFromFusePaths(mediaPaths, uris); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "GetUrisFromFusePaths error, err code:%{public}d", ret); - return ret; + return SANDBOX_MANAGER_MEDIA_CALL_ERR; } ret = media_->CheckPhotoUriPermission(tokenId, uris, mediaBool, mode); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Checkphotouripermission error, err code:%{public}d", ret); - return ret; + return SANDBOX_MANAGER_MEDIA_CALL_ERR; } std::vector needGrantMode; @@ -191,7 +190,7 @@ int32_t SandboxManagerMedia::AddMediaPolicy(uint32_t tokenId, const std::vector< type, Media::HideSensitiveType::ALL_DESENSITIZE); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "GrantPhotoUriPermission error, err code = %{public}d", ret); - return ret; + return SANDBOX_MANAGER_MEDIA_CALL_ERR; } for (size_t i = 0; i < mediaPolicyIndexSize; ++i) { if (mediaBool[i] == true) { @@ -203,7 +202,53 @@ int32_t SandboxManagerMedia::AddMediaPolicy(uint32_t tokenId, const std::vector< return SANDBOX_MANAGER_OK; } -int32_t SandboxManagerMedia::RemoveMediaPolicy(uint32_t tokenId, const std::vector &policy) +int32_t SandboxManagerMedia::CheckPolicyBeforeCancel(uint32_t tokenId, std::vector &mediaPaths, + std::vector &needCancelUris, std::vector &mode, std::vector &mediaBool, + std::vector &operationMode) +{ + size_t mediaPolicySize = mediaPaths.size(); + std::vector uris; + uris.reserve(mediaPolicySize); + + int32_t ret = media_->GetUrisFromFusePaths(mediaPaths, uris); + if (ret != SANDBOX_MANAGER_OK) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "GetUrisFromFusePaths error, err code:%{public}d", ret); + return SANDBOX_MANAGER_MEDIA_CALL_ERR; + } + + std::vector photoPermissionType; + photoPermissionType.reserve(mediaPolicySize); + ret = OperateModeToPhotoPermissionType(mode, photoPermissionType); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + ret = media_->GetPhotoUrisPermission(tokenId, uris, photoPermissionType, mediaBool); + if (ret != SANDBOX_MANAGER_OK) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "GetPhotoUrisPermission error, err code:%{public}d", ret); + return SANDBOX_MANAGER_MEDIA_CALL_ERR; + } + + std::vector needCancelMode; + for (size_t i = 0; i < mediaPolicySize; ++i) { + if (mediaBool[i] == true) { + needCancelUris.emplace_back(uris[i]); + needCancelMode.emplace_back(mode[i]); + } else { + std::string maskPath = SandboxManagerLog::MaskRealPath(uris[i].c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "media Uris:%{public}s, had no policy", maskPath.c_str()); + } + } + + ret = OperateModeToMediaOperationMode(needCancelMode, operationMode); + if (ret != SANDBOX_MANAGER_OK) { + return ret; + } + + return SANDBOX_MANAGER_OK; +} + +int32_t SandboxManagerMedia::RemoveMediaPolicy(uint32_t tokenId, const std::vector &policy, + std::vector &result) { if (media_ == nullptr) { if (InitMedia() != SANDBOX_MANAGER_OK) { @@ -217,37 +262,36 @@ int32_t SandboxManagerMedia::RemoveMediaPolicy(uint32_t tokenId, const std::vect std::vector mediaMode; mediaPaths.reserve(mediaPolicySize); uris.reserve(mediaPolicySize); - for (size_t i = 0; i < mediaPolicySize; ++i) { mediaPaths.emplace_back(policy[i].path); mediaMode.emplace_back(policy[i].mode); } + std::vector mediaBool; + std::vector needCancelUris; + mediaBool.reserve(mediaPolicySize); + needCancelUris.reserve(mediaPolicySize); std::vector operationMode; - operationMode.reserve(mediaPolicySize); - int32_t ret = OperateModeToMediaOperationMode(mediaMode, operationMode); - if (ret != SANDBOX_MANAGER_OK) { - return ret; - } - ret = media_->GetUrisFromFusePaths(mediaPaths, uris); + int32_t ret = CheckPolicyBeforeCancel(tokenId, mediaPaths, needCancelUris, mediaMode, mediaBool, operationMode); if (ret != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "GetUrisFromFusePaths error, err code:%{public}d", ret); return ret; } - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - ret = media_->CancelPhotoUriPermission(callingTokenId, tokenId, uris, CANCEL_PERSIST_FLAG, operationMode); - if (ret != