From 4b736c890ce96791343e18dc16e5c01ebbd8950b Mon Sep 17 00:00:00 2001 From: j21p3 Date: Mon, 29 Jul 2024 20:08:48 +0800 Subject: [PATCH] Add HiSysEvent Change-Id: I5a7bcff2edccccaddd1b3178765a96001b5ee520 Signed-off-by: j21p3 --- bundle.json | 4 + frameworks/sandbox_manager/BUILD.gn | 7 +- .../include/sandbox_manager_dfx_helper.h | 79 ++++++++++++++++++ .../src/sandbox_manager_dfx_helper.cpp | 81 ++++++++++++++++++ hisysevent.yaml | 40 +++++++++ .../cpp/include/service/policy_info_manager.h | 4 +- .../cpp/src/service/policy_info_manager.cpp | 83 +++++++++++++++++-- .../cpp/src/service/sandbox_manager_stub.cpp | 2 + 8 files changed, 289 insertions(+), 11 deletions(-) create mode 100644 frameworks/sandbox_manager/include/sandbox_manager_dfx_helper.h create mode 100644 frameworks/sandbox_manager/src/sandbox_manager_dfx_helper.cpp create mode 100644 hisysevent.yaml diff --git a/bundle.json b/bundle.json index acaba98..31fd252 100644 --- a/bundle.json +++ b/bundle.json @@ -17,10 +17,14 @@ "adapted_system_type": [ "standard" ], "rom": "10000KB", "ram": "5000KB", + "hisysevent_config": [ + "//base/accesscontrol/sandbox_manager/hisysevent.yaml" + ], "deps": { "components": [ "c_utils", "hilog", + "hisysevent", "ipc", "safwk", "samgr", diff --git a/frameworks/sandbox_manager/BUILD.gn b/frameworks/sandbox_manager/BUILD.gn index 415af5f..63949af 100644 --- a/frameworks/sandbox_manager/BUILD.gn +++ b/frameworks/sandbox_manager/BUILD.gn @@ -48,7 +48,12 @@ ohos_shared_library("sandbox_manager_communication_adapter_cxx") { sources = [ "src/policy_info_parcel.cpp", "src/policy_info_vector_parcel.cpp", + "src/sandbox_manager_dfx_helper.cpp", ] - external_deps = [ "c_utils:utils" ] + external_deps = [ + "c_utils:utils", + "hisysevent:libhisysevent", + "ipc:ipc_core", + ] } diff --git a/frameworks/sandbox_manager/include/sandbox_manager_dfx_helper.h b/frameworks/sandbox_manager/include/sandbox_manager_dfx_helper.h new file mode 100644 index 0000000..ebeeb2f --- /dev/null +++ b/frameworks/sandbox_manager/include/sandbox_manager_dfx_helper.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SANDBOX_MANAGER_DFX_HELPER_H +#define SANDBOX_MANAGER_DFX_HELPER_H +#include +#include +#include + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +enum OperateTypeEnum: int32_t { + // temporary policy + SET_POLICY, + UNSET_ALL_POLICY_BY_TOKEN, + UNSET_POLICY, + // persist policy + CLEAN_PERSIST_POLICY_BY_PATH, + PERSIST_POLICY, + REMOVE_BUNDLE_POLICY_BY_EVENT, + START_ACCESSING_POLICY, + START_ACCESSING_POLICY_BY_TOKEN, + STOP_ACCESSING_POLICY, + UNPERSIST_POLICY, +}; + +const static std::map OPERATE_TYPE_MAP = { + // temporary policy + {OperateTypeEnum::SET_POLICY, "set_policy"}, + {OperateTypeEnum::UNSET_ALL_POLICY_BY_TOKEN, "unset_all_policy_by_token"}, + {OperateTypeEnum::UNSET_POLICY, "unset_policy"}, + // persist policy + {OperateTypeEnum::CLEAN_PERSIST_POLICY_BY_PATH, "clean_persist_policy_by_path"}, + {OperateTypeEnum::PERSIST_POLICY, "persist_policy"}, + {OperateTypeEnum::REMOVE_BUNDLE_POLICY_BY_EVENT, "remove_bundle_policy_by_event"}, + {OperateTypeEnum::START_ACCESSING_POLICY, "start_accessing_policy"}, + {OperateTypeEnum::START_ACCESSING_POLICY_BY_TOKEN, "start_accessing_policy_by_token"}, + {OperateTypeEnum::STOP_ACCESSING_POLICY, "stop_accessing_policy"}, + {OperateTypeEnum::UNPERSIST_POLICY, "unpersist_policy"}, +}; + +class PolicyOperateInfo { +public: + PolicyOperateInfo( + uint32_t totalNum, uint32_t successNum, + uint32_t failNum, uint32_t invalidNum); + + uint32_t callerPid; + uint32_t callerTokenid; + uint32_t policyNum; + uint32_t successNum; + uint32_t