diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index a2ea71cf44720ce97423cf1140f3de53a08ea313..4a23f2cd1e4499ad865960ae2b5480b481179e9a 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -29,6 +29,7 @@ ohos_source_set("distributeddata_config") { "src/model/checker_config.cpp", "src/model/cloud_config.cpp", "src/model/component_config.cpp", + "src/model/datashare_config.cpp", "src/model/directory_config.cpp", "src/model/global_config.cpp", "src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/config/include/model/datashare_config.h b/services/distributeddataservice/service/config/include/model/datashare_config.h new file mode 100644 index 0000000000000000000000000000000000000000..4487c0d1bcbaa3f4f0f6a5af936a31fb0cea4631 --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/datashare_config.h @@ -0,0 +1,29 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H + +#include "serializable/serializable.h" +namespace OHOS { +namespace DistributedData { +class DataShareConfig final : public Serializable { +public: + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + std::vector dataShareExtNames; +}; +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 91f5a237b3b7309f0e34444e1c4f2cebdb574a8f..63daeeeba8edbcdbc1ad1b6f2515a415effdd6ee 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -20,6 +20,7 @@ #include "model/checker_config.h" #include "model/cloud_config.h" #include "model/component_config.h" +#include "model/datashare_config.h" #include "model/directory_config.h" #include "model/network_config.h" #include "model/thread_config.h" diff --git a/services/distributeddataservice/service/config/src/model/datashare_config.cpp b/services/distributeddataservice/service/config/src/model/datashare_config.cpp new file mode 100644 index 0000000000000000000000000000000000000000..0eae37a2bb68630dadcef21cf9a51dbed30ed307 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/datashare_config.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "model/datashare_config.h" +namespace OHOS { +namespace DistributedData { +bool DataShareConfig::Marshal(json &node) const +{ + SetValue(node[GET_NAME(dataShareExtNames)], dataShareExtNames); + return true; +} + +bool DataShareConfig::Unmarshal(const json &node) +{ + GetValue(node, GET_NAME(dataShareExtNames), dataShareExtNames); + return true; +} +} // namespace DistributedData +} // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/data_share/BUILD.gn b/services/distributeddataservice/service/data_share/BUILD.gn index 5f435aa5e4e169b70ece36b0534ce9b73bc877a1..5ec4cebda9ce368eb2882323e2f061aa9a95f474 100644 --- a/services/distributeddataservice/service/data_share/BUILD.gn +++ b/services/distributeddataservice/service/data_share/BUILD.gn @@ -48,6 +48,7 @@ ohos_source_set("data_share_service") { sources = [ "common/app_connect_manager.cpp", "common/bundle_mgr_proxy.cpp", + "common/common_utils.cpp", "common/db_delegate.cpp", "common/div_strategy.cpp", "common/extension_ability_manager.cpp", diff --git a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp index 410408bebdc46acdf66bf3aeaac84aff456fb54b..4e5e29b04eac7e6b3eb3cdfa75bab08b493bbffa 100644 --- a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp +++ b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp @@ -16,6 +16,7 @@ #include "bundle_mgr_proxy.h" #include "account/account_delegate.h" +#include "common_utils.h" #include "datashare_errno.h" #include "datashare_radar_reporter.h" #include "if_system_ability_manager.h" @@ -114,6 +115,23 @@ int BundleMgrProxy::GetBundleInfoFromBMS( return E_OK; } +int BundleMgrProxy::GetBundleInfoFromBMSWithCheck( + const std::string &bundleName, int32_t userId, BundleConfig &bundleConfig, int32_t appIndex) +{ + int res = GetBundleInfoFromBMS(bundleName, userId, bundleConfig, appIndex); + if (res != E_OK) { + return res; + } + // Not allow normal app visit normal app. + if (!DataShareThreadLocal::IsFromSystemApp() && !bundleConfig.isSystemApp) { + ZLOGE("Not allow normal app visit normal app, bundle:%{public}s, callingPid:%{public}d", + bundleName.c_str(), IPCSkeleton::GetCallingPid()); + return E_NOT_SYSTEM_APP; + } + + return E_OK; +} + std::pair BundleMgrProxy::GetCallerAppIdentifier( const std::string &bundleName, int32_t userId) { @@ -199,6 +217,7 @@ std::pair BundleMgrProxy::ConvertToDataShareBundle(AppExecFwk return std::make_pair(err, bundleConfig); } bundleConfig.extensionInfos = extensionInfos; + bundleConfig.isSystemApp = bundleInfo.applicationInfo.isSystemApp; return std::make_pair(E_OK, bundleConfig); } diff --git a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h index 71bcc496eb74f059dc2830fcd47a6aaa767bb735..c0c3d774e82fdbdbe7415ee47e27ef63020e1910 