diff --git a/frameworks/innerkitsimpl/distributeddatafwk/src/itypes_util.cpp b/frameworks/innerkitsimpl/distributeddatafwk/src/itypes_util.cpp index 23dd536aa69bb4008cc401ee8c6c269fc0d5a6c5..8350e2556737d215aa1b76b881c8216db38809f0 100644 --- a/frameworks/innerkitsimpl/distributeddatafwk/src/itypes_util.cpp +++ b/frameworks/innerkitsimpl/distributeddatafwk/src/itypes_util.cpp @@ -148,7 +148,7 @@ bool ITypesUtil::Marshalling(const DistributedRdb::RdbSyncerParam ¶m, Messag ZLOGE("RdbStoreParam write bundle name failed"); return false; } - if (!parcel.WriteString(param.path_)) { + if (!parcel.WriteString(param.relativePath_)) { ZLOGE("RdbStoreParam write directory failed"); return false; } @@ -156,6 +156,10 @@ bool ITypesUtil::Marshalling(const DistributedRdb::RdbSyncerParam ¶m, Messag ZLOGE("RdbStoreParam write store name failed"); return false; } + if (!parcel.WriteString(param.encryptLevel_)) { + ZLOGE("RdbStoreParam write security level failed"); + return false; + } if (!parcel.WriteInt32(param.type_)) { ZLOGE("RdbStoreParam write type failed"); return false; @@ -166,13 +170,14 @@ bool ITypesUtil::Marshalling(const DistributedRdb::RdbSyncerParam ¶m, Messag } return true; } + bool ITypesUtil::Unmarshalling(MessageParcel &parcel, DistributedRdb::RdbSyncerParam ¶m) { if (!parcel.ReadString(param.bundleName_)) { ZLOGE("RdbStoreParam read bundle name failed"); return false; } - if (!parcel.ReadString(param.path_)) { + if (!parcel.ReadString(param.relativePath_)) { ZLOGE("RdbStoreParam read directory failed"); return false; } @@ -180,6 +185,10 @@ bool ITypesUtil::Unmarshalling(MessageParcel &parcel, DistributedRdb::RdbSyncerP ZLOGE("RdbStoreParam read store name failed"); return false; } + if (!parcel.ReadString(param.encryptLevel_)) { + ZLOGE("RdbStoreParam read security level failed"); + return false; + } if (!parcel.ReadInt32(param.type_)) { ZLOGE("RdbStoreParam read type failed"); return false; diff --git a/frameworks/innerkitsimpl/rdb/include/rdb_types.h b/frameworks/innerkitsimpl/rdb/include/rdb_types.h index 6c3fce51cc1a99ac87b5c6c0db4e731b7a3568e4..429d6397c21cbaddb9de50e95be594818d68adac 100644 --- a/frameworks/innerkitsimpl/rdb/include/rdb_types.h +++ b/frameworks/innerkitsimpl/rdb/include/rdb_types.h @@ -34,8 +34,10 @@ enum RdbDistributedType { struct RdbSyncerParam { std::string bundleName_; - std::string path_; + std::string relativePath_; std::string storeName_; + std::string encryptLevel_; + std::string realPath_; int type_ = RDB_DEVICE_COLLABORATION; bool isAutoSync_ = false; }; diff --git a/services/distributeddataservice/app/BUILD.gn b/services/distributeddataservice/app/BUILD.gn index 155e27ba0906993cfc39d22237757d7584fddf37..f8ac463dd88b1efc37b90fbe76d3068e4898eac9 100644 --- a/services/distributeddataservice/app/BUILD.gn +++ b/services/distributeddataservice/app/BUILD.gn @@ -136,6 +136,7 @@ ohos_shared_library("distributeddataservice") { external_deps = [ "ability_base:base", "ability_base:want", + "access_token:libaccesstoken_sdk", "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "dataclassification:data_transit_mgr", diff --git a/services/distributeddataservice/service/rdb/rdb_service_impl.cpp b/services/distributeddataservice/service/rdb/rdb_service_impl.cpp index 0e8eaae61cabdbbda80b23d500988bd1c631e9d0..0763fb7f625b9fdb37fff755e12b5b5d72c178ff 100644 --- a/services/distributeddataservice/service/rdb/rdb_service_impl.cpp +++ b/services/distributeddataservice/service/rdb/rdb_service_impl.cpp @@ -23,6 +23,7 @@ #include "communication_provider.h" #include "log_print.h" #include "utils/anonymous.h" +#include "accesstoken_kit.h" using OHOS::DistributedKv::AccountDelegate; using OHOS::AppDistributedKv::CommunicationProvider; @@ -118,6 +119,24 @@ bool RdbServiceImpl::CheckAccess(const RdbSyncerParam ¶m) return !CheckerManager::GetInstance().GetAppId(param.bundleName_, GetCallingUid()).empty(); } +RdbSyncerParam RdbServiceImpl::ToServiceParam(const RdbSyncerParam ¶m) +{ + ZLOGI("%{public}s", param.relativePath_.c_str()); + auto serviceParam = param; + Security::AccessToken::AccessTokenID