From 546a444a6b2cb8104b290b28aa3470484eef13f2 Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Thu, 9 Nov 2023 16:51:35 +0800 Subject: [PATCH 1/7] modify Signed-off-by: LVB8189 --- bundle.json | 3 +- interfaces/kits/js/BUILD.gn | 30 ++ .../js/file_permission/file_permission.cpp | 264 ++++++++++++++++++ .../kits/js/file_permission/file_permission.h | 43 +++ .../file_permission_n_exporter.cpp | 69 +++++ .../file_permission_n_exporter.h | 29 ++ 6 files changed, 437 insertions(+), 1 deletion(-) create mode 100644 interfaces/kits/js/file_permission/file_permission.cpp create mode 100644 interfaces/kits/js/file_permission/file_permission.h create mode 100644 interfaces/kits/js/file_permission/file_permission_n_exporter.cpp create mode 100644 interfaces/kits/js/file_permission/file_permission_n_exporter.h diff --git a/bundle.json b/bundle.json index 0d0c382c7..369f46e64 100644 --- a/bundle.json +++ b/bundle.json @@ -56,7 +56,8 @@ "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:app_file_service_native", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileshare", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileuri", - "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup" + "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup", + "//foundation/filemanagement/app_file_service/interfaces/kits/js:filepermission" ], "service_group": [ "//foundation/filemanagement/app_file_service:tgt_backup_extension", diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index 47ecdfc16..ce391d404 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -147,3 +147,33 @@ ohos_shared_library("backup") { "napi:ace_napi", ] } + +ohos_shared_library("filepermission") { + include_dirs = [ + ".", + "../../common/include", + ] + + sources = [ + "file_permission/file_permission_n_exporter.cpp", + "file_permission/file_permission.cpp", + ] + + external_deps = [ + "ability_base:zuri", + "ability_runtime:abilitykit_native", + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "c_utils:utils", + "file_api:filemgmt_libhilog", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "napi:ace_napi", + ] + + relative_install_dir = "module" + + part_name = "app_file_service" + subsystem_name = "filemanagement" +} diff --git a/interfaces/kits/js/file_permission/file_permission.cpp b/interfaces/kits/js/file_permission/file_permission.cpp new file mode 100644 index 000000000..096e5bb1f --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission.cpp @@ -0,0 +1,264 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "log.h" +#include "tokenid_kit.h" +#include + +using namespace OHOS::FileManagement::LibN; + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +using namespace OHOS::FileManagement::LibN; +using namespace std; + +const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; + +napi_value FilePermission::GrantPolicy(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::THREE, NARG_CNT::FOUR)) { + LOGE("GrantPolicy Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!IsSystemApp()) { + LOGE("GrantPolicy is not System App!"); + NError(E_PERMISSION_SYS).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succTokenId, id] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::THIRD]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + int32_t tokenId = id; + std::string uri = fileUri.get(); + if (!succUri || !succTokenId || !succModeSetting) { + LOGE("The first/second argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto cbExec = [uri, tokenId, modeSetting]() -> NError { + // int32_t ret = CommonFunc::GrantPolicy(uri, tokenId, modeSetting); + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "grant_policy"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::THREE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::FOURTH]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value FilePermission::PersistPermission(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { + LOGE("PersistPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!FilePermission::CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("PersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + std::string uri = fileUri.get(); + + if (!succModeSetting || !succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri, modeSetting]() -> NError { + // int32_t ret = CommonFunc::PersistPermission(uri, modeSetting); + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::TWO) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::THIRD]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value FilePermission::DesistPersistPermission(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { + LOGE("DesistPersistPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!FilePermission::CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("DesistPersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + std::string uri = fileUri.get(); + + if (!succModeSetting || !succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri, modeSetting]() -> NError { + // int32_t ret = CommonFunc::DesistPersistPermission(uri, modeSetting); + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "desist_persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::TWO) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::THIRD]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value FilePermission::ActivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { + LOGE("ActivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + std::string uri = fileUri.get(); + + if (!succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto cbExec = [uri]() -> NError { + // int32_t ret = CommonFunc::ActivateAccessingUri(uri); + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "activate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::ONE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::SECOND]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value FilePermission::DeactivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { + LOGE("DeactivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + std::string uri = fileUri.get(); + + if (!succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri]() -> NError { + // int32_t ret = CommonFunc::DeactivateAccessingUri(uