diff --git a/frameworks/sandbox_manager/include/i_sandbox_manager.h b/frameworks/sandbox_manager/include/i_sandbox_manager.h index c8c98c846a662ab8f3109e2d5f4bb8fe89b6df07..f4ac914e1c565b88235904e2865eae0c4528ee98 100644 --- a/frameworks/sandbox_manager/include/i_sandbox_manager.h +++ b/frameworks/sandbox_manager/include/i_sandbox_manager.h @@ -31,6 +31,7 @@ public: static const int SA_ID_SANDBOX_MANAGER_SERVICE = SANDBOX_MANAGER_SERVICE_ID; + virtual int32_t CleanPersistPolicyByPath(const std::vector& filePathList) = 0; virtual int32_t PersistPolicy(const std::vector &policy, std::vector &result) = 0; virtual int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) = 0; virtual int32_t PersistPolicyByTokenId( diff --git a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h b/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h index 54e9cdf5926812834de76a51a90b857d97ef48bb..e2b13d159c29d102acc4d1b709cffba7b24fa352 100644 --- a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h +++ b/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h @@ -35,6 +35,7 @@ enum class SandboxManagerInterfaceCode { UNSET_ALL_POLICY_BY_TOKEN, PERSIST_PERMISSION_BY_TOKENID, UNPERSIST_PERMISSION_BY_TOKENID, + CLEAN_PERSIST_POLICY_BY_PATH, }; } // namespace SandboxManager } // namespace AccessControl diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h index 001f6668f79eeabea08a3b55827fb2f0ec75ee8f..9c9f0c58824713bde3cbde60a80aca92a0c986cb 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h @@ -40,6 +40,7 @@ public: static SandboxManagerClient &GetInstance(); virtual ~SandboxManagerClient(); + int32_t CleanPersistPolicyByPath(const std::vector& filePathList); int32_t PersistPolicy(const std::vector &policy, std::vector &result); int32_t UnPersistPolicy(const std::vector &policy, std::vector &result); int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h index 4f536f90cb597708c9a984ab3dfe6983df27d792..b09c666a8b4615f2ae531c401c84fa662bd2efc4 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h @@ -27,6 +27,12 @@ namespace SandboxManager { */ class SandboxManagerKit { public: + /** + * @brief Clear the persistence policy + * @param Policy vector of string, file path + * @return SandboxManagerErrCode, see sandbox_manager_err_code.h + */ + static int32_t CleanPersistPolicyByPath(const std::vector& filePathList); /** * @brief Persist policys with caller's tokenId * @param policy vector of PolicyInfo, see policy_info.h diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h index 83075adb0648622a500a97c17f2c457b3ef802af..b54216b07ca5e728337fc31fa07b747e928f73ce 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h @@ -31,6 +31,7 @@ public: explicit SandboxManagerProxy(const sptr &impl); ~SandboxManagerProxy() override; + int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, diff --git a/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map b/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map index aeea97ee03733b2ac8aba4caf7f02acca91e8015..32d1dcfd41f94441cd46f8fba086ab8ac99ae84e 100644 --- a/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map +++ b/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map @@ -16,6 +16,7 @@ extern "C++" { "OHOS::AccessControl::SandboxManager::SandboxManagerKit::PersistPolicy(unsigned int, std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnPersistPolicy(unsigned int, std::__h::vector> const&, std::__h::vector>&)"; + "OHOS::AccessControl::SandboxManager::SandboxManagerKit::CleanPersistPolicyByPath(std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::PersistPolicy(std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnPersistPolicy(std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::SetPolicy(unsigned int, std::__h::vector> const&, unsigned long, std::__h::vector>&)"; diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp index 9a0c888159abc4dbde9f8727ccdf9604ed366d04..dd870e4a29e58c25dec3d1b0ff5155a8eced98ca 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp @@ -44,6 +44,15 @@ SandboxManagerClient::SandboxManagerClient() SandboxManagerClient::~SandboxManagerClient() {} +int32_t SandboxManagerClient::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + auto proxy = GetProxy(true); + if (proxy == nullptr) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Proxy is null"); + return SANDBOX_MANAGER_SERVICE_NOT_EXIST; + } + return proxy->CleanPersistPolicyByPath(filePathList); +} int32_t SandboxManagerClient::PersistPolicy(const std::vector &policy, std::vector &result) { diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp index 2a7bfe0fb4bbd3abda854b01654a8c2d6fa2c862..700718aa449810c696b59ee6f8e19ab094d97aba 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp @@ -31,6 +31,16 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { const uint64_t