From 7b95372b7e189e07373759f40f88ac228b193f2c Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Sat, 29 Jun 2024 08:24:36 +0000 Subject: [PATCH] =?UTF-8?q?=E5=86=B2=E7=AA=81=E8=A7=A3=E5=86=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I17035fd1c7ee2afd149866ab2b8ad391a027b74b --- .../include/i_sandbox_manager.h | 1 + ...andboxmanager_service_ipc_interface_code.h | 1 + .../include/sandbox_manager_client.h | 1 + .../include/sandbox_manager_kit.h | 6 ++ .../include/sandbox_manager_proxy.h | 1 + .../libsandbox_manager_sdk.map | 1 + .../src/sandbox_manager_client.cpp | 9 +++ .../src/sandbox_manager_kit.cpp | 10 +++ .../src/sandbox_manager_proxy.cpp | 20 +++++ .../src/sandbox_manager_kit_coverage_test.cpp | 3 + .../cpp/include/database/sandbox_manager_db.h | 1 + .../cpp/include/service/policy_info_manager.h | 20 +++++ .../include/service/sandbox_manager_service.h | 1 + .../include/service/sandbox_manager_stub.h | 4 +- .../cpp/src/database/sandbox_manager_db.cpp | 24 ++++++ .../cpp/src/service/policy_info_manager.cpp | 77 ++++++++++++++++++- .../src/service/sandbox_manager_service.cpp | 10 +++ .../cpp/src/service/sandbox_manager_stub.cpp | 31 ++++++++ 18 files changed, 219 insertions(+), 2 deletions(-) diff --git a/frameworks/sandbox_manager/include/i_sandbox_manager.h b/frameworks/sandbox_manager/include/i_sandbox_manager.h index c8c98c8..f4ac914 100644 --- a/frameworks/sandbox_manager/include/i_sandbox_manager.h +++ b/frameworks/sandbox_manager/include/i_sandbox_manager.h @@ -31,6 +31,7 @@ public: static const int SA_ID_SANDBOX_MANAGER_SERVICE = SANDBOX_MANAGER_SERVICE_ID; + virtual int32_t CleanPersistPolicyByPath(const std::vector& filePathList) = 0; virtual int32_t PersistPolicy(const std::vector &policy, std::vector &result) = 0; virtual int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) = 0; virtual int32_t PersistPolicyByTokenId( diff --git a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h b/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h index 54e9cdf..e2b13d1 100644 --- a/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h +++ b/frameworks/sandbox_manager/include/sandboxmanager_service_ipc_interface_code.h @@ -35,6 +35,7 @@ enum class SandboxManagerInterfaceCode { UNSET_ALL_POLICY_BY_TOKEN, PERSIST_PERMISSION_BY_TOKENID, UNPERSIST_PERMISSION_BY_TOKENID, + CLEAN_PERSIST_POLICY_BY_PATH, }; } // namespace SandboxManager } // namespace AccessControl diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h index 001f666..9c9f0c5 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_client.h @@ -40,6 +40,7 @@ public: static SandboxManagerClient &GetInstance(); virtual ~SandboxManagerClient(); + int32_t CleanPersistPolicyByPath(const std::vector& filePathList); int32_t PersistPolicy(const std::vector &policy, std::vector &result); int32_t UnPersistPolicy(const std::vector &policy, std::vector &result); int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h index 4f536f9..b09c666 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_kit.h @@ -27,6 +27,12 @@ namespace SandboxManager { */ class SandboxManagerKit { public: + /** + * @brief Clear the persistence policy + * @param Policy vector of string, file path + * @return SandboxManagerErrCode, see sandbox_manager_err_code.h + */ + static int32_t CleanPersistPolicyByPath(const std::vector& filePathList); /** * @brief Persist policys with caller's tokenId * @param policy vector of PolicyInfo, see policy_info.h diff --git a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h index 83075ad..b54216b 100644 --- a/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h +++ b/interfaces/innerkits/sandbox_manager/include/sandbox_manager_proxy.h @@ -31,6 +31,7 @@ public: explicit SandboxManagerProxy(const sptr &impl); ~SandboxManagerProxy() override; + int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, diff --git a/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map b/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map index aeea97e..32d1dcf 