From 788469ddbd3b4e3d993d5d9033297ebd55a618d6 Mon Sep 17 00:00:00 2001 From: jiangminsen Date: Sat, 7 Jun 2025 11:12:18 +0800 Subject: [PATCH] dbms add acl check Signed-off-by: jiangminsen --- interfaces/inner_api/BUILD.gn | 5 +- .../include/distributed_bms_acl_info.h | 38 ++++++++ .../include/distributed_bms_interface.h | 7 +- .../inner_api/include/distributed_bms_proxy.h | 6 +- .../src/distributed_bms_acl_info.cpp | 55 +++++++++++ .../inner_api/src/distributed_bms_proxy.cpp | 34 ++++++- services/dbms/BUILD.gn | 1 + .../dbms/include/account_manager_helper.h | 8 ++ services/dbms/include/dbms_device_manager.h | 3 + services/dbms/include/distributed_bms.h | 8 +- services/dbms/src/account_manager_helper.cpp | 16 ++- services/dbms/src/dbms_device_manager.cpp | 48 +++++++++ services/dbms/src/distributed_bms.cpp | 73 ++++++++++++-- services/dbms/src/distributed_bms_host.cpp | 23 ++++- .../unittest/dbms_services_kit_test/BUILD.gn | 1 + .../dbms_services_kit_test.cpp | 97 +++++++++++++++++++ 16 files changed, 397 insertions(+), 26 deletions(-) create mode 100644 interfaces/inner_api/include/distributed_bms_acl_info.h create mode 100644 interfaces/inner_api/src/distributed_bms_acl_info.cpp diff --git a/interfaces/inner_api/BUILD.gn b/interfaces/inner_api/BUILD.gn index 94bd0eb..2728b33 100644 --- a/interfaces/inner_api/BUILD.gn +++ b/interfaces/inner_api/BUILD.gn @@ -37,7 +37,10 @@ ohos_shared_library("dbms_fwk") { "-fstack-protector-strong", ] - sources = [ "src/distributed_bms_proxy.cpp" ] + sources = [ + "src/distributed_bms_acl_info.cpp", + "src/distributed_bms_proxy.cpp" + ] defines = [ "APP_LOG_TAG = \"DistributedBundleMgrService\"", diff --git a/interfaces/inner_api/include/distributed_bms_acl_info.h b/interfaces/inner_api/include/distributed_bms_acl_info.h new file mode 100644 index 0000000..e6ad303 --- /dev/null +++ b/interfaces/inner_api/include/distributed_bms_acl_info.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FOUNDATION_APPEXECFWK_SERVICES_DBMS_INCLUDE_DISTRIBUTED_BMS_ACL_INFO_H +#define FOUNDATION_APPEXECFWK_SERVICES_DBMS_INCLUDE_DISTRIBUTED_BMS_ACL_INFO_H + +#include + +#include "parcel.h" + +namespace OHOS { +namespace AppExecFwk { +struct DistributedBmsAclInfo : public Parcelable { + std::string networkId; + int32_t userId = 0; + std::string accountId; + uint64_t tokenId = 0; + std::string pkgName; + + bool ReadFromParcel(Parcel &parcel); + virtual bool Marshalling(Parcel &parcel) const override; + static DistributedBmsAclInfo *Unmarshalling(Parcel &parcel); +}; +} // namespace AppExecFwk +} // namespace OHOS +#endif // FOUNDATION_APPEXECFWK_SERVICES_DBMS_INCLUDE_DISTRIBUTED_BMS_ACL_INFO_H \ No newline at end of file diff --git a/interfaces/inner_api/include/distributed_bms_interface.h b/interfaces/inner_api/include/distributed_bms_interface.h index d51a1fb..a88081a 100644 --- a/interfaces/inner_api/include/distributed_bms_interface.h +++ b/interfaces/inner_api/include/distributed_bms_interface.h @@ -20,6 +20,7 @@ #include #include "appexecfwk_errors.h" +#include "distributed_bms_acl_info.h" #include "distributed_bundle_info.h" #include "element_name.h" #include "iremote_broker.h" @@ -98,10 +99,11 @@ public: * @param elementName Indicates the elementName. * @param localeInfo Indicates the localeInfo. * @param remoteAbilityInfo Indicates the remote ability info. + * @param info Indicates the acl info. * @return Returns result code when get ability info. */ virtual int32_t GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elementName, const std::string &localeInfo, - RemoteAbilityInfo &remoteAbilityInfo) + RemoteAbilityInfo &remoteAbilityInfo, DistributedBmsAclInfo *info = nullptr) { return ERR_APPEXECFWK_SERVICE_INTERNAL_ERROR; } @@ -123,10 +125,11 @@ public: * @param elementNames Indicates the elementNames. * @param localeInfo Indicates the localeInfo. * @param remoteAbilityInfos Indicates the remote ability infos. + * @param info Indicates the acl info. * @return Returns result code when get ability infos. */ virtual int32_t GetAbilityInfos(const std::vector &elementNames, const std::string &localeInfo, - std::vector &remoteAbilityInfos) + std::vector &remoteAbilityInfos, DistributedBmsAclInfo *info = nullptr) { return ERR_APPEXECFWK_SERVICE_INTERNAL_ERROR; } diff --git a/interfaces/inner_api/include/distributed_bms_proxy.h b/interfaces/inner_api/include/distributed_bms_proxy.h index edf8882..49e719b 100644 --- a/interfaces/inner_api/include/distributed_bms_proxy.h +++ b/interfaces/inner_api/include/distributed_bms_proxy.h @@ -81,10 +81,11 @@ public: * @param elementName Indicates the elementName. * @param localeInfo Indicates the localeInfo. * @param remoteAbilityInfo Indicates the remote ability info. + * @param info Indicates the acl info. * @return Returns result code when get ability info. */ int32_t GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elementName, const std::string &localeInfo, - RemoteAbilityInfo &remoteAbilityInfo) override; + RemoteAbilityInfo &remoteAbilityInfo, DistributedBmsAclInfo *info = nullptr) override; /** * @brief get ability infos @@ -100,10 +101,11 @@ public: * @param elementNames Indicates the elementNames. * @param localeInfo Indicates the localeInfo. * @param remoteAbilityInfos Indicates the remote ability infos. + * @param info Indicates the acl info. * @return Returns result code when get ability infos. */ int32_t GetAbilityInfos(const std::vector &elementNames, const std::string &localeInfo, - std::vector &remoteAbilityInfos) override; + std::vector &remoteAbilityInfos, DistributedBmsAclInfo *info = nullptr) override; bool GetDistributedBundleInfo(const std::string &networkId, const std::string &bundleName, DistributedBundleInfo &distributedBundleInfo) override; diff --git a/interfaces/inner_api/src/distributed_bms_acl_info.cpp b/interfaces/inner_api/src/distributed_bms_acl_info.cpp new file mode 100644 index 0000000..a532158 --- /dev/null +++ b/interfaces/inner_api/src/distributed_bms_acl_info.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "distributed_bms_acl_info.h" + +#include "app_log_wrapper.h" +#include "parcel_macro.h" +#include "string_ex.h" + +namespace OHOS { +namespace AppExecFwk { +bool DistributedBmsAclInfo::ReadFromParcel(Parcel &parcel) +{ + networkId = Str16ToStr8(parcel.ReadString16()); + READ_PARCEL_AND_RETURN_FALSE_IF_FAIL(Int32, parcel, userId); + accountId = Str16ToStr8(parcel.ReadString16()); + READ_PARCEL_AND_RETURN_FALSE_IF_FAIL(Uint64, parcel, tokenId); + pkgName = Str16ToStr8(parcel.ReadString16()); + return true; +} + +DistributedBmsAclInfo *DistributedBmsAclInfo::Unmarshalling(Parcel &parcel) +{ + DistributedBmsAclInfo *info = new (std::nothrow) DistributedBmsAclInfo(); + if (info && !info->ReadFromParcel(parcel)) { + APP_LOGW("read from parcel failed"); + delete info; + info = nullptr; + } + return info; +} + +bool DistributedBmsAclInfo::Marshalling(Parcel &parcel) const +{ + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(networkId)); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(Int32, parcel, userId); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(accountId)); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(Uint64, parcel, tokenId); + WRITE_PARCEL_AND_RETURN_FALSE_IF_FAIL(String16, parcel, Str8ToStr16(pkgName)); + return