From 2e7f8350fad79fa0bb180ddc652713279d879629 Mon Sep 17 00:00:00 2001 From: zhaohang Date: Fri, 27 Sep 2024 17:42:25 +0800 Subject: [PATCH] test Signed-off-by: zhaohang --- bundle.json | 5 +++- napi/BUILD.gn | 4 +++ napi/napi_query_syscap.cpp | 52 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) diff --git a/bundle.json b/bundle.json index d8415a7..681685b 100644 --- a/bundle.json +++ b/bundle.json @@ -27,7 +27,10 @@ "components": [ "napi", "bounds_checking_function", - "cJSON" + "cJSON", + "access_token", + "ipc", + "c_utils" ], "third_party": [] }, diff --git a/napi/BUILD.gn b/napi/BUILD.gn index 5db0659..95cfa0f 100644 --- a/napi/BUILD.gn +++ b/napi/BUILD.gn @@ -44,8 +44,12 @@ ohos_shared_library("systemcapability") { deps = [ ":query_syscap_js" ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "bounds_checking_function:libsec_static", + "ipc:ipc_core", "napi:ace_napi", + "c_utils:utils", ] if (syscap_codec_config_extern_path != "") { diff --git a/napi/napi_query_syscap.cpp b/napi/napi_query_syscap.cpp index f089b36..cd235bb 100644 --- a/napi/napi_query_syscap.cpp +++ b/napi/napi_query_syscap.cpp @@ -21,6 +21,9 @@ #include "napi/native_node_api.h" #include "syscap_interface.h" #include "context_tool.h" +#include "accesstoken_kit.h" +#include "tokenid_kit.h" +#include "ipc_skeleton.h" namespace OHOS { EXTERN_C_START @@ -50,6 +53,48 @@ struct SystemCapabilityAsyncContext { int status = 0; }; +unsigned int GetCallingTokenID() +{ + auto callerToken = IPCSkeleton::GetCallingTokenID(); + // TAG_LOGD(AAFwkTag::DEFAULT, "callerToken: %{private}u", callerToken); + return callerToken; +} + +bool IsSACall() +{ + // TAG_LOGD(AAFwkTag::DEFAULT, "called"); + auto callerToken = GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) { + // TAG_LOGD(AAFwkTag::DEFAULT, "verify success"); + return true; + } + // TAG_LOGD(AAFwkTag::DEFAULT, "Not SA called"); + return false; +} + +bool IsShellCall() +{ + // TAG_LOGD(AAFwkTag::DEFAULT, "called"); + auto callerToken = GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL) { + // TAG_LOGD(AAFwkTag::DEFAULT, "verify success"); + return true; + } + // TAG_LOGD(AAFwkTag::DEFAULT, "Not shell called"); + return false; +} + +bool JudgeCallerIsAllowedToUseSystemAPI() +{ + if (IsSACall() || IsShellCall()) { + return true; + } + auto callerToken = IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerToken); +} + static char* CalculateAllStringLength(char osCapArray[PCID_MAIN_U32][U32_TO_STR_MAX_LEN], char (*priCapArray)[SINGLE_SYSCAP_LEN], bool retBool, int priCapArrayCnt) { @@ -176,6 +221,13 @@ napi_value PreHandleSystemCapability( napi_value QuerySystemCapability(napi_env env, napi_callback_info info) { + if(JudgeCallerIsAllowedToUseSystemAPI()) { + napi_value result= nullptr; + napi_value message = nullptr; + napi_create_string_utf8(env, "not allowed", NAPI_AUTO_LENGTH, &message); + napi_create_error(env, nullptr, message, &result); + return result; + } SystemCapabilityAsyncContext *asyncContext = new SystemCapabilityAsyncContext(); napi_value result = PreHandleSystemCapability(env, info, asyncContext); napi_value resource = nullptr; -- Gitee