diff --git a/bundle.json b/bundle.json index 3d709f0ed122b11200a4d4c50b8254bc8384c1ee..a22f764ddd16e1af712e18cc7bf370bd920f8881 100644 --- a/bundle.json +++ b/bundle.json @@ -28,6 +28,8 @@ ], "deps": { "components": [ + "access_token", + "accessibility", "dsoftbus", "hisysevent", "init", diff --git a/services/screenservice/sinkservice/BUILD.gn b/services/screenservice/sinkservice/BUILD.gn index aca0540e82b45e15746129321fb44a86fde3444f..615715d7aa3870990d8d253e16a8103f1f44a3f6 100644 --- a/services/screenservice/sinkservice/BUILD.gn +++ b/services/screenservice/sinkservice/BUILD.gn @@ -68,6 +68,8 @@ ohos_shared_library("distributed_screen_sink") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "distributed_hardware_fwk:distributed_av_receiver", "distributed_hardware_fwk:libdhfwk_sdk", diff --git a/services/screenservice/sinkservice/dscreenservice/include/dscreen_sink_stub.h b/services/screenservice/sinkservice/dscreenservice/include/dscreen_sink_stub.h index 7648328f96b22c09299ceec0193eb4d72f22a887..0259ebd82f502f33e5ab6b843ca5744eaeead534 100644 --- a/services/screenservice/sinkservice/dscreenservice/include/dscreen_sink_stub.h +++ b/services/screenservice/sinkservice/dscreenservice/include/dscreen_sink_stub.h @@ -45,6 +45,7 @@ private: MessageOption &option); int32_t DScreenNotifyInner(MessageParcel &data, MessageParcel &reply, MessageOption &option); + bool HasEnableDHPermission(); }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/screenservice/sinkservice/dscreenservice/src/dscreen_sink_stub.cpp b/services/screenservice/sinkservice/dscreenservice/src/dscreen_sink_stub.cpp index fe309f317e285077e882d181103e8cc9074377b8..0df80cb3805185e18cb31c0b8fa09eb1ec939b2f 100644 --- a/services/screenservice/sinkservice/dscreenservice/src/dscreen_sink_stub.cpp +++ b/services/screenservice/sinkservice/dscreenservice/src/dscreen_sink_stub.cpp @@ -15,10 +15,12 @@ #include "dscreen_sink_stub.h" +#include "accesstoken_kit.h" #include "dscreen_constants.h" #include "dscreen_errcode.h" #include "dscreen_ipc_interface_code.h" #include "dscreen_log.h" +#include "ipc_skeleton.h" namespace OHOS { namespace DistributedHardware { @@ -36,6 +38,15 @@ DScreenSinkStub::DScreenSinkStub() &DScreenSinkStub::DScreenNotifyInner; } +bool DScreenSinkStub::HasEnableDHPermission() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + const std::string permissionName = "ohos.permission.ENABLE_DISTRIBUTED_HARDWARE"; + int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, + permissionName); + return (result == Security::AccessToken::PERMISSION_GRANTED); +} + int32_t DScreenSinkStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { @@ -59,6 +70,10 @@ int32_t DScreenSinkStub::InitSinkInner(MessageParcel &data, MessageParcel &reply MessageOption &option) { (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } std::string param = data.ReadString(); if (param.empty() || param.size() > PARAM_MAX_SIZE) { DHLOGE("InitSinkInner error: invalid parameter."); @@ -74,6 +89,10 @@ int32_t DScreenSinkStub::ReleaseSinkInner(MessageParcel &data, MessageParcel &re { (void)data; (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } int32_t ret = ReleaseSink(); reply.WriteInt32(ret); return DH_SUCCESS; diff --git a/services/screenservice/sourceservice/BUILD.gn b/services/screenservice/sourceservice/BUILD.gn index 92469d0feace83de8711c954311ebb54fe782015..feaf872c7d0799a7f55fe29cd88141181863b966 100644 --- a/services/screenservice/sourceservice/BUILD.gn +++ b/services/screenservice/sourceservice/BUILD.gn @@ -74,6 +74,8 @@ ohos_shared_library("distributed_screen_source") { ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "distributed_hardware_fwk:distributed_av_sender", "distributed_hardware_fwk:distributedhardwareutils", diff --git a/services/screenservice/sourceservice/dscreenservice/include/dscreen_source_stub.h b/services/screenservice/sourceservice/dscreenservice/include/dscreen_source_stub.h index 541290a079e7e64200d79ef49cb590298590893d..2c0f1ebb92e15ab5fc34cef7cb1d1aa98a316daa 100644 --- a/services/screenservice/sourceservice/dscreenservice/include/dscreen_source_stub.h +++ b/services/screenservice/sourceservice/dscreenservice/include/dscreen_source_stub.h @@ -47,6 +47,7 @@ private: bool CheckUnregParams(const std::string &devId, const std::string &dhId, const std::string &reqId) const; bool CheckConfigParams(const std::string &devId, const std::string &dhId, const std::string &key, const std::string &value) const; + bool HasEnableDHPermission(); using DScreenSourceFunc = int32_t (DScreenSourceStub::*)(MessageParcel &data, MessageParcel &reply, MessageOption &option); std::map memberFuncMap_; diff --git a/services/screenservice/sourceservice/dscreenservice/src/dscreen_source_stub.cpp b/services/screenservice/sourceservice/dscreenservice/src/dscreen_source_stub.cpp index 140a13a3f6a9e30216c2ff32aa635770086fcdfa..7e6f242e4476a7ccfa3614971323498f4dc32904 100644 --- a/services/screenservice/sourceservice/dscreenservice/src/dscreen_source_stub.cpp +++ b/services/screenservice/sourceservice/dscreenservice/src/dscreen_source_stub.cpp @@ -17,11 +17,13 @@ #include "iservice_registry.h" +#include "accesstoken_kit.h" #include "dscreen_constants.h" #include "dscreen_errcode.h" #include "dscreen_ipc_interface_code.h" #include "dscreen_log.h" #include "dscreen_source_callback_proxy.h" +#include "ipc_skeleton.h" namespace OHOS { namespace DistributedHardware { @@ -41,6 +43,15 @@ DScreenSourceStub::DScreenSourceStub() &DScreenSourceStub::DScreenNotifyInner; } +bool DScreenSourceStub::HasEnableDHPermission() +{ + Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID(); + const std::string permissionName = "ohos.permission.ENABLE_DISTRIBUTED_HARDWARE"; + int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, + permissionName); + return (result == Security::AccessToken::PERMISSION_GRANTED); +} + int32_t DScreenSourceStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { @@ -64,6 +75,10 @@ int32_t DScreenSourceStub::InitSourceInner(MessageParcel &data, MessageParcel &r MessageOption &option) { (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } std::string param = data.ReadString(); if (param.empty() || param.size() > PARAM_MAX_SIZE) { DHLOGE("InitSourceInner error: invalid parameter"); @@ -90,6 +105,10 @@ int32_t DScreenSourceStub::ReleaseSourceInner(MessageParcel &data, MessageParcel { (void)data; (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } int32_t ret = ReleaseSource(); reply.WriteInt32(ret); return DH_SUCCESS; @@ -99,6 +118,10 @@ int32_t DScreenSourceStub::RegisterDistributedHardwareInner(MessageParcel &data, MessageOption &option) { (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } std::string devId = data.ReadString(); std::string dhId = data.ReadString(); std::string version = data.ReadString(); @@ -121,6 +144,10 @@ int32_t DScreenSourceStub::UnregisterDistributedHardwareInner(MessageParcel &dat MessageOption &option) { (void)option; + if (!HasEnableDHPermission()) { + DHLOGE("The caller has no ENABLE_DISTRIBUTED_HARDWARE permission."); + return DSCREEN_INIT_ERR; + } std::string devId = data.ReadString(); std::string dhId = data.ReadString(); std::string reqId = data.ReadString();