true; +} +} +} \ No newline at end of file diff --git a/interfaces/inner_api/src/distributed_bms_proxy.cpp b/interfaces/inner_api/src/distributed_bms_proxy.cpp index 132e585..62a2bd9 100644 --- a/interfaces/inner_api/src/distributed_bms_proxy.cpp +++ b/interfaces/inner_api/src/distributed_bms_proxy.cpp @@ -122,7 +122,8 @@ int32_t DistributedBmsProxy::GetAbilityInfo( int32_t DistributedBmsProxy::GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elementName, const std::string &localeInfo, - RemoteAbilityInfo &remoteAbilityInfo) + RemoteAbilityInfo &remoteAbilityInfo, + DistributedBmsAclInfo *info) { APP_LOGD("DistributedBmsProxy GetAbilityInfoWithLocale"); MessageParcel data; @@ -136,7 +137,19 @@ int32_t DistributedBmsProxy::GetAbilityInfo(const OHOS::AppExecFwk::ElementName return ERR_APPEXECFWK_PARCEL_ERROR; } if (!data.WriteString(localeInfo)) { - APP_LOGE("DistributedBmsProxy GetRemoteAbilityInfos write localeInfo error"); + APP_LOGE("DistributedBmsProxy GetAbilityInfo write localeInfo error"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + bool hasInfo = true; + if (info == nullptr) { + hasInfo = false; + } + if (!data.WriteBool(hasInfo)) { + APP_LOGE("DistributedBmsProxy GetAbilityInfo write hasInfo error"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + if (hasInfo && !data.WriteParcelable(info)) { + APP_LOGE("DistributedBmsProxy GetAbilityInfo write info error or info is null"); return ERR_APPEXECFWK_PARCEL_ERROR; } int32_t result = GetParcelableInfo( @@ -157,7 +170,8 @@ int32_t DistributedBmsProxy::GetAbilityInfos( int32_t DistributedBmsProxy::GetAbilityInfos(const std::vector &elementNames, const std::string &localeInfo, - std::vector &remoteAbilityInfos) + std::vector &remoteAbilityInfos, + DistributedBmsAclInfo *info) { APP_LOGD("DistributedBmsProxy GetAbilityInfos"); MessageParcel data; @@ -171,7 +185,19 @@ int32_t DistributedBmsProxy::GetAbilityInfos(const std::vector &ele return ERR_APPEXECFWK_PARCEL_ERROR; } if (!data.WriteString(localeInfo)) { - APP_LOGE("DistributedBmsProxy GetRemoteAbilityInfos write localeInfo error"); + APP_LOGE("DistributedBmsProxy GetAbilityInfos write localeInfo error"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + bool hasInfo = true; + if (info == nullptr) { + hasInfo = false; + } + if (!data.WriteBool(hasInfo)) { + APP_LOGE("DistributedBmsProxy GetAbilityInfos write hasInfo error"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + if (hasInfo && !data.WriteParcelable(info)) { + APP_LOGE("DistributedBmsProxy GetAbilityInfos write info error or info is null"); return ERR_APPEXECFWK_PARCEL_ERROR; } int32_t result = GetParcelableInfos( diff --git a/services/dbms/BUILD.gn b/services/dbms/BUILD.gn index 60c221b..42e77e7 100644 --- a/services/dbms/BUILD.gn +++ b/services/dbms/BUILD.gn @@ -88,6 +88,7 @@ ohos_shared_library("libdbms") { } if (account_enable_dbms) { + external_deps += [ "os_account:libaccountkits" ] external_deps += [ "os_account:os_account_innerkits" ] defines += [ "ACCOUNT_ENABLE" ] } diff --git a/services/dbms/include/account_manager_helper.h b/services/dbms/include/account_manager_helper.h index 0669560..17367e7 100644 --- a/services/dbms/include/account_manager_helper.h +++ b/services/dbms/include/account_manager_helper.h @@ -17,12 +17,20 @@ #define FOUNDATION_APPEXECFWK_SERVICES_DBMS_INCLUDE_ACCOUNT_MANAGER_HELPER_H #include +#ifdef ACCOUNT_ENABLE +#include "accesstoken_kit.h" +#include "ohos_account_kits.h" +#include "os_account_manager.h" +#endif namespace OHOS { namespace AppExecFwk { class AccountManagerHelper { public: static int32_t GetCurrentActiveUserId(); +#ifdef ACCOUNT_ENABLE + static bool GetOsAccountData(AccountSA::OhosAccountInfo& osAccountInfo); +#endif }; } // namespace AppExecFwk } // namespace OHOS diff --git a/services/dbms/include/dbms_device_manager.h b/services/dbms/include/dbms_device_manager.h index 086d233..c4ad1f6 100644 --- a/services/dbms/include/dbms_device_manager.h +++ b/services/dbms/include/dbms_device_manager.h @@ -21,6 +21,7 @@ #include "device_manager_callback.h" #include "dm_device_info.h" +#include "distributed_bms_acl_info.h" #include "system_ability_load_callback_stub.h" namespace OHOS { @@ -30,6 +31,8 @@ public: DbmsDeviceManager(); int32_t GetUdidByNetworkId(const std::string &netWorkId, std::string &udid); int32_t GetUuidByNetworkId(const std::string &netWorkId, std::string &uuid); + bool GetLocalDevice(DistributedHardware::DmDeviceInfo& dmDeviceInfo); + bool CheckAclData(DistributedBmsAclInfo info); private: bool InitDeviceManager(); diff --git a/services/dbms/include/distributed_bms.h b/services/dbms/include/distributed_bms.h index d4e4309..f283d28 100644 --- a/services/dbms/include/distributed_bms.h +++ b/services/dbms/include/distributed_bms.h @@ -92,7 +92,7 @@ public: * @return Returns true when get remote ability info success; returns false otherwise. */ int32_t GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elementName, const std::string &localeInfo, - RemoteAbilityInfo &remoteAbilityInfo) override; + RemoteAbilityInfo &remoteAbilityInfo, DistributedBmsAclInfo *info = nullptr) override; /** * @brief get ability infos * @param elementNames Indicates the elementNames. @@ -110,7 +110,7 @@ public: * @return Returns true when get remote ability info success; returns false otherwise. */ int32_t GetAbilityInfos(const std::vector &elementNames, const std::string &localeInfo, - std::vector &remoteAbilityInfos) override; + std::vector &remoteAbilityInfos, DistributedBmsAclInfo *info = nullptr) override; bool GetDistributedBundleInfo(const std::string &networkId, const std::string &bundleName, DistributedBundleInfo &distributedBundleInfo) override; @@ -127,7 +127,11 @@ public: int32_t GetUdidByNetworkId(const std::string &networkId, std::string &udid); int32_t GetUuidByNetworkId(const std::string &netWorkId, std::string &uuid); + bool GetLocalDevice(DistributedHardware::DmDeviceInfo& dmDeviceInfo); + + bool CheckAclData(DistributedBmsAclInfo info); + DistributedBmsAclInfo BuildDistributedBmsAclInfo(); /** * @brief Start the bundle manager service. * @return diff --git a/services/dbms/src/account_manager_helper.cpp b/services/dbms/src/account_manager_helper.cpp index 7fcc6f1..be95952 100644 --- a/services/dbms/src/account_manager_helper.cpp +++ b/services/dbms/src/account_manager_helper.cpp @@ -20,10 +20,6 @@ #include "app_log_wrapper.h" #include "bundle_constants.h" -#ifdef ACCOUNT_ENABLE -#include "os_account_manager.h" -#endif - namespace OHOS { namespace AppExecFwk { int32_t AccountManagerHelper::GetCurrentActiveUserId() @@ -41,5 +37,17 @@ int32_t AccountManagerHelper::GetCurrentActiveUserId() return Constants::INVALID_USERID; #endif } + +#ifdef ACCOUNT_ENABLE +bool AccountManagerHelper::GetOsAccountData(AccountSA::OhosAccountInfo& osAccountInfo) +{ + ErrCode ret = AccountSA::OhosAccountKits::GetInstance().GetOhosAccountInfo(osAccountInfo); + if (ret != ERR_OK || osAccountInfo.uid_ == "") { + APP_LOGE("GetOhosAccountInfo failed ret:%{public}d", ret); + return