From 91e3421369e30d3b1376cb33034be80078d2cd7e Mon Sep 17 00:00:00 2001
From: li-tiangang4 <litiangang4@huawei-partners.com>
Date: Wed, 2 Jul 2025 13:55:10 +0800
Subject: [PATCH] =?UTF-8?q?rpc=E5=AE=89=E5=85=A8=E9=97=AE=E9=A2=98?=
 =?UTF-8?q?=EF=BC=8C=E9=80=82=E9=85=8D=E6=80=BB=E7=BA=BF=E6=96=B0=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: li-tiangang4 <litiangang4@huawei-partners.com>
---
 .../src/distributed_hardware_stub.cpp                     | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp b/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
index e8049452..d4caa3ce 100644
--- a/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
+++ b/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
@@ -283,6 +283,7 @@ int32_t OHOS::DistributedHardware::DistributedHardwareStub::HandleNotifySourceRe
     MessageParcel &reply)
 {
     DHLOGI("HandleNotifySourceRemoteSinkStarted Start.");
+    Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetDCallingTokenID();
     std::string udid = data.ReadString();
     if (!IsIdLengthValid(udid)) {
         DHLOGE("the udid: %{public}s is invalid.", GetAnonyString(udid).c_str());
@@ -294,6 +295,13 @@ int32_t OHOS::DistributedHardware::DistributedHardwareStub::HandleNotifySourceRe
         DHLOGE("the networkId: %{public}s is invalid, not a trusted device.", GetAnonyString(networkId).c_str());
         return ERR_DH_FWK_PARA_INVALID;
     }
+    uint32_t dAccessToken = Security::AccessToken::AccessTokenKit::AllocLocalTokenID(networkId, callerToken);
+    const std::string permissionName = "ohos.permission.ACCESS_DISTRIBUTED_HARDWARE";
+    int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(dAccessToken, permissionName);
+    if (result != Security::AccessToken::PERMISSION_GRANTED) {
+        DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission.");
+        return ERR_DH_FWK_ACCESS_PERMISSION_CHECK_FAIL;
+    }
 
     int32_t ret = NotifySourceRemoteSinkStarted(udid);
     if (!reply.WriteInt32(ret)) {
-- 
Gitee