From 4521a1f04ccecee92ca0c316e36e6e3c06c8e46f Mon Sep 17 00:00:00 2001 From: chensihan Date: Wed, 2 Apr 2025 14:39:35 +0800 Subject: [PATCH 01/10] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=B7=AF=E5=BE=84?= =?UTF-8?q?=E7=A9=BF=E8=B6=8A=E6=A0=A1=E9=AA=8C=20Signed-off-by:=20chensih?= =?UTF-8?q?an=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../backup_sa/include/module_ipc/service.h | 1 + .../src/module_ipc/service_incremental.cpp | 57 +++++++++++++------ .../backup_sa/src/module_ipc/sub_service.cpp | 5 ++ utils/src/b_filesystem/b_dir.cpp | 16 +++++- 4 files changed, 59 insertions(+), 20 deletions(-) diff --git a/services/backup_sa/include/module_ipc/service.h b/services/backup_sa/include/module_ipc/service.h index 277b00f21..dfc4b4aa2 100644 --- a/services/backup_sa/include/module_ipc/service.h +++ b/services/backup_sa/include/module_ipc/service.h @@ -320,6 +320,7 @@ public: void ReportOnBundleStarted(IServiceReverse::Scenario scenario, const std::string &bundleName); ErrCode AppIncrementalFileReady(const std::string &bundleName, const std::string &fileName, UniqueFd fd, UniqueFd manifestFd, int32_t errCode); + ErrCode SendFileHandle(const std::string &bundleName, const std::string &fileName); public: explicit Service(int32_t saID, bool runOnCreate = false) : SystemAbility(saID, runOnCreate) { diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 2f78c020c..3b9b5e192 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -35,6 +35,7 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" +#include "b_filesystem/b_dir.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" #include "b_json/b_json_entity_caps.h" @@ -507,6 +508,10 @@ ErrCode Service::PublishIncrementalFile(const BFileInfo &fileInfo) HILOGE("Forbit to use PublishIncrementalFile with fileName for App"); return EPERM; } + if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } if (session_ == nullptr) { HILOGE("session is empty, bundleName:%{public}s", fileInfo.owner.c_str()); return BError(BError::Codes::SA_INVAL_ARG); @@ -550,6 +555,10 @@ ErrCode Service::PublishSAIncrementalFile(const BFileInfo &fileInfo, UniqueFd fd return BError(BError::Codes::SA_EXT_ERR_CALL); } HILOGI("Bundle name %{public}s is sa, publish sa incremental file", bundleName.c_str()); + if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } auto backupConnection = session_->GetSAExtConnection(bundleName); std::shared_ptr saConnection = backupConnection.lock(); if (saConnection == nullptr) { @@ -704,30 +713,20 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s GetAnonyPath(fileName).c_str()); return ret; } + if (BDir::CheckFilePathInvalid(fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } auto action = session_->GetServiceSchedAction(bundleName); if (action == BConstants::ServiceSchedAction::UNKNOWN) { HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); return BError(BError::Codes::SA_INVAL_ARG); } if (action == BConstants::ServiceSchedAction::RUNNING) { - auto backUpConnection = session_->GetExtConnection(bundleName); - if (backUpConnection == nullptr) { - HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto proxy = backUpConnection->GetBackupExtProxy(); - if (!proxy) { - HILOGE("GetIncrementalFileHandle failed, bundleName:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto[errCode, fd, reportFd] = proxy->GetIncrementalFileHandle(fileName); - auto err = AppIncrementalFileReady(bundleName, fileName, move(fd), move(reportFd), errCode); + auto err = SendFileHandle(bundleName, fileName); if (err != ERR_OK) { - HILOGE("Failed to send file handle, bundleName:%{public}s, fileName:%{public}s", - bundleName.c_str(), GetAnonyPath(fileName).c_str()); - AppRadar::Info info (bundleName, "", ""); - AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetIncrementalFileHandle", - GetUserIdDefault(), BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, err); + HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); + return err; } } else { SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); @@ -740,6 +739,30 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s } } + ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) +{ + auto backUpConnection = session_->GetExtConnection(bundleName); + if (backUpConnection == nullptr) { + HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto proxy = backUpConnection->GetBackupExtProxy(); + if (!proxy) { + HILOGE("GetIncrementalFileHandle failed, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto[errCode, fd, reportFd] = proxy->GetIncrementalFileHandle(fileName); + auto err = AppIncrementalFileReady(bundleName, fileName, move(fd), move(reportFd), errCode); + if (err != ERR_OK) { + HILOGE("Failed to send file handle, bundleName:%{public}s, fileName:%{public}s", + bundleName.c_str(), GetAnonyPath(fileName).c_str()); + AppRadar::Info info (bundleName, "", ""); + AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetIncrementalFileHandle", + GetUserIdDefault(), BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, err); + } + return BError(BError::Codes::OK); +} + bool Service::IncrementalBackup(const string &bundleName) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/services/backup_sa/src/module_ipc/sub_service.cpp b/services/backup_sa/src/module_ipc/sub_service.cpp index fcbfc1ad1..f3468e99b 100644 --- a/services/backup_sa/src/module_ipc/sub_service.cpp +++ b/services/backup_sa/src/module_ipc/sub_service.cpp @@ -37,6 +37,7 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" +#include "b_filesystem/b_dir.h" #include "b_file_info.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" @@ -226,6 +227,10 @@ ErrCode Service::PublishFile(const BFileInfo &fileInfo) HILOGE("Forbit to use publishFile with fileName for App"); return EPERM; } + if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } auto backUpConnection = session_->GetExtConnection(fileInfo.owner); if (backUpConnection == nullptr) { HILOGE("backUpConnection is empty, bundle:%{public}s", fileInfo.owner.c_str()); diff --git a/utils/src/b_filesystem/b_dir.cpp b/utils/src/b_filesystem/b_dir.cpp index 9b8f03dac..b51e7d93e 100644 --- a/utils/src/b_filesystem/b_dir.cpp +++ b/utils/src/b_filesystem/b_dir.cpp @@ -41,6 +41,9 @@ const int32_t PATH_MAX_LEN = 4096; const size_t TOP_ELE = 0; const std::string APP_DATA_DIR = BConstants::PATH_PUBLIC_HOME + BConstants::PATH_APP_DATA + BConstants::FILE_SEPARATOR_CHAR; +const std::string PATH_INVALID_FLAG1 = "../"; +const std::string PATH_INVALID_FLAG2 = "/.."; +const uint32_t PATH_INVALID_FLAG_LEN = 3; static bool IsEmptyDirectory(const string &path) { @@ -513,13 +516,20 @@ vector BDir::GetDirs(const vector &paths) bool BDir::CheckFilePathInvalid(const std::string &filePath) { - size_t pos = filePath.find(BConstants::PATH_ABSOLUTE); + size_t pos = filePath.find(PATH_INVALID_FLAG1); while (pos != string::npos) { if (pos == 0 || filePath[pos - 1] == BConstants::FILE_SEPARATOR_CHAR) { - HILOGE("Relative path is not allowed, path = %{public}s", GetAnonyPath(filePath).c_str()); + HILOGE("Relative path is not allowed, path contain ../, path = %{private}s", + GetAnonyString(filePath).c_str()); return true; } - pos = filePath.find(BConstants::PATH_ABSOLUTE, pos + BConstants::PATH_ABSOLUTE.size()); + pos = filePath.find(PATH_INVALID_FLAG1, pos + PATH_INVALID_FLAG_LEN); + } + pos = filePath.rfind(PATH_INVALID_FLAG2); + if ((pos != string::npos) && (filePath.size() - pos == PATH_INVALID_FLAG_LEN)) { + HILOGE("Relative path is not allowed, path tail is /.., path = %{private}s", + GetAnonyString(filePath).c_str()); + return true; } return false; } -- Gitee From b9a9a0d29fc8d3fbefb7814a1d7f302607fc4a14 Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 10:17:50 +0800 Subject: [PATCH 02/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20Signed-off-by:=20che?= =?UTF-8?q?nsihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/backup_sa/src/module_ipc/service_incremental.cpp | 8 -------- services/backup_sa/src/module_ipc/sub_service.cpp | 4 ---- 2 files changed, 12 deletions(-) diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 3b9b5e192..4ba9b10f4 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -508,10 +508,6 @@ ErrCode Service::PublishIncrementalFile(const BFileInfo &fileInfo) HILOGE("Forbit to use PublishIncrementalFile with fileName for App"); return EPERM; } - if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { - HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } if (session_ == nullptr) { HILOGE("session is empty, bundleName:%{public}s", fileInfo.owner.c_str()); return BError(BError::Codes::SA_INVAL_ARG); @@ -555,10 +551,6 @@ ErrCode Service::PublishSAIncrementalFile(const BFileInfo &fileInfo, UniqueFd fd return BError(BError::Codes::SA_EXT_ERR_CALL); } HILOGI("Bundle name %{public}s is sa, publish sa incremental file", bundleName.c_str()); - if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { - HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } auto backupConnection = session_->GetSAExtConnection(bundleName); std::shared_ptr saConnection = backupConnection.lock(); if (saConnection == nullptr) { diff --git a/services/backup_sa/src/module_ipc/sub_service.cpp b/services/backup_sa/src/module_ipc/sub_service.cpp index f3468e99b..1412c5e8a 100644 --- a/services/backup_sa/src/module_ipc/sub_service.cpp +++ b/services/backup_sa/src/module_ipc/sub_service.cpp @@ -227,10 +227,6 @@ ErrCode Service::PublishFile(const BFileInfo &fileInfo) HILOGE("Forbit to use publishFile with fileName for App"); return EPERM; } - if (BDir::CheckFilePathInvalid(fileInfo.fileName)) { - HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileInfo.fileName).c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } auto backUpConnection = session_->GetExtConnection(fileInfo.owner); if (backUpConnection == nullptr) { HILOGE("backUpConnection is empty, bundle:%{public}s", fileInfo.owner.c_str()); -- Gitee From 0b4e41995f2a905325c0fe52d2d2582a0b953330 Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 14:25:39 +0800 Subject: [PATCH 03/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20Signed-off-by:=20che?= =?UTF-8?q?nsihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../native/backup_ext/src/ext_extension.cpp | 15 +++---- .../native/backup_ext/src/untar_file.cpp | 12 +++--- .../src/module_ipc/service_incremental.cpp | 2 +- .../backup_utils/b_filesystem/b_dir_test.cpp | 42 +++++++++---------- utils/include/b_filesystem/b_dir.h | 2 +- utils/src/b_filesystem/b_dir.cpp | 8 ++-- 6 files changed, 39 insertions(+), 42 deletions(-) diff --git a/frameworks/native/backup_ext/src/ext_extension.cpp b/frameworks/native/backup_ext/src/ext_extension.cpp index 47a690922..c8b48651d 100644 --- a/frameworks/native/backup_ext/src/ext_extension.cpp +++ b/frameworks/native/backup_ext/src/ext_extension.cpp @@ -400,7 +400,7 @@ tuple BackupExtExtension::GetIncrementalFileHandle( throw BError(BError::Codes::EXT_INVAL_ARG, "Action is invalid"); } VerifyCaller(); - if (BDir::CheckFilePathInvalid(fileName)) { + if (!BDir::CheckFilePathValid(fileName)) { auto proxy = ServiceClient::GetInstance(); if (proxy == nullptr) { throw BError(BError::Codes::EXT_BROKEN_IPC, string("Failed to AGetInstance")); @@ -967,7 +967,7 @@ int BackupExtExtension::DoIncrementalRestore() string tarName = path + item; // 当用户指定fullBackupOnly字段或指定版本的恢复,解压目录当前在/backup/restore - if (BDir::CheckFilePathInvalid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { + if (!BDir::CheckFilePathValid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { HILOGE("Check incre tarfile path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } @@ -1056,7 +1056,7 @@ void BackupExtExtension::RestoreBigFilesForSpecialCloneCloud(const ExtManageInfo } const struct stat &sta = item.sta; string fileName = item.hashName; - if (BDir::CheckFilePathInvalid(fileName)) { + if (!BDir::CheckFilePathValid(fileName)) { HILOGE("Check big spec file path : %{public}s err, path is forbidden", GetAnonyPath(fileName).c_str()); errFileInfos_[fileName].emplace_back(DEFAULT_INVAL_VALUE); if (!RemoveFile(fileName)) { @@ -1111,7 +1111,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & } HILOGI("Start to untar file = %{public}s, untarPath = %{public}s", GetAnonyPath(item.hashName).c_str(), GetAnonyPath(untarPath).c_str()); - if (BDir::CheckFilePathInvalid(tarName)) { + if (!BDir::CheckFilePathValid(tarName)) { HILOGE("Check spec tarfile hash path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return ERR_INVALID_VALUE; } @@ -1119,7 +1119,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & HILOGE("File soft links are forbidden"); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } - if (BDir::CheckFilePathInvalid(untarPath)) { + if (!BDir::CheckFilePathValid(untarPath)) { HILOGE("Check spec tarfile path : %{public}s err, path is forbidden", GetAnonyPath(untarPath).c_str()); return ERR_INVALID_VALUE; } @@ -1268,11 +1268,8 @@ void BackupExtExtension::RestoreOneBigFile(const std::string &path, string fileName = path + itemHashName; string filePath = appendTargetPath ? (path + itemFileName) : itemFileName; - if (BDir::CheckFilePathInvalid(filePath)) { + if (!BDir::CheckFilePathValid(filePath)) { HILOGE("Check big file path : %{public}s err, path is forbidden", GetAnonyPath(filePath).c_str()); - AuditLog auditLog = {false, "Check file path", "ADD", "", 1, "FAILED", "CheckFilePathInvalid", - "RestoreOneBigFile", GetAnonyPath(filePath)}; - HiAudit::GetInstance(false).Write(auditLog); return; } if (BDir::CheckAndRmSoftLink(fileName)) { diff --git a/frameworks/native/backup_ext/src/untar_file.cpp b/frameworks/native/backup_ext/src/untar_file.cpp index 87d6f9454..be400219d 100644 --- a/frameworks/native/backup_ext/src/untar_file.cpp +++ b/frameworks/native/backup_ext/src/untar_file.cpp @@ -330,7 +330,7 @@ std::tuple UntarFile::ParseIncrementalTarFile(con void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::CheckFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -342,7 +342,7 @@ void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::CheckFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -354,7 +354,7 @@ void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo & void UntarFile::MatchGnuTypeLongName(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { auto result = ReadLongName(info); - if (BDir::CheckFilePathInvalid(info.fullPath) || BDir::CheckFilePathInvalid(info.longName)) { + if (!BDir::CheckFilePathValid(info.fullPath) || !BDir::CheckFilePathValid(info.longName)) { HILOGE("Check file path : %{public}s or long name : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str(), GetAnonyPath(info.longName).c_str()); isRightRes = false; @@ -428,7 +428,7 @@ bool UntarFile::DealFileTag(ErrFileInfo &errFileInfo, return true; } info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::CheckFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); errFileInfo[info.fullPath].emplace_back(DEFAULT_ERR); return false; @@ -453,7 +453,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case DIRTYPE: info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::CheckFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } @@ -462,7 +462,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case GNUTYPE_LONGNAME: { auto result = ReadLongName(info); - if (BDir::CheckFilePathInvalid(info.fullPath)) { + if (!BDir::CheckFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 4ba9b10f4..202dbfc80 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -705,7 +705,7 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s GetAnonyPath(fileName).c_str()); return ret; } - if (BDir::CheckFilePathInvalid(fileName)) { + if (!BDir::CheckFilePathValid(fileName)) { HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); return BError(BError::Codes::SA_INVAL_ARG); } diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 6cd5d7f4f..89c99493c 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -320,19 +320,19 @@ HWTEST_F(BDirTest, b_dir_GetDirs_0100, testing::ext::TestSize.Level1) } /** - * @tc.number: SUB_backup_b_dir_CheckFilePathInvalid_0100 - * @tc.name: b_dir_CheckFilePathInvalid_0100 - * @tc.desc: Test function of CheckFilePathInvalid interface for SUCCESS + * @tc.number: SUB_backup_b_dir_CheckFilePathValid_0100 + * @tc.name: b_dir_CheckFilePathValid_0100 + * @tc.desc: Test function of CheckFilePathValid interface for SUCCESS * @tc.size: MEDIUM * @tc.type: FUNC * @tc.level Level 1 * @tc.require: I6F3GV */ -HWTEST_F(BDirTest, b_dir_CheckFilePathInvalid_0100, testing::ext::TestSize.Level1) +HWTEST_F(BDirTest, b_dir_CheckFilePathValid_0100, testing::ext::TestSize.Level1) { - GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathInvalid_0100"; + GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathValid_0100"; try { - TestManager tm("b_dir_CheckFilePathInvalid_0100"); + TestManager tm("b_dir_CheckFilePathValid_0100"); std::string testPath = "../test../test1"; std::string testPath1 = "test../../test"; std::string testPath2 = "test../../"; @@ -340,24 +340,24 @@ HWTEST_F(BDirTest, b_dir_CheckFilePathInvalid_0100, testing::ext::TestSize.Level std::string testPath4 = "/test/test../test"; std::string testPath5 = "/test../test../test"; std::string testPath6 = "/test../test../test../"; - bool isForbid = BDir::CheckFilePathInvalid(testPath); - EXPECT_TRUE(isForbid); - bool isForbid1 = BDir::CheckFilePathInvalid(testPath1); - EXPECT_TRUE(isForbid1); - bool isForbid2 = BDir::CheckFilePathInvalid(testPath2); - EXPECT_TRUE(isForbid2); - bool isForbid3 = BDir::CheckFilePathInvalid(testPath3); - EXPECT_FALSE(isForbid3); - bool isForbid4 = BDir::CheckFilePathInvalid(testPath4); - EXPECT_FALSE(isForbid4); - bool isForbid5 = BDir::CheckFilePathInvalid(testPath5); - EXPECT_FALSE(isForbid5); - bool isForbid6 = BDir::CheckFilePathInvalid(testPath6); - EXPECT_FALSE(isForbid6); + bool isForbid = BDir::CheckFilePathValid(testPath); + EXPECT_FALSE(isForbid); + bool isForbid1 = BDir::CheckFilePathValid(testPath1); + EXPECT_FALSE(isForbid1); + bool isForbid2 = BDir::CheckFilePathValid(testPath2); + EXPECT_FALSE(isForbid2); + bool isForbid3 = BDir::CheckFilePathValid(testPath3); + EXPECT_TRUE(isForbid3); + bool isForbid4 = BDir::CheckFilePathValid(testPath4); + EXPECT_TRUE(isForbid4); + bool isForbid5 = BDir::CheckFilePathValid(testPath5); + EXPECT_TRUE(isForbid5); + bool isForbid6 = BDir::CheckFilePathValid(testPath6); + EXPECT_TRUE(isForbid6); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; } - GTEST_LOG_(INFO) << "BDirTest-end