false; + } + return true; +} +#endif } // namespace AppExecFwk } // namespace OHOS diff --git a/services/dbms/src/dbms_device_manager.cpp b/services/dbms/src/dbms_device_manager.cpp index 1d42479..369ada8 100644 --- a/services/dbms/src/dbms_device_manager.cpp +++ b/services/dbms/src/dbms_device_manager.cpp @@ -15,6 +15,7 @@ #include "dbms_device_manager.h" +#include "account_manager_helper.h" #include "app_log_wrapper.h" #include "bundle_constants.h" #include "device_manager.h" @@ -81,5 +82,52 @@ int32_t DbmsDeviceManager::GetUuidByNetworkId(const std::string &netWorkId, std: } return errCode; } + +bool DbmsDeviceManager::GetLocalDevice(DistributedHardware::DmDeviceInfo& dmDeviceInfo) +{ + APP_LOGI("GetLocalDeviceId"); + if (!InitDeviceManager()) { + return false; + } + int32_t ret = DistributedHardware::DeviceManager::GetInstance() + .GetLocalDeviceInfo(DISTRIBUTED_BUNDLE_NAME, dmDeviceInfo); + if (ret != ERR_OK) { + APP_LOGE("GetLocalDeviceInfo failed"); + return false; + } + return true; +} + +bool DbmsDeviceManager::CheckAclData(DistributedBmsAclInfo info) +{ +#ifdef ACCOUNT_ENABLE + DistributedHardware::DmAccessCaller dmSrecaller = { + .networkId = info.networkId, + .userId = info.userId, + .accountId = info.accountId, + .tokenId = info.tokenId, + .pkgName = info.pkgName + }; + AccountSA::OhosAccountInfo osAccountInfo; + if (!AccountManagerHelper::GetOsAccountData(osAccountInfo)) { + APP_LOGE("GetOsAccountData failed"); + return false; + } + DistributedHardware::DmDeviceInfo dmDeviceInfo; + if (!GetLocalDevice(dmDeviceInfo)) { + return false; + } + DistributedHardware::DmAccessCallee dmDstCallee = { + .networkId = dmDeviceInfo.networkId, + .userId = AccountManagerHelper::GetCurrentActiveUserId(), + .accountId = osAccountInfo.uid_, + .tokenId = OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenID(dmDstCallee.userId, info.pkgName, 0) + }; + return DistributedHardware::DeviceManager::GetInstance().CheckAccessControl(dmSrecaller, dmDstCallee); +#else + APP_LOGI("ACCOUNT_ENABLE is false"); + return false; +#endif +} } } \ No newline at end of file diff --git a/services/dbms/src/distributed_bms.cpp b/services/dbms/src/distributed_bms.cpp index 1bde3d4..98029b2 100644 --- a/services/dbms/src/distributed_bms.cpp +++ b/services/dbms/src/distributed_bms.cpp @@ -57,7 +57,6 @@ namespace { const unsigned char DECODE_VALUE_CHAR_THREE = 3; const uint8_t DECODE_VALUE_FOUR = 4; const uint8_t DECODE_VALUE_SIX = 6; - const uint32_t DBMS_UID = 6000; const unsigned char DECODE_VALUE_CHAR_FIFTEEN = 15; const unsigned char DECODE_VALUE_CHAR_SIXTY_THREE = 63; const std::vector DECODE_TABLE = { @@ -215,6 +214,15 @@ int32_t DistributedBms::GetUuidByNetworkId(const std::string &networkId, std::st return dbmsDeviceManager_->GetUuidByNetworkId(networkId, uuid); } +bool DistributedBms::GetLocalDevice(DistributedHardware::DmDeviceInfo& dmDeviceInfo) +{ + if (dbmsDeviceManager_ == nullptr) { + APP_LOGI("deviceManager_ is nullptr"); + InitDeviceManager(); + } + return dbmsDeviceManager_->GetLocalDevice(dmDeviceInfo); +} + static OHOS::sptr GetDistributedBundleMgr(const std::string &deviceId) { auto samgr = OHOS::SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); @@ -262,7 +270,8 @@ int32_t DistributedBms::GetRemoteAbilityInfo(const OHOS::AppExecFwk::ElementName HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); #endif APP_LOGD("GetDistributedBundleMgr get remote d-bms"); - resultCode = iDistBundleMgr->GetAbilityInfo(elementName, localeInfo, remoteAbilityInfo); + DistributedBmsAclInfo info = BuildDistributedBmsAclInfo(); + resultCode = iDistBundleMgr->GetAbilityInfo(elementName, localeInfo, remoteAbilityInfo, &info); } #ifdef HISYSEVENT_ENABLE @@ -305,7 +314,8 @@ int32_t DistributedBms::GetRemoteAbilityInfos(const std::vector &el HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); #endif APP_LOGD("GetDistributedBundleMgr get remote d-bms"); - resultCode = iDistBundleMgr->GetAbilityInfos(elementNames, localeInfo, remoteAbilityInfos); + DistributedBmsAclInfo info = BuildDistributedBmsAclInfo(); + resultCode = iDistBundleMgr->GetAbilityInfos(elementNames, localeInfo, remoteAbilityInfos, &info); } #ifdef HISYSEVENT_ENABLE EventReport::SendSystemEvent( @@ -314,6 +324,38 @@ int32_t DistributedBms::GetRemoteAbilityInfos(const std::vector &el return resultCode; } +DistributedBmsAclInfo DistributedBms::BuildDistributedBmsAclInfo() +{ + DistributedBmsAclInfo info; + std::string accountId; +#ifdef ACCOUNT_ENABLE + AccountSA::OhosAccountInfo osAccountInfo; + if (!AccountManagerHelper::GetOsAccountData(osAccountInfo)) { + APP_LOGE("GetOsAccountData failed"); + return info; + } + accountId = osAccountInfo.uid_; +#endif + DistributedHardware::DmDeviceInfo dmDeviceInfo; + if (!GetLocalDevice(dmDeviceInfo)) { + return info; + } + int32_t userId = AccountManagerHelper::GetCurrentActiveUserId(); + auto iBundleMgr = GetBundleMgr(); + if (!iBundleMgr) { + APP_LOGE("DistributedBms GetBundleMgr failed"); + return info; + } + std::string callingBundleName; + iBundleMgr->GetNameForUid(IPCSkeleton::GetCallingUid(), callingBundleName); + info.networkId = dmDeviceInfo.networkId; + info.userId = userId; + info.accountId = accountId; + info.tokenId = OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenID(userId, callingBundleName, 0); + info.pkgName = callingBundleName; + return info; +} + int32_t DistributedBms::GetAbilityInfo( const OHOS::AppExecFwk::ElementName &elementName, RemoteAbilityInfo &remoteAbilityInfo) { @@ -321,11 +363,13 @@ int32_t DistributedBms::GetAbilityInfo( } int32_t DistributedBms::GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elementName, - const std::string &localeInfo, RemoteAbilityInfo &remoteAbilityInfo) + const std::string &localeInfo, RemoteAbilityInfo &remoteAbilityInfo, + DistributedBmsAclInfo *info) { APP_LOGI("DistributedBms GetAbilityInfo bundleName:%{public}s , abilityName:%{public}s, localeInfo:%{public}s", elementName.GetBundleName().c_str(), elementName.GetAbilityName().c_str(), localeInfo.c_str()); - if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED) && + info != nullptr && !CheckAclData(*info)) { APP_LOGE("verify GET_BUNDLE_INFO_PRIVILEGED failed"); return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } @@ -426,16 +470,18 @@ int32_t DistributedBms::GetAbilityInfos( } int32_t DistributedBms::GetAbilityInfos(const std::vector &elementNames, - const std::string &localeInfo, std::vector &remoteAbilityInfos) + const std::string &localeInfo, std::vector &remoteAbilityInfos, + DistributedBmsAclInfo *info) { APP_LOGD("DistributedBms GetAbilityInfos"); - if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED) && + info != nullptr && !CheckAclData(*info)) { APP_LOGE("verify GET_BUNDLE_INFO_PRIVILEGED failed"); return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } for (auto elementName : elementNames) { RemoteAbilityInfo remoteAbilityInfo; - int32_t result = GetAbilityInfo(elementName, localeInfo, remoteAbilityInfo); + int32_t result = GetAbilityInfo(elementName, localeInfo, remoteAbilityInfo, info); if (result) { APP_LOGE("get AbilityInfo:%{public}s, %{public}s, %{public}s failed", elementName.GetBundleName().c_str(), elementName.GetModuleName().c_str(), elementName.GetAbilityName().c_str()); @@ -446,6 +492,15 @@ int32_t DistributedBms::GetAbilityInfos(const std::vector &elementN return OHOS::NO_ERROR; } +bool DistributedBms::CheckAclData(DistributedBmsAclInfo info) +{ + if (dbmsDeviceManager_ == nullptr) { + APP_LOGI("deviceManager_ is nullptr"); + InitDeviceManager(); + } + return dbmsDeviceManager_->CheckAclData(info); +} + bool DistributedBms::GetMediaBase64(std::unique_ptr &data, int64_t fileLength, std::string &imageType, std::string &value) { @@ -589,7 +644,7 @@ bool DistributedBms::VerifyCallingPermission(const std::string &permissionName) auto uid = IPCSkeleton::GetCallingUid(); APP_LOGD("VerifyCallingPermission callingUid %{public}d", uid); int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); - if ((ret == OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED) || (uid == DBMS_UID)) { + if (ret == OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED) { APP_LOGD("verify permission success"); return true; } diff --git a/services/dbms/src/distributed_bms_host.cpp b/services/dbms/src/distributed_bms_host.cpp index fd0a28a..b4197ac 100644 --- a/services/dbms/src/distributed_bms_host.cpp +++ b/services/dbms/src/distributed_bms_host.cpp @@ -135,8 +135,18 @@ int DistributedBmsHost::HandleGetAbilityInfo(Parcel &data, Parcel &reply) return ERR_APPEXECFWK_PARCEL_ERROR; } std::string localeInfo = data.ReadString(); + bool hasInfo = data.ReadBool(); + DistributedBmsAclInfo *info = nullptr; + if (hasInfo) { + std::unique_ptr readInfo(data.ReadParcelable()); + if (readInfo == nullptr) { + APP_LOGE("HandleGetAbilityInfo get parcelable info failed"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + info = readInfo.get(); + } RemoteAbilityInfo remoteAbilityInfo; - int ret = GetAbilityInfo(*elementName, localeInfo, remoteAbilityInfo); + int ret = GetAbilityInfo(*elementName, localeInfo, remoteAbilityInfo, info); if (ret != NO_ERROR) { APP_LOGE("GetAbilityInfo result:%{public}d", ret); return ret; @@ -161,8 +171,17 @@ int DistributedBmsHost::HandleGetAbilityInfos(Parcel &data, Parcel &reply) return ERR_APPEXECFWK_PARCEL_ERROR; } std::string localeInfo = data.ReadString(); + bool hasInfo = data.ReadBool(); + DistributedBmsAclInfo *info = nullptr; + if (hasInfo) { + info = data.ReadParcelable(); + if (info == nullptr) { + APP_LOGE("HandleGetAbilityInfos get parcelable info failed"); + return ERR_APPEXECFWK_PARCEL_ERROR; + } + } std::vector remoteAbilityInfos; - int ret = GetAbilityInfos(elementNames, localeInfo, remoteAbilityInfos); + int ret = GetAbilityInfos(elementNames, localeInfo, remoteAbilityInfos, info); if (ret != NO_ERROR) { APP_LOGE("GetAbilityInfos result:%{public}d", ret); return ret; diff --git a/services/dbms/test/unittest/dbms_services_kit_test/BUILD.gn b/services/dbms/test/unittest/dbms_services_kit_test/BUILD.gn index f2d21b3..5940363 100644 --- a/services/dbms/test/unittest/dbms_services_kit_test/BUILD.gn +++ b/services/dbms/test/unittest/dbms_services_kit_test/BUILD.gn @@ -81,6 +81,7 @@ ohos_unittest("DbmsServicesKitTest") { } if (account_enable_dbms) { + external_deps += [ "os_account:libaccountkits" ] external_deps += [ "os_account:os_account_innerkits" ] defines += [ "ACCOUNT_ENABLE" ] } diff --git a/services/dbms/test/unittest/dbms_services_kit_test/dbms_services_kit_test.cpp b/services/dbms/test/unittest/dbms_services_kit_test/dbms_services_kit_test.cpp index fe7a260..68f8290 100644 --- a/services/dbms/test/unittest/dbms_services_kit_test/dbms_services_kit_test.cpp +++ b/services/dbms/test/unittest/dbms_services_kit_test/dbms_services_kit_test.cpp @@ -29,6 +29,7 @@ #include "bundle_mgr_proxy.h" #include "dbms_device_manager.h" #include "distributed_ability_info.h" +#include "distributed_bms_acl_info.h" #include "distributed_bms.h" #include "distributed_bms_interface.h" #include "distributed_bms_proxy.h" @@ -1362,4 +1363,100 @@ HWTEST_F(DbmsServicesKitTest, VerifyCallingPermission_0200, Function | MediumTes int res = distributedBms->VerifyCallingPermission(""); EXPECT_FALSE(res); } + +/** + * @tc.number: DbmsServicesKitTest + * @tc.name: test GetAbilityInfo + * @tc.require: issueI5MZ8V + * @tc.desc: 1. system running normally + * 2. test GetAbilityInfos + */ +HWTEST_F(DbmsServicesKitTest, GetAbilityInfos_0010, Function | SmallTest | TestSize.Level0) +{ + auto distributedBmsProxy = GetDistributedBmsProxy(); + EXPECT_NE(distributedBmsProxy, nullptr); + if (distributedBmsProxy != nullptr) { + std::vector names; + ElementName name; + name.SetBundleName(BUNDLE_NAME); + name.SetModuleName(MODULE_NAME); + name.SetAbilityName(WRONG_ABILITY_NAME); + names.push_back(name); + std::vector infos; + DistributedBmsAclInfo aclInfo; + aclInfo.networkId = "networkId"; + aclInfo.accountId = "accountId"; + aclInfo.pkgName = "pkgName"; + auto ret = distributedBmsProxy->GetAbilityInfos(names, "", infos, &aclInfo); + EXPECT_EQ(ret, ERR_APPEXECFWK_FAILED_GET_REMOTE_PROXY); + } +} + +/** + * @tc.number: DbmsServicesKitTest + * @tc.name: test GetAbilityInfo + * @tc.require: issueI5MZ8V + * @tc.desc: 1. system running normally + * 2. test GetAbilityInfo + */ +HWTEST_F(DbmsServicesKitTest, GetAbilityInfo_0010, Function | SmallTest | TestSize.Level0) +{ + auto distributedBmsProxy = GetDistributedBmsProxy(); + EXPECT_NE(distributedBmsProxy, nullptr); + if (distributedBmsProxy != nullptr) { + ElementName name; + name.SetBundleName(WRONG_BUNDLE_NAME); + name.SetAbilityName(ABILITY_NAME); + RemoteAbilityInfo info; + DistributedBmsAclInfo aclInfo; + aclInfo.networkId = "networkId"; + aclInfo.accountId = "accountId"; + aclInfo.pkgName = "pkgName"; + auto ret = distributedBmsProxy->GetAbilityInfo(name, "localeInfo", info, &aclInfo); + EXPECT_EQ(ret, ERR_APPEXECFWK_FAILED_GET_REMOTE_PROXY); + } +} + +/** + * @tc.number: GetLocalDevice_0010 + * @tc.name: Test GetLocalDevice + * @tc.desc: GetLocalDevice return true. + */ +HWTEST_F(DbmsServicesKitTest, GetLocalDevice_0010, Function | MediumTest | TestSize.Level1) +{ + auto distributedBms = GetDistributedBms(); + EXPECT_NE(distributedBms, nullptr); + DistributedHardware::DmDeviceInfo dmDeviceInfo; + bool res = distributedBms->GetLocalDevice(dmDeviceInfo); + EXPECT_TRUE(res); +} + +/** + * @tc.number: GetLocalDevice_0110 + * @tc.name: test GetLocalDevice + * @tc.desc: GetLocalDevice is false + */ +HWTEST_F(DbmsServicesKitTest, GetLocalDevice_0110, Function | SmallTest | TestSize.Level0) +{ + DbmsDeviceManager deviceManager; + DistributedHardware::DmDeviceInfo dmDeviceInfo; + auto ret = deviceManager.GetLocalDevice(dmDeviceInfo); + EXPECT_TRUE(ret); +} + +/** + * @tc.number: CheckAclData_0110 + * @tc.name: test CheckAclData + * @tc.desc: CheckAclData is false + */ +HWTEST_F(DbmsServicesKitTest, CheckAclData_0110, Function | SmallTest | TestSize.Level0) +{ + DbmsDeviceManager deviceManager; + DistributedBmsAclInfo aclInfo; + aclInfo.networkId = "networkId"; + aclInfo.accountId = "accountId"; + aclInfo.pkgName = "pkgName"; + auto ret = deviceManager.CheckAclData(aclInfo); + EXPECT_FALSE(ret); +} } // OHOS \ No newline at end of file -- Gitee