POLICY_VECTOR_SIZE_LIMIT = 500; const uint32_t POLICY_PATH_LIMIT = 256; +int32_t SandboxManagerKit::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + size_t filePathSize = filePathList.size(); + if ((filePathSize == 0) || (filePathSize > POLICY_VECTOR_SIZE_LIMIT)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePathSize = %{public}zu", filePathSize); + return SandboxManagerErrCode::INVALID_PARAMTER; + } + return SandboxManagerClient::GetInstance().CleanPersistPolicyByPath(filePathList); +} + int32_t SandboxManagerKit::PersistPolicy(const std::vector &policy, std::vector &result) { SANDBOXMANAGER_LOG_DEBUG(LABEL, "called"); diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp index 9fef29e7b09ad249e5b6b9f2a1135fac5d645c5d..1e9f0a866cad4a78f2787094c10398fba232f62c 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp @@ -15,9 +15,11 @@ #include "sandbox_manager_proxy.h" +#include #include #include "iremote_object.h" #include "iremote_proxy.h" +#include "message_option.h" #include "message_parcel.h" #include "parcel.h" #include "policy_info_parcel.h" @@ -63,6 +65,24 @@ int32_t SandboxManagerProxy::SendRequest(SandboxManagerInterfaceCode code, Messa return requestResult; } +int32_t SandboxManagerProxy::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + if (!data.WriteStringVector(filePathList)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Write filePathList failed."); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_ASYNC); + return SendRequest(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH, data, reply, option); +} + int32_t SandboxManagerProxy::PersistPolicy(const std::vector &policy, std::vector &result) { MessageParcel data; diff --git a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp index 4d58f7fa7cd2ba948fecf0884a59bae86db67d9b..9cef09abba2f660e1d3e9b77a4918361839ae51c 100644 --- a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp +++ b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp @@ -16,6 +16,7 @@ #include "sandbox_manager_kit_coverage_test.h" #include +#include #include #include "access_token.h" #include "accesstoken_kit.h" @@ -71,6 +72,8 @@ HWTEST_F(SandboxManagerKitCoverageTest, PersistPolicy001, TestSize.Level1) std::vector result; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(policy, result)); + std::vector filePaths; + EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); std::vector policyEmpty; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(policyEmpty, result)); diff --git a/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h b/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h index 8494dc90cd5ee14b060f8bcff8072c37cfbdaa39..40916f2c59d542fec912ff1b9a15b7da8ecf9d44 100644 --- a/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h +++ b/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h @@ -51,6 +51,7 @@ public: int32_t Modify(const DataType type, const GenericValues &modifyValues, const GenericValues &conditions); + int32_t FindSubPath(const DataType type, const std::string& filePath, std::vector& results); int32_t Find(const DataType type, const GenericValues &conditions, const GenericValues &symbols, std::vector &results); diff --git a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h index cd9a747cc1482d7796165d630db60f290bb90529..8556383f708e0ceaa2587ef155c3db75229fdc5e 100644 --- a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h +++ b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h @@ -33,6 +33,12 @@ public: PolicyInfoManager() = default; virtual ~PolicyInfoManager() = default; void Init(); + /** + * @brief Clear the persistence policy + * @param policy vector of string, file path + * @return SANDBOX_MANAGER_OK + */ + int32_t CleanPersistPolicyByPath(const std::vector& filePaths); /** * @brief Insert policys to database * @param tokenId token id of the object @@ -129,6 +135,12 @@ public: */ int32_t UnSetAllPolicyByToken(const uint32_t tokenId); private: + /** + * @brief Clean policy list on MAC + * @param GenericValues vector + */ + void CleanPolicyOnMac(const std::vector &results); + /** * @brief find a record with same token and policy path (mode not inclued) * @param tokenId token id of the object @@ -175,6 +187,14 @@ private: * @return */ void TransferPolicyToGeneric(const uint32_t tokenId, const PolicyInfo &policy, GenericValues &generic); + /** + * @brief transfer a GenericValues and token to policy style + * @param tokenId token id of the object + * @param policy input GenericValues + * @param generic transfer result + * @return + */ + void TransferGenericToPolicy(const GenericValues &generic, uint32_t &tokenId, PolicyInfo &policy); /** * @brief cal depth of a given path string * @param path path of file system diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h index 0de35b7a2329d139aeba23c6d1aa057256bcc362..20f0ac42b31a4e183252d68bc56db0bde3dec6fc 