100644 --- a/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map +++ b/interfaces/innerkits/sandbox_manager/libsandbox_manager_sdk.map @@ -16,6 +16,7 @@ extern "C++" { "OHOS::AccessControl::SandboxManager::SandboxManagerKit::PersistPolicy(unsigned int, std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnPersistPolicy(unsigned int, std::__h::vector> const&, std::__h::vector>&)"; + "OHOS::AccessControl::SandboxManager::SandboxManagerKit::CleanPersistPolicyByPath(std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::PersistPolicy(std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnPersistPolicy(std::__h::vector> const&, std::__h::vector>&)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::SetPolicy(unsigned int, std::__h::vector> const&, unsigned long, std::__h::vector>&)"; diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp index 9a0c888..dd870e4 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_client.cpp @@ -44,6 +44,15 @@ SandboxManagerClient::SandboxManagerClient() SandboxManagerClient::~SandboxManagerClient() {} +int32_t SandboxManagerClient::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + auto proxy = GetProxy(true); + if (proxy == nullptr) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Proxy is null"); + return SANDBOX_MANAGER_SERVICE_NOT_EXIST; + } + return proxy->CleanPersistPolicyByPath(filePathList); +} int32_t SandboxManagerClient::PersistPolicy(const std::vector &policy, std::vector &result) { diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp index 2a7bfe0..700718a 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_kit.cpp @@ -31,6 +31,16 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { const uint64_t POLICY_VECTOR_SIZE_LIMIT = 500; const uint32_t POLICY_PATH_LIMIT = 256; +int32_t SandboxManagerKit::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + size_t filePathSize = filePathList.size(); + if ((filePathSize == 0) || (filePathSize > POLICY_VECTOR_SIZE_LIMIT)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePathSize = %{public}zu", filePathSize); + return SandboxManagerErrCode::INVALID_PARAMTER; + } + return SandboxManagerClient::GetInstance().CleanPersistPolicyByPath(filePathList); +} + int32_t SandboxManagerKit::PersistPolicy(const std::vector &policy, std::vector &result) { SANDBOXMANAGER_LOG_DEBUG(LABEL, "called"); diff --git a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp index 9fef29e..1e9f0a8 100644 --- a/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp +++ b/interfaces/innerkits/sandbox_manager/src/sandbox_manager_proxy.cpp @@ -15,9 +15,11 @@ #include "sandbox_manager_proxy.h" +#include #include #include "iremote_object.h" #include "iremote_proxy.h" +#include "message_option.h" #include "message_parcel.h" #include "parcel.h" #include "policy_info_parcel.h" @@ -63,6 +65,24 @@ int32_t SandboxManagerProxy::SendRequest(SandboxManagerInterfaceCode code, Messa return requestResult; } +int32_t SandboxManagerProxy::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Write descriptor fail"); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + if (!data.WriteStringVector(filePathList)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Write filePathList failed."); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_ASYNC); + return SendRequest(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH, data, reply, option); +} + int32_t SandboxManagerProxy::PersistPolicy(const std::vector &policy, std::vector &result) { MessageParcel data; diff --git a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp index 4d58f7f..9cef09a 100644 --- a/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp +++ b/interfaces/innerkits/sandbox_manager/test/unittest/src/sandbox_manager_kit_coverage_test.cpp @@ -16,6 +16,7 @@ #include "sandbox_manager_kit_coverage_test.h" #include +#include #include #include "access_token.h" #include "accesstoken_kit.h" @@ -71,6 +72,8 @@ HWTEST_F(SandboxManagerKitCoverageTest, PersistPolicy001, TestSize.Level1) std::vector result; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(policy, result)); + std::vector filePaths; + EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::CleanPersistPolicyByPath(filePaths)); std::vector policyEmpty; EXPECT_EQ(INVALID_PARAMTER, SandboxManagerKit::PersistPolicy(policyEmpty, result)); diff --git a/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h b/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h index 8494dc9..40916f2 100644 --- a/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h +++ b/services/sandbox_manager/main/cpp/include/database/sandbox_manager_db.h @@ -51,6 +51,7 @@ public: int32_t Modify(const DataType type, const GenericValues &modifyValues, const GenericValues &conditions); + int32_t FindSubPath(const DataType type, const std::string& filePath, std::vector& results); int32_t Find(const DataType type, const GenericValues &conditions, const GenericValues &symbols, std::vector &results); diff --git a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h index cd9a747..8556383 100644 --- a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h +++ b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h @@ -33,6 +33,12 @@ public: PolicyInfoManager() = default; virtual ~PolicyInfoManager() = default; void Init(); + /** + * @brief Clear the persistence policy + * @param policy vector of string, file path + * @return SANDBOX_MANAGER_OK + */ + int32_t CleanPersistPolicyByPath(const std::vector& filePaths); /** * @brief Insert policys to database * @param tokenId token id of the object @@ -129,6 +135,12 @@ public: */ int32_t UnSetAllPolicyByToken(const uint32_t tokenId); private: + /** + * @brief Clean policy list on MAC + * @param GenericValues vector + */ + void CleanPolicyOnMac(const std::vector &results); + /** * @brief find a record with same token and policy path (mode not inclued) * @param tokenId token id of the object @@ -175,6 +187,14 @@ private: * @return */ void TransferPolicyToGeneric(const uint32_t tokenId, const PolicyInfo &policy, GenericValues &generic); + /** + * @brief transfer a GenericValues and token to policy style + * @param tokenId token id of the object + * @param policy input GenericValues + * @param generic transfer result + * @return + */ + void TransferGenericToPolicy(const GenericValues &generic, uint32_t &tokenId, PolicyInfo &policy); /** * @brief cal depth of a given path string * @param path path of file system diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h index 0de35b7..20f0ac4 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h @@ -41,6 +41,7 @@ public: void OnStop() override; void OnStart(const SystemAbilityOnDemandReason& startReason) override; + int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; int32_t PersistPolicy(const std::vector &policy, std::vector &result) override; int32_t UnPersistPolicy(const std::vector &policy, std::vector &result) override; int32_t PersistPolicyByTokenId( diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h index 0652208..12c2ee3 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_stub.h @@ -36,6 +36,7 @@ public: virtual void DelayUnloadService() = 0; private: + int32_t CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply); int32_t PersistPolicyInner(MessageParcel &data, MessageParcel &reply); int32_t UnPersistPolicyInner(MessageParcel &data, MessageParcel &reply); int32_t PersistPolicyByTokenIdInner(MessageParcel &data, MessageParcel &reply); @@ -51,9 +52,10 @@ private: int32_t StartAccessingByTokenIdInner(MessageParcel &data, MessageParcel &reply); int32_t UnSetAllPolicyByTokenInner(MessageParcel &data, MessageParcel &reply); void SetPolicyOpFuncInMap(); - + bool IsFileManagerCalling(uint32_t tokenCaller); using RequestFuncType = int32_t (SandboxManagerStub::*)(MessageParcel &data, MessageParcel &reply); std::map requestFuncMap_; + uint32_t tokenFileManagerId_ = 0; }; } // namespace SandboxManager } // namespace AccessControl diff --git a/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp b/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp index 6b46ee3..3163df3 100644 --- a/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp +++ b/services/sandbox_manager/main/cpp/src/database/sandbox_manager_db.cpp @@ -16,6 +16,7 @@ #include "sandbox_manager_db.h" #include +#include #include "policy_field_const.h" #include "sandbox_manager_log.h" @@ -128,6 +129,29 @@ int32_t SandboxManagerDb::Modify(const DataType type, const GenericValues& modif return (ret == Statement::State::DONE) ? SUCCESS : FAILURE; } +int32_t SandboxManagerDb::FindSubPath( + const DataType type, const std::string& filePath, std::vector& results) +{ + OHOS::Utils::UniqueReadGuard lock(this->rwLock_); + auto it = dataTypeToSqlTable_.find(type); + if (it == dataTypeToSqlTable_.end()) { + return FAILURE; + } + std::string sql = "select * from " + it->second.tableName_ + " where " + PolicyFiledConst::FIELD_PATH + + " like '" + filePath + "/%'" + " or " + PolicyFiledConst::FIELD_PATH + " = '" + filePath + "'"; + auto statement = Prepare(sql); + + while (statement.Step() == Statement::State::ROW) { + int32_t columnCount = statement.GetColumnCount(); + GenericValues value; + for (int32_t i = 0; i < columnCount; i++) { + value.Put(statement.GetColumnName(i), statement.GetValue(i, false)); + } + results.emplace_back(value); + } + return SUCCESS; +} + int32_t SandboxManagerDb::Find(const DataType type, const GenericValues& conditions, const GenericValues& symbols, std::vector& results) { diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index d146a1a..b95cf7e 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -53,6 +54,74 @@ void PolicyInfoManager::Init() macAdapter_.Init(); } +void PolicyInfoManager::CleanPolicyOnMac(const std::vector& results) +{ + if (!macAdapter_.IsMacSupport()) { + SANDBOXMANAGER_LOG_INFO(LABEL, "Mac not enable, default success."); + return; + } + std::map> allPersistPolicy; + for (const auto& res : results) { + uint32_t tokenId; + PolicyInfo policy; + TransferGenericToPolicy(res, tokenId, policy); + auto it = allPersistPolicy.find(tokenId); + if (it == allPersistPolicy.end()) { + std::vector policies; + policies.emplace_back(policy); + allPersistPolicy.insert(std::make_pair(tokenId, policies)); + } else { + it->second.emplace_back(policy); + } + } + + for (auto& it : allPersistPolicy) { + std::vector result(it.second.size()); + int32_t count = 0; + macAdapter_.UnSetSandboxPolicy(it.first, it.second, result); + for (bool res : result) { + if (!res) { + ++count; + } + } + SANDBOXMANAGER_LOG_INFO(LABEL, "Mac UnSetSandboxPolicy size = %{public}zu, fail size = %{public}d.", + it.second.size(), count); + } +} + +int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + //Gets the persistence policy to be cleaned up + std::vector results; + for (const std::string& path : filePathList) { + uint32_t length = path.length(); + if ((length == 0) || (length > POLICY_PATH_LIMIT)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy path check fail, length = %{public}zu.", path.length()); + continue; + } + std::string pathTmp = AdjustPath(path); + SandboxManagerDb::GetInstance().FindSubPath( + SandboxManagerDb::SANDBOX_MANAGER_PERSISTED_POLICY, pathTmp, results); + } + if (results.empty()) { + SANDBOXMANAGER_LOG_INFO(LABEL, "No persistence policy was found to delete."); + return SANDBOX_MANAGER_OK; + } + + //clean MAC + CleanPolicyOnMac(results); + + //clear the persistence policy + for (const auto& res: results) { + int32_t ret = SandboxManagerDb::GetInstance().Remove( + SandboxManagerDb::SANDBOX_MANAGER_PERSISTED_POLICY, res); + if (ret != SandboxManagerDb::SUCCESS) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Delete fail!"); + } + } + return SANDBOX_MANAGER_OK; +} + int32_t PolicyInfoManager::AddPolicy(const uint32_t tokenId, const std::vector &policy, std::vector &result, const uint32_t flag) { @@ -545,6 +614,12 @@ void PolicyInfoManager::TransferPolicyToGeneric(const uint32_t tokenId, const Po