From 9e9965ccf2e97a55939e153d65087eca588ce468 Mon Sep 17 00:00:00 2001 From: wangchen Date: Mon, 26 May 2025 10:14:19 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AA=92=E4=BD=93=E6=8E=A5=E5=8F=A3=E8=B0=83?= =?UTF-8?q?=E7=94=A8=E5=89=8Dmode=E6=A3=80=E6=9F=A5=20close=20#IC9RKY=20Si?= =?UTF-8?q?gned-off-by:=20wangchen=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cpp/include/media/media_path_support.h | 2 + .../main/cpp/src/media/media_path_support.cpp | 38 +++++++++++++------ .../cpp/src/service/policy_info_manager.cpp | 8 ++++ 3 files changed, 36 insertions(+), 12 deletions(-) diff --git a/services/sandbox_manager/main/cpp/include/media/media_path_support.h b/services/sandbox_manager/main/cpp/include/media/media_path_support.h index 2e8784e..f5a1137 100644 --- a/services/sandbox_manager/main/cpp/include/media/media_path_support.h +++ b/services/sandbox_manager/main/cpp/include/media/media_path_support.h @@ -53,6 +53,8 @@ public: int32_t GetMediaPermission(uint32_t tokenId, const std::vector &mediaPolicy, std::vector &mediaResults); private: + template + void MediaDfx(std::vector &uri, std::vector &mode); Media::MediaLibraryExtendManager *media_ = nullptr; }; } // namespace SandboxManager diff --git a/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp b/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp index 7e47cea..4b940c5 100644 --- a/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp +++ b/services/sandbox_manager/main/cpp/src/media/media_path_support.cpp @@ -43,6 +43,15 @@ inline static const std::string MEDIA_PATH_1 = "/data/storage/el2/media"; inline static const bool CANCEL_PERSIST_FLAG = true; // true means persist } +template +void SandboxManagerMedia::MediaDfx(std::vector &uri, std::vector &mode) +{ + for (size_t i = 0; i < uri.size(); ++i) { + std::string maskPath = SandboxManagerLog::MaskRealPath(uri[i].c_str()); + SANDBOXMANAGER_LOG_INFO(LABEL, "uris:%{public}s, mode:%{public}d", maskPath.c_str(), mode[i]); + } +} + SandboxManagerMedia &SandboxManagerMedia::GetInstance() { static SandboxManagerMedia *instance = nullptr; @@ -132,6 +141,7 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeGrant(uint32_t tokenId, std::vecto SANDBOXMANAGER_LOG_INFO(LABEL, "CheckUrisPermission, uriSize:%{public}zu, typeSize:%{public}zu", uris.size(), mode.size()); + MediaDfx(uris, mode); ret = media_->CheckPhotoUriPermission(tokenId, uris, mediaBool, mode); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Checkphotouripermission error, err code:%{public}d", ret); @@ -145,10 +155,9 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeGrant(uint32_t tokenId, std::vecto needGrantMode.emplace_back(mode[i]); } else { std::string maskPath = SandboxManagerLog::MaskRealPath(uris[i].c_str()); - SANDBOXMANAGER_LOG_ERROR(LABEL, "media Uris:%{public}s, had no policy", maskPath.c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Uris:%{public}s, had no policy%{public}d", maskPath.c_str(), mode[i]); } } - ret = OperateModeToPhotoPermissionType(needGrantMode, type); if (ret != SANDBOX_MANAGER_OK) { return ret; @@ -188,14 +197,17 @@ int32_t SandboxManagerMedia::AddMediaPolicy(uint32_t tokenId, const std::vector< return ret; } - uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); - SANDBOXMANAGER_LOG_INFO(LABEL, "Grant, callerId:%{public}u, uriSize:%{public}zu, typeSize:%{public}zu", - callingTokenId, needGrantUris.size(), type.size()); - ret = media_->GrantPhotoUriPermission(callingTokenId, tokenId, needGrantUris, - type, Media::HideSensitiveType::ALL_DESENSITIZE); - if (ret != SANDBOX_MANAGER_OK) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "GrantPhotoUriPermission error, err code = %{public}d", ret); - return SANDBOX_MANAGER_MEDIA_CALL_ERR; + if (needGrantUris.size() != 0) { + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + SANDBOXMANAGER_LOG_INFO(LABEL, "Grant, callerId:%{public}u, uriSize:%{public}zu, typeSize:%{public}zu", + callingTokenId, needGrantUris.size(), type.size()); + MediaDfx(needGrantUris, type); + ret = media_->GrantPhotoUriPermission(callingTokenId, tokenId, needGrantUris, + type, Media::HideSensitiveType::ALL_DESENSITIZE); + if (ret != SANDBOX_MANAGER_OK) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "GrantPhotoUriPermission error, err code = %{public}d", ret); + return SANDBOX_MANAGER_MEDIA_CALL_ERR; + } } for (size_t i = 0; i < mediaPolicyIndexSize; ++i) { if (mediaBool[i] == true) { @@ -214,7 +226,6 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeCancel(uint32_t tokenId, std::vect size_t mediaPolicySize = mediaPaths.size(); std::vector uris; uris.reserve(mediaPolicySize); - SANDBOXMANAGER_LOG_INFO(LABEL, "GetUrisFromFusePaths, mediaPathSize:%{public}zu", mediaPaths.size()); int32_t ret = media_->GetUrisFromFusePaths(mediaPaths, uris); if (ret != SANDBOX_MANAGER_OK) { @@ -231,6 +242,7 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeCancel(uint32_t tokenId, std::vect SANDBOXMANAGER_LOG_INFO(LABEL, "GetUrisPermission, uriSize:%{public}zu, typeSize:%{public}zu", uris.size(), photoPermissionType.size()); + MediaDfx(uris, photoPermissionType); ret = media_->GetPhotoUrisPermission(tokenId, uris, photoPermissionType, mediaBool); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "GetPhotoUrisPermission error, err code:%{public}d", ret); @@ -244,7 +256,7 @@ int32_t SandboxManagerMedia::CheckPolicyBeforeCancel(uint32_t tokenId, std::vect needCancelMode.emplace_back(mode[i]); } else { std::string maskPath = SandboxManagerLog::MaskRealPath(uris[i].c_str()); - SANDBOXMANAGER_LOG_ERROR(LABEL, "media Uris:%{public}s, had no policy", maskPath.c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "Uris:%{public}s, had no policy%{public}d", maskPath.c_str(), mode[i]); } } @@ -291,6 +303,7 @@ int32_t SandboxManagerMedia::RemoveMediaPolicy(uint32_t tokenId, const std::vect uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); SANDBOXMANAGER_LOG_INFO(LABEL, "Cancel, callerId:%{public}u, uriSize:%{public}zu, modeSize:%{public}zu", callingTokenId, needCancelUris.size(), operationMode.size()); + MediaDfx(needCancelUris, operationMode); ret = media_->CancelPhotoUriPermission(callingTokenId, tokenId, needCancelUris, CANCEL_PERSIST_FLAG, operationMode); if (ret != SANDBOX_MANAGER_OK) { @@ -346,6 +359,7 @@ int32_t SandboxManagerMedia::GetMediaPermission(uint32_t tokenId, const std::vec SANDBOXMANAGER_LOG_INFO(LABEL, "GetUrisPermission, uriSize:%{public}zu, typeSize:%{public}zu", uris.size(), photoPermissionType.size()); + MediaDfx(uris, photoPermissionType); ret = media_->GetPhotoUrisPermission(tokenId, uris, photoPermissionType, results); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "GetPhotoUrisPermission error, err code:%{public}d", ret); diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index c6f0f3a..e6a0305 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -963,6 +963,14 @@ int32_t PolicyInfoManager::CheckPolicyValidity(const PolicyInfo &policy) return SandboxRetType::INVALID_PATH; } + // media mode between 0 and 0b11(READ_MODE+WRITE_MODE) + if (SandboxManagerMedia::GetInstance().IsMediaPolicy(policy.path)) { + if (policy.mode < OperateMode::READ_MODE || + policy.mode > OperateMode::READ_MODE + OperateMode::WRITE_MODE) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Media uri policy check fail: %{public}" PRIu64, policy.mode); + return SandboxRetType::INVALID_MODE; + } + } // mode between 0 and 0b11(READ_MODE+WRITE_MODE) if (policy.mode < OperateMode::READ_MODE || policy.mode >= OperateMode::MAX_MODE) { SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy mode check fail: %{public}" PRIu64, policy.mode); -- Gitee