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h @@ -41,6 +41,7 @@ public: void OnStop() override; void OnStart(const SystemAbilityOnDemandReason& startReason) override; + int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; int32_t PersistPolicyByTokenId( diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h index 0652208bcd27a3619f805ae23db1071274c539b5..12c2ee38df587cb3f6039174c5c4da88e35e6506 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h @@ -36,6 +36,7 @@ public: virtual void DelayUnloadService() = 0; private: + int32_t CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply); int32_t PersistPolicyInner(MessageParcel &data, MessageParcel &reply); int32_t UnPersistPolicyInner(MessageParcel &data, MessageParcel &reply); int32_t PersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply); @@ -51,9 +52,10 @@ private: int32_t StartAccessingByTokenIdInner(MessageParcel &data, MessageParcel &reply); int32_t UnSetAllPolicyByTokenInner(MessageParcel &data, MessageParcel &reply); void SetPolicyOpFuncInMap(); - + bool IsFileManagerCalling(uint32_t tokenCaller); using RequestFuncType = int32_t (SandboxManagerStub::*)(MessageParcel &data, MessageParcel &reply); std::map requestFuncMap_; + uint32_t tokenFileManagerId_ = 0; }; } // namespace SandboxManager } // namespace AccessControl diff --git a/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp b/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp index 6b46ee3d72c2d6771abaf51dc82ae1a87d8bb799..3163df304f3f0ed38cdd8c72e9d5e6b926bdd016 100644 --- a/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp +++ b/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp @@ -16,6 +16,7 @@ #include "sandbox_manager_db.h" #include +#include #include "policy_field_const.h" #include "sandbox_manager_log.h" @@ -128,6 +129,29 @@ int32_t SandboxManagerDb::Modify(const DataType type, const GenericValues& modif return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; } +int32_t SandboxManagerDb::FindSubPath( + const DataType type, const std::string& filePath, std::vector& results) +{ + OHOS::Utils::UniqueReadGuard lock(this->rwLock_); + auto it = dataTypeToSqlTable_.find(type); + if (it == dataTypeToSqlTable_.end()) { + return FAILURE; + } + std::string sql = "select * from " + it->second.tableName_ + " where " + PolicyFiledConst::FIELD_PATH + + " like '" + filePath + "/%'" + " or " + PolicyFiledConst::FIELD_PATH + " = '" + filePath + "'"; + auto statement = Prepare(sql); + + while (statement.Step() == Statement::State::ROW) { + int32_t columnCount = statement.GetColumnCount(); + GenericValues value; + for (int32_t i = 0; i < columnCount; i++) { + value.Put(statement.GetColumnName(i), statement.GetValue(i, false)); + } + results.emplace_back(value); + } + return SUCCESS; +} + int32_t SandboxManagerDb::Find(const DataType type, const GenericValues& conditions, const GenericValues& symbols, std::vector& results) { diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index d146a1a0479c3e4bcb332c6ead8972420d0e113a..b95cf7ed184aae09df3ef027402e52af196588a7 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -53,6 +54,74 @@ void PolicyInfoManager::Init() macAdapter_.Init(); } +void PolicyInfoManager::CleanPolicyOnMac(const std::vector& results) +{ + if (!macAdapter_.IsMacSupport()) { + SANDBOXMANAGER_LOG_INFO(LABEL, "Mac not enable, default success."); + return; + } + std::map> allPersistPolicy; + for (const auto& res : results) { + uint32_t tokenId; + PolicyInfo policy; + TransferGenericToPolicy(res, tokenId, policy); + auto it = allPersistPolicy.find(tokenId); + if (it == allPersistPolicy.end()) { + std::vector policies; + policies.emplace_back(policy); + allPersistPolicy.insert(std::make_pair(tokenId, policies)); + } else { + it->second.emplace_back(policy); + } + } + + for (auto& it : allPersistPolicy) { + std::vector result(it.second.size()); + int32_t count = 0; + macAdapter_.UnSetSandboxPolicy(it.first, it.second, result); + for (bool res : result) { + if (!res) { + ++count; + } + } + SANDBOXMANAGER_LOG_INFO(LABEL, "Mac UnSetSandboxPolicy size = %{public}zu, fail size = %{public}d.", + it.second.size(), count); + } +} + +int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + //Gets the persistence policy to be cleaned up + std::vector results; + for (const std::string& path : filePathList) { + uint32_t length = path.length(); + if ((length == 0) || (length > POLICY_PATH_LIMIT)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy path check fail, length = %{public}zu.", path.length()); + continue; + } + std::string pathTmp = AdjustPath(path); + SandboxManagerDb::GetInstance().FindSubPath( + SandboxManagerDb::SANDBOX_MANAGER_PERSISTED_POLICY, pathTmp, results); + } + if (results.empty()) { + SANDBOXMANAGER_LOG_INFO(LABEL, "No