From 793d0ab6c7f4c5312b2d1a9a59a23596662381df Mon Sep 17 00:00:00 2001 From: jiangminsen Date: Sat, 9 Dec 2023 10:09:30 +0800 Subject: [PATCH] =?UTF-8?q?Native=E6=9D=83=E9=99=90=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: jiangminsen --- services/dbms/src/distributed_bms.cpp | 29 ++++++++++++--------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/services/dbms/src/distributed_bms.cpp b/services/dbms/src/distributed_bms.cpp index d471f2c..8b94052 100644 --- a/services/dbms/src/distributed_bms.cpp +++ b/services/dbms/src/distributed_bms.cpp @@ -312,10 +312,9 @@ int32_t DistributedBms::GetAbilityInfo(const OHOS::AppExecFwk::ElementName &elem { APP_LOGI("DistributedBms GetAbilityInfo bundleName:%{public}s , abilityName:%{public}s, localeInfo:%{public}s", elementName.GetBundleName().c_str(), elementName.GetAbilityName().c_str(), localeInfo.c_str()); - Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); - if (!VerifyTokenNative(callerToken) && !VerifyTokenShell(callerToken)) { - APP_LOGE("caller is not native"); - return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED; + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + APP_LOGE("verify GET_BUNDLE_INFO_PRIVILEGED failed"); + return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } auto iBundleMgr = GetBundleMgr(); if (!iBundleMgr) { @@ -417,10 +416,9 @@ int32_t DistributedBms::GetAbilityInfos(const std::vector &elementN const std::string &localeInfo, std::vector &remoteAbilityInfos) { APP_LOGD("DistributedBms GetAbilityInfos"); - Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); - if (!VerifyTokenNative(callerToken) && !VerifyTokenShell(callerToken)) { - APP_LOGE("caller is not native"); - return ERR_BUNDLE_MANAGER_SYSTEM_API_DENIED; + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + APP_LOGE("verify GET_BUNDLE_INFO_PRIVILEGED failed"); + return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } for (auto elementName : elementNames) { RemoteAbilityInfo remoteAbilityInfo; @@ -446,6 +444,10 @@ bool DistributedBms::GetMediaBase64(std::unique_ptr &data, int64_t fi bool DistributedBms::GetDistributedBundleInfo(const std::string &networkId, const std::string &bundleName, DistributedBundleInfo &distributedBundleInfo) { + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + APP_LOGE("verify GET_BUNDLE_INFO_PRIVILEGED failed"); + return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; + } #ifdef HICOLLIE_ENABLE int timerId = HiviewDFX::XCollie::GetInstance().SetTimer("GetDistributedBundleInfo", LOCAL_TIME_OUT_SECONDS, nullptr, nullptr, HiviewDFX::XCOLLIE_FLAG_RECOVERY); @@ -461,10 +463,9 @@ bool DistributedBms::GetDistributedBundleInfo(const std::string &networkId, cons int32_t DistributedBms::GetDistributedBundleName(const std::string &networkId, uint32_t accessTokenId, std::string &bundleName) { - Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); - if (!VerifyTokenNative(callerToken) && !VerifyTokenShell(callerToken)) { - APP_LOGE("caller tokenType not native or shell, verify failed"); - return ERR_APPEXECFWK_PARCEL_ERROR; + if (!VerifyCallingPermission(Constants::PERMISSION_GET_BUNDLE_INFO_PRIVILEGED)) { + APP_LOGE("verify calling permission failed"); + return ERR_BUNDLE_MANAGER_PERMISSION_DENIED; } #ifdef HICOLLIE_ENABLE int timerId = HiviewDFX::XCollie::GetInstance().SetTimer("GetDistributedBundleName", LOCAL_TIME_OUT_SECONDS, @@ -572,10 +573,6 @@ bool DistributedBms::VerifyCallingPermission(const std::string &permissionName) { APP_LOGD("VerifyCallingPermission permission %{public}s", permissionName.c_str()); Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); - if (VerifyTokenNative(callerToken)) { - APP_LOGD("caller tokenType is native, verify success"); - return true; - } int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, permissionName); if (ret == OHOS::Security::AccessToken::PermissionState::PERMISSION_DENIED) { APP_LOGE("permission %{public}s: PERMISSION_DENIED", permissionName.c_str()); -- Gitee