diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index a2ea71cf44720ce97423cf1140f3de53a08ea313..4a23f2cd1e4499ad865960ae2b5480b481179e9a 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -29,6 +29,7 @@ ohos_source_set("distributeddata_config") { "src/model/checker_config.cpp", "src/model/cloud_config.cpp", "src/model/component_config.cpp", + "src/model/datashare_config.cpp", "src/model/directory_config.cpp", "src/model/global_config.cpp", "src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index bce10b04a32c1579e11d31ab5f84100eb91a15a4..73a4c28a1e69a78bcbc199c54ba70eae5229062a 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -33,6 +33,7 @@ public: API_EXPORT CloudConfig *GetCloudConfig(); API_EXPORT std::vector *GetAppIdMappingConfig(); API_EXPORT ThreadConfig *GetThreadConfig(); + API_EXPORT DataShareConfig *GetDataShareConfig(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/datashare_config.h b/services/distributeddataservice/service/config/include/model/datashare_config.h new file mode 100644 index 0000000000000000000000000000000000000000..4487c0d1bcbaa3f4f0f6a5af936a31fb0cea4631 --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/datashare_config.h @@ -0,0 +1,29 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H + +#include "serializable/serializable.h" +namespace OHOS { +namespace DistributedData { +class DataShareConfig final : public Serializable { +public: + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + std::vector dataShareExtNames; +}; +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_DATASHARE_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 91f5a237b3b7309f0e34444e1c4f2cebdb574a8f..550056a7958c069154df9fa5c73fdc3551b3d532 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -20,6 +20,7 @@ #include "model/checker_config.h" #include "model/cloud_config.h" #include "model/component_config.h" +#include "model/datashare_config.h" #include "model/directory_config.h" #include "model/network_config.h" #include "model/thread_config.h" @@ -40,6 +41,7 @@ public: CloudConfig *cloud = nullptr; std::vector *appIdMapping = nullptr; ThreadConfig *thread = nullptr; + DataShareConfig *dataShare = nullptr; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 3b05fce80631bf9ee5ea0b5bad1b6a56172cf3c8..3e462ebd4468a70b69718c5d776a3e7fdae5a0c6 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -91,5 +91,10 @@ ThreadConfig *ConfigFactory::GetThreadConfig() { return config_.thread; } + +DataShareConfig *ConfigFactory::GetDataShareConfig() +{ + return config_.dataShare; +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/datashare_config.cpp b/services/distributeddataservice/service/config/src/model/datashare_config.cpp new file mode 100644 index 0000000000000000000000000000000000000000..0eae37a2bb68630dadcef21cf9a51dbed30ed307 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/datashare_config.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "model/datashare_config.h" +namespace OHOS { +namespace DistributedData { +bool DataShareConfig::Marshal(json &node) const +{ + SetValue(node[GET_NAME(dataShareExtNames)], dataShareExtNames); + return true; +} + +bool DataShareConfig::Unmarshal(const json &node) +{ + GetValue(node, GET_NAME(dataShareExtNames), dataShareExtNames); + return true; +} +} // namespace DistributedData +} // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index e64b012260e566a811e6883f32ab5f12e90bce1b..f57bbaa7b4ef284d626c51f1804ea30f723daf92 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -30,6 +30,7 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(cloud)], cloud); SetValue(node[GET_NAME(appIdMapping)], appIdMapping); SetValue(node[GET_NAME(thread)], thread); + SetValue(node[GET_NAME(dataShare)], dataShare); return true; } @@ -47,6 +48,7 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(cloud), cloud); GetValue(node, GET_NAME(appIdMapping), appIdMapping); GetValue(node, GET_NAME(thread), thread); + GetValue(node, GET_NAME(dataShare), dataShare); return