From 231ef4edc7195053cc4b66d32857a29cb6ab2343 Mon Sep 17 00:00:00 2001
From: Jin1K <1061208093@qq.com>
Date: Fri, 9 May 2025 10:29:37 +0800
Subject: [PATCH] optimize verify permission

Signed-off-by: Jin1K <1061208093@qq.com>
---
 .../service/data_share/data_share_service_impl.cpp    | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/services/distributeddataservice/service/data_share/data_share_service_impl.cpp b/services/distributeddataservice/service/data_share/data_share_service_impl.cpp
index 6f1494aa9..4029047ba 100644
--- a/services/distributeddataservice/service/data_share/data_share_service_impl.cpp
+++ b/services/distributeddataservice/service/data_share/data_share_service_impl.cpp
@@ -1170,13 +1170,14 @@ bool DataShareServiceImpl::VerifyPermission(const std::string &bundleName, const
         }
     } else {
         Security::AccessToken::HapTokenInfo tokenInfo;
-        auto result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo);
-        if (result == Security::AccessToken::RET_SUCCESS && tokenInfo.bundleName == bundleName) {
-            return true;
-        }
         // Provider from ProxyData, which does not allow empty permissions and cannot be access without configured
         if (permission.empty()) {
-            ZLOGE("Permission empty! token:0x%{public}x, bundleName:%{public}s", tokenId, bundleName.c_str());
+            ZLOGI("Permission empty! token:0x%{public}x, bundleName:%{public}s", tokenId, bundleName.c_str());
+            auto result = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo);
+            if (result == Security::AccessToken::RET_SUCCESS && tokenInfo.bundleName == bundleName) {
+                return true;
+            }
+            ZLOGE("Permission denied!");
             return false;
         }
         // If the permission is NO_PERMISSION, access is also allowed
-- 
Gitee