From 2f813bfca2dbc8e5f5f9ba9463912253e1bd7904 Mon Sep 17 00:00:00 2001 From: Hollokin Date: Wed, 16 Feb 2022 11:16:37 +0800 Subject: [PATCH 1/5] mediaLibrary Signed-off-by: Hollokin --- conf/config.json | 6 ++ .../adapter/include/permission/visibility.h | 7 +- .../adapter/permission/BUILD.gn | 4 + .../permission/src/meida_lib_checker.cpp | 78 +++++++++++++++++++ .../permission/src/meida_lib_checker.h | 38 +++++++++ 5 files changed, 131 insertions(+), 2 deletions(-) create mode 100644 services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp create mode 100644 services/distributeddataservice/adapter/permission/src/meida_lib_checker.h diff --git a/conf/config.json b/conf/config.json index 3648e364d..8b241c7c2 100644 --- a/conf/config.json +++ b/conf/config.json @@ -22,6 +22,7 @@ "checkers": [ "SystemChecker", "BundleChecker", + "MediaLibraryChecker", "PackageChecker", "ExternalChecker" ], @@ -30,6 +31,11 @@ "bundleName": "bundle_manager_service", "appId": "bundle_manager_service", "checker": "SystemChecker" + }, + { + "bundleName": "com.ohos.medialibrary.MediaLibraryDataA", + "appId": "com.ohos.medialibrary.MediaLibraryDataA", + "checker": "MediaLibraryChecker" } ] }, diff --git a/services/distributeddataservice/adapter/include/permission/visibility.h b/services/distributeddataservice/adapter/include/permission/visibility.h index af8fa9b3d..dd1e8cc77 100644 --- a/services/distributeddataservice/adapter/include/permission/visibility.h +++ b/services/distributeddataservice/adapter/include/permission/visibility.h @@ -13,6 +13,9 @@ * limitations under the License. */ -#ifndef KVSTORE_API -#define KVSTORE_API __attribute__ ((visibility ("default"))) +#ifndef API_EXPORT +#define API_EXPORT __attribute__((visibility ("default"))) #endif +#ifndef KVSTORE_API +#define KVSTORE_API API_EXPORT +#endif \ No newline at end of file diff --git a/services/distributeddataservice/adapter/permission/BUILD.gn b/services/distributeddataservice/adapter/permission/BUILD.gn index 1e2df6263..14e3a7bc8 100755 --- a/services/distributeddataservice/adapter/permission/BUILD.gn +++ b/services/distributeddataservice/adapter/permission/BUILD.gn @@ -15,6 +15,7 @@ import("//build/ohos.gni") ohos_static_library("distributeddata_permission_static") { sources = [ "src/client_permission_validator.cpp", + "src/meida_lib_checker.cpp", "src/permission_validator.cpp", ] @@ -24,8 +25,10 @@ ohos_static_library("distributeddata_permission_static") { "../include/permission", "../include/utils", "//utils/native/base/include", + "//foundation/distributeddatamgr/distributeddatamgr/frameworks/common", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata/include", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/app_distributeddata/include", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework/include", ] if (build_public_version) { @@ -35,6 +38,7 @@ ohos_static_library("distributeddata_permission_static") { deps = [ "../utils:distributeddata_utils_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", "//utils/native/base:utils", ] diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp new file mode 100644 index 000000000..1baa9fc6a --- /dev/null +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "meida_lib_checker.h" + +#define LOG_TAG "MeidaLibChecker" + +#include +#include "bundlemgr/bundle_mgr_client.h" +#include "log/log_print.h" +#include "utils/crypto.h" +namespace OHOS { +namespace DistributedData { +using