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "RemoveMediaPolicy persist error, err code:%{public}d", ret); - return SANDBOX_MANAGER_MEDIA_CALL_ERR; + if (needCancelUris.size() != 0) { + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + ret = media_->CancelPhotoUriPermission(callingTokenId, tokenId, needCancelUris, CANCEL_PERSIST_FLAG, operationMode); + if (ret != SANDBOX_MANAGER_OK) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "RemoveMediaPolicy persist error, err code:%{public}d", ret); + return SANDBOX_MANAGER_MEDIA_CALL_ERR; + } } - - ret = media_->CancelPhotoUriPermission(callingTokenId, tokenId, uris, CANCEL_POLICY_FLAG, operationMode); - if (ret != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "RemoveMediaPolicy policy error, err code:%{public}d", ret); - return SANDBOX_MANAGER_MEDIA_CALL_ERR; + for (size_t i = 0; i < mediaPolicySize; ++i) { + if (mediaBool[i] == true) { + result[i] = SandboxRetType::OPERATE_SUCCESSFULLY; + } else { + result[i] = SandboxRetType::POLICY_HAS_NOT_BEEN_PERSISTED; + } } - return SANDBOX_MANAGER_OK; } @@ -276,7 +320,7 @@ int32_t SandboxManagerMedia::GetMediaPermission(uint32_t tokenId, const std::vec int32_t ret = media_->GetUrisFromFusePaths(mediaPaths, uris); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "GetUrisFromFusePaths error, err code:%{public}d", ret); - return ret; + return SANDBOX_MANAGER_MEDIA_CALL_ERR; } std::vector photoPermissionType; @@ -285,7 +329,12 @@ int32_t SandboxManagerMedia::GetMediaPermission(uint32_t tokenId, const std::vec if (ret != SANDBOX_MANAGER_OK) { return ret; } - return media_->GetPhotoUrisPermission(tokenId, uris, photoPermissionType, results); + ret = media_->GetPhotoUrisPermission(tokenId, uris, photoPermissionType, results); + if (ret != SANDBOX_MANAGER_OK) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "GetPhotoUrisPermission error, err code:%{public}d", ret); + return SANDBOX_MANAGER_MEDIA_CALL_ERR; + } + return SANDBOX_MANAGER_OK; } } // namespace SandboxManager } // namespace AccessControl diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index c5c05fa..579ecbb 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -452,8 +452,10 @@ int32_t PolicyInfoManager::RemovePolicy( uint32_t successNum = 0; std::vector conditions; std::vector mediaPolicy; + std::vector validMediaIndex; mediaPolicy.reserve(policySize); conditions.reserve(policySize); + validMediaIndex.reserve(policySize); for (size_t i = 0; i < policySize; ++i) { int32_t checkPolicyRet = CheckPolicyValidity(policy[i]); if (checkPolicyRet != SANDBOX_MANAGER_OK) { @@ -463,6 +465,7 @@ int32_t PolicyInfoManager::RemovePolicy( } if (SandboxManagerMedia::GetInstance().IsMediaPolicy(policy[i].path)) { mediaPolicy.emplace_back(policy[i]); + validMediaIndex.emplace_back(i); ++invalidNum; continue; } @@ -473,7 +476,6 @@ int32_t PolicyInfoManager::RemovePolicy( ++successNum; continue; } - ret = UnsetSandboxPolicyAndRecord(tokenId, policy[i], conditions); if (ret != SANDBOX_MANAGER_OK) { ++failNum; @@ -497,13 +499,17 @@ int32_t PolicyInfoManager::RemovePolicy( } if (!mediaPolicy.empty()) { - ret = SandboxManagerMedia::GetInstance().RemoveMediaPolicy(tokenId, mediaPolicy); + std::vector checkMediaResult(validMediaIndex.size(), 0); + ret = SandboxManagerMedia::GetInstance().RemoveMediaPolicy(tokenId, mediaPolicy, checkMediaResult); if (ret != SandboxManagerRdb::SUCCESS) { SANDBOXMANAGER_LOG_ERROR(LABEL, "remove media operate error"); - return SANDBOX_MANAGER_MEDIA_CALL_ERR; + return ret; + } + size_t resultIndex = 0; + for (const auto &index : validMediaIndex) { + result[index] = checkMediaResult[resultIndex++]; } } - return SANDBOX_MANAGER_OK; } @@ -985,7 +991,7 @@ int32_t PolicyInfoManager::AddPolicy(const uint32_t tokenId, const std::vector