100644 --- a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h +++ b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h @@ -57,6 +57,7 @@ struct ExtensionAbilityInfo { struct BundleConfig { std::string name; bool singleton = false; + bool isSystemApp = false; std::vector hapModuleInfos; std::vector extensionInfos; }; @@ -67,6 +68,8 @@ public: static std::shared_ptr GetInstance(); int GetBundleInfoFromBMS(const std::string &bundleName, int32_t userId, BundleConfig &bundleConfig, int32_t appIndex = 0); + int GetBundleInfoFromBMSWithCheck(const std::string &bundleName, int32_t userId, + BundleConfig &bundleConfig, int32_t appIndex = 0); void Delete(const std::string &bundleName, int32_t userId, int32_t appIndex); sptr CheckBMS(); std::pair GetCallerAppIdentifier(const std::string &bundleName, int32_t userId); diff --git a/services/distributeddataservice/service/data_share/common/common_utils.cpp b/services/distributeddataservice/service/data_share/common/common_utils.cpp new file mode 100644 index 0000000000000000000000000000000000000000..deeab89cba0a01c3516b8f121b8a9bc15e5b4f91 --- /dev/null +++ b/services/distributeddataservice/service/data_share/common/common_utils.cpp @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#define LOG_TAG "CommonUtils" +#include "common_utils.h" + +#include "accesstoken_kit.h" +#include "config_factory.h" +#include "log_print.h" +#include "tokenid_kit.h" + +namespace OHOS::DataShare { + +bool& DataShareThreadLocal::GetFromSystemApp() +{ + static thread_local bool isFromSystemApp = true; + return isFromSystemApp; +} + +void DataShareThreadLocal::SetFromSystemApp(bool isFromSystemApp) +{ + GetFromSystemApp() = isFromSystemApp; +} + +bool DataShareThreadLocal::IsFromSystemApp() +{ + return GetFromSystemApp(); +} + +void DataShareThreadLocal::CleanFromSystemApp() +{ + SetFromSystemApp(true); +} + +bool CheckSystemAbility(uint32_t tokenId) +{ + Security::AccessToken::ATokenTypeEnum tokenType = + Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); + return (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || + tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL); +} + +// GetTokenType use tokenId, and IsSystemApp use fullTokenId, these are different +bool CheckSystemCallingPermission(uint32_t tokenId, uint64_t fullTokenId) +{ + if (CheckSystemAbility(tokenId)) { + return true; + } + // IsSystemAppByFullTokenID here is not IPC + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +} // namespace OHOS::DataShare diff --git a/services/distributeddataservice/service/data_share/common/common_utils.h b/services/distributeddataservice/service/data_share/common/common_utils.h new file mode 100644 index 0000000000000000000000000000000000000000..1b8379dc7fdb2f7329ceaac9acabeda848921454 --- /dev/null +++ b/services/distributeddataservice/service/data_share/common/common_utils.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef DATASHARESERVICE_COMMON_UTILS_H +#define DATASHARESERVICE_COMMON_UTILS_H + +#include +#include + +namespace OHOS::DataShare { +struct DataShareThreadLocal { + static bool& GetFromSystemApp(); + static void SetFromSystemApp(bool isFromSystemApp); + static bool IsFromSystemApp(); + static void CleanFromSystemApp(); +}; + +bool CheckSystemAbility(uint32_t tokenId); + +bool CheckSystemCallingPermission(uint32_t tokenId, uint64_t fullTokenId); + +} // namespace OHOS::DataShare +#endif // DATASHARESERVICE_COMMON_UTILS_H diff --git a/services/distributeddataservice/service/data_share/data_provider_config.cpp b/services/distributeddataservice/service/data_share/data_provider_config.cpp index e713b4acb9a0df4e915dab75eff1218e662fa404..bb529bd9f1fc81e57d7ff9458bfc1259118a0f38 100644 --- a/services/distributeddataservice/service/data_share/data_provider_config.cpp +++ b/services/distributeddataservice/service/data_share/data_provider_config.cpp @@ -61,7 +61,7 @@ std::pair DataProviderConfig::GetBundleInfo() } providerInfo_.bundleName = uriConfig_.pathSegments[0]; } - auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( providerInfo_.bundleName, providerInfo_.visitedUserId, bundleInfo, providerInfo_.appIndex); return std::make_pair(ret, bundleInfo); } @@ -155,7 +155,7 @@ int DataProviderConfig::GetFromExtension() return E_URI_NOT_EXIST; } BundleConfig bundleInfo; - auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( providerInfo_.bundleName, providerInfo_.visitedUserId, bundleInfo, providerInfo_.appIndex); if (ret != E_OK) { ZLOGE("BundleInfo failed! bundleName: %{public}s", providerInfo_.bundleName.c_str()); diff --git a/services/distributeddataservice/service/data_share/data_share_profile_config.cpp