namespace AppExecFwk; +MeidaLibChecker MeidaLibChecker::instance_; +constexpr pid_t MeidaLibChecker::SYSTEM_UID; +MeidaLibChecker::MeidaLibChecker() +{ + CheckerManager::GetInstance().RegisterPlugin( + "MediaLibraryChecker", [this]() -> auto { return this; }); +} + +MeidaLibChecker::~MeidaLibChecker() +{} + +void MeidaLibChecker::Initialize() +{} + +bool MeidaLibChecker::SetTrustInfo(const CheckerManager::Trust &trust) +{ + trusts_[trust.bundleName] = trust.appId; + return true; +} + +std::string MeidaLibChecker::GetAppId(pid_t uid, const std::string &bundleName) +{ + if (!IsValid(uid, bundleName)) { + return ""; + } + BundleMgrClient bmsClient; + std::string orionBundle; + (void)bmsClient.GetBundleNameForUid(uid, orionBundle); + auto bundleInfo = std::make_unique(); + auto success = bmsClient.GetBundleInfo(bundleName, BundleFlag::GET_BUNDLE_DEFAULT, + *bundleInfo, Constants::ANY_USERID); + if (!success) { + return ""; + } + ZLOGD("orion: %{public}s, uid: %{public}d, bundle: %{public}s appId: %{public}s", orionBundle.c_str(), uid, + bundleName.c_str(), bundleInfo->appId.c_str()); + return Crypto::Sha256(bundleInfo->appId); +} + +bool MeidaLibChecker::IsValid(pid_t uid, const std::string &bundleName) +{ + if (trusts_.find(bundleName) == trusts_.end()) { + return false; + } + if (uid < SYSTEM_UID && uid != CheckerManager::INVALID_UID) { + return false; + } + // todo uid-> 应用, 是否对bundleName对应的应用有读写 + return true; +} +} +} \ No newline at end of file diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h new file mode 100644 index 000000000..3ce4b1bec --- /dev/null +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_DISTRIBUTEDDATASERVICE_ADAPTER_PERMISSION_SRC_MEIDA_LIB_CHECKER_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_DISTRIBUTEDDATASERVICE_ADAPTER_PERMISSION_SRC_MEIDA_LIB_CHECKER_H + +#include "checker/checker_manager.h" +namespace OHOS { +namespace DistributedData { +class MeidaLibChecker : public CheckerManager::Checker { +public: + MeidaLibChecker(); + ~MeidaLibChecker(); + void Initialize() override; + bool SetTrustInfo(const DistributedData::CheckerManager::Trust &trust) override; + std::string GetAppId(pid_t uid, const std::string &bundleName) override; + bool IsValid(pid_t uid, const std::string &bundleName) override; +private: + static MeidaLibChecker instance_; + static constexpr pid_t SYSTEM_UID = 10000; + std::map trusts_; +}; +} +} + +#endif // OHOS_DISTRIBUTED_DATA_SERVICES_DISTRIBUTEDDATASERVICE_ADAPTER_PERMISSION_SRC_MEIDA_LIB_CHECKER_H -- Gitee From d53cc0e90553e85902e86e565fa241aef6d2216d Mon Sep 17 00:00:00 2001 From: Hollokin Date: Wed, 16 Feb 2022 11:28:53 +0800 Subject: [PATCH 2/5] mediaLibrary Signed-off-by: Hollokin --- .../adapter/include/permission/visibility.h | 3 +++ .../adapter/permission/src/meida_lib_checker.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/adapter/include/permission/visibility.h b/services/distributeddataservice/adapter/include/permission/visibility.h index dd1e8cc77..ffe1d65f1 100644 --- a/services/distributeddataservice/adapter/include/permission/visibility.h +++ b/services/distributeddataservice/adapter/include/permission/visibility.h @@ -13,9 +13,12 @@ * limitations under the License. */ +#ifndef PERMISSION_VISIBILITY_H +#define PERMISSION_VISIBILITY_H #ifndef API_EXPORT #define API_EXPORT __attribute__((visibility ("default"))) #endif #ifndef KVSTORE_API #define KVSTORE_API API_EXPORT +#endif #endif \ No newline