From 1f075f7d07eb518c847ee84e7c44829adf395bc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Mon, 14 Jul 2025 19:48:06 +0800 Subject: [PATCH 1/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- .../standard/permission_manager.cpp | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index c88b33ba8..5e810138e 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -101,13 +101,13 @@ bool PermissionManager::CheckPermission(void) } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION) != + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION) == PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding permissions"); - return false; + return true; } } - return true; + LOGE("DM service access is denied, please apply for corresponding permissions"); + return false; } bool PermissionManager::CheckNewPermission(void) @@ -119,13 +119,13 @@ bool PermissionManager::CheckNewPermission(void) } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_NEWPERMISSION) != + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_NEWPERMISSION) == PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding new permissions"); - return false; + return true; } } - return true; + LOGE("DM service access is denied, please apply for corresponding new permissions"); + return false; } bool PermissionManager::CheckMonitorPermission(void) @@ -137,13 +137,13 @@ bool PermissionManager::CheckMonitorPermission(void) } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) != + if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) == PermissionState::PERMISSION_GRANTED) { - LOGE("DM service access is denied, please apply for corresponding permissions."); - return false; + return true; } } - return true; + LOGE("DM service access is denied, please apply for corresponding permissions."); + return false; } int32_t PermissionManager::GetCallerProcessName(std::string &processName) -- Gitee From 0a96b19ad7407cf9e8f6fbe1e872dc4ccbfc262a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Mon, 14 Jul 2025 19:49:14 +0800 Subject: [PATCH 2/5] =?UTF-8?q?=E5=88=A0=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- services/service/src/permission/standard/permission_manager.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 5e810138e..9b7936967 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -34,8 +34,6 @@ constexpr const char* DM_SERVICE_ACCESS_NEWPERMISSION = "ohos.permission.DISTRIB constexpr const char* DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION = "ohos.permission.MONITOR_DEVICE_NETWORK_STATE"; constexpr int32_t AUTH_CODE_WHITE_LIST_NUM = 6; constexpr const static char* g_authCodeWhiteList[AUTH_CODE_WHITE_LIST_NUM] = { - "com.huawei.msdp.hmringgenerator", - "com.huawei.msdp.hmringdiscriminator", "CollaborationFwk", "wear_link_service", "watch_system_service", -- Gitee From cc6a28cafc432bc74dc52908a60af4e8fcb3d823 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Mon, 14 Jul 2025 20:14:33 +0800 Subject: [PATCH 3/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- services/service/src/permission/standard/permission_manager.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 9b7936967..5e810138e 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -34,6 +34,8 @@ constexpr const char* DM_SERVICE_ACCESS_NEWPERMISSION = "ohos.permission.DISTRIB constexpr const char* DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION = "ohos.permission.MONITOR_DEVICE_NETWORK_STATE"; constexpr int32_t AUTH_CODE_WHITE_LIST_NUM = 6; constexpr const static char* g_authCodeWhiteList[AUTH_CODE_WHITE_LIST_NUM] = { + "com.huawei.msdp.hmringgenerator", + "com.huawei.msdp.hmringdiscriminator", "CollaborationFwk", "wear_link_service", "watch_system_service", -- Gitee From 6dc6c20af083ec636575844bc89ca3238f865ab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Mon, 14 Jul 2025 20:45:32 +0800 Subject: [PATCH 4/5] =?UTF-8?q?=E6=8A=BD=E5=8F=96=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- .../permission/standard/permission_manager.h | 3 + .../standard/permission_manager.cpp | 63 +++++++------------ 2 files changed, 24 insertions(+), 42 deletions(-) diff --git a/services/service/include/permission/standard/permission_manager.h b/services/service/include/permission/standard/permission_manager.h index ca52cd987..4b6d14c0d 100644 --- a/services/service/include/permission/standard/permission_manager.h +++ b/services/service/include/permission/standard/permission_manager.h @@ -39,6 +39,9 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + +private: + bool VerifyAccessTokenByPermissionName(const std::string& permissionName); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 5e810138e..48b3f9426 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -94,56 +94,17 @@ constexpr const static char* g_putDeviceProfileInfoListWhiteList[PUT_DEVICE_PROF bool PermissionManager::CheckPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_PERMISSION) == - PermissionState::PERMISSION_GRANTED) { - return true; - } - } - LOGE("DM service access is denied, please apply for corresponding permissions"); - return false; + return VerifyAccessTokenByPermissionName(DM_SERVICE_ACCESS_PERMISSION); } bool PermissionManager::CheckNewPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckNewPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_SERVICE_ACCESS_NEWPERMISSION) == - PermissionState::PERMISSION_GRANTED) { - return true; - } - } - LOGE("DM service access is denied, please apply for corresponding new permissions"); - return false; + return VerifyAccessTokenByPermissionName(DM_SERVICE_ACCESS_NEWPERMISSION); } bool PermissionManager::CheckMonitorPermission(void) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (tokenCaller == 0) { - LOGE("CheckMonitorPermission GetCallingTokenID error."); - return false; - } - ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); - if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { - if (AccessTokenKit::VerifyAccessToken(tokenCaller, DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION) == - PermissionState::PERMISSION_GRANTED) { - return true; - } - } - LOGE("DM service access is denied, please apply for corresponding permissions."); - return false; + return VerifyAccessTokenByPermissionName(DM_MONITOR_DEVICE_NETWORK_STATE_PERMISSION); } int32_t PermissionManager::GetCallerProcessName(std::string &processName) @@ -330,5 +291,23 @@ bool PermissionManager::CheckProcessNameValidPutDeviceProfileInfoList(const std: } return false; } + +bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& permissionName) +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGE("CheckNewPermission GetCallingTokenID error."); + return false; + } + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_HAP || tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { + if (AccessTokenKit::VerifyAccessToken(tokenCaller, permissionName) == + PermissionState::PERMISSION_GRANTED) { + return true; + } + } + LOGE("DM service access is denied, please apply for corresponding permissions"); + return false; +} } // namespace DistributedHardware } // namespace OHOS -- Gitee From f63d2cb7cce1b4360696238fe05cd2bc71e721c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=99=93=E6=99=93?= Date: Mon, 14 Jul 2025 21:06:03 +0800 Subject: [PATCH 5/5] =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 史晓晓 --- services/service/src/permission/standard/permission_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 48b3f9426..c900326a6 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -296,7 +296,7 @@ bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& per { AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); if (tokenCaller == 0) { - LOGE("CheckNewPermission GetCallingTokenID error."); + LOGE("GetCallingTokenID error."); return false; } ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); -- Gitee