From f90f74820bb6ef148643384541ae7fcdcf1fe5e0 Mon Sep 17 00:00:00 2001
From: zuojiangjiang <zuojiangjiang@huawei.com>
Date: Thu, 31 Mar 2022 16:44:56 +0800
Subject: [PATCH] fix sync permission check Signed-off-by: zuojiangjiang
 <zuojiangjiang@huawei.com>

---
 .../permission/src/client_permission_validator.cpp   | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/services/distributeddataservice/adapter/permission/src/client_permission_validator.cpp b/services/distributeddataservice/adapter/permission/src/client_permission_validator.cpp
index 4b42a96fd..44dacc125 100644
--- a/services/distributeddataservice/adapter/permission/src/client_permission_validator.cpp
+++ b/services/distributeddataservice/adapter/permission/src/client_permission_validator.cpp
@@ -23,6 +23,7 @@
 
 namespace OHOS {
 namespace DistributedKv {
+using namespace Security::AccessToken;
 ClientPermissionChangedCallback::ClientPermissionChangedCallback(std::int32_t pid, std::int32_t uid)
 {
     this->pid_ = pid;
@@ -51,8 +52,15 @@ void ClientPermissionValidator::UpdatePermissionStatus(
 bool ClientPermissionValidator::CheckClientSyncPermission(const KvStoreTuple &kvStoreTuple, std::uint32_t tokenId)
 {
     (void)kvStoreTuple;
-    return (Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, DISTRIBUTED_DATASYNC) ==
-            Security::AccessToken::PERMISSION_GRANTED);
+    if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) {
+        return true;
+    }
+    if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_HAP) {
+        return (AccessTokenKit::VerifyAccessToken(tokenId, DISTRIBUTED_DATASYNC) == PERMISSION_GRANTED);
+    }
+
+    ZLOGI("invalid token:%u", tokenId);
+    return false;
 }
 
 bool ClientPermissionValidator::RegisterPermissionChanged(
-- 
Gitee