From 67eba3c96330f3a05f0c35548177ef6816fbb45b Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 11:18:03 +0800 Subject: [PATCH 1/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/cloud/cloud_service_impl.cpp | 2 +- .../service/object/BUILD.gn | 1 + .../object/include/object_service_impl.h | 1 + .../object/src/object_service_impl.cpp | 33 ++++ .../service/test/BUILD.gn | 1 + .../service/test/object_manager_mock_test.cpp | 164 +++++++++++++++++- 6 files changed, 199 insertions(+), 3 deletions(-) diff --git a/services/distributeddataservice/service/cloud/cloud_service_impl.cpp b/services/distributeddataservice/service/cloud/cloud_service_impl.cpp index 3179ab113..afb534d92 100644 --- a/services/distributeddataservice/service/cloud/cloud_service_impl.cpp +++ b/services/distributeddataservice/service/cloud/cloud_service_impl.cpp @@ -1602,7 +1602,7 @@ CloudServiceImpl::HapInfo CloudServiceImpl::GetHapInfo(uint32_t tokenId) { if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { ZLOGE("TokenType is not TOKEN_HAP, tokenId:0x%{public}x", tokenId); - return { 0, 0, ""}; + return { INVALID_USER_ID, -1, "" }; } HapTokenInfo tokenInfo; int errCode = AccessTokenKit::GetHapTokenInfo(tokenId, tokenInfo); diff --git a/services/distributeddataservice/service/object/BUILD.gn b/services/distributeddataservice/service/object/BUILD.gn index b5bba90be..c39250f9f 100644 --- a/services/distributeddataservice/service/object/BUILD.gn +++ b/services/distributeddataservice/service/object/BUILD.gn @@ -21,6 +21,7 @@ config("object_public_config") { "${data_service_path}/service/matrix/include", "${data_service_path}/adapter/include/communicator", "${data_service_path}/adapter/include/utils", + "${data_service_path}/service/permission/include", ] } diff --git a/services/distributeddataservice/service/object/include/object_service_impl.h b/services/distributeddataservice/service/object/include/object_service_impl.h index 98f0fcd61..cc2e8d275 100644 --- a/services/distributeddataservice/service/object/include/object_service_impl.h +++ b/services/distributeddataservice/service/object/include/object_service_impl.h @@ -73,6 +73,7 @@ private: void RegisterHandler(); int32_t SaveMetaData(StoreMetaData& saveMeta); void UpdateMetaData(); + int32_t PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId); static Factory factory_; std::shared_ptr executors_; diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index ff6d5ee3a..8726daf0d 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -33,6 +33,7 @@ #include "metadata/store_meta_data.h" #include "object_asset_loader.h" #include "object_dms_handler.h" +#include "permission_validator.h" #include "snapshot/bind_event.h" #include "store/auto_cache.h" #include "utils/anonymous.h" @@ -62,6 +63,23 @@ ObjectServiceImpl::Factory::~Factory() { } +int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId) +{ + bool isContinue = false; + int32_t status = IsContinue(isContinue); + if (status != OBJECT_SUCCESS) { + ZLOGE("object continue failed %{public}d", status); + return status; + } + // check permission + if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) { + ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s," + " tokenId:%{public}d", isContinue, bundleName.c_str(), sessionId.c_str(), tokenId); + return OBJECT_PERMISSION_DENIED; + } + return OBJECT_SUCCESS; +} + int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const std::string &sessionId, const std::string &deviceId, const std::map> &data, sptr callback) @@ -74,6 +92,11 @@ int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance().Save(bundleName, sessionId, data, deviceId, callback); if (status != OBJECT_SUCCESS) { ZLOGE("save fail %{public}d", status); @@ -229,6 +252,11 @@ int32_t ObjectServiceImpl::ObjectStoreRevokeSave( if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance().RevokeSave(bundleName, sessionId, callback); if (status != OBJECT_SUCCESS) { ZLOGE("revoke save fail %{public}d", status); @@ -246,6 +274,11 @@ int32_t ObjectServiceImpl::ObjectStoreRetrieve( if (status != OBJECT_SUCCESS) { return status; } + status = PermissionCheck(bundleName, sessionId, tokenId); + if (status != OBJECT_SUCCESS) { + ZLOGE("Save permission check fail %{public}d", status); + return status; + } status = ObjectStoreManager::GetInstance().Retrieve(bundleName, sessionId, callback, tokenId); if (status != OBJECT_SUCCESS) { ZLOGE("retrieve fail %{public}d", status); diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index 1f6ecbcfd..08ac99f0e 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -969,6 +969,7 @@ ohos_unittest("ObjectManagerMockTest") { "../object/src/object_types_utils.cpp", "mock/access_token_mock.cpp", "mock/account_delegate_mock.cpp", + "mock/checker_mock.cpp", "mock/device_manager_adapter_mock.cpp", "mock/kv_store_nb_delegate_mock.cpp", "object_manager_mock_test.cpp", diff --git a/services/distributeddataservice/service/test/object_manager_mock_test.cpp b/services/distributeddataservice/service/test/object_manager_mock_test.cpp index 58835654a..8e15f443f 100644 --- a/services/distributeddataservice/service/test/object_manager_mock_test.cpp +++ b/services/distributeddataservice/service/test/object_manager_mock_test.cpp @@ -17,15 +17,18 @@ #include #include +#include "accesstoken_kit.h" #include "device_manager_adapter_mock.h" #include "device_matrix_mock.h" #include "gtest/gtest.h" #include "mock/access_token_mock.h" #include "mock/account_delegate_mock.h" +#include "mock/checker_mock.h" #include "mock/distributed_file_daemon_manager_mock.h" #include "mock/meta_data_manager_mock.h" #include "object_manager.h" #include "object_service_impl.h" +#include "token_setproc.h" using namespace OHOS::DistributedObject; @@ -40,6 +43,7 @@ using OnComplete = OHOS::DistributedData::MetaDataManager::OnComplete; namespace OHOS::Test { namespace DistributedDataTest { +static constexpr const int32_t TEST_FLAG_CALL_TWO = 2; class ObjectManagerMockTest : public testing::Test { public: static void SetUpTestCase(void) @@ -96,7 +100,9 @@ protected: std::string sessionId_ = "123"; OHOS::ObjectStore::AssetBindInfo assetBindInfo_; AssetValue assetValue_; + static CheckerMock checkerMock_; }; +CheckerMock ObjectManagerMockTest::checkerMock_; /** * @tc.name: IsNeedMetaSync001 @@ -191,7 +197,7 @@ HWTEST_F(ObjectManagerMockTest, IsNeedMetaSync003, TestSize.Level0) HWTEST_F(ObjectManagerMockTest, SyncOnStore001, TestSize.Level0) { // 2 means that the GetUserByToken interface will be called twice - EXPECT_CALL(*accountDelegateMock, GetUserByToken(_)).Times(2).WillRepeatedly(Return(0)); + EXPECT_CALL(*accountDelegateMock, GetUserByToken(_)).Times(TEST_FLAG_CALL_TWO).WillRepeatedly(Return(0)); auto &manager = ObjectStoreManager::GetInstance(); std::function &results)> func; func = [](const std::map &results) { return results; }; @@ -510,7 +516,7 @@ HWTEST_F(ObjectManagerMockTest, IsContinue002, TestSize.Level1) std::shared_ptr objectServiceImpl = std::make_shared(); bool isContinue = false; EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) - .Times(2) + .Times(TEST_FLAG_CALL_TWO) .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) .Times(1) @@ -518,5 +524,159 @@ HWTEST_F(ObjectManagerMockTest, IsContinue002, TestSize.Level1) auto ret = objectServiceImpl->IsContinue(isContinue); EXPECT_EQ(ret, DistributedObject::OBJECT_SUCCESS); } + +/** +* @tc.name: PermissionCheck001 +* @tc.desc: Test ObjectStoreSave function when PermissionCheck is in continue and have sync permission. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck001, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + std::string deviceId = "deviceId"; + std::map> data; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); + EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) + .Times(1) + .WillRepeatedly(Return(0)); + EXPECT_CALL(*accTokenMock, VerifyAccessToken(_, _)) + .Times(1) + .WillRepeatedly(Return(TypePermissionState::PERMISSION_GRANTED)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreSave(bundleName, sessionId, deviceId, data, callback); + EXPECT_EQ(ret, DistributedKv::INVALID_ARGUMENT); +} + +/** +* @tc.name: PermissionCheck002 +* @tc.desc: Test ObjectStoreSave function when PermissionCheck is not in continue. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck002, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + std::string deviceId = "deviceId"; + std::map> data; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreSave(bundleName, sessionId, deviceId, data, callback); + EXPECT_EQ(ret, OBJECT_INNER_ERROR); +} + +/** +* @tc.name: PermissionCheck003 +* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is in continue and have sync permission. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck003, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); + EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) + .Times(1) + .WillRepeatedly(Return(0)); + EXPECT_CALL(*accTokenMock, VerifyAccessToken(_, _)) + .Times(1) + .WillRepeatedly(Return(TypePermissionState::PERMISSION_GRANTED)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreRevokeSave(bundleName, sessionId, callback); + EXPECT_EQ(ret, DistributedKv::INVALID_ARGUMENT); +} + +/** +* @tc.name: PermissionCheck004 +* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is not sync permission. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck004, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); + EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) + .Times(1) + .WillRepeatedly(Return(0)); + EXPECT_CALL(*accTokenMock, VerifyAccessToken(_, _)) + .Times(1) + .WillRepeatedly(Return(TypePermissionState::PERMISSION_DENIED)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreRevokeSave(bundleName, sessionId, callback); + EXPECT_EQ(ret, OBJECT_PERMISSION_DENIED); +} + +/** +* @tc.name: PermissionCheck005 +* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is in continue and have sync permission. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck005, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); + EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) + .Times(1) + .WillRepeatedly(Return(0)); + EXPECT_CALL(*accTokenMock, VerifyAccessToken(_, _)) + .Times(1) + .WillRepeatedly(Return(TypePermissionState::PERMISSION_GRANTED)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreRetrieve(bundleName, sessionId, callback); + EXPECT_EQ(ret, DistributedKv::INVALID_ARGUMENT); +} + +/** +* @tc.name: PermissionCheck006 +* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is not sync permission. +* @tc.type: FUNC +*/ +HWTEST_F(ObjectManagerMockTest, PermissionCheck006, TestSize.Level1) +{ + std::string bundleName = "com.examples.test"; + std::string sessionId = "sessionId"; + sptr callback; + std::vector checkers = {"SystemChecker"}; + CheckerManager::GetInstance().LoadCheckers(checkers); + EXPECT_CALL(*accTokenMock, GetTokenTypeFlag(_)) + .Times(1) + .WillRepeatedly(Return(ATokenTypeEnum::TOKEN_HAP)); + EXPECT_CALL(*accTokenMock, GetHapTokenInfo(_, _)) + .Times(1) + .WillRepeatedly(Return(0)); + EXPECT_CALL(*accTokenMock, VerifyAccessToken(_, _)) + .Times(1) + .WillRepeatedly(Return(TypePermissionState::PERMISSION_DENIED)); + std::shared_ptr objectServiceImpl = std::make_shared(); + int32_t ret = objectServiceImpl->ObjectStoreRetrieve(bundleName, sessionId, callback); + EXPECT_EQ(ret, OBJECT_PERMISSION_DENIED); +} }; // namespace DistributedDataTest } // namespace OHOS::Test \ No newline at end of file -- Gitee From b945424f1127e1217542dd5ee22e399b06b78652 Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 11:25:33 +0800 Subject: [PATCH 2/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/test/object_manager_mock_test.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/services/distributeddataservice/service/test/object_manager_mock_test.cpp b/services/distributeddataservice/service/test/object_manager_mock_test.cpp index 8e15f443f..ead794bac 100644 --- a/services/distributeddataservice/service/test/object_manager_mock_test.cpp +++ b/services/distributeddataservice/service/test/object_manager_mock_test.cpp @@ -527,7 +527,7 @@ HWTEST_F(ObjectManagerMockTest, IsContinue002, TestSize.Level1) /** * @tc.name: PermissionCheck001 -* @tc.desc: Test ObjectStoreSave function when PermissionCheck is in continue and have sync permission. +* @tc.desc: Test ObjectStoreSave function when PermissionCheck is not in continue and have sync permission. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck001, TestSize.Level1) @@ -555,7 +555,7 @@ HWTEST_F(ObjectManagerMockTest, PermissionCheck001, TestSize.Level1) /** * @tc.name: PermissionCheck002 -* @tc.desc: Test ObjectStoreSave function when PermissionCheck is not in continue. +* @tc.desc: Test ObjectStoreSave function when PermissionCheck is not in continue and TokenType is not TOKEN_HAP. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck002, TestSize.Level1) @@ -577,7 +577,7 @@ HWTEST_F(ObjectManagerMockTest, PermissionCheck002, TestSize.Level1) /** * @tc.name: PermissionCheck003 -* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is in continue and have sync permission. +* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is not in continue and have sync permission. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck003, TestSize.Level1) @@ -603,7 +603,7 @@ HWTEST_F(ObjectManagerMockTest, PermissionCheck003, TestSize.Level1) /** * @tc.name: PermissionCheck004 -* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is not sync permission. +* @tc.desc: Test ObjectStoreRevokeSave function when PermissionCheck is not in continue and not sync permission. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck004, TestSize.Level1) @@ -629,7 +629,7 @@ HWTEST_F(ObjectManagerMockTest, PermissionCheck004, TestSize.Level1) /** * @tc.name: PermissionCheck005 -* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is in continue and have sync permission. +* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is not in continue and have sync permission. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck005, TestSize.Level1) @@ -655,7 +655,7 @@ HWTEST_F(ObjectManagerMockTest, PermissionCheck005, TestSize.Level1) /** * @tc.name: PermissionCheck006 -* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is not sync permission. +* @tc.desc: Test ObjectStoreRetrieve function when PermissionCheck is not in continue and not sync permission. * @tc.type: FUNC */ HWTEST_F(ObjectManagerMockTest, PermissionCheck006, TestSize.Level1) -- Gitee From 861bba4216b201db33d0d397ff92c95aeeebc481 Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 11:57:03 +0800 Subject: [PATCH 3/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/object/src/object_service_impl.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index 8726daf0d..6c077cf1e 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -63,7 +63,8 @@ ObjectServiceImpl::Factory::~Factory() { } -int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId) +int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, + uint32_t &tokenId) { bool isContinue = false; int32_t status = IsContinue(isContinue); -- Gitee From 68d00443830953335146ad4723162e28d26661ad Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 14:26:46 +0800 Subject: [PATCH 4/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/object/src/object_service_impl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index 6c077cf1e..b2387a3bf 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -255,7 +255,7 @@ int32_t ObjectServiceImpl::ObjectStoreRevokeSave( } status = PermissionCheck(bundleName, sessionId, tokenId); if (status != OBJECT_SUCCESS) { - ZLOGE("Save permission check fail %{public}d", status); + ZLOGE("RevokeSave permission check fail %{public}d", status); return status; } status = ObjectStoreManager::GetInstance().RevokeSave(bundleName, sessionId, callback); @@ -277,7 +277,7 @@ int32_t ObjectServiceImpl::ObjectStoreRetrieve( } status = PermissionCheck(bundleName, sessionId, tokenId); if (status != OBJECT_SUCCESS) { - ZLOGE("Save permission check fail %{public}d", status); + ZLOGE("retrieve permission check fail %{public}d", status); return status; } status = ObjectStoreManager::GetInstance().Retrieve(bundleName, sessionId, callback, tokenId); -- Gitee From e0cd5ed819b6033307d79c375525cb2af0991c57 Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 17:08:42 +0800 Subject: [PATCH 5/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/object/include/object_service_impl.h | 2 +- .../service/object/src/object_service_impl.cpp | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/services/distributeddataservice/service/object/include/object_service_impl.h b/services/distributeddataservice/service/object/include/object_service_impl.h index cc2e8d275..7d14b70b2 100644 --- a/services/distributeddataservice/service/object/include/object_service_impl.h +++ b/services/distributeddataservice/service/object/include/object_service_impl.h @@ -73,7 +73,7 @@ private: void RegisterHandler(); int32_t SaveMetaData(StoreMetaData& saveMeta); void UpdateMetaData(); - int32_t PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId); + int32_t PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t