diff --git a/bundle.json b/bundle.json index 4d5f39cdc60de1c9af03d26d1592436930aafcb7..24ea4291b6ae8bf5f8b4c1ba24fd39f9f37a0c4c 100644 --- a/bundle.json +++ b/bundle.json @@ -93,6 +93,15 @@ "header_base": "//foundation/filemanagement/app_file_service/interfaces/innerkits/native/remote_file_share/include" } }, + { + "name": "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:sandbox_helper_native", + "header": { + "header_files": [ + "sandbox_helper.h" + ], + "header_base": "//foundation/filemanagement/app_file_service/interfaces/common/include" + } + }, { "name": "//foundation/filemanagement/app_file_service/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", "header": { diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn index 25f54d03c9af5bcbd7d244e0e4afbfdb5d5b78a3..fed5cfc188acd13f41c4ac83dc02645ceba70d73 100644 --- a/interfaces/innerkits/native/BUILD.gn +++ b/interfaces/innerkits/native/BUILD.gn @@ -118,11 +118,43 @@ ohos_shared_library("remote_file_share_native") { subsystem_name = "filemanagement" } +config("sandbox_helper_config") { + visibility = [ ":*" ] + include_dirs = [ + "include", + "${utils_system_safwk_path}/native/include", + "//third_party/json/include", + "${path_base}/include", + "../../common/include", + ".", + ] +} + +ohos_shared_library("sandbox_helper_native") { + sources = [ + "../../common/src/json_utils.cpp", + "../../common/src/sandbox_helper.cpp", + ] + + public_configs = [ ":sandbox_helper_config" ] + + external_deps = [ + "ability_base:zuri", + "c_utils:utils", + "hilog:libhilog", + ] + + innerapi_tags = [ "platformsdk_indirect" ] + part_name = "app_file_service" + subsystem_name = "filemanagement" +} + group("app_file_service_native") { deps = [ ":fileshare_native", ":fileuri_native", ":remote_file_share_native", + ":sandbox_helper_native", ] } diff --git a/interfaces/innerkits/native/file_share/src/file_share.cpp b/interfaces/innerkits/native/file_share/src/file_share.cpp index 6a2e98b85f84783083d330259a0b0a49c844322d..f59856995938a3f339345c4dc09cfebe60f625d4 100644 --- a/interfaces/innerkits/native/file_share/src/file_share.cpp +++ b/interfaces/innerkits/native/file_share/src/file_share.cpp @@ -34,6 +34,7 @@ namespace AppFileService { #define FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) #define READ_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_READ_URI_PERMISSION #define WRITE_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_WRITE_URI_PERMISSION +#define PERSISTABLE_URI_PERMISSION OHOS::AAFwk::Want::FLAG_AUTH_PERSISTABLE_URI_PERMISSION enum ShareFileType { DIR_TYPE = 0, @@ -132,7 +133,7 @@ static int32_t GetFileShareInfo(const string &uri, uint32_t tokenId, uint32_t fl { int32_t ret = 0; ret = GetTargetInfo(tokenId, info.targetBundleName_, info.currentUid_); - if (ret != 0) { + if (ret != 0 || info.currentUid_ == "0") { LOGE("Failed to get target info %{public}d", ret); return ret; } @@ -188,13 +189,47 @@ static void DeleteExistShareFile(const string &path) } } -static int32_t PreparePreShareDir(FileShareInfo &info) +static void DelSharePath(const string &delPath) +{ + if (!SandboxHelper::CheckValidPath(delPath)) { + LOGE("DelSharePath, umount path is invalid, path = %{private}s", delPath.c_str()); + return; + } + + if (access(delPath.c_str(), F_OK) == 0) { + if (umount2(delPath.c_str(), MNT_DETACH) != 0) { + LOGE("DelSharePath, umount failed with %{public}d", errno); + } + remove(delPath.c_str()); + } +} + +static void UmountDelUris(vector sharePathList, string currentUid, string bundleNameSelf) +{ + string delPathPrefix = DATA_APP_EL2_PATH + currentUid + SHARE_PATH + bundleNameSelf; + for (size_t i = 0; i < sharePathList.size(); i++) { + Uri uri(SandboxHelper::Decode(sharePathList[i])); + string path = uri.GetPath(); + string bundleName = uri.GetAuthority(); + + string delRPath = delPathPrefix + SHARE_R_PATH + bundleName + path; + DelSharePath(delRPath); + + string delRWPath = delPathPrefix + SHARE_RW_PATH + bundleName + path; + DelSharePath(delRWPath); + } +} + +static int32_t PreparePreShareDir(FileShareInfo &info, const string &uri) { if (!SandboxHelper::CheckValidPath(info.providerLowerPath_)) { LOGE("Invalid share path with %{private}s", info.providerLowerPath_.c_str()); return -EINVAL; } + vector sharePathList{ uri }; + UmountDelUris(sharePathList, info.currentUid_, info.targetBundleName_); + for (size_t i = 0; i < info.sharePath_.size(); i++) { if (access(info.sharePath_[i].c_str(), F_OK) != 0) { string sharePathDir = info.sharePath_[i]; @@ -218,12 +253,12 @@ int32_t CreateShareFile(const string &uri, uint32_t tokenId, uint32_t flag) LOGD("CreateShareFile begin with uri %{private}s decodeUri %{private}s", uri.c_str(), decodeUri.c_str()); int32_t ret = GetFileShareInfo(decodeUri, tokenId, flag, info); - if (ret != 0) { + if (ret != 0 || info.currentUid_ == "0" || (flag & PERSISTABLE_URI_PERMISSION) != 0) { LOGE("Failed to get FileShareInfo with %{public}d", ret); return ret; } - if ((ret = PreparePreShareDir(info)) != 0) { + if ((ret = PreparePreShareDir(info, uri)) != 0) { LOGE("PreparePreShareDir failed"); return ret; } @@ -250,37 +285,6 @@ int32_t CreateShareFile(const string &uri, uint32_t tokenId, uint32_t flag) return 0; } -static void DelSharePath(const string &delPath) -{ - if (!SandboxHelper::CheckValidPath(delPath)) { - LOGE("DelSharePath, umount path is invalid, path = %{private}s", delPath.c_str()); - return; - } - - if (access(delPath.c_str(), F_OK) == 0) { - if (umount2(delPath.c_str(), MNT_DETACH) != 0) { - LOGE("DelSharePath, umount failed with %{public}d", errno); - } - remove(delPath.c_str()); - } -} - -static void UmountDelUris(vector sharePathList, string currentUid, string bundleNameSelf) -{ - string delPathPrefix = DATA_APP_EL2_PATH + currentUid + SHARE_PATH + bundleNameSelf; - for (size_t i = 0; i < sharePathList.size(); i++) { - Uri uri(SandboxHelper::Decode(sharePathList[i])); - string path = uri.GetPath(); - string bundleName = uri.GetAuthority(); - - string delRPath = delPathPrefix + SHARE_R_PATH + bundleName + path; - DelSharePath(delRPath); - - string delRWPath = delPathPrefix + SHARE_RW_PATH + bundleName + path; - DelSharePath(delRWPath); - } -} - int32_t DeleteShareFile(uint32_t tokenId, vector sharePathList) { string bundleName, currentUid;