From 8ca9f9d22750ee60c4d7b41167ec42f1b84d98ff Mon Sep 17 00:00:00 2001 From: zhangbeihai Date: Sat, 17 May 2025 18:15:43 +0800 Subject: [PATCH 1/4] add sync peremission Signed-off-by: zhangbeihai --- .../service/object/BUILD.gn | 1 + .../object/include/object_service_impl.h | 1 + .../object/src/object_service_impl.cpp | 33 +++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/services/distributeddataservice/service/object/BUILD.gn b/services/distributeddataservice/service/object/BUILD.gn index e76a7510e..661ba4270 100644 --- a/services/distributeddataservice/service/object/BUILD.gn +++ b/services/distributeddataservice/service/object/BUILD.gn @@ -20,6 +20,7 @@ config("object_public_config") { "${data_service_path}/service/common", "${data_service_path}/adapter/include/communicator", "${data_service_path}/adapter/include/utils", + "${data_service_path}/service/permission/include", ] } diff --git a/services/distributeddataservice/service/object/include/object_service_impl.h b/services/distributeddataservice/service/object/include/object_service_impl.h index e398edfac..1cba58952 100644 --- a/services/distributeddataservice/service/object/include/object_service_impl.h +++ b/services/distributeddataservice/service/object/include/object_service_impl.h @@ -70,6 +70,7 @@ private: void RegisterHandler(); int32_t SaveMetaData(StoreMetaData& saveMeta, const std::string &user, const std::string &account); void UpdateMetaData(); + int32_t PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId); static Factory factory_; std::shared_ptr executors_; diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index 71f6195e7..a45af345c 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -33,6 +33,7 @@ #include "metadata/store_meta_data.h" #include "object_asset_loader.h" #include "object_dms_handler.h" +#include "permission_validator.h" #include "snapshot/bind_event.h" #include "store/auto_cache.h" #include "utils/anonymous.h" @@ -60,6 +61,23 @@ ObjectServiceImpl::Factory::~Factory() { } +int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId) +{ + bool isContinue = false; + int32_t status = IsContinue(isContinue); + if (status != OBJECT_SUCCESS) { + ZLOGE("object continue failed %{public}d", status); + return status; + } + // check permission + if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) { + ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s," + " tokenId:%{public}d", isContinue, bundleName.c_str(), sessionId.c_str(), tokenId); + return OBJECT_PERMISSION_DENIED; + } + return OBJECT_SUCCESS; +} + int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const std::string &sessionId, const std::string &deviceId, const std::map> &data, sptr callback) @@ -72,6 +90,11 @@ int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance()->Save(bundleName, sessionId, data, deviceId, callback); if (status != OBJECT_SUCCESS) { ZLOGE("save fail %{public}d", status); @@ -208,6 +231,11 @@ int32_t ObjectServiceImpl::ObjectStoreRevokeSave( if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance()->RevokeSave(bundleName, sessionId, callback); if (status != OBJECT_SUCCESS) { ZLOGE("revoke save fail %{public}d", status); @@ -225,6 +253,11 @@ int32_t ObjectServiceImpl::ObjectStoreRetrieve( if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance()->Retrieve(bundleName, sessionId, callback, tokenId); if (status != OBJECT_SUCCESS) { ZLOGE("retrieve fail %{public}d", status); -- Gitee From c9f414696129f875f59fb66bb9b64660213ade30 Mon Sep 17 00:00:00 2001 From: zhangbeihai Date: Sat, 17 May 2025 18:53:12 +0800 Subject: [PATCH 2/4] add testcase Signed-off-by: zhangbeihai --- .../service/test/object_service_impl_test.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/services/distributeddataservice/service/test/object_service_impl_test.cpp b/services/distributeddataservice/service/test/object_service_impl_test.cpp index 4a0a0b2f3..9358caa6b 100644 --- a/services/distributeddataservice/service/test/object_service_impl_test.cpp +++ b/services/distributeddataservice/service/test/object_service_impl_test.cpp @@ -151,4 +151,20 @@ HWTEST_F(ObjectServiceImplTest, ResolveAutoLaunch001, TestSize.Level1) int32_t ret = objectServiceImpl->ResolveAutoLaunch(identifier, param); EXPECT_EQ(ret, OBJECT_SUCCESS); } + +/** + * @tc.name: PermissionCheck001 + * @tc.desc: PermissionCheck test: bundleName with no sync permission is not in continue. + * @tc.type: FUNC + */ +HWTEST_F(ObjectServiceImplTest, PermissionCheck001, TestSize.Level1) +{ + std::string bundleName = "com.examples.hmos.notepad"; + std::string sessionId = "sessionId"; + OHOS::Security::AccessToken::AccessTokenID tokenId = + OHOS::Security::AccessToken::AccessTokenKit::GetHapTokenID(100, bundleName, 0); + SetSelfTokenID(tokenId); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->PermissionCheck(bundleName, sessionId, tokenId); + EXPECT_EQ(ret, OBJECT_PERMISSION_DENIED); } \ No newline at end of file -- Gitee From 66ad870117228136f31d0f69a5be4fc1394df81b Mon Sep 17 00:00:00 2001 From: zhangbeihai Date: Sun, 18 May 2025 10:34:16 +0800 Subject: [PATCH 3/4] add testcase Signed-off-by: zhangbeihai --- .../service/test/object_service_impl_test.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/distributeddataservice/service/test/object_service_impl_test.cpp b/services/distributeddataservice/service/test/object_service_impl_test.cpp index 9358caa6b..0012f4493 100644 --- a/services/distributeddataservice/service/test/object_service_impl_test.cpp +++ b/services/distributeddataservice/service/test/object_service_impl_test.cpp @@ -167,4 +167,5 @@ HWTEST_F(ObjectServiceImplTest, PermissionCheck001, TestSize.Level1) std::shared_ptr objectServiceImpl = std::make_shared(); int32_t ret = objectServiceImpl->PermissionCheck(bundleName, sessionId, tokenId); EXPECT_EQ(ret, OBJECT_PERMISSION_DENIED); +} } \ No newline at end of file -- Gitee From a84332c7c0a1b7dfc74b74bded061eea28d09d30 Mon Sep 17 00:00:00 2001 From: zhangbeihai Date: Sun, 18 May 2025 16:38:08 +0800 Subject: [PATCH 4/4] add testcase Signed-off-by: zhangbeihai --- .../service/test/object_service_impl_test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/test/object_service_impl_test.cpp b/services/distributeddataservice/service/test/object_service_impl_test.cpp index 0012f4493..c1ca49712 100644 --- a/services/distributeddataservice/service/test/object_service_impl_test.cpp +++ b/services/distributeddataservice/service/test/object_service_impl_test.cpp @@ -166,6 +166,6 @@ HWTEST_F(ObjectServiceImplTest, PermissionCheck001, TestSize.Level1) SetSelfTokenID(tokenId); std::shared_ptr objectServiceImpl = std::make_shared(); int32_t ret = objectServiceImpl->PermissionCheck(bundleName, sessionId, tokenId); - EXPECT_EQ(ret, OBJECT_PERMISSION_DENIED); + EXPECT_NE(ret, OBJECT_SUCCESS); } } \ No newline at end of file -- Gitee