tokenId); static Factory factory_; std::shared_ptr executors_; diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index b2387a3bf..0a343472d 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -64,18 +64,18 @@ ObjectServiceImpl::Factory::~Factory() } int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, - uint32_t &tokenId) + uint32_t tokenId) { bool isContinue = false; int32_t status = IsContinue(isContinue); if (status != OBJECT_SUCCESS) { - ZLOGE("object continue failed %{public}d", status); + ZLOGE("object continue failed %{public}d, bundleName:%{public}s", status, bundleName.c_str()); return status; } // check permission if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) { ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s," - " tokenId:%{public}d", isContinue, bundleName.c_str(), sessionId.c_str(), tokenId); + " tokenId:%{public}d", isContinue, bundleName.c_str(), Anonymous::Change(sessionId).c_str(), tokenId); return OBJECT_PERMISSION_DENIED; } return OBJECT_SUCCESS; @@ -95,7 +95,7 @@ int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const } status = PermissionCheck(bundleName, sessionId, tokenId); if (status != OBJECT_SUCCESS) { - ZLOGE("Save permission check fail %{public}d", status); + ZLOGE("Save permission check fail %{public}d, bundleName:%{public}s,", status, bundleName.c_str()); return status; } status = ObjectStoreManager::GetInstance().Save(bundleName, sessionId, data, deviceId, callback); @@ -255,7 +255,7 @@ int32_t ObjectServiceImpl::ObjectStoreRevokeSave( } status = PermissionCheck(bundleName, sessionId, tokenId); if (status != OBJECT_SUCCESS) { - ZLOGE("RevokeSave permission check fail %{public}d", status); + ZLOGE("RevokeSave permission check fail %{public}d, bundleName:%{public}s,", status, bundleName.c_str()); return status; } status = ObjectStoreManager::GetInstance().RevokeSave(bundleName, sessionId, callback); @@ -277,7 +277,7 @@ int32_t ObjectServiceImpl::ObjectStoreRetrieve( } status = PermissionCheck(bundleName, sessionId, tokenId); if (status != OBJECT_SUCCESS) { - ZLOGE("retrieve permission check fail %{public}d", status); + ZLOGE("retrieve permission check fail %{public}d, bundleName:%{public}s,", status, bundleName.c_str()); return status; } status = ObjectStoreManager::GetInstance().Retrieve(bundleName, sessionId, callback, tokenId); -- Gitee From 0048bee21b4dad73529e54d9e69c27aa766fedf5 Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 17:30:49 +0800 Subject: [PATCH 6/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/object/src/object_service_impl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index 0a343472d..6e8c1356f 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -74,8 +74,8 @@ int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const } // check permission if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) { - ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s," - " tokenId:%{public}d", isContinue, bundleName.c_str(), Anonymous::Change(sessionId).c_str(), tokenId); + ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s,", + isContinue, bundleName.c_str(), Anonymous::Change(sessionId).c_str(), tokenId); return OBJECT_PERMISSION_DENIED; } return OBJECT_SUCCESS; -- Gitee From cb467097010042f6849e3887fe7b5cbf3b904372 Mon Sep 17 00:00:00 2001 From: gecheng Date: Sat, 16 Aug 2025 17:55:39 +0800 Subject: [PATCH 7/7] =?UTF-8?q?object=E6=9C=8D=E5=8A=A1=E7=AB=AF=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E9=9D=9E=E6=8E=A5=E7=BB=AD=E7=8A=B6=E6=80=81=E7=9A=84?= =?UTF-8?q?sync=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: gecheng --- .../service/object/src/object_service_impl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp index 6e8c1356f..4cc7bfc09 100644 --- a/services/distributeddataservice/service/object/src/object_service_impl.cpp +++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp @@ -75,7 +75,7 @@ int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const // check permission if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) { ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s,", - isContinue, bundleName.c_str(), Anonymous::Change(sessionId).c_str(), tokenId); + isContinue, bundleName.c_str(), Anonymous::Change(sessionId).c_str()); return OBJECT_PERMISSION_DENIED; } return OBJECT_SUCCESS; -- Gitee