diff --git a/interfaces/inner_kits/native_cpp/BUILD.gn b/interfaces/inner_kits/native_cpp/BUILD.gn index 99011143aa34c6f8bd509c458f50138fd8ed6ce1..643fb07d874d77a9b777ee66f08d8bb7711f8c67 100644 --- a/interfaces/inner_kits/native_cpp/BUILD.gn +++ b/interfaces/inner_kits/native_cpp/BUILD.gn @@ -61,6 +61,7 @@ if (defined(ohos_lite)) { "ipc:ipc_core", "samgr_standard:samgr_proxy", "utils_base:utils", + "access_token:libaccesstoken_sdk", ] if (support_jsapi) { diff --git a/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp b/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp index 811a6d7f49c9bacdfd17d18f177127b3dcd7b8a6..13cf8c22785c9d0101f256798289f6c80e4c6bf3 100644 --- a/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp +++ b/interfaces/inner_kits/native_cpp/src/device_manager_impl.cpp @@ -15,15 +15,10 @@ #include "device_manager_impl.h" -#ifdef SUPPORT_CALLING_ABILITY -#include "bundle_constants.h" -#include "bundle_info.h" -#include "bundle_mgr_client.h" -#include "bundle_mgr_interface.h" -#endif -#include "if_system_ability_manager.h" -#include "iservice_registry.h" -#include "system_ability_definition.h" +#include "access_token.h" +#include "hap_token_info.h" +#include "native_token_info.h" +#include "accesstoken_kit.h" #include "device_manager_notify.h" #include "dm_constants.h" @@ -45,46 +40,60 @@ #include "ipc_verify_authenticate_req.h" #include "securec.h" -#ifdef SUPPORT_CALLING_ABILITY -using namespace OHOS::AppExecFwk; -using namespace OHOS::AppExecFwk::Constants; -#endif +using namespace OHOS::Security::AccessToken; namespace OHOS { namespace DistributedHardware { bool DeviceManagerImpl::isSystemAppCalling(void) { -#ifdef SUPPORT_CALLING_ABILITY - int32_t uid = IPCSkeleton::GetCallingUid(); - if (uid < 0) { - LOGI("app caller uid is: %d,", uid); + LOGI("Enter DeviceManagerImpl::isSystemAppCalling 111111"); + const std::string permissionName = "ohos.permission.CAMERA"; + + AccessTokenID tokenFirstCaller = IPCSkeleton::GetFirstTokenID(); + if (tokenFirstCaller == 0) { + LOGI("DeviceManagerImpl::tokenFirstCaller == 0"); return false; } - - sptr systemAbilityManager = - SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (systemAbilityManager == nullptr) { - LOGE("failed to get system ability mgr."); - return true; - } - sptr remoteObject = systemAbilityManager->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID); - if (remoteObject == nullptr) { - LOGE("failed to get bundle manager proxy."); - return true; - } - - LOGI("get bundle manager proxy success."); - sptr iBundleMgr = iface_cast(remoteObject); - if (iBundleMgr == nullptr) { - LOGI("iBundleMgr is nullptr, caller may be a process"); - return true; - } - - return iBundleMgr->CheckIsSystemAppByUid(uid); -#else - // Minimum system only native services will call - return true; -#endif + LOGI("DeviceManagerImpl::tokenFirstCaller ID == %d", tokenFirstCaller); + + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGI("DeviceManagerImpl::tokenCaller == 0"); + return false; + } + LOGI("DeviceManagerImpl::tokenCaller ID == %d", tokenCaller); + HapTokenInfo hapTokenInfoRes; + int a1 = AccessTokenKit::GetHapTokenInfo(tokenCaller, hapTokenInfoRes); + if (a1 != 0) { + LOGI("DeviceManagerImpl::GetHapTokenInfo return false"); + return false; + } + LOGI("hapTokenInfoRes.apl = %d", hapTokenInfoRes.apl); + LOGI("hapTokenInfoRes.ver = %c", hapTokenInfoRes.ver); + LOGI("hapTokenInfoRes.userID = %d", hapTokenInfoRes.userID); + LOGI("hapTokenInfoRes.bundleName = %s", hapTokenInfoRes.bundleName.c_str()); + LOGI("hapTokenInfoRes.instIndex = %d", hapTokenInfoRes.instIndex); + LOGI("hapTokenInfoRes.appID = %s", hapTokenInfoRes.appID.c_str()); + LOGI("hapTokenInfoRes.deviceID = %s", hapTokenInfoRes.deviceID.c_str()); + LOGI("hapTokenInfoRes.tokenID = %d", hapTokenInfoRes.tokenID); + LOGI("hapTokenInfoRes.tokenAttr = %d", hapTokenInfoRes.tokenAttr); + + NativeTokenInfo nativeTokenInfoRes; + int b1 = AccessTokenKit::GetNativeTokenInfo(tokenCaller, nativeTokenInfoRes); + if (b1 != 0) { + LOGI("DeviceManagerImpl::GetNativeTokenInfo return false"); + return false; + } + LOGI("nativeTokenInfoRes.apl = %d", nativeTokenInfoRes.apl); + LOGI("nativeTokenInfoRes.ver = %c", nativeTokenInfoRes.ver); + LOGI("nativeTokenInfoRes.processName = %s", nativeTokenInfoRes.processName.c_str()); + for (size_t i = 0; i < nativeTokenInfoRes.dcap.size(); i++) { + LOGI("nativeTokenInfoRes.dcap[%d] = %s", i, nativeTokenInfoRes.dcap[i].c_str()); + } + LOGI("nativeTokenInfoRes.tokenID = %d", nativeTokenInfoRes.tokenID); + LOGI("nativeTokenInfoRes.tokenAttr = %d", nativeTokenInfoRes.tokenAttr); + bool bVal = false; + return bVal; } DeviceManagerImpl &DeviceManagerImpl::GetInstance() diff --git a/services/devicemanagerservice/BUILD.gn b/services/devicemanagerservice/BUILD.gn index cde4b3193c839c7d977c0188478d1d6adbfb58ef..9cb7b2257e5a4cf97605f648df79acbc20997c6f 100644 --- a/services/devicemanagerservice/BUILD.gn +++ b/services/devicemanagerservice/BUILD.gn @@ -118,6 +118,7 @@ if (defined(ohos_lite)) { "startup_l2:syspara", "startup_l2:syspara_watchagent", "utils_base:utils", + "access_token:libaccesstoken_sdk", ] subsystem_name = "distributedhardware" diff --git a/services/devicemanagerservice/src/device_manager_service.cpp b/services/devicemanagerservice/src/device_manager_service.cpp index 8a02d72652ff492a4d90a471db1de89b8175c9a4..475aa69a64cea1a0d6dbdbc7b00749a914d7dad8 100644 --- a/services/devicemanagerservice/src/device_manager_service.cpp +++ b/services/devicemanagerservice/src/device_manager_service.cpp @@ -25,7 +25,15 @@ #include "dm_log.h" #include "multiple_user_connector.h" +#include "ipc_skeleton.h" +#include "access_token.h" +#include "hap_token_info.h" +#include "native_token_info.h" +#include "accesstoken_kit.h" + + using namespace OHOS::EventFwk; +using namespace OHOS::Security::AccessToken; namespace OHOS { namespace DistributedHardware { @@ -44,78 +52,61 @@ DeviceManagerService::~DeviceManagerService() int32_t DeviceManagerService::Init() { - if (intFlag_) { - LOGE("Init failed, singleton cannot be initialized multiple times"); - return DM_INT_MULTIPLE; - } - if (softbusConnector_ == nullptr) { - softbusConnector_ = std::make_shared(); - if (softbusConnector_ == nullptr) { - LOGE("Init failed, softbusConnector_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - } - if (listener_ == nullptr) { - listener_ = std::make_shared(); - if (softbusConnector_ == nullptr) { - LOGE("Init failed, listener_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - } - if (hiChainConnector_ == nullptr) { - hiChainConnector_ = std::make_shared(); - if (hiChainConnector_ == nullptr) { - LOGE("Init failed, hiChainConnector_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - } - if (deviceInfoMgr_ == nullptr) { - deviceInfoMgr_ = std::make_shared(softbusConnector_); - if (deviceInfoMgr_ == nullptr) { - LOGE("Init failed, deviceInfoMgr_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } + LOGI("Enter DeviceManagerService::isSystemAppCalling 111111"); + const std::string permissionName = "ohos.permission.CAMERA"; + AccessTokenID tokenFirstCaller = IPCSkeleton::GetFirstTokenID(); + if (tokenFirstCaller == 0) { + LOGI("DeviceManagerService::tokenFirstCaller ID == 0"); + return false; } - if (deviceStateMgr_ == nullptr) { - deviceStateMgr_ = std::make_shared(softbusConnector_, listener_); - if (deviceStateMgr_ == nullptr) { - LOGE("Init failed, deviceStateMgr_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - deviceStateMgr_->RegisterSoftbusStateCallback(); - } - if (discoveryMgr_ == nullptr) { - discoveryMgr_ = std::make_shared(softbusConnector_, listener_); - if (discoveryMgr_ == nullptr) { - LOGE("Init failed, discoveryMgr_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - } - if (authMgr_ == nullptr) { - authMgr_ = std::make_shared(softbusConnector_, listener_, hiChainConnector_); - if (authMgr_ == nullptr) { - LOGE("Init failed, authMgr_ apply for failure"); - return DM_MAKE_SHARED_FAIL; - } - softbusConnector_->GetSoftbusSession()->RegisterSessionCallback(authMgr_); - hiChainConnector_->RegisterHiChainCallback(authMgr_); + LOGI("DeviceManagerService::tokenFirstCaller ID == %d", tokenFirstCaller); + + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGI("DeviceManagerService::tokenCaller == 0"); + return false; } + LOGI("DeviceManagerService::tokenCaller ID == %d", tokenCaller); - int32_t userId = MultipleUserConnector::GetCurrentAccountUserID(); - if (userId > 0) { - LOGI("get current account user id success"); - MultipleUserConnector::SetSwitchOldUserId(userId); + HapTokenInfo hapTokenInfoRes; + int a1 = AccessTokenKit::GetHapTokenInfo(tokenCaller, hapTokenInfoRes); + if (a1 != 0) { + LOGI("DeviceManagerService::GetHapTokenInfo return false"); + return false; } + LOGI("hapTokenInfoRes.apl = %d", hapTokenInfoRes.apl); + LOGI("hapTokenInfoRes.ver = %c", hapTokenInfoRes.ver); + LOGI("hapTokenInfoRes.userID = %d", hapTokenInfoRes.userID); + LOGI("hapTokenInfoRes.bundleName = %s", hapTokenInfoRes.bundleName.c_str()); + LOGI("hapTokenInfoRes.instIndex = %d", hapTokenInfoRes.instIndex); + LOGI("hapTokenInfoRes.appID = %s", hapTokenInfoRes.appID.c_str()); + LOGI("hapTokenInfoRes.deviceID = %s", hapTokenInfoRes.deviceID.c_str()); + LOGI("hapTokenInfoRes.tokenID = %d", hapTokenInfoRes.tokenID); + LOGI("hapTokenInfoRes.tokenAttr = %d", hapTokenInfoRes.tokenAttr); - DmCommonEventManager &dmCommonEventManager = DmCommonEventManager::GetInstance(); - CommomEventCallback callback = std::bind(&DmAuthManager::UserSwitchEventCallback, *authMgr_.get(), - std::placeholders::_1); - if (dmCommonEventManager.SubscribeServiceEvent(CommonEventSupport::COMMON_EVENT_USER_SWITCHED, callback)) { - LOGI("subscribe service user switch common event success"); + NativeTokenInfo nativeTokenInfoRes; + int b1 = AccessTokenKit::GetNativeTokenInfo(tokenCaller, nativeTokenInfoRes); + if (b1 != 0) { + LOGI("DeviceManagerService::GetNativeTokenInfo return false"); + return false; + } + LOGI("nativeTokenInfoRes.apl = %d", nativeTokenInfoRes.apl); + LOGI("nativeTokenInfoRes.ver = %c", nativeTokenInfoRes.ver); + LOGI("nativeTokenInfoRes.processName = %s", nativeTokenInfoRes.processName.c_str()); + for (size_t i = 0; i < nativeTokenInfoRes.dcap.size(); i++) { + LOGI("nativeTokenInfoRes.dcap[%d] = %s", i, nativeTokenInfoRes.dcap[i].c_str()); } + LOGI("nativeTokenInfoRes.tokenID = %d", nativeTokenInfoRes.tokenID); + LOGI("nativeTokenInfoRes.tokenAttr = %d", nativeTokenInfoRes.tokenAttr); - LOGI("Init success, singleton initialized"); - intFlag_ = true; + bool bVal = false; + int res = AccessTokenKit::VerifyAccessToken(tokenCaller, permissionName); + if (res == PermissionState::PERMISSION_GRANTED) { + bVal = true; + } else { + bVal = false; + } + LOGI("leave DeviceManagerService::isSystemAppCalling 111111"); return DM_OK; }