failNum; + uint32_t invalidNum; +}; + +class SandboxManagerDfxHelper { +public: + static void WritePermissionCheckFailEvent(const std::string &permission, + const uint32_t callerTokenid = 0, const uint32_t callerPid = 0); + static void WritePersistPolicyOperateSucc(const OperateTypeEnum operateType, const PolicyOperateInfo &info); + static void WriteTempPolicyOperateSucc(const OperateTypeEnum operateType, const PolicyOperateInfo &info); +}; +} // SandboxManager +} // AccessControl +} // OHOS +#endif // SANDBOX_MANAGER_DFX_HELPER_H \ No newline at end of file diff --git a/frameworks/sandbox_manager/src/sandbox_manager_dfx_helper.cpp b/frameworks/sandbox_manager/src/sandbox_manager_dfx_helper.cpp new file mode 100644 index 0000000..8dbe046 --- /dev/null +++ b/frameworks/sandbox_manager/src/sandbox_manager_dfx_helper.cpp @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sandbox_manager_dfx_helper.h" + +#include "hisysevent.h" +#include "ipc_skeleton.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { + +static std::string GetOperateString(const OperateTypeEnum operateType) +{ + auto it = OPERATE_TYPE_MAP.find(operateType); + if (it == OPERATE_TYPE_MAP.end()) { + return "unknown_type"; + } + return it->second; +} + +PolicyOperateInfo::PolicyOperateInfo(uint32_t totalNum, uint32_t successNum, + uint32_t failNum, uint32_t invalidNum) : policyNum(totalNum), + successNum(successNum), failNum(failNum), invalidNum(invalidNum) +{ + callerPid = IPCSkeleton::GetCallingRealPid(); + callerTokenid = IPCSkeleton::GetCallingTokenID(); +} + +void SandboxManagerDfxHelper::WritePermissionCheckFailEvent(const std::string &permission, + const uint32_t callerTokenid, const uint32_t callerPid) +{ + uint32_t inputPid = callerPid; + if (inputPid == 0) { + inputPid = IPCSkeleton::GetCallingRealPid(); + } + uint32_t inputTokenid = callerTokenid; + if (inputTokenid == 0) { + inputTokenid = IPCSkeleton::GetCallingTokenID(); + } + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SANDBOX_MANAGER, "CALLER_PERMISSION_CHECK_FAILED", + HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_PID", inputPid, + "CALLER_TOKENID", inputTokenid, "PERMISSION_NAME", permission); +} + +void SandboxManagerDfxHelper::WritePersistPolicyOperateSucc( + const OperateTypeEnum operateType, const PolicyOperateInfo &info) +{ + std::string type = GetOperateString(operateType); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SANDBOX_MANAGER, "PERSIST_POLICY_OPERATE_SUCCESS", + HiviewDFX::HiSysEvent::EventType::FAULT, "OPERATE_TYPE", type, + "CALLER_PID", info.callerPid, "CALLER_TOKENID", info.callerTokenid, + "TOTAL_NUM", info.policyNum, "SUCCESS_NUM", info.successNum, + "FAIL_NUM", info.failNum, "INVALID_NUM", info.invalidNum); +} + +void SandboxManagerDfxHelper::WriteTempPolicyOperateSucc( + const OperateTypeEnum operateType, const PolicyOperateInfo &info) +{ + std::string type = GetOperateString(operateType); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SANDBOX_MANAGER, "TEMPORARY_POLICY_OPERATE_SUCCESS", + HiviewDFX::HiSysEvent::EventType::FAULT, "OPERATE_TYPE", type, + "CALLER_PID", info.callerPid, "CALLER_TOKENID", info.callerTokenid, + "TOTAL_NUM", info.policyNum, "SUCCESS_NUM", info.successNum, + "FAIL_NUM", info.failNum, "INVALID_NUM", info.invalidNum); +} +} +} +} diff --git a/hisysevent.yaml b/hisysevent.yaml new file mode 100644 index 0000000..5af3d05 --- /dev/null +++ b/hisysevent.yaml @@ -0,0 +1,40 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +domain: SANDBOX_MANAGER + +CALLER_PERMISSION_CHECK_FAILED: + __BASE: {type: FAULT, level: MINOR, desc: caller permission check