true; } @@ -60,6 +62,7 @@ GlobalConfig::~GlobalConfig() delete cloud; delete appIdMapping; delete thread; + delete dataShare; } } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/data_share/BUILD.gn b/services/distributeddataservice/service/data_share/BUILD.gn index eaf4be146711e46d2c76a22e1228df13d78ffea0..ca8a65779ba840c7ed6f445412003e16852bb2fe 100644 --- a/services/distributeddataservice/service/data_share/BUILD.gn +++ b/services/distributeddataservice/service/data_share/BUILD.gn @@ -28,6 +28,7 @@ config("module_public_config") { "${datashare_path}/interfaces/inner_api/common/include", "${datashare_path}/interfaces/inner_api/consumer/include", "${data_service_path}/adapter/include/communicator", + "${data_service_path}/service/config/include", "../common", "../crypto/include", "../permission/include", @@ -48,6 +49,7 @@ ohos_source_set("data_share_service") { sources = [ "common/app_connect_manager.cpp", "common/bundle_mgr_proxy.cpp", + "common/common_utils.cpp", "common/db_delegate.cpp", "common/div_strategy.cpp", "common/extension_ability_manager.cpp", @@ -125,7 +127,6 @@ ohos_source_set("data_share_service") { "hicollie:libhicollie", "hilog:libhilog", "hisysevent:libhisysevent", - "init:libbegetutil", "ipc:ipc_core", "json:nlohmann_json_static", "kv_store:datamgr_common", diff --git a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp index 410408bebdc46acdf66bf3aeaac84aff456fb54b..4e5e29b04eac7e6b3eb3cdfa75bab08b493bbffa 100644 --- a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp +++ b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.cpp @@ -16,6 +16,7 @@ #include "bundle_mgr_proxy.h" #include "account/account_delegate.h" +#include "common_utils.h" #include "datashare_errno.h" #include "datashare_radar_reporter.h" #include "if_system_ability_manager.h" @@ -114,6 +115,23 @@ int BundleMgrProxy::GetBundleInfoFromBMS( return E_OK; } +int BundleMgrProxy::GetBundleInfoFromBMSWithCheck( + const std::string &bundleName, int32_t userId, BundleConfig &bundleConfig, int32_t appIndex) +{ + int res = GetBundleInfoFromBMS(bundleName, userId, bundleConfig, appIndex); + if (res != E_OK) { + return res; + } + // Not allow normal app visit normal app. + if (!DataShareThreadLocal::IsFromSystemApp() && !bundleConfig.isSystemApp) { + ZLOGE("Not allow normal app visit normal app, bundle:%{public}s, callingPid:%{public}d", + bundleName.c_str(), IPCSkeleton::GetCallingPid()); + return E_NOT_SYSTEM_APP; + } + + return E_OK; +} + std::pair BundleMgrProxy::GetCallerAppIdentifier( const std::string &bundleName, int32_t userId) { @@ -199,6 +217,7 @@ std::pair BundleMgrProxy::ConvertToDataShareBundle(AppExecFwk return std::make_pair(err, bundleConfig); } bundleConfig.extensionInfos = extensionInfos; + bundleConfig.isSystemApp = bundleInfo.applicationInfo.isSystemApp; return std::make_pair(E_OK, bundleConfig); } diff --git a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h index 71bcc496eb74f059dc2830fcd47a6aaa767bb735..80c054f8a405519493aa4ae8fd79e43a67148da6 100644 --- a/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h +++ b/services/distributeddataservice/service/data_share/common/bundle_mgr_proxy.h @@ -57,6 +57,7 @@ struct ExtensionAbilityInfo { struct BundleConfig { std::string name; bool singleton = false; + bool isSystemApp = false; std::vector hapModuleInfos; std::vector extensionInfos; }; @@ -67,6 +68,8 @@ public: static std::shared_ptr GetInstance(); int GetBundleInfoFromBMS(const std::string &bundleName, int32_t userId, BundleConfig &bundleConfig, int32_t appIndex = 0); + int GetBundleInfoFromBMSWithCheck(const std::string &bundleName, int32_t userId, + BundleConfig &bundleConfig, int32_t appIndex = 0); void Delete(const std::string &bundleName, int32_t userId, int32_t appIndex); sptr CheckBMS(); std::pair GetCallerAppIdentifier(const std::string &bundleName, int32_t userId); diff --git a/services/distributeddataservice/service/data_share/common/common_utils.cpp