generic.Put(PolicyFiledConst::FIELD_DEPTH, GetDepth(path)); generic.Put(PolicyFiledConst::FIELD_MODE, static_cast(policy.mode)); } +void PolicyInfoManager::TransferGenericToPolicy(const GenericValues &generic, uint32_t &tokenId, PolicyInfo &policy) +{ + policy.path = generic.GetString(PolicyFiledConst::FIELD_PATH); + policy.mode = static_cast(generic.GetInt(PolicyFiledConst::FIELD_MODE)); + tokenId = static_cast(generic.GetInt(PolicyFiledConst::FIELD_TOKENID)); +} int64_t PolicyInfoManager::GetDepth(const std::string &path) { @@ -602,7 +677,7 @@ int32_t PolicyInfoManager::CheckPolicyValidity(const PolicyInfo &policy) // path not empty and lenth < POLICY_PATH_LIMIT uint32_t length = policy.path.length(); if (length == 0 || length > POLICY_PATH_LIMIT) { - SANDBOXMANAGER_LOG_ERROR(LABEL, "policy path check fail: %{public}s", policy.path.c_str()); + SANDBOXMANAGER_LOG_ERROR(LABEL, "policy path check fail, length = %{public}zu", policy.path.length()); return SandboxRetType::INVALID_PATH; } std::string path = AdjustPath(policy.path); diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp index 63b20f7..fe65266 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp @@ -127,6 +127,16 @@ void SandboxManagerService::OnStart(const SystemAbilityOnDemandReason& startReas } } +int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector& filePathList) +{ + size_t filePathSize = filePathList.size(); + if (filePathSize == 0 || filePathSize > POLICY_VECTOR_SIZE_LIMIT) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePath vector size error, size = %{public}zu.", filePathSize); + return INVALID_PARAMTER; + } + return PolicyInfoManager::GetInstance().CleanPersistPolicyByPath(filePathList); +} + int32_t SandboxManagerService::PersistPolicy(const std::vector &policy, std::vector &result) { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp index 67edf8d..8e90e9e 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp @@ -17,6 +17,7 @@ #include #include +#include #include #include #include "accesstoken_kit.h" @@ -69,6 +70,26 @@ int32_t SandboxManagerStub::OnRemoteRequest( return NO_ERROR; } +int32_t SandboxManagerStub::CleanPersistPolicyByPathInner(MessageParcel &data, MessageParcel &reply) +{ + SANDBOXMANAGER_LOG_INFO(LABEL, "Call CleanPersistPolicyByPathInner"); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!IsFileManagerCalling(callingTokenId)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenId); + return PERMISSION_DENIED; + } + + std::vector filePathList; + if (!data.ReadStringVector(&filePathList)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Read filePathList failed."); + return SANDBOX_MANAGER_SERVICE_PARCEL_ERR; + } + + this->CleanPersistPolicyByPath(filePathList); + SANDBOXMANAGER_LOG_INFO(LABEL, "End CleanPersistPolicyByPathInner"); + return SANDBOX_MANAGER_OK; +} + int32_t SandboxManagerStub::PersistPolicyInner(MessageParcel &data, MessageParcel &reply) { uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); @@ -470,6 +491,8 @@ int32_t SandboxManagerStub::UnSetAllPolicyByTokenInner(MessageParcel &data, Mess void SandboxManagerStub::SetPolicyOpFuncInMap() { + requestFuncMap_[static_cast(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH)] = + &SandboxManagerStub::CleanPersistPolicyByPathInner; requestFuncMap_[static_cast(SandboxManagerInterfaceCode::PERSIST_PERMISSION)] = &SandboxManagerStub::PersistPolicyInner; requestFuncMap_[static_cast(SandboxManagerInterfaceCode::UNPERSIST_PERMISSION)] = @@ -520,6 +543,14 @@ bool CheckPermission(const uint32_t tokenId, const std::string &permission) SANDBOXMANAGER_LOG_ERROR(LABEL, "Check permission token:%{public}d fail", tokenId); return false; } +bool SandboxManagerStub::IsFileManagerCalling(uint32_t tokenCaller) +{ + if (tokenFileManagerId_ == 0) { + tokenFileManagerId_ = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + } + return tokenCaller == tokenFileManagerId_; +} } // namespace SandboxManager } // namespace AccessControl } // namespace OHOS \ No newline at end of file -- Gitee