failed, preserve: true} + CALLER_PID: {type: UINT32, desc: caller pid} + CALLER_TOKENID: {type: UINT32, desc: caller tokenid} + PERMISSION_NAME: {type: STRING, desc: permission name} + +PERSIST_POLICY_OPERATE_SUCCESS: + __BASE: {type: FAULT, level: MINOR, desc: persist policy operate success, preserve: true} + OPERATE_TYPE: {type: STRING, desc: operate type} + CALLER_PID: {type: UINT32, desc: caller pid} + CALLER_TOKENID: {type: UINT32, desc: caller tokenid} + TOTAL_NUM: {type: UINT32, desc: total number} + SUCCESS_NUM: {type: UINT32, desc: success number} + FAIL_NUM: {type: UINT32, desc: fail number} + INVALID_NUM: {type: UINT32, desc: invalid number} + +TEMPORARY_POLICY_OPERATE_SUCCESS: + __BASE: {type: FAULT, level: MINOR, desc: temporary policy operate success, preserve: true} + OPERATE_TYPE: {type: STRING, desc: operate type} + CALLER_PID: {type: UINT32, desc: caller pid} + CALLER_TOKENID: {type: UINT32, desc: caller tokenid} + TOTAL_NUM: {type: UINT32, desc: total number} + SUCCESS_NUM: {type: UINT32, desc: success number} + FAIL_NUM: {type: UINT32, desc: fail number} + INVALID_NUM: {type: UINT32, desc: invalid number} diff --git a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h index 8556383..673e37e 100644 --- a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h +++ b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h @@ -154,9 +154,9 @@ private: * @param policies input policy, see policy_info.h * @param result output result * @param passIndexes index of policy which is valid - * @return + * @return uint32_t invalid policy count */ - void FilterValidPolicyInBatch( + uint32_t FilterValidPolicyInBatch( const std::vector &policies, std::vector &results, std::vector &passIndexes); /** * @brief AddToDatabaseIfNotDuplicate by remove deplicate records diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index c16b35f..e9befd6 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -30,6 +30,7 @@ #include "policy_info.h" #include "sandbox_manager_const.h" #include "sandbox_manager_db.h" +#include "sandbox_manager_dfx_helper.h" #include "sandbox_manager_err_code.h" #include "sandbox_manager_log.h" @@ -74,7 +75,7 @@ void PolicyInfoManager::CleanPolicyOnMac(const std::vector& resul it->second.emplace_back(policy); } } - + uint32_t failCount = 0; for (auto& it : allPersistPolicy) { std::vector result(it.second.size()); int32_t count = 0; @@ -86,7 +87,11 @@ void PolicyInfoManager::CleanPolicyOnMac(const std::vector& resul } SANDBOXMANAGER_LOG_INFO(LABEL, "Mac UnSetSandboxPolicy size = %{public}zu, fail size = %{public}d.", it.second.size(), count); + failCount += count; } + size_t resultSize = results.size(); + PolicyOperateInfo info(resultSize, resultSize - failCount, failCount, 0); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::CLEAN_PERSIST_POLICY_BY_PATH, info); } int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector& filePathList) @@ -104,6 +109,9 @@ int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector queryPolicyIndex; - FilterValidPolicyInBatch(policy, result, queryPolicyIndex); + uint32_t invalidNum = FilterValidPolicyInBatch(policy, result, queryPolicyIndex); // query mac kernel size_t queryPolicyIndexSize = queryPolicyIndex.size(); std::vector queryResults(queryPolicyIndexSize); @@ -144,6 +152,8 @@ int32_t PolicyInfoManager::AddPolicy(const uint32_t tokenId, const std::vector