callerToken = GetCallingTokenID(); + auto accessToken = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken); + if (accessToken == Security::AccessToken::TOKEN_NATIVE) { + ZLOGD("native access"); + serviceParam.realPath_ = "/data/service/el1/public/database/" + param.bundleName_ + '/' + param.relativePath_; + } else if (accessToken == Security::AccessToken::TOKEN_HAP) { + ZLOGD("hap access %{public}s", param.encryptLevel_.c_str()); + auto userId = AccountDelegate::GetInstance()->GetDeviceAccountIdByUID(GetCallingUid()); + serviceParam.realPath_ = "/data/app/" + param.encryptLevel_ + '/' + userId + "/database/" + + param.bundleName_ + '/' + param.relativePath_; + } + return serviceParam; +} + std::string RdbServiceImpl::ObtainDistributedTableName(const std::string &device, const std::string &table) { ZLOGI("device=%{public}s table=%{public}s", Anonymous::Change(device).c_str(), table.c_str()); @@ -135,7 +154,7 @@ int32_t RdbServiceImpl::InitNotifier(const RdbSyncerParam& param, const sptr syncer) std::shared_ptr RdbServiceImpl::GetRdbSyncer(const RdbSyncerParam ¶m) { - if (!CheckAccess(param)) { - ZLOGE("permission error"); - return nullptr; - } - pid_t pid = GetCallingPid(); pid_t uid = GetCallingUid(); std::shared_ptr syncer; @@ -217,7 +231,8 @@ std::shared_ptr RdbServiceImpl::GetRdbSyncer(const RdbSyncerParam &pa ZLOGE("no available syncer"); return !syncers.empty(); } - auto syncer_ = std::make_shared(param, new (std::nothrow) RdbStoreObserverImpl(this, pid)); + auto syncer_ = std::make_shared(ToServiceParam(param), + new (std::nothrow) RdbStoreObserverImpl(this, pid)); if (syncer_->Init(pid, uid) != 0) { return !syncers.empty(); } @@ -240,6 +255,10 @@ std::shared_ptr RdbServiceImpl::GetRdbSyncer(const RdbSyncerParam &pa int32_t RdbServiceImpl::SetDistributedTables(const RdbSyncerParam ¶m, const std::vector &tables) { ZLOGI("enter"); + if (!CheckAccess(param)) { + ZLOGE("permission error"); + return RDB_ERROR; + } auto syncer = GetRdbSyncer(param); if (syncer == nullptr) { return RDB_ERROR; @@ -250,6 +269,10 @@ int32_t RdbServiceImpl::SetDistributedTables(const RdbSyncerParam ¶m, const int32_t RdbServiceImpl::DoSync(const RdbSyncerParam ¶m, const SyncOption &option, const RdbPredicates &predicates, SyncResult &result) { + if (!CheckAccess(param)) { + ZLOGE("permission error"); + return RDB_ERROR; + } auto syncer = GetRdbSyncer(param); if (syncer == nullptr) { return RDB_ERROR; @@ -269,6 +292,10 @@ void RdbServiceImpl::OnAsyncComplete(pid_t pid, uint32_t seqNum, const SyncResul int32_t RdbServiceImpl::DoAsync(const RdbSyncerParam ¶m, uint32_t seqNum, const SyncOption &option, const RdbPredicates &predicates) { + if (!CheckAccess(param)) { + ZLOGE("permission error"); + return RDB_ERROR; + } pid_t pid = GetCallingPid(); ZLOGI("seq num=%{public}u", seqNum); auto syncer = GetRdbSyncer(param); diff --git a/services/distributeddataservice/service/rdb/rdb_service_impl.h b/services/distributeddataservice/service/rdb/rdb_service_impl.h index 150b3049841ac3e4f3a79484e764428a2c30ab5b..03d506748c9859861e768db3b2362f1bd9333435 100644 --- a/services/distributeddataservice/service/rdb/rdb_service_impl.h +++ b/services/distributeddataservice/service/rdb/rdb_service_impl.h @@ -59,6 +59,8 @@ private: bool CheckAccess(const RdbSyncerParam& param); + RdbSyncerParam ToServiceParam(const RdbSyncerParam& param); + bool ResolveAutoLaunch(const std::string &identifier, DistributedDB::AutoLaunchParam ¶m); void SyncerTimeout(std::shared_ptr syncer); diff --git a/services/distributeddataservice/service/rdb/rdb_syncer.cpp b/services/distributeddataservice/service/rdb/rdb_syncer.cpp index 431ebc417d593382b609a774584cb24d0fc4f009..82fbde468508e4de083d675183c329b774cb66c3 100644 --- a/services/distributeddataservice/service/rdb/rdb_syncer.cpp +++ b/services/distributeddataservice/service/rdb/rdb_syncer.cpp @@ -86,7 +86,7 @@ std::string RdbSyncer::GetAppId() const std::string RdbSyncer::GetPath() const { - return param_.path_; + return param_.realPath_; } std::string RdbSyncer::GetStoreId() const