b/services/distributeddataservice/service/data_share/common/common_utils.cpp new file mode 100644 index 0000000000000000000000000000000000000000..deeab89cba0a01c3516b8f121b8a9bc15e5b4f91 --- /dev/null +++ b/services/distributeddataservice/service/data_share/common/common_utils.cpp @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#define LOG_TAG "CommonUtils" +#include "common_utils.h" + +#include "accesstoken_kit.h" +#include "config_factory.h" +#include "log_print.h" +#include "tokenid_kit.h" + +namespace OHOS::DataShare { + +bool& DataShareThreadLocal::GetFromSystemApp() +{ + static thread_local bool isFromSystemApp = true; + return isFromSystemApp; +} + +void DataShareThreadLocal::SetFromSystemApp(bool isFromSystemApp) +{ + GetFromSystemApp() = isFromSystemApp; +} + +bool DataShareThreadLocal::IsFromSystemApp() +{ + return GetFromSystemApp(); +} + +void DataShareThreadLocal::CleanFromSystemApp() +{ + SetFromSystemApp(true); +} + +bool CheckSystemAbility(uint32_t tokenId) +{ + Security::AccessToken::ATokenTypeEnum tokenType = + Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); + return (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || + tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL); +} + +// GetTokenType use tokenId, and IsSystemApp use fullTokenId, these are different +bool CheckSystemCallingPermission(uint32_t tokenId, uint64_t fullTokenId) +{ + if (CheckSystemAbility(tokenId)) { + return true; + } + // IsSystemAppByFullTokenID here is not IPC + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +} // namespace OHOS::DataShare diff --git a/services/distributeddataservice/service/data_share/common/common_utils.h b/services/distributeddataservice/service/data_share/common/common_utils.h new file mode 100644 index 0000000000000000000000000000000000000000..1b8379dc7fdb2f7329ceaac9acabeda848921454 --- /dev/null +++ b/services/distributeddataservice/service/data_share/common/common_utils.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef DATASHARESERVICE_COMMON_UTILS_H +#define DATASHARESERVICE_COMMON_UTILS_H + +#include +#include + +namespace OHOS::DataShare { +struct DataShareThreadLocal { + static bool& GetFromSystemApp(); + static void SetFromSystemApp(bool isFromSystemApp); + static bool IsFromSystemApp(); + static void CleanFromSystemApp(); +}; + +bool CheckSystemAbility(uint32_t tokenId); + +bool CheckSystemCallingPermission(uint32_t tokenId, uint64_t fullTokenId); + +} // namespace OHOS::DataShare +#endif // DATASHARESERVICE_COMMON_UTILS_H diff --git a/services/distributeddataservice/service/data_share/common/scheduler_manager.cpp b/services/distributeddataservice/service/data_share/common/scheduler_manager.cpp index 79ca80155a6e32bfd36ac2af3417040ab57d13b1..edd06fb061f5dc455085d2ed06dd9311219c0a64 100644 --- a/services/distributeddataservice/service/data_share/common/scheduler_manager.cpp +++ b/services/distributeddataservice/service/data_share/common/scheduler_manager.cpp @@ -87,6 +87,13 @@ void SchedulerManager::Stop(const Key &key) void SchedulerManager::Enable(const Key &key, int32_t userId, const DistributedData::StoreMetaData &metaData) { + Template tpl; + if (!TemplateManager::GetInstance().Get(key, userId, tpl) || + tpl.scheduler_.empty() || tpl.scheduler_.find(REMIND_TIMER_FUNC) == std::string::npos) { + ZLOGE("find template scheduler failed, %{public}s, %{public}" PRId64 ", %{public}s", + DistributedData::Anonymous::Change(key.uri).c_str(), key.subscriberId, key.bundleName.c_str()); + return; + } bool isTimerStopped = false; { std::lock_guard lock(mutex_); diff --git a/services/distributeddataservice/service/data_share/data_provider_config.cpp b/services/distributeddataservice/service/data_share/data_provider_config.cpp index e713b4acb9a0df4e915dab75eff1218e662fa404..b6c3d64cc424522156ceecfea702441bc5f5582d 100644 --- a/services/distributeddataservice/service/data_share/data_provider_config.cpp +++ b/services/distributeddataservice/service/data_share/data_provider_config.cpp @@ -20,10 +20,13 @@ #include "accesstoken_kit.h" #include "account/account_delegate.h" +#include "config_factory.h" #include "datashare_errno.h" #include "hap_token_info.h" +#include "ipc_skeleton.h" #include "log_print.h" #include "strategies/general/load_config_common_strategy.h" +#include "tokenid_kit.h" #include "uri_utils.h" #include "utils/anonymous.h" @@ -61,7 +64,7 @@ std::pair DataProviderConfig::GetBundleInfo() } providerInfo_.bundleName = uriConfig_.pathSegments[0]; } - auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( providerInfo_.bundleName, providerInfo_.visitedUserId, bundleInfo, providerInfo_.appIndex); return std::make_pair(ret, bundleInfo); } @@ -155,7 +158,7 @@ int DataProviderConfig::GetFromExtension() return E_URI_NOT_EXIST; } BundleConfig bundleInfo; - auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + auto ret = BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( providerInfo_.bundleName, providerInfo_.visitedUserId, bundleInfo, providerInfo_.appIndex); if (ret != E_OK) { ZLOGE("BundleInfo failed! bundleName: %{public}s", providerInfo_.bundleName.c_str()); @@ -225,6 +228,18 @@ std::pair DataProviderConfig::GetProvider GetMetaDataFromUri(); return std::make_pair(ret, providerInfo_); } + if (ret != E_URI_NOT_EXIST) { + return std::make_pair(ret, providerInfo_); + } + auto fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + Security::AccessToken::HapTokenInfo tokenInfo; + auto result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(IPCSkeleton::GetCallingTokenID(), tokenInfo); + if (!Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId) || + (result == Security::AccessToken::RET_SUCCESS && !IsInExtList(tokenInfo.bundleName))) { + ZLOGE("The URI in the extension, is not allowed for silent access.! ret: %{public}d, bundleName: %{public}s," + "uri: %{public}s", ret, tokenInfo.bundleName.c_str(), providerInfo_.uri.c_str()); + return std::make_pair(ret, providerInfo_); + } ret = GetFromExtension(); if (ret != E_OK) { ZLOGE("Get providerInfo failed! ret: %{public}d, uri: %{public}s", @@ -232,4 +247,14 @@ std::pair DataProviderConfig::GetProvider } return std::make_pair(ret, providerInfo_); } + +bool DataProviderConfig::IsInExtList(const std::string &bundleName) +{ + DataShareConfig *config = ConfigFactory::GetInstance().GetDataShareConfig(); + if (config == nullptr) { + return true; + } + std::vector& extNames = config->dataShareExtNames; + return std::find(extNames.begin(), extNames.end(), bundleName) != extNames.end(); +} } // namespace OHOS::DataShare diff --git a/services/distributeddataservice/service/data_share/data_provider_config.h b/services/distributeddataservice/service/data_share/data_provider_config.h index 6b2770dfe192333d919beb169443e5489ecdb6ea..4c1e26fe7c93ddd4606e455795b80b1811d7ba83 100644 --- a/services/distributeddataservice/service/data_share/data_provider_config.h +++ b/services/distributeddataservice/service/data_share/data_provider_config.h @@ -63,6 +63,7 @@ private: int GetFromExtensionProperties(const ProfileInfo &profileInfo, const std::string &moduleName); void GetMetaDataFromUri(); std::pair GetBundleInfo(); + bool IsInExtList(const std::string &bundleName); enum class PATH_PARAM : int32_t { BUNDLE_NAME = 0, MODULE_NAME, diff --git a/services/distributeddataservice/service/data_share/data_share_profile_config.cpp b/services/distributeddataservice/service/data_share/data_share_profile_config.cpp index 9787d9df1dc7c2db46c955850895215c386a399c..fccf80f34cb137d1527fece548dc8f93dc855533 100644 --- a/services/distributeddataservice/service/data_share/data_share_profile_config.cpp +++ b/services/distributeddataservice/service/data_share/data_share_profile_config.cpp @@ -275,10 +275,10 @@ bool DataShareProfileConfig::GetProfileInfo(const std::string &calledBundleName, { BundleConfig bundleInfo; // profile is the same when app clone - if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS(calledBundleName, + if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck(calledBundleName, currentUserId, bundleInfo) != E_OK) { - ZLOGE("data share GetBundleInfoFromBMS failed! bundleName: %{public}s, currentUserId = %{public}d", - calledBundleName.c_str(), currentUserId); + ZLOGE("data share GetBundleInfoFromBMSWithCheck failed! bundleName: %{public}s, currentUserId = %{public}d", + calledBundleName.c_str(), currentUserId); return false; } for (auto &item : bundleInfo.extensionInfos) { diff --git a/services/distributeddataservice/service/data_share/data_share_service_impl.cpp b/services/distributeddataservice/service/data_share/data_share_service_impl.cpp index 6bb1f5a8886a1d0dff2a7ff8b99b586974ec4711..81cf0c0aa3444cf7e87f718c7baaaefe1f94d42a 100644 --- a/services/distributeddataservice/service/data_share/data_share_service_impl.cpp +++ b/services/distributeddataservice/service/data_share/data_share_service_impl.cpp @@ -58,7 +58,6 @@ #include "utils/anonymous.h" #include "xcollie.h" #include "log_debug.h" -#include "parameters.h" namespace OHOS::DataShare { using FeatureSystem = DistributedData::FeatureSystem; @@ -660,6 +659,7 @@ void DataShareServiceImpl::SaveLaunchInfo(const std::string &bundleName, const s if (profileInfos.empty()) { return; } + StoreMetaData meta = MakeMetaData(bundleName, userId, deviceId); for (auto &[uri, value] : profileInfos) { if (uri.find(EXT_URI_SCHEMA) == std::string::npos) { continue; @@ -670,11 +670,11 @@ void DataShareServiceImpl::SaveLaunchInfo(const std::string &bundleName, const s if (value.launchInfos.empty()) { meta.storeId = ""; AutoLaunchMetaData autoLaunchMetaData = {}; - std::vector tempData = {}; - autoLaunchMetaData.datas.emplace(extUri, tempData); + std::vector tempDatas = {}; + autoLaunchMetaData.datas.emplace(extUri, tempDatas); autoLaunchMetaData.launchForCleanData = value.launchForCleanData; MetaDataManager::GetInstance().SaveMeta(meta.GetAutoLaunchKey(), autoLaunchMetaData, true); - ZLOGI("Without launchInfos, save meta end, bundleName = %{public}s.", bundleName.c_str()); + ZLOGI("without launchInfos, save meta end, bundleName = %{public}s.", bundleName.c_str()); continue; } for (const auto &launchInfo : value.launchInfos) { @@ -707,7 +707,7 @@ void DataShareServiceImpl::AutoLaunch(const Event &event) if (!MetaDataManager::GetInstance().LoadMeta(std::move(meta.GetAutoLaunchKey()), autoLaunchMetaData, true)) { meta.storeId = ""; if (!MetaDataManager::GetInstance().LoadMeta(std::move(meta.GetAutoLaunchKey()), autoLaunchMetaData, true)) { - ZLOGE("No launch meta without storeId, bundleName = %{public}s.", dataInfo.bundleName.c_str()); + ZLOGE("NO autolaunch meta without storeId, bundleName = %{public}s.", dataInfo.bundleName.c_str()); return; } } @@ -716,14 +716,14 @@ void DataShareServiceImpl::AutoLaunch(const Event &event) } for (const auto &[uri, metaTables] : autoLaunchMetaData.datas) { if (dataInfo.tables.empty() && dataInfo.changeType == 1) { - ZLOGI("Start to connect extension, bundlename = %{public}s.", dataInfo.bundleName.c_str()); + ZLOGI("Start to connect extension, bundleName = %{public}s.", dataInfo.bundleName.c_str()); AAFwk::WantParams wantParams; ExtensionConnectAdaptor::TryAndWait(uri, dataInfo.bundleName, wantParams); return; } for (const auto &table : dataInfo.tables) { if (std::find(metaTables.begin(), metaTables.end(), table) != metaTables.end()) { - ZLOGI("Find table, start to connect extension, bundlename = %{public}s.", dataInfo.bundleName.c_str()); + ZLOGI("Find table, start to connect extension, bundleName = %{public}s.", dataInfo.bundleName.c_str()); AAFwk::WantParams wantParams; ExtensionConnectAdaptor::TryAndWait(uri, dataInfo.bundleName, wantParams); break; @@ -972,8 +972,7 @@ bool DataShareServiceImpl::VerifyAcrossAccountsPermission(int32_t currentUserId, if (currentUserId == 0 || currentUserId == visitedUserId) { return true; } - return system::GetBoolParameter(CONNECT_SUPPORT_CROSS_USER, false) && - PermitDelegate::VerifyPermission(acrossAccountsPermission, callerTokenId); + return