at end of file diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h index 3ce4b1bec..886737301 100644 --- a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h @@ -28,7 +28,7 @@ public: std::string GetAppId(pid_t uid, const std::string &bundleName) override; bool IsValid(pid_t uid, const std::string &bundleName) override; private: - static MeidaLibChecker instance_; + static MeidaLibChecker instance_ noexcept; static constexpr pid_t SYSTEM_UID = 10000; std::map trusts_; }; -- Gitee From d268724a91235ede30136c212e6194a60dac3a9a Mon Sep 17 00:00:00 2001 From: Hollokin Date: Wed, 16 Feb 2022 11:35:05 +0800 Subject: [PATCH 3/5] mediaLibrary Signed-off-by: Hollokin --- .../adapter/permission/src/meida_lib_checker.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp index 1baa9fc6a..738fcfdd8 100644 --- a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp @@ -24,7 +24,7 @@ namespace OHOS { namespace DistributedData { using namespace AppExecFwk; -MeidaLibChecker MeidaLibChecker::instance_; +MeidaLibChecker MeidaLibChecker::instance_ noexcept; constexpr pid_t MeidaLibChecker::SYSTEM_UID; MeidaLibChecker::MeidaLibChecker() { -- Gitee From 888d0bc4857b25661a1454b29936c36ad0b3aa4e Mon Sep 17 00:00:00 2001 From: Hollokin Date: Wed, 16 Feb 2022 11:40:19 +0800 Subject: [PATCH 4/5] mediaLibrary Signed-off-by: Hollokin --- .../adapter/permission/src/meida_lib_checker.cpp | 2 +- .../adapter/permission/src/meida_lib_checker.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp index 738fcfdd8..1baa9fc6a 100644 --- a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp @@ -24,7 +24,7 @@ namespace OHOS { namespace DistributedData { using namespace AppExecFwk; -MeidaLibChecker MeidaLibChecker::instance_ noexcept; +MeidaLibChecker MeidaLibChecker::instance_; constexpr pid_t MeidaLibChecker::SYSTEM_UID; MeidaLibChecker::MeidaLibChecker() { diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h index 886737301..491d1fd89 100644 --- a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.h @@ -21,14 +21,14 @@ namespace OHOS { namespace DistributedData { class MeidaLibChecker : public CheckerManager::Checker { public: - MeidaLibChecker(); + MeidaLibChecker() noexcept; ~MeidaLibChecker(); void Initialize() override; bool SetTrustInfo(const DistributedData::CheckerManager::Trust &trust) override; std::string GetAppId(pid_t uid, const std::string &bundleName) override; bool IsValid(pid_t uid, const std::string &bundleName) override; private: - static MeidaLibChecker instance_ noexcept; + static MeidaLibChecker instance_; static constexpr pid_t SYSTEM_UID = 10000; std::map trusts_; }; -- Gitee From b1b5d3b7a5954c807e90e4b538a0ff2a4d9c3ab4 Mon Sep 17 00:00:00 2001 From: Hollokin Date: Wed, 16 Feb 2022 13:42:32 +0800 Subject: [PATCH 5/5] mediaLibrary Signed-off-by: Hollokin --- .../adapter/permission/src/meida_lib_checker.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp index 1baa9fc6a..e878d45ff 100644 --- a/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp +++ b/services/distributeddataservice/adapter/permission/src/meida_lib_checker.cpp @@ -26,7 +26,7 @@ namespace DistributedData { using namespace AppExecFwk; MeidaLibChecker MeidaLibChecker::instance_; constexpr pid_t MeidaLibChecker::SYSTEM_UID; -MeidaLibChecker::MeidaLibChecker() +MeidaLibChecker::MeidaLibChecker() noexcept { CheckerManager::GetInstance().RegisterPlugin( "MediaLibraryChecker", [this]() -> auto { return this; }); -- Gitee