b_dir_CheckFilePathInvalid_0100"; + GTEST_LOG_(INFO) << "BDirTest-end b_dir_CheckFilePathValid_0100"; } /** diff --git a/utils/include/b_filesystem/b_dir.h b/utils/include/b_filesystem/b_dir.h index d17452d5b..2190bd316 100644 --- a/utils/include/b_filesystem/b_dir.h +++ b/utils/include/b_filesystem/b_dir.h @@ -91,7 +91,7 @@ public: * @param filePath 待核实的路径 * @return 是否是异常无效路径 */ - static bool CheckFilePathInvalid(const std::string &filePath); + static bool CheckFilePathValid(const std::string &filePath); /** * @brief 核实文件是否存在软链接并删除 diff --git a/utils/src/b_filesystem/b_dir.cpp b/utils/src/b_filesystem/b_dir.cpp index b51e7d93e..92b6b02be 100644 --- a/utils/src/b_filesystem/b_dir.cpp +++ b/utils/src/b_filesystem/b_dir.cpp @@ -514,14 +514,14 @@ vector BDir::GetDirs(const vector &paths) return dirs; } -bool BDir::CheckFilePathInvalid(const std::string &filePath) +bool BDir::CheckFilePathValid(const std::string &filePath) { size_t pos = filePath.find(PATH_INVALID_FLAG1); while (pos != string::npos) { if (pos == 0 || filePath[pos - 1] == BConstants::FILE_SEPARATOR_CHAR) { HILOGE("Relative path is not allowed, path contain ../, path = %{private}s", GetAnonyString(filePath).c_str()); - return true; + return false; } pos = filePath.find(PATH_INVALID_FLAG1, pos + PATH_INVALID_FLAG_LEN); } @@ -529,9 +529,9 @@ bool BDir::CheckFilePathInvalid(const std::string &filePath) if ((pos != string::npos) && (filePath.size() - pos == PATH_INVALID_FLAG_LEN)) { HILOGE("Relative path is not allowed, path tail is /.., path = %{private}s", GetAnonyString(filePath).c_str()); - return true; + return false; } - return false; + return true; } bool BDir::CheckAndRmSoftLink(const std::string &filePath) -- Gitee From 757972084a07c682799c76ba58c3b2b1f6d35c8e Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 14:38:00 +0800 Subject: [PATCH 04/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9ut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chensihan --- .../backup_utils/b_filesystem/b_dir_test.cpp | 21 +++++++------------ 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 89c99493c..97bfa2082 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -333,26 +333,19 @@ HWTEST_F(BDirTest, b_dir_CheckFilePathValid_0100, testing::ext::TestSize.Level1) GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathValid_0100"; try { TestManager tm("b_dir_CheckFilePathValid_0100"); - std::string testPath = "../test../test1"; - std::string testPath1 = "test../../test"; - std::string testPath2 = "test../../"; - std::string testPath3 = "test"; - std::string testPath4 = "/test/test../test"; - std::string testPath5 = "/test../test../test"; - std::string testPath6 = "/test../test../test../"; - bool isForbid = BDir::CheckFilePathValid(testPath); + bool isForbid = BDir::CheckFilePathValid("../test../test1"); EXPECT_FALSE(isForbid); - bool isForbid1 = BDir::CheckFilePathValid(testPath1); + bool isForbid1 = BDir::CheckFilePathValid("test../../test"); EXPECT_FALSE(isForbid1); - bool isForbid2 = BDir::CheckFilePathValid(testPath2); + bool isForbid2 = BDir::CheckFilePathValid("test../../"); EXPECT_FALSE(isForbid2); - bool isForbid3 = BDir::CheckFilePathValid(testPath3); + bool isForbid3 = BDir::CheckFilePathValid("test"); EXPECT_TRUE(isForbid3); - bool isForbid4 = BDir::CheckFilePathValid(testPath4); + bool isForbid4 = BDir::CheckFilePathValid("/test/test../test"); EXPECT_TRUE(isForbid4); - bool isForbid5 = BDir::CheckFilePathValid(testPath5); + bool isForbid5 = BDir::CheckFilePathValid("/test../test../test"); EXPECT_TRUE(isForbid5); - bool isForbid6 = BDir::CheckFilePathValid(testPath6); + bool isForbid6 = BDir::CheckFilePathValid("/test../test../test../"); EXPECT_TRUE(isForbid6); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; -- Gitee From 4e2351629b66026dd728285a7b9a5a9c92eabfc7 Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 14:44:14 +0800 Subject: [PATCH 05/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9ut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chensihan --- .../backup_utils/b_filesystem/b_dir_test.cpp | 33 ++++++++++++------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 97bfa2082..603ac224b 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -333,20 +333,29 @@ HWTEST_F(BDirTest, b_dir_CheckFilePathValid_0100, testing::ext::TestSize.Level1) GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathValid_0100"; try { TestManager tm("b_dir_CheckFilePathValid_0100"); - bool isForbid = BDir::CheckFilePathValid("../test../test1"); - EXPECT_FALSE(isForbid); - bool isForbid1 = BDir::CheckFilePathValid("test../../test"); + bool isForbid1 = BDir::CheckFilePathValid("../test../test1"); EXPECT_FALSE(isForbid1); - bool isForbid2 = BDir::CheckFilePathValid("test../../"); + bool isForbid2 = BDir::CheckFilePathValid("/../test../test1"); EXPECT_FALSE(isForbid2); - bool isForbid3 = BDir::CheckFilePathValid("test"); - EXPECT_TRUE(isForbid3); - bool isForbid4 = BDir::CheckFilePathValid("/test/test../test"); - EXPECT_TRUE(isForbid4); - bool isForbid5 = BDir::CheckFilePathValid("/test../test../test"); - EXPECT_TRUE(isForbid5); - bool isForbid6 = BDir::CheckFilePathValid("/test../test../test../"); - EXPECT_TRUE(isForbid6); + bool isForbid3 = BDir::CheckFilePathValid("test../../test"); + EXPECT_FALSE(isForbid3); + bool isForbid4 = BDir::CheckFilePathValid("test../../"); + EXPECT_FALSE(isForbid4); + bool isForbid5 = BDir::CheckFilePathValid("test../test../.."); + EXPECT_FALSE(isForbid5); + bool isForbid6 = BDir::CheckFilePathValid("/test/..test/.."); + EXPECT_FALSE(isForbid6); + + bool isForbid7 = BDir::CheckFilePathValid("test"); + EXPECT_TRUE(isForbid7); + bool isForbid8 = BDir::CheckFilePathValid("/test/test../test"); + EXPECT_TRUE(isForbid8); + bool isForbid9 = BDir::CheckFilePathValid("/test../test../test"); + EXPECT_TRUE(isForbid9); + bool isForbid10 = BDir::CheckFilePathValid("/test../test../test../"); + EXPECT_TRUE(isForbid10); + bool isForbid11 = BDir::CheckFilePathValid("/test../test../test../..test"); + EXPECT_TRUE(isForbid11); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; } -- Gitee From f7f8309892cb8de8f86840f8ffc551129d278123 Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 15:48:36 +0800 Subject: [PATCH 06/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9ut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chensihan --- .../backup_utils/b_filesystem/b_dir_test.cpp | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index 603ac224b..df1d23e62 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -333,29 +333,29 @@ HWTEST_F(BDirTest, b_dir_CheckFilePathValid_0100, testing::ext::TestSize.Level1) GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathValid_0100"; try { TestManager tm("b_dir_CheckFilePathValid_0100"); - bool isForbid1 = BDir::CheckFilePathValid("../test../test1"); - EXPECT_FALSE(isForbid1); - bool isForbid2 = BDir::CheckFilePathValid("/../test../test1"); - EXPECT_FALSE(isForbid2); - bool isForbid3 = BDir::CheckFilePathValid("test../../test"); - EXPECT_FALSE(isForbid3); - bool isForbid4 = BDir::CheckFilePathValid("test../../"); - EXPECT_FALSE(isForbid4); - bool isForbid5 = BDir::CheckFilePathValid("test../test../.."); - EXPECT_FALSE(isForbid5); - bool isForbid6 = BDir::CheckFilePathValid("/test/..test/.."); - EXPECT_FALSE(isForbid6); - - bool isForbid7 = BDir::CheckFilePathValid("test"); - EXPECT_TRUE(isForbid7); - bool isForbid8 = BDir::CheckFilePathValid("/test/test../test"); - EXPECT_TRUE(isForbid8); - bool isForbid9 = BDir::CheckFilePathValid("/test../test../test"); - EXPECT_TRUE(isForbid9); - bool isForbid10 = BDir::CheckFilePathValid("/test../test../test../"); - EXPECT_TRUE(isForbid10); - bool isForbid11 = BDir::CheckFilePathValid("/test../test../test../..test"); - EXPECT_TRUE(isForbid11); + bool result = BDir::CheckFilePathValid("../test../test1"); + EXPECT_FALSE(result); + result = BDir::CheckFilePathValid("/../test../test1"); + EXPECT_FALSE(result); + result = BDir::CheckFilePathValid("test../../test"); + EXPECT_FALSE(result); + result = BDir::CheckFilePathValid("test../../"); + EXPECT_FALSE(result); + result = BDir::CheckFilePathValid("test../test../.."); + EXPECT_FALSE(result); + result = BDir::CheckFilePathValid("/test/..test/.."); + EXPECT_FALSE(result); + + result = BDir::CheckFilePathValid("test"); + EXPECT_TRUE(result); + result = BDir::CheckFilePathValid("/test/test../test"); + EXPECT_TRUE(result); + result = BDir::CheckFilePathValid("/test../test../test"); + EXPECT_TRUE(result); + result = BDir::CheckFilePathValid("/test../test../test../"); + EXPECT_TRUE(result); + result = BDir::CheckFilePathValid("/test../test../test../..test"); + EXPECT_TRUE(result); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; } -- Gitee From d6d8d15d6713c5f6a45c304663bc689e90241b4c Mon Sep 17 00:00:00 2001 From: chensihan Date: Thu, 3 Apr 2025 16:03:29 +0800 Subject: [PATCH 07/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=87=BD=E6=95=B0?= =?UTF-8?q?=E5=90=8D=20Signed-off-by:=20chensihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../native/backup_ext/src/ext_extension.cpp | 12 +++---- .../native/backup_ext/src/untar_file.cpp | 12 +++---- .../src/module_ipc/service_incremental.cpp | 2 +- .../backup_utils/b_filesystem/b_dir_test.cpp | 36 +++++++++---------- utils/include/b_filesystem/b_dir.h | 2 +- utils/src/b_filesystem/b_dir.cpp | 2 +- 6 files changed, 33 insertions(+), 33 deletions(-) diff --git a/frameworks/native/backup_ext/src/ext_extension.cpp b/frameworks/native/backup_ext/src/ext_extension.cpp index c8b48651d..cead8c887 100644 --- a/frameworks/native/backup_ext/src/ext_extension.cpp +++ b/frameworks/native/backup_ext/src/ext_extension.cpp @@ -400,7 +400,7 @@ tuple BackupExtExtension::GetIncrementalFileHandle( throw BError(BError::Codes::EXT_INVAL_ARG, "Action is invalid"); } VerifyCaller(); - if (!BDir::CheckFilePathValid(fileName)) { + if (!BDir::IsFilePathValid(fileName)) { auto proxy = ServiceClient::GetInstance(); if (proxy == nullptr) { throw BError(BError::Codes::EXT_BROKEN_IPC, string("Failed to AGetInstance")); @@ -967,7 +967,7 @@ int BackupExtExtension::DoIncrementalRestore() string tarName = path + item; // 当用户指定fullBackupOnly字段或指定版本的恢复,解压目录当前在/backup/restore - if (!BDir::CheckFilePathValid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { + if (!BDir::IsFilePathValid(tarName) || BDir::CheckAndRmSoftLink(tarName)) { HILOGE("Check incre tarfile path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } @@ -1056,7 +1056,7 @@ void BackupExtExtension::RestoreBigFilesForSpecialCloneCloud(const ExtManageInfo } const struct stat &sta = item.sta; string fileName = item.hashName; - if (!BDir::CheckFilePathValid(fileName)) { + if (!BDir::IsFilePathValid(fileName)) { HILOGE("Check big spec file path : %{public}s err, path is forbidden", GetAnonyPath(fileName).c_str()); errFileInfos_[fileName].emplace_back(DEFAULT_INVAL_VALUE); if (!RemoveFile(fileName)) { @@ -1111,7 +1111,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & } HILOGI("Start to untar file = %{public}s, untarPath = %{public}s", GetAnonyPath(item.hashName).c_str(), GetAnonyPath(untarPath).c_str()); - if (!BDir::CheckFilePathValid(tarName)) { + if (!BDir::IsFilePathValid(tarName)) { HILOGE("Check spec tarfile hash path : %{public}s err, path is forbidden", GetAnonyPath(tarName).c_str()); return ERR_INVALID_VALUE; } @@ -1119,7 +1119,7 @@ ErrCode BackupExtExtension::RestoreTarForSpecialCloneCloud(const ExtManageInfo & HILOGE("File soft links are forbidden"); return BError(BError::Codes::EXT_FORBID_BACKUP_RESTORE).GetCode(); } - if (!BDir::CheckFilePathValid(untarPath)) { + if (!BDir::IsFilePathValid(untarPath)) { HILOGE("Check spec tarfile path : %{public}s err, path is forbidden", GetAnonyPath(untarPath).c_str()); return ERR_INVALID_VALUE; } @@ -1268,7 +1268,7 @@ void BackupExtExtension::RestoreOneBigFile(const std::string &path, string fileName = path + itemHashName; string filePath = appendTargetPath ? (path + itemFileName) : itemFileName; - if (!BDir::CheckFilePathValid(filePath)) { + if (!BDir::IsFilePathValid(filePath)) { HILOGE("Check big file path : %{public}s err, path is forbidden", GetAnonyPath(filePath).c_str()); return; } diff --git a/frameworks/native/backup_ext/src/untar_file.cpp b/frameworks/native/backup_ext/src/untar_file.cpp index be400219d..c5eaa1331 100644 --- a/frameworks/native/backup_ext/src/untar_file.cpp +++ b/frameworks/native/backup_ext/src/untar_file.cpp @@ -330,7 +330,7 @@ std::tuple UntarFile::ParseIncrementalTarFile(con void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (!BDir::CheckFilePathValid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -342,7 +342,7 @@ void UntarFile::MatchAregType(bool &isRightRes, FileStatInfo &info, ErrFileInfo void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (!BDir::CheckFilePathValid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); isRightRes = false; return; @@ -354,7 +354,7 @@ void UntarFile::MatchDirType(bool &isRightRes, FileStatInfo &info, ErrFileInfo & void UntarFile::MatchGnuTypeLongName(bool &isRightRes, FileStatInfo &info, ErrFileInfo &errFileInfo, bool &isFilter) { auto result = ReadLongName(info); - if (!BDir::CheckFilePathValid(info.fullPath) || !BDir::CheckFilePathValid(info.longName)) { + if (!BDir::IsFilePathValid(info.fullPath) || !BDir::IsFilePathValid(info.longName)) { HILOGE("Check file path : %{public}s or long name : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str(), GetAnonyPath(info.longName).c_str()); isRightRes = false; @@ -428,7 +428,7 @@ bool UntarFile::DealFileTag(ErrFileInfo &errFileInfo, return true; } info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (!BDir::CheckFilePathValid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); errFileInfo[info.fullPath].emplace_back(DEFAULT_ERR); return false; @@ -453,7 +453,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case DIRTYPE: info.fullPath = GenRealPath(rootPath_, info.fullPath); - if (!BDir::CheckFilePathValid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } @@ -462,7 +462,7 @@ std::tuple UntarFile::MatchIncrementalScenario(bool isFi break; case GNUTYPE_LONGNAME: { auto result = ReadLongName(info); - if (!BDir::CheckFilePathValid(info.fullPath)) { + if (!BDir::IsFilePathValid(info.fullPath)) { HILOGE("Check file path : %{public}s err, path is forbidden", GetAnonyPath(info.fullPath).c_str()); return {DEFAULT_ERR, true, {{info.fullPath, {DEFAULT_ERR}}}}; } diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 202dbfc80..7bfe31fe6 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -705,7 +705,7 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s GetAnonyPath(fileName).c_str()); return ret; } - if (!BDir::CheckFilePathValid(fileName)) { + if (!BDir::IsFilePathValid(fileName)) { HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); return BError(BError::Codes::SA_INVAL_ARG); } diff --git a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp index df1d23e62..582bf86d4 100644 --- a/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp +++ b/tests/unittests/backup_utils/b_filesystem/b_dir_test.cpp @@ -320,46 +320,46 @@ HWTEST_F(BDirTest, b_dir_GetDirs_0100, testing::ext::TestSize.Level1) } /** - * @tc.number: SUB_backup_b_dir_CheckFilePathValid_0100 - * @tc.name: b_dir_CheckFilePathValid_0100 - * @tc.desc: Test function of CheckFilePathValid interface for SUCCESS + * @tc.number: SUB_backup_b_dir_IsFilePathValid_0100 + * @tc.name: b_dir_IsFilePathValid_0100 + * @tc.desc: Test function of IsFilePathValid interface for SUCCESS * @tc.size: MEDIUM * @tc.type: FUNC * @tc.level Level 1 * @tc.require: I6F3GV */ -HWTEST_F(BDirTest, b_dir_CheckFilePathValid_0100, testing::ext::TestSize.Level1) +HWTEST_F(BDirTest, b_dir_IsFilePathValid_0100, testing::ext::TestSize.Level1) { - GTEST_LOG_(INFO) << "BDirTest-begin b_dir_CheckFilePathValid_0100"; + GTEST_LOG_(INFO) << "BDirTest-begin b_dir_IsFilePathValid_0100"; try { - TestManager tm("b_dir_CheckFilePathValid_0100"); - bool result = BDir::CheckFilePathValid("../test../test1"); + TestManager tm("b_dir_IsFilePathValid_0100"); + bool result = BDir::IsFilePathValid("../test../test1"); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("/../test../test1"); + result = BDir::IsFilePathValid("/../test../test1"); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("test../../test"); + result = BDir::IsFilePathValid("test../../test"); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("test../../"); + result = BDir::IsFilePathValid("test../../"); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("test../test../.."); + result = BDir::IsFilePathValid("test../test../.."); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("/test/..test/.."); + result = BDir::IsFilePathValid("/test/..test/.."); EXPECT_FALSE(result); - result = BDir::CheckFilePathValid("test"); + result = BDir::IsFilePathValid("test"); EXPECT_TRUE(result); - result = BDir::CheckFilePathValid("/test/test../test"); + result = BDir::IsFilePathValid("/test/test../test"); EXPECT_TRUE(result); - result = BDir::CheckFilePathValid("/test../test../test"); + result = BDir::IsFilePathValid("/test../test../test"); EXPECT_TRUE(result); - result = BDir::CheckFilePathValid("/test../test../test../"); + result = BDir::IsFilePathValid("/test../test../test../"); EXPECT_TRUE(result); - result = BDir::CheckFilePathValid("/test../test../test../..test"); + result = BDir::IsFilePathValid("/test../test../test../..test"); EXPECT_TRUE(result); } catch (...) { GTEST_LOG_(INFO) << "BDirTest-an exception occurred."; } - GTEST_LOG_(INFO) << "BDirTest-end b_dir_CheckFilePathValid_0100"; + GTEST_LOG_(INFO) << "BDirTest-end b_dir_IsFilePathValid_0100"; } /** diff --git a/utils/include/b_filesystem/b_dir.h b/utils/include/b_filesystem/b_dir.h index 2190bd316..3220a88fa 100644 --- a/utils/include/b_filesystem/b_dir.h +++ b/utils/include/b_filesystem/b_dir.h @@ -91,7 +91,7 @@ public: * @param filePath 待核实的路径 * @return 是否是异常无效路径 */ - static bool CheckFilePathValid(const std::string &filePath); + static bool IsFilePathValid(const std::string &filePath); /** * @brief 核实文件是否存在软链接并删除 diff --git a/utils/src/b_filesystem/b_dir.cpp b/utils/src/b_filesystem/b_dir.cpp index 92b6b02be..2845338e4 100644 --- a/utils/src/b_filesystem/b_dir.cpp +++ b/utils/src/b_filesystem/b_dir.cpp @@ -514,7 +514,7 @@ vector BDir::GetDirs(const vector &paths) return dirs; } -bool BDir::CheckFilePathValid(const std::string &filePath) +bool BDir::IsFilePathValid(const std::string &filePath) { size_t pos = filePath.find(PATH_INVALID_FLAG1); while (pos != string::npos) { -- Gitee From 792ed9f3e65783bd4e3d1c2903eaffd4227c9a65 Mon Sep 17 00:00:00 2001 From: chensihan Date: Mon, 7 Apr 2025 09:23:27 +0800 Subject: [PATCH 08/10] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=A0=A1=E9=AA=8C?