b/services/distributeddataservice/service/data_share/data_share_profile_config.cpp index 9787d9df1dc7c2db46c955850895215c386a399c..ecf2ab8cdc64a6f349d993d1fd9770a3d3900ed2 100644 --- a/services/distributeddataservice/service/data_share/data_share_profile_config.cpp +++ b/services/distributeddataservice/service/data_share/data_share_profile_config.cpp @@ -275,9 +275,9 @@ bool DataShareProfileConfig::GetProfileInfo(const std::string &calledBundleName, { BundleConfig bundleInfo; // profile is the same when app clone - if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS(calledBundleName, + if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck(calledBundleName, currentUserId, bundleInfo) != E_OK) { - ZLOGE("data share GetBundleInfoFromBMS failed! bundleName: %{public}s, currentUserId = %{public}d", + ZLOGE("data share GetBundleInfoFromBMSWithCheck failed! bundleName: %{public}s, currentUserId = %{public}d", calledBundleName.c_str(), currentUserId); return false; } diff --git a/services/distributeddataservice/service/data_share/data_share_service_stub.cpp b/services/distributeddataservice/service/data_share/data_share_service_stub.cpp index 229afde9572d7e6fbe7db80d62848490b6cfdfb6..c6e559bcc5ca2cb9b96dcca885702bdb6330439d 100644 --- a/services/distributeddataservice/service/data_share/data_share_service_stub.cpp +++ b/services/distributeddataservice/service/data_share/data_share_service_stub.cpp @@ -337,6 +337,7 @@ int DataShareServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Me ZLOGI("code:%{public}u, callingPid:%{public}d", code, callingPid); } if (!CheckInterfaceToken(data)) { + DataShareThreadLocal::CleanFromSystemApp(); return DATA_SHARE_ERROR; } int res = -1; @@ -355,6 +356,7 @@ int DataShareServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Me } HiViewAdapter::GetInstance().ReportDataStatistic(callerInfo); } + DataShareThreadLocal::CleanFromSystemApp(); return res; } diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index 9b359e5aa7403c2de5dab19fa3a08745571c26f7..8e5349766e81363e65c524bd30cb267da28c8bd9 100755 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -85,6 +85,7 @@ ohos_unittest("CloudDataTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", @@ -180,6 +181,7 @@ ohos_unittest("CloudServiceImplTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", @@ -964,6 +966,7 @@ ohos_unittest("DataShareServiceImplTest") { "${data_service_path}/service/crypto/src/crypto_manager.cpp", "${data_service_path}/service/data_share/common/app_connect_manager.cpp", "${data_service_path}/service/data_share/common/bundle_mgr_proxy.cpp", + "${data_service_path}/service/data_share/common/common_utils.cpp", "${data_service_path}/service/data_share/common/db_delegate.cpp", "${data_service_path}/service/data_share/common/div_strategy.cpp", "${data_service_path}/service/data_share/common/extension_ability_manager.cpp", @@ -1503,6 +1506,7 @@ ohos_unittest("BootStrapMockTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn index 30cc77cc748c64e3ef674068fafafea32640ed01..d0adfce565374bb5eb55a2e14879a93a852a9223 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn @@ -82,6 +82,7 @@ ohos_fuzztest("CloudServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn index 67dd09415dd34bb43fbcf57b9e30b2ac55a2a287..e962d4b5674fe5c8b0c936da98952f42fabc7b1d 100644 --- a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn @@ -55,6 +55,7 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "${data_service_path}/service/crypto/src/crypto_manager.cpp", "${data_service_path}/service/data_share/common/app_connect_manager.cpp", "${data_service_path}/service/data_share/common/bundle_mgr_proxy.cpp", + "${data_service_path}/service/data_share/common/common_utils.cpp", "${data_service_path}/service/data_share/common/db_delegate.cpp", "${data_service_path}/service/data_share/common/div_strategy.cpp", "${data_service_path}/service/data_share/common/extension_ability_manager.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn index 458b5897bf2849a02ae9326a051db12313c77e9d..c4b2cd8913f67b4237ebeec24a58f58f18284c45 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn @@ -69,6 +69,7 @@ ohos_fuzztest("KvdbServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn index 336b0dbfc3561fdf79595a75894079899c6f2b08..5f3f05b54f4270ff020a20c8d9d055202c0a118e 100755 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn @@ -68,6 +68,7 @@ ohos_fuzztest("ObjectServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn index 43309645c3d16e6b79f0699cab22f4d3f8c1cb21..aed9464ea284e711641e671c23e62c3685137a4f 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn @@ -74,6 +74,7 @@ ohos_fuzztest("RdbServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp",