diff --git a/services/service/include/permission/lite/permission_manager.h b/services/service/include/permission/lite/permission_manager.h index 212506b7db10724be699897945e5570e16f4678f..0421f096a1ce9a2171760921b735db22bd6f0558 100644 --- a/services/service/include/permission/lite/permission_manager.h +++ b/services/service/include/permission/lite/permission_manager.h @@ -40,6 +40,7 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + bool CheckProcessValidOnGetTrustedDeviceList(); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/include/permission/standard/permission_manager.h b/services/service/include/permission/standard/permission_manager.h index 4b6d14c0d25eee8ef4f8677fc316ffb065340502..d5aab748c28af3a3fdf91c9fcad9076ebaa51c2b 100644 --- a/services/service/include/permission/standard/permission_manager.h +++ b/services/service/include/permission/standard/permission_manager.h @@ -39,6 +39,7 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + bool CheckProcessValidOnGetTrustedDeviceList(); private: bool VerifyAccessTokenByPermissionName(const std::string& permissionName); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index a1333d81ec29ac1a5c118fa35da13d51d9c72859..b44999e4897317f533565d5b2cc0a3c28443dee8 100644 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -411,7 +411,8 @@ int32_t DeviceManagerService::GetTrustedDeviceList(const std::string &pkgName, c } if (!onlineDeviceList.empty() && IsDMServiceImplReady()) { std::unordered_map udidMap; - if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName)) { + if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName) || + PermissionManager::GetInstance().CheckProcessValidOnGetTrustedDeviceList()) { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(std::string(ALL_PKGNAME)); } else { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(pkgName); diff --git a/services/service/src/permission/lite/permission_manager.cpp b/services/service/src/permission/lite/permission_manager.cpp index a86742e99b71a134ce1accf3246d895ae3ea3670..dbfa6d7f3631c3c95e130bac52f4c2592e427342 100644 --- a/services/service/src/permission/lite/permission_manager.cpp +++ b/services/service/src/permission/lite/permission_manager.cpp @@ -100,5 +100,10 @@ bool PermissionManager::CheckProcessNameValidPutDeviceProfileInfoList(const std: (void)processName; return true; } + +bool PermissionManager::CheckProcessValidOnGetTrustedDeviceList() +{ + return true; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 020b5e881d5825bf8ca16395faae3534e7f8451d..fbcd7077505b4f93b95c59b93b06ef7b46a29846 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -93,6 +93,11 @@ constexpr const static char* PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST[] = { "com.huawei.hmos.tvcooperation", }; constexpr int32_t PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST_NUM = std::size(PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST); + +constexpr const static char* GET_TRUSTED_DEVICE_LIST_WHITE_LIST[] = { + "distributedsched", +}; +constexpr uint32_t GET_TRUSTED_DEVICE_LIST_WHITE_LIST_NUM = std::size(GET_TRUSTED_DEVICE_LIST_WHITE_LIST); } bool PermissionManager::CheckPermission(void) @@ -201,11 +206,25 @@ bool PermissionManager::CheckProcessNameValidOnPinHolder(const std::string &proc bool PermissionManager::CheckWhiteListSystemSA(const std::string &pkgName) { + bool isInWhiteList = false; for (uint16_t index = 0; index < SYSTEM_SA_WHITE_LIST_NUM; ++index) { std::string tmp(SYSTEM_SA_WHITE_LIST[index]); if (pkgName == tmp) { + isInWhiteList = true; + } + } + if (isInWhiteList) { + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGE("GetCallingTokenID error."); + return false; + } + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { return true; } + LOGE("callser not SA pkgName %{public}s.", GetAnonyString(pkgName).c_str()); + return false; } return false; } @@ -330,5 +349,22 @@ bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& per LOGE("DM service access is denied, please apply for corresponding permissions"); return false; } + +bool PermissionManager::CheckProcessValidOnGetTrustedDeviceList() +{ + std::string processName = ""; + if (PermissionManager::GetInstance().GetCallerProcessName(processName) != DM_OK) { + LOGE("Get caller process name failed"); + return false; + } + uint16_t index = 0; + for (; index < GET_TRUSTED_DEVICE_LIST_WHITE_LIST_NUM; ++index) { + std::string tmp(GET_TRUSTED_DEVICE_LIST_WHITE_LIST[index]); + if (processName == tmp) { + return true; + } + } + return false; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/test/commonunittest/UTTest_permission_manager.cpp b/test/commonunittest/UTTest_permission_manager.cpp index 1cb44f5f9992b2db67b330f13b41e4bd826c187d..2ece3cf82720bafcbd8c136de865997b84f72d43 100644 --- a/test/commonunittest/UTTest_permission_manager.cpp +++ b/test/commonunittest/UTTest_permission_manager.cpp @@ -132,15 +132,23 @@ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_001, testing::ext::TestSi */ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_002, testing::ext::TestSize.Level1) { + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName1(systemSaWhiteList[0]); bool ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName1); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName2(systemSaWhiteList[1]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName2); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName3(systemSaWhiteList[2]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName3); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName4(systemSaWhiteList[3]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName4); ASSERT_EQ(ret, true); @@ -156,6 +164,8 @@ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_101, testing::ext::TestSi HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_102, testing::ext::TestSize.Level1) { std::string pkgName = "ohos.dhardware"; + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); bool ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName); ASSERT_TRUE(ret); }