= =?UTF-8?q?=E8=B7=AF=E5=BE=84=20Signed-off-by:=20chensihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/backup_sa/src/module_ipc/service.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/backup_sa/src/module_ipc/service.cpp b/services/backup_sa/src/module_ipc/service.cpp index 8f7bfa679..0e4c4f93f 100644 --- a/services/backup_sa/src/module_ipc/service.cpp +++ b/services/backup_sa/src/module_ipc/service.cpp @@ -1101,6 +1101,10 @@ ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) HILOGE("verify caller failed, bundleName:%{public}s", bundleName.c_str()); return ret; } + if (!BDir::IsFilePathValid(fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } bool updateRes = SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); if (updateRes) { return BError(BError::Codes::OK); -- Gitee From e3c8941943810a261b4473b6d319f930bafd0cf6 Mon Sep 17 00:00:00 2001 From: chensihan Date: Mon, 7 Apr 2025 10:10:55 +0800 Subject: [PATCH 09/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20Signed-off-by:=20che?= =?UTF-8?q?nsihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../backup_sa/include/module_ipc/service.h | 1 + services/backup_sa/src/module_ipc/service.cpp | 47 ++++++++++++------- .../src/module_ipc/service_incremental.cpp | 6 +-- 3 files changed, 33 insertions(+), 21 deletions(-) diff --git a/services/backup_sa/include/module_ipc/service.h b/services/backup_sa/include/module_ipc/service.h index dfc4b4aa2..927e95cdf 100644 --- a/services/backup_sa/include/module_ipc/service.h +++ b/services/backup_sa/include/module_ipc/service.h @@ -321,6 +321,7 @@ public: ErrCode AppIncrementalFileReady(const std::string &bundleName, const std::string &fileName, UniqueFd fd, UniqueFd manifestFd, int32_t errCode); ErrCode SendFileHandle(const std::string &bundleName, const std::string &fileName); + ErrCode SendIncrementalFileHandle(const std::string &bundleName, const std::string &fileName); public: explicit Service(int32_t saID, bool runOnCreate = false) : SystemAbility(saID, runOnCreate) { diff --git a/services/backup_sa/src/module_ipc/service.cpp b/services/backup_sa/src/module_ipc/service.cpp index 0e4c4f93f..a82c42257 100644 --- a/services/backup_sa/src/module_ipc/service.cpp +++ b/services/backup_sa/src/module_ipc/service.cpp @@ -42,6 +42,7 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" +#include "b_filesystem/b_dir.h" #include "b_file_info.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" @@ -1115,25 +1116,11 @@ ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) return BError(BError::Codes::SA_INVAL_ARG); } if (action == BConstants::ServiceSchedAction::RUNNING) { - auto backUpConnection = session_->GetExtConnection(bundleName); - if (backUpConnection == nullptr) { - HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); + auto err = SendFileHandle(bundleName, fileName); + if (err != ERR_OK) { + HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); + return err; } - auto proxy = backUpConnection->GetBackupExtProxy(); - if (!proxy) { - HILOGE("GetFileHandle error, Extension backup Proxy is empty"); - return BError(BError::Codes::SA_INVAL_ARG); - } - int32_t errCode = 0; - UniqueFd fd = proxy->GetFileHandle(fileName, errCode); - if (errCode != ERR_OK) { - AppRadar::Info info(bundleName, "", ""); - AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), - BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); - } - session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); - FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); } else { session_->SetExtFileNameRequest(bundleName, fileName); } @@ -1143,6 +1130,30 @@ ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) } } +ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) +{ + auto backUpConnection = session_->GetExtConnection(bundleName); + if (backUpConnection == nullptr) { + HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto proxy = backUpConnection->GetBackupExtProxy(); + if (!proxy) { + HILOGE("GetFileHandle failed, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + int32_t errCode = 0; + UniqueFd fd = proxy->GetFileHandle(fileName, errCode); + if (errCode != ERR_OK) { + AppRadar::Info info(bundleName, "", ""); + AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), + BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); + } + session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); + FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); + return BError(BError::Codes::OK); +} + void Service::ExtStart(const string &bundleName) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/services/backup_sa/src/module_ipc/service_incremental.cpp b/services/backup_sa/src/module_ipc/service_incremental.cpp index 7bfe31fe6..bb5134423 100644 --- a/services/backup_sa/src/module_ipc/service_incremental.cpp +++ b/services/backup_sa/src/module_ipc/service_incremental.cpp @@ -715,9 +715,9 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s return BError(BError::Codes::SA_INVAL_ARG); } if (action == BConstants::ServiceSchedAction::RUNNING) { - auto err = SendFileHandle(bundleName, fileName); + auto err = SendIncrementalFileHandle(bundleName, fileName); if (err != ERR_OK) { - HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); + HILOGE("SendIncrementalFileHandle failed, bundle:%{public}s", bundleName.c_str()); return err; } } else { @@ -731,7 +731,7 @@ ErrCode Service::GetIncrementalFileHandle(const std::string &bundleName, const s } } - ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) +ErrCode Service::SendIncrementalFileHandle(const std::string &bundleName, const std::string &fileName) { auto backUpConnection = session_->GetExtConnection(bundleName); if (backUpConnection == nullptr) { -- Gitee From b93be324ef6c3d481420d5478e6d0b760df29adf Mon Sep 17 00:00:00 2001 From: chensihan Date: Mon, 7 Apr 2025 10:28:10 +0800 Subject: [PATCH 10/10] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20Signed-off-by:=20che?