PermitDelegate::VerifyPermission(acrossAccountsPermission, callerTokenId); } std::pair DataShareServiceImpl::ExecuteEx(const std::string &uri, const std::string &extUri, @@ -1154,7 +1153,7 @@ void DataShareServiceImpl::ReportExcuteFault(uint32_t callingTokenId, DataProvid int32_t errCode, std::string &func) { std::string appendix = "callingName:" + HiViewFaultAdapter::GetCallingName(callingTokenId).first; - DataShareFaultInfo faultInfo = {HiViewFaultAdapter::curdFailed, providerInfo.bundleName, providerInfo.moduleName, + DataShareFaultInfo faultInfo = {HiViewFaultAdapter::curdFailed, providerInfo.bundleName, providerInfo.moduleName, providerInfo.storeName, func, errCode, appendix}; HiViewFaultAdapter::ReportDataFault(faultInfo); } diff --git a/services/distributeddataservice/service/data_share/data_share_service_stub.cpp b/services/distributeddataservice/service/data_share/data_share_service_stub.cpp index 08105b38959988deca560a05c4224d02cbdfa214..3efaf5a181368bdbbab6d759e35f36257e0f223e 100644 --- a/services/distributeddataservice/service/data_share/data_share_service_stub.cpp +++ b/services/distributeddataservice/service/data_share/data_share_service_stub.cpp @@ -18,8 +18,7 @@ #include "data_share_service_stub.h" #include -#include "accesstoken_kit.h" -#include "tokenid_kit.h" +#include "common_utils.h" #include "data_share_obs_proxy.h" #include "hiview_adapter.h" #include "hiview_fault_adapter.h" @@ -342,24 +341,6 @@ int32_t DataShareServiceStub::OnNotifyConnectDone(MessageParcel &data, MessagePa return 0; } -bool DataShareServiceStub::CheckProxyCallingPermission(uint32_t tokenId) -{ - Security::AccessToken::ATokenTypeEnum tokenType = - Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId); - return (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || - tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL); -} - -// GetTokenType use tokenId, and IsSystemApp use fullTokenId, these are different -bool DataShareServiceStub::CheckSystemUidCallingPermission(uint32_t tokenId, uint64_t fullTokenId) -{ - if (CheckProxyCallingPermission(tokenId)) { - return true; - } - // IsSystemAppByFullTokenID here is not IPC - return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - int DataShareServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply) { // set thread qos @@ -374,20 +355,23 @@ int DataShareServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Me std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIME)); } auto callingPid = IPCSkeleton::GetCallingPid(); - if (code >= DATA_SHARE_CMD_SYSTEM_CODE) { - auto fullTokenId = IPCSkeleton::GetCallingFullTokenID(); - if (!CheckSystemUidCallingPermission(IPCSkeleton::GetCallingTokenID(), fullTokenId)) { - ZLOGE("CheckSystemUidCallingPermission fail, token:%{public}" PRIx64 - ", callingPid:%{public}d, code:%{public}u", fullTokenId, callingPid, code); - return E_NOT_SYSTEM_APP; - } - code = code - DATA_SHARE_CMD_SYSTEM_CODE; - } + auto fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + bool isSystemApp = CheckSystemCallingPermission(IPCSkeleton::GetCallingTokenID(), fullTokenId); + DataShareThreadLocal::SetFromSystemApp(isSystemApp); + if (code >= DATA_SHARE_CMD_SYSTEM_CODE) { + if (!isSystemApp) { + ZLOGE("CheckSystemCallingPermission fail, token:%{public}" PRIx64 + ", callingPid:%{public}d, code:%{public}u", fullTokenId, callingPid, code); + return E_NOT_SYSTEM_APP; + } + code = code - DATA_SHARE_CMD_SYSTEM_CODE; + } if (code != DATA_SHARE_SERVICE_CMD_QUERY && code != DATA_SHARE_SERVICE_CMD_GET_SILENT_PROXY_STATUS) { ZLOGI("code:%{public}u, callingPid:%{public}d, qosRet:%{public}d, curLevel:%{public}d", code, callingPid, qosRet, curLevel); } if (!CheckInterfaceToken(data)) { + DataShareThreadLocal::CleanFromSystemApp(); return DATA_SHARE_ERROR; } int res = -1; @@ -406,6 +390,7 @@ int DataShareServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, Me } HiViewAdapter::GetInstance().ReportDataStatistic(callerInfo); } + DataShareThreadLocal::CleanFromSystemApp(); return