persistence policy was found to delete."); + return SANDBOX_MANAGER_OK; + } + + //clean MAC + CleanPolicyOnMac(results); + + //clear the persistence policy + for (const auto& res: results) { + int32_t ret = SandboxManagerDb::GetInstance().Remove( + SandboxManagerDb::SANDBOX_MANAGER_PERSISTED_POLICY, res); + if (ret != SandboxManagerDb::SUCCESS) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Delete fail!"); + } + } + return SANDBOX_MANAGER_OK; +} + int32_t PolicyInfoManager::AddPolicy(const uint32_t tokenId, const std::vector &policy, std::vector &result, const uint32_t flag) { @@ -545,6 +614,12 @@ void PolicyInfoManager::TransferPolicyToGeneric(const uint32_t tokenId, const Po generic.Put(PolicyFiledConst::FIELD_DEPTH, GetDepth(path)); generic.Put(PolicyFiledConst::FIELD_MODE, static_cast(policy.mode)); } +void PolicyInfoManager::TransferGenericToPolicy(const GenericValues &generic, uint32_t &tokenId, PolicyInfo &policy) +{ + policy.path = generic.GetString(PolicyFiledConst::FIELD_PATH); + policy.mode = static_cast(generic.GetInt(PolicyFiledConst::FIELD_MODE)); + tokenId = static_cast(generic.GetInt(PolicyFiledConst::FIELD_TOKENID)); +} int64_t PolicyInfoManager::GetDepth(const std::string &path) { @@ -602,7 +677,7 @@ int32_t PolicyInfoManager::CheckPolicyValidity(const PolicyInfo &policy) // path not empty and lenth < POLICY_PATH_LIMIT uint32_t length = policy.path.length(); if (length == 0 || length > POLICY_PATH_LIMIT) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "policy path check fail: %{public}s", policy.path.c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "policy path check fail, length = %{public}zu", policy.path.length()); return SandboxRetType::INVALID_PATH; } std::string path = AdjustPath(policy.path); diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp index 63b20f71456bb1838b449de1b485b039ef6ea7ba..fe65266d53b3ae8c405a30a3cdfadbbd1c5b45f0 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp @@ -127,6 +127,16 @@ void SandboxManagerService::OnStart(const SystemAbilityOnDemandReason& startReas } } +int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + size_t filePathSize = filePathList.size(); + if (filePathSize == 0 || filePathSize > POLICY_VECTOR_SIZE_LIMIT) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePath vector size error, size = %{public}zu.", filePathSize); + return INVALID_PARAMTER; + } + return PolicyInfoManager::GetInstance().CleanPersistPolicyByPath(filePathList); +} + int32_t SandboxManagerService::PersistPolicy(const std::vector &policy, std::vector &result) { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp index 67edf8d1922525f4cdee70aab369241b3adfddd2..8e90e9e1d744eed73d1d43fa707f45675fe40298 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp @@ -17,6 +17,7 @@ #include #include +#include #include #include #include "accesstoken_kit.h" @@ -69,6 +70,26 @@ int32_t SandboxManagerStub::OnRemoteRequest( return NO_ERROR; } +int32_t SandboxManagerStub::CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply) +{ + SANDBOXMANAGER_LOG_INFO(LABEL, "Call CleanPersistPolicyByPathInner"); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!IsFileManagerCalling(callingTokenId)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenId); + return PERMISSION_DENIED; + } + + std::vector filePathList; + if (!data.ReadStringVector(&filePathList)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Read filePathList failed."); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + this->CleanPersistPolicyByPath(filePathList); + SANDBOXMANAGER_LOG_INFO(LABEL, "End CleanPersistPolicyByPathInner"); + return SANDBOX_MANAGER_OK; +} + int32_t SandboxManagerStub::PersistPolicyInner(MessageParcel &data, MessageParcel &reply) { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); @@ -470,6 +491,8 @@ int32_t SandboxManagerStub::UnSetAllPolicyByTokenInner(MessageParcel &data, Mess void SandboxManagerStub::SetPolicyOpFuncInMap() { + requestFuncMap_[static_cast(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH)] = + &SandboxManagerStub::CleanPersistPolicyByPathInner; requestFuncMap_[static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION)] = &SandboxManagerStub::PersistPolicyInner; requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION)] = @@ -520,6 +543,14 @@ bool CheckPermission(const uint32_t tokenId, const std::string &permission) SANDBOXMANAGER_LOG_ERROR(LABEL, "Check permission token:%{public}d fail", tokenId); return false; } +bool SandboxManagerStub::IsFileManagerCalling(uint32_t tokenCaller) +{ + if (tokenFileManagerId_ == 0) { + tokenFileManagerId_ = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + } + return tokenCaller == tokenFileManagerId_; +} } // namespace SandboxManager } // namespace AccessControl } // namespace OHOS \ No newline at end of file