= =?UTF-8?q?nsihan=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/backup_sa/src/module_ipc/service.cpp | 66 ------------------- .../backup_sa/src/module_ipc/sub_service.cpp | 65 ++++++++++++++++++ 2 files changed, 65 insertions(+), 66 deletions(-) diff --git a/services/backup_sa/src/module_ipc/service.cpp b/services/backup_sa/src/module_ipc/service.cpp index a82c42257..370318978 100644 --- a/services/backup_sa/src/module_ipc/service.cpp +++ b/services/backup_sa/src/module_ipc/service.cpp @@ -42,7 +42,6 @@ #include "b_anony/b_anony.h" #include "b_error/b_error.h" #include "b_error/b_excep_utils.h" -#include "b_filesystem/b_dir.h" #include "b_file_info.h" #include "b_hiaudit/hi_audit.h" #include "b_json/b_json_cached_entity.h" @@ -1089,71 +1088,6 @@ ErrCode Service::LaunchBackupSAExtension(const BundleName &bundleName) return BError(BError::Codes::OK); } -ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) -{ - HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); - try { - if (session_ == nullptr) { - HILOGE("GetFileHandle error, session is empty"); - return BError(BError::Codes::SA_INVAL_ARG); - } - ErrCode ret = VerifyCaller(IServiceReverse::Scenario::RESTORE); - if (ret != ERR_OK) { - HILOGE("verify caller failed, bundleName:%{public}s", bundleName.c_str()); - return ret; - } - if (!BDir::IsFilePathValid(fileName)) { - HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - bool updateRes = SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); - if (updateRes) { - return BError(BError::Codes::OK); - } - auto action = session_->GetServiceSchedAction(bundleName); - if (action == BConstants::ServiceSchedAction::UNKNOWN) { - HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - if (action == BConstants::ServiceSchedAction::RUNNING) { - auto err = SendFileHandle(bundleName, fileName); - if (err != ERR_OK) { - HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); - return err; - } - } else { - session_->SetExtFileNameRequest(bundleName, fileName); - } - return BError(BError::Codes::OK); - } catch (const BError &e) { - return e.GetCode(); - } -} - -ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) -{ - auto backUpConnection = session_->GetExtConnection(bundleName); - if (backUpConnection == nullptr) { - HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - auto proxy = backUpConnection->GetBackupExtProxy(); - if (!proxy) { - HILOGE("GetFileHandle failed, bundleName:%{public}s", bundleName.c_str()); - return BError(BError::Codes::SA_INVAL_ARG); - } - int32_t errCode = 0; - UniqueFd fd = proxy->GetFileHandle(fileName, errCode); - if (errCode != ERR_OK) { - AppRadar::Info info(bundleName, "", ""); - AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), - BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); - } - session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); - FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); - return BError(BError::Codes::OK); -} - void Service::ExtStart(const string &bundleName) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); diff --git a/services/backup_sa/src/module_ipc/sub_service.cpp b/services/backup_sa/src/module_ipc/sub_service.cpp index 1412c5e8a..99b728768 100644 --- a/services/backup_sa/src/module_ipc/sub_service.cpp +++ b/services/backup_sa/src/module_ipc/sub_service.cpp @@ -211,6 +211,71 @@ ErrCode Service::Finish() } } +ErrCode Service::GetFileHandle(const string &bundleName, const string &fileName) +{ + HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); + try { + if (session_ == nullptr) { + HILOGE("GetFileHandle error, session is empty"); + return BError(BError::Codes::SA_INVAL_ARG); + } + ErrCode ret = VerifyCaller(IServiceReverse::Scenario::RESTORE); + if (ret != ERR_OK) { + HILOGE("verify caller failed, bundleName:%{public}s", bundleName.c_str()); + return ret; + } + if (!BDir::IsFilePathValid(fileName)) { + HILOGE("path is forbidden, path : %{public}s", GetAnonyPath(fileName).c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + bool updateRes = SvcRestoreDepsManager::GetInstance().UpdateToRestoreBundleMap(bundleName, fileName); + if (updateRes) { + return BError(BError::Codes::OK); + } + auto action = session_->GetServiceSchedAction(bundleName); + if (action == BConstants::ServiceSchedAction::UNKNOWN) { + HILOGE("action is unknown, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + if (action == BConstants::ServiceSchedAction::RUNNING) { + auto err = SendFileHandle(bundleName, fileName); + if (err != ERR_OK) { + HILOGE("SendFileHandle failed, bundle:%{public}s", bundleName.c_str()); + return err; + } + } else { + session_->SetExtFileNameRequest(bundleName, fileName); + } + return BError(BError::Codes::OK); + } catch (const BError &e) { + return e.GetCode(); + } +} + +ErrCode Service::SendFileHandle(const std::string &bundleName, const std::string &fileName) +{ + auto backUpConnection = session_->GetExtConnection(bundleName); + if (backUpConnection == nullptr) { + HILOGE("backUpConnection is empty, bundle:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + auto proxy = backUpConnection->GetBackupExtProxy(); + if (!proxy) { + HILOGE("GetFileHandle failed, bundleName:%{public}s", bundleName.c_str()); + return BError(BError::Codes::SA_INVAL_ARG); + } + int32_t errCode = 0; + UniqueFd fd = proxy->GetFileHandle(fileName, errCode); + if (errCode != ERR_OK) { + AppRadar::Info info(bundleName, "", ""); + AppRadar::GetInstance().RecordRestoreFuncRes(info, "Service::GetFileHandle", GetUserIdDefault(), + BizStageRestore::BIZ_STAGE_GET_FILE_HANDLE_FAIL, errCode); + } + session_->GetServiceReverseProxy()->RestoreOnFileReady(bundleName, fileName, move(fd), errCode); + FileReadyRadarReport(bundleName, fileName, errCode, IServiceReverse::Scenario::RESTORE); + return BError(BError::Codes::OK); +} + ErrCode Service::PublishFile(const BFileInfo &fileInfo) { HITRACE_METER_NAME(HITRACE_TAG_FILEMANAGEMENT, __PRETTY_FUNCTION__); -- Gitee