res; } diff --git a/services/distributeddataservice/service/data_share/data_share_service_stub.h b/services/distributeddataservice/service/data_share/data_share_service_stub.h index a887edb8c652bd682ccbd7acce05188494f6d4bb..47603e95941e975dec375523ecf6d7bbc25f0a81 100644 --- a/services/distributeddataservice/service/data_share/data_share_service_stub.h +++ b/services/distributeddataservice/service/data_share/data_share_service_stub.h @@ -30,8 +30,6 @@ private: class QosManager; static constexpr std::chrono::milliseconds TIME_THRESHOLD = std::chrono::milliseconds(500); static bool CheckInterfaceToken(MessageParcel& data); - bool CheckProxyCallingPermission(uint32_t tokenId); - bool CheckSystemUidCallingPermission(uint32_t tokenId, uint64_t fullTokenId); int32_t OnQuery(MessageParcel& data, MessageParcel& reply); int32_t OnAddTemplate(MessageParcel& data, MessageParcel& reply); int32_t OnDelTemplate(MessageParcel& data, MessageParcel& reply); diff --git a/services/distributeddataservice/service/data_share/strategies/data_proxy/load_config_from_data_proxy_node_strategy.cpp b/services/distributeddataservice/service/data_share/strategies/data_proxy/load_config_from_data_proxy_node_strategy.cpp index c796152ca0fcd267f999c1d713a424cecacb7785..1ff753758d612388bb5c945f46026047ef9add4a 100644 --- a/services/distributeddataservice/service/data_share/strategies/data_proxy/load_config_from_data_proxy_node_strategy.cpp +++ b/services/distributeddataservice/service/data_share/strategies/data_proxy/load_config_from_data_proxy_node_strategy.cpp @@ -30,9 +30,9 @@ bool LoadConfigFromDataProxyNodeStrategy::operator()(std::shared_ptr co return false; } context->type = PUBLISHED_DATA_TYPE; - if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( context->calledBundleName, context->currentUserId, context->bundleInfo) != E_OK) { - ZLOGE("GetBundleInfoFromBMS failed! bundleName: %{public}s", context->calledBundleName.c_str()); + ZLOGE("GetBundleInfoFromBMSWithCheck failed! bundleName: %{public}s", context->calledBundleName.c_str()); context->errCode = E_BUNDLE_NAME_NOT_EXIST; return false; } diff --git a/services/distributeddataservice/service/data_share/strategies/data_share/load_config_from_data_share_bundle_info_strategy.cpp b/services/distributeddataservice/service/data_share/strategies/data_share/load_config_from_data_share_bundle_info_strategy.cpp index 16fe91511f8148f17850e1acccb70dd233a305e5..2b98f63b5282efec7e7f0ce0e51183b81cadd776 100644 --- a/services/distributeddataservice/service/data_share/strategies/data_share/load_config_from_data_share_bundle_info_strategy.cpp +++ b/services/distributeddataservice/service/data_share/strategies/data_share/load_config_from_data_share_bundle_info_strategy.cpp @@ -80,9 +80,9 @@ bool LoadConfigFromDataShareBundleInfoStrategy::operator()(std::shared_ptrcalledBundleName.c_str()); return false; } - if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMS( + if (BundleMgrProxy::GetInstance()->GetBundleInfoFromBMSWithCheck( context->calledBundleName, context->currentUserId, context->bundleInfo) != E_OK) { - ZLOGE("GetBundleInfoFromBMS failed! bundleName: %{public}s", context->calledBundleName.c_str()); + ZLOGE("GetBundleInfoFromBMSWithCheck failed! bundleName: %{public}s", context->calledBundleName.c_str()); return false; } for (auto const &item : context->bundleInfo.extensionInfos) { diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index c794589f9296c6fc7f176820b5bcc907246c9ee2..5ef6d4409dee3dd0c38aa9b7845f162d2ad839a2 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -85,6 +85,7 @@ ohos_unittest("CloudDataTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", @@ -179,6 +180,7 @@ ohos_unittest("CloudServiceImplTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", @@ -972,6 +974,7 @@ ohos_unittest("DataShareServiceImplTest") { "${data_service_path}/service/crypto/src/crypto_manager.cpp", "${data_service_path}/service/data_share/common/app_connect_manager.cpp", "${data_service_path}/service/data_share/common/bundle_mgr_proxy.cpp", + "${data_service_path}/service/data_share/common/common_utils.cpp", "${data_service_path}/service/data_share/common/db_delegate.cpp", "${data_service_path}/service/data_share/common/div_strategy.cpp", "${data_service_path}/service/data_share/common/extension_ability_manager.cpp", @@ -1596,6 +1599,7 @@ ohos_unittest("BootStrapMockTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn index 228e7d6dc3c78e28e35cd3dc346b20cdd0e82aa7..3c09a4c27b634ca63c7f3be92b9e3b09b51440f5 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn @@ -82,6 +82,7 @@ ohos_fuzztest("CloudServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn index d9a46ea9f55b34701699cbce97f12223e69528b3..7313bb6996f22c31d1cccb07daa26b8d7e58d5ce 100644 --- a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/BUILD.gn @@ -24,6 +24,7 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "${data_service_path}/app/src", "${data_service_path}/framework/include", "${data_service_path}/service/common", + "${data_service_path}/service/config/include", "${data_service_path}/service/crypto/include", "${data_service_path}/service/data_share/common", "${data_service_path}/service/data_share/data", @@ -55,6 +56,7 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "${data_service_path}/service/crypto/src/crypto_manager.cpp", "${data_service_path}/service/data_share/common/app_connect_manager.cpp", "${data_service_path}/service/data_share/common/bundle_mgr_proxy.cpp", + "${data_service_path}/service/data_share/common/common_utils.cpp", "${data_service_path}/service/data_share/common/db_delegate.cpp", "${data_service_path}/service/data_share/common/div_strategy.cpp", "${data_service_path}/service/data_share/common/extension_ability_manager.cpp", @@ -97,6 +99,7 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "${data_service_path}/service/data_share/sys_event_subscriber.cpp", "${data_service_path}/service/kvdb/user_delegate.cpp", "${data_service_path}/service/permission/src/permit_delegate.cpp", + "${data_service_path}/service/permission/src/permission_validator.cpp", "datashareservicestub_fuzzer.cpp", ] @@ -104,6 +107,7 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "${data_service_path}/adapter/account:distributeddata_account", "${data_service_path}/adapter/communicator:distributeddata_communicator", "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service:distributeddatasvc", ] external_deps = [ @@ -125,7 +129,6 @@ ohos_fuzztest("DataShareServiceStubFuzzTest") { "hilog:libhilog", "hisysevent:libhisysevent", "huks:libhukssdk", - "init:libbegetutil", "ipc:ipc_core", "kv_store:distributeddata_inner", "kv_store:distributeddb", diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn index 458b5897bf2849a02ae9326a051db12313c77e9d..5b9e893da27aab54a66446e496ef7fc357ee81a8 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn @@ -69,6 +69,7 @@ ohos_fuzztest("KvdbServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn index 336b0dbfc3561fdf79595a75894079899c6f2b08..733da5cfc5c528040ed050a3d2588703d61e1d8f 100755 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn @@ -68,6 +68,7 @@ ohos_fuzztest("ObjectServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn index 43309645c3d16e6b79f0699cab22f4d3f8c1cb21..b1964d0207cb2b39b8bb7b2846115acb58866e02 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn @@ -74,6 +74,7 @@ ohos_fuzztest("RdbServiceStubFuzzTest") { "${data_service_path}/service/config/src/model/checker_config.cpp", "${data_service_path}/service/config/src/model/cloud_config.cpp", "${data_service_path}/service/config/src/model/component_config.cpp", + "${data_service_path}/service/config/src/model/datashare_config.cpp", "${data_service_path}/service/config/src/model/directory_config.cpp", "${data_service_path}/service/config/src/model/global_config.cpp", "${data_service_path}/service/config/src/model/network_config.cpp",