&policies, std::vector &results, std::vector &passIndexes) { size_t policySize = policies.size(); @@ -178,6 +191,7 @@ void PolicyInfoManager::FilterValidPolicyInBatch( } passIndexes.emplace_back(i); } + return policySize - passIndexes.size(); } int32_t PolicyInfoManager::AddToDatabaseIfNotDuplicate(const uint32_t tokenId, const std::vector &policies, const std::vector &passIndexes, const uint32_t flag, std::vector &results) @@ -292,22 +306,30 @@ int32_t PolicyInfoManager::RemovePolicy( if (result.size() != policySize) { result.resize(policySize); } + uint32_t invalidNum = 0; + uint32_t failNum = 0; + uint32_t successNum = 0; for (size_t i = 0; i < policySize; ++i) { int32_t checkPolicyRet = CheckPolicyValidity(policy[i]); if (checkPolicyRet != SANDBOX_MANAGER_OK) { result[i] = static_cast(checkPolicyRet); + ++invalidNum; continue; } PolicyInfo exactFindRes; int32_t ret = ExactFind(tokenId, policy[i], exactFindRes); if (ret == SANDBOX_MANAGER_DB_RETURN_EMPTY) { result[i] = SandboxRetType::POLICY_HAS_NOT_BEEN_PERSISTED; + ++successNum; continue; } ret = macAdapter_.UnSetSandboxPolicy(tokenId, policy[i]); if (ret != SANDBOX_MANAGER_OK) { SANDBOXMANAGER_LOG_ERROR(LABEL, "MacAdapter unset error, err code = %{public}d.", ret); + ++failNum; + PolicyOperateInfo info(policySize, successNum, failNum, invalidNum); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::UNPERSIST_POLICY, info); return ret; } @@ -319,33 +341,43 @@ int32_t PolicyInfoManager::RemovePolicy( SANDBOXMANAGER_LOG_ERROR(LABEL, "database operate error"); return SANDBOX_MANAGER_DB_ERR; } + ++successNum; } + PolicyOperateInfo info(result.size(), successNum, failNum, invalidNum); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::UNPERSIST_POLICY, info); return SANDBOX_MANAGER_OK; } int32_t PolicyInfoManager::SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, std::vector &result) { + size_t policySize = policy.size(); if (!macAdapter_.IsMacSupport()) { SANDBOXMANAGER_LOG_INFO(LABEL, "Mac not enable, default success."); - result.resize(policy.size(), SandboxRetType::OPERATE_SUCCESSFULLY); + result.resize(policySize, SandboxRetType::OPERATE_SUCCESSFULLY); return SANDBOX_MANAGER_OK; } - result.resize(policy.size(), INVALID_PATH); + result.resize(policySize, INVALID_PATH); std::vector validIndex; std::vector validPolicies; - for (size_t index = 0; index < policy.size(); ++index) { + uint32_t invalidNum = 0; + uint32_t failNum = 0; + uint32_t successNum = 0; + for (size_t index = 0; index < policySize; ++index) { int32_t res = CheckPolicyValidity(policy[index]); if (res == SANDBOX_MANAGER_OK) { validIndex.emplace_back(index); validPolicies.emplace_back(policy[index]); } else { result[index] = static_cast(res); + ++invalidNum; } } if (validPolicies.empty()) { SANDBOXMANAGER_LOG_WARN(LABEL, "No valid policy to set."); + PolicyOperateInfo info(policySize, successNum, failNum, invalidNum); + SandboxManagerDfxHelper::WriteTempPolicyOperateSucc(OperateTypeEnum::SET_POLICY, info); return SANDBOX_MANAGER_OK; } @@ -353,6 +385,8 @@ int32_t PolicyInfoManager::SetPolicy(uint32_t tokenId, const std::vector &policy, @@ -423,6 +467,9 @@ bool PolicyInfoManager::RemoveBundlePolicy(const uint32_t tokenId) SANDBOXMANAGER_LOG_ERROR(LABEL, "database operate error"); return false; } + PolicyOperateInfo info(0, 0, 0, 0); + info.callerTokenid = tokenId; + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::REMOVE_BUNDLE_POLICY_BY_EVENT, info); return true; } @@ -449,6 +496,8 @@ int32_t PolicyInfoManager::StartAccessingByTokenId(const uint32_t tokenId) size_t searchSize = dbResults.size(); if (searchSize == 0) { SANDBOXMANAGER_LOG_INFO(LABEL, "Database find result empty"); + PolicyOperateInfo info(0, 0, 0, 0); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::START_ACCESSING_POLICY_BY_TOKEN, info); return SANDBOX_MANAGER_DB_RETURN_EMPTY; } @@ -465,6 +514,9 @@ int32_t PolicyInfoManager::StartAccessingByTokenId(const uint32_t tokenId) SANDBOXMANAGER_LOG_ERROR(LABEL, "MacAdapter set policy error, err code = %{public}d.", ret); return ret; } + uint32_t successNum = std::count(macResults.begin(), macResults.end(), SANDBOX_MANAGER_OK); + PolicyOperateInfo info(searchSize, successNum, searchSize - successNum, 0); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::START_ACCESSING_POLICY_BY_TOKEN, info); return SANDBOX_MANAGER_OK; } @@ -488,11 +540,13 @@ int32_t PolicyInfoManager::StartAccessingPolicy( } // set to mac std::vector accessingIndex; + uint32_t invalidNum = 0; for (size_t i = 0; i < policySize; ++i) { if (matchResults[i] == SandboxRetType::OPERATE_SUCCESSFULLY) { accessingIndex.emplace_back(i); } else { results[i] = matchResults[i]; + ++invalidNum; } } size_t accessingIndexSize = accessingIndex.size(); @@ -507,13 +561,17 @@ int32_t PolicyInfoManager::StartAccessingPolicy( return ret; } // write ok flag + uint32_t successNum = 0; for (size_t i = 0; i < accessingIndexSize; ++i) { if (macResults[i] == SANDBOX_MANAGER_OK) { results[accessingIndex[i]] = SandboxRetType::OPERATE_SUCCESSFULLY; + ++successNum; } else { results[accessingIndex[i]] = SandboxRetType::POLICY_MAC_FAIL; } } + PolicyOperateInfo info(policySize, successNum, accessingIndexSize - successNum, invalidNum); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::START_ACCESSING_POLICY, info); return SANDBOX_MANAGER_OK; } @@ -537,11 +595,13 @@ int32_t PolicyInfoManager::StopAccessingPolicy( } // set to mac std::vector accessingIndex; + uint32_t invalidNum = 0; for (size_t i = 0; i < policySize; ++i) { if (matchResults[i] == SandboxRetType::OPERATE_SUCCESSFULLY) { accessingIndex.emplace_back(i); } else { results[i] = matchResults[i]; + ++invalidNum; } } size_t accessingIndexSize = accessingIndex.size(); @@ -556,13 +616,17 @@ int32_t PolicyInfoManager::StopAccessingPolicy( return ret; } // write ok flag + uint32_t successNum = 0; for (size_t i = 0; i < accessingIndexSize; ++i) { if (macResults[i]) { results[accessingIndex[i]] = SandboxRetType::OPERATE_SUCCESSFULLY; + ++successNum; } else { results[accessingIndex[i]] = SandboxRetType::POLICY_MAC_FAIL; } } + PolicyOperateInfo info(policySize, successNum, accessingIndexSize - successNum, invalidNum); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::STOP_ACCESSING_POLICY, info); return SANDBOX_MANAGER_OK; } @@ -572,6 +636,9 @@ int32_t PolicyInfoManager::UnSetAllPolicyByToken(const uint32_t tokenId) SANDBOXMANAGER_LOG_INFO(LABEL, "Mac not enable, default success."); return SANDBOX_MANAGER_OK; } + PolicyOperateInfo info(0, 0, 0, 0); + info.callerTokenid = tokenId; + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc(OperateTypeEnum::UNSET_ALL_POLICY_BY_TOKEN, info); return macAdapter_.DestroySandboxPolicy(tokenId); } diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp index 8e90e9e..1802d67 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp @@ -26,6 +26,7 @@ #include "policy_info_parcel.h" #include "policy_info_vector_parcel.h" #include "sandbox_manager_const.h" +#include "sandbox_manager_dfx_helper.h" #include "sandbox_manager_err_code.h" #include "sandbox_manager_log.h" #include "sandbox_manager_service.h" @@ -540,6 +541,7 @@ bool CheckPermission(const uint32_t tokenId, const std::string &permission) SANDBOXMANAGER_LOG_INFO(LABEL, "Check permission token:%{public}d pass", tokenId); return true; } + SandboxManagerDfxHelper::WritePermissionCheckFailEvent(permission, tokenId); SANDBOXMANAGER_LOG_ERROR(LABEL, "Check permission token:%{public}d fail", tokenId); return false; } -- Gitee