From 38c2838dabf78990e69b03cbff1c8da0552ed797 Mon Sep 17 00:00:00 2001 From: liuzhongming Date: Thu, 7 Aug 2025 14:54:20 +0800 Subject: [PATCH] =?UTF-8?q?DMS=E5=8A=A0=E5=85=A5=E6=9F=A5=E8=AF=A2?= =?UTF-8?q?=E5=8F=AF=E4=BF=A1=E8=AE=BE=E5=A4=87=E7=99=BD=E5=90=8D=E5=8D=95?= =?UTF-8?q?=20Signed-off-by:=20liuzhongming=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../permission/lite/permission_manager.h | 1 + .../permission/standard/permission_manager.h | 1 + .../service/src/device_manager_service.cpp | 3 +- .../permission/lite/permission_manager.cpp | 5 +++ .../standard/permission_manager.cpp | 36 +++++++++++++++++++ .../UTTest_permission_manager.cpp | 10 ++++++ 6 files changed, 55 insertions(+), 1 deletion(-) diff --git a/services/service/include/permission/lite/permission_manager.h b/services/service/include/permission/lite/permission_manager.h index 212506b7d..0421f096a 100644 --- a/services/service/include/permission/lite/permission_manager.h +++ b/services/service/include/permission/lite/permission_manager.h @@ -40,6 +40,7 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + bool CheckProcessValidOnGetTrustedDeviceList(); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/include/permission/standard/permission_manager.h b/services/service/include/permission/standard/permission_manager.h index 4b6d14c0d..d5aab748c 100644 --- a/services/service/include/permission/standard/permission_manager.h +++ b/services/service/include/permission/standard/permission_manager.h @@ -39,6 +39,7 @@ public: bool CheckProcessNameValidModifyLocalDeviceName(const std::string &processName); bool CheckProcessNameValidModifyRemoteDeviceName(const std::string &processName); bool CheckProcessNameValidPutDeviceProfileInfoList(const std::string &processName); + bool CheckProcessValidOnGetTrustedDeviceList(); private: bool VerifyAccessTokenByPermissionName(const std::string& permissionName); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index a1333d81e..b44999e48 100644 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -411,7 +411,8 @@ int32_t DeviceManagerService::GetTrustedDeviceList(const std::string &pkgName, c } if (!onlineDeviceList.empty() && IsDMServiceImplReady()) { std::unordered_map udidMap; - if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName)) { + if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName) || + PermissionManager::GetInstance().CheckProcessValidOnGetTrustedDeviceList()) { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(std::string(ALL_PKGNAME)); } else { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(pkgName); diff --git a/services/service/src/permission/lite/permission_manager.cpp b/services/service/src/permission/lite/permission_manager.cpp index a86742e99..dbfa6d7f3 100644 --- a/services/service/src/permission/lite/permission_manager.cpp +++ b/services/service/src/permission/lite/permission_manager.cpp @@ -100,5 +100,10 @@ bool PermissionManager::CheckProcessNameValidPutDeviceProfileInfoList(const std: (void)processName; return true; } + +bool PermissionManager::CheckProcessValidOnGetTrustedDeviceList() +{ + return true; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/services/service/src/permission/standard/permission_manager.cpp b/services/service/src/permission/standard/permission_manager.cpp index 020b5e881..fbcd70775 100644 --- a/services/service/src/permission/standard/permission_manager.cpp +++ b/services/service/src/permission/standard/permission_manager.cpp @@ -93,6 +93,11 @@ constexpr const static char* PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST[] = { "com.huawei.hmos.tvcooperation", }; constexpr int32_t PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST_NUM = std::size(PUT_DEVICE_PROFILE_INFO_LIST_WHITE_LIST); + +constexpr const static char* GET_TRUSTED_DEVICE_LIST_WHITE_LIST[] = { + "distributedsched", +}; +constexpr uint32_t GET_TRUSTED_DEVICE_LIST_WHITE_LIST_NUM = std::size(GET_TRUSTED_DEVICE_LIST_WHITE_LIST); } bool PermissionManager::CheckPermission(void) @@ -201,11 +206,25 @@ bool PermissionManager::CheckProcessNameValidOnPinHolder(const std::string &proc bool PermissionManager::CheckWhiteListSystemSA(const std::string &pkgName) { + bool isInWhiteList = false; for (uint16_t index = 0; index < SYSTEM_SA_WHITE_LIST_NUM; ++index) { std::string tmp(SYSTEM_SA_WHITE_LIST[index]); if (pkgName == tmp) { + isInWhiteList = true; + } + } + if (isInWhiteList) { + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + if (tokenCaller == 0) { + LOGE("GetCallingTokenID error."); + return false; + } + ATokenTypeEnum tokenTypeFlag = AccessTokenKit::GetTokenTypeFlag(tokenCaller); + if (tokenTypeFlag == ATokenTypeEnum::TOKEN_NATIVE) { return true; } + LOGE("callser not SA pkgName %{public}s.", GetAnonyString(pkgName).c_str()); + return false; } return false; } @@ -330,5 +349,22 @@ bool PermissionManager::VerifyAccessTokenByPermissionName(const std::string& per LOGE("DM service access is denied, please apply for corresponding permissions"); return false; } + +bool PermissionManager::CheckProcessValidOnGetTrustedDeviceList() +{ + std::string processName = ""; + if (PermissionManager::GetInstance().GetCallerProcessName(processName) != DM_OK) { + LOGE("Get caller process name failed"); + return false; + } + uint16_t index = 0; + for (; index < GET_TRUSTED_DEVICE_LIST_WHITE_LIST_NUM; ++index) { + std::string tmp(GET_TRUSTED_DEVICE_LIST_WHITE_LIST[index]); + if (processName == tmp) { + return true; + } + } + return false; +} } // namespace DistributedHardware } // namespace OHOS diff --git a/test/commonunittest/UTTest_permission_manager.cpp b/test/commonunittest/UTTest_permission_manager.cpp index 1cb44f5f9..2ece3cf82 100644 --- a/test/commonunittest/UTTest_permission_manager.cpp +++ b/test/commonunittest/UTTest_permission_manager.cpp @@ -132,15 +132,23 @@ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_001, testing::ext::TestSi */ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_002, testing::ext::TestSize.Level1) { + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName1(systemSaWhiteList[0]); bool ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName1); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName2(systemSaWhiteList[1]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName2); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName3(systemSaWhiteList[2]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName3); ASSERT_EQ(ret, true); + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); std::string pkgName4(systemSaWhiteList[3]); ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName4); ASSERT_EQ(ret, true); @@ -156,6 +164,8 @@ HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_101, testing::ext::TestSi HWTEST_F(PermissionManagerTest, CheckWhiteListSystemSA_102, testing::ext::TestSize.Level1) { std::string pkgName = "ohos.dhardware"; + EXPECT_CALL(*ipcSkeletonMock_, GetCallingTokenID()).WillOnce(Return(10)); + EXPECT_CALL(*accessTokenKitMock_, GetTokenTypeFlag(_)).WillOnce(Return(ATokenTypeEnum::TOKEN_NATIVE)); bool ret = PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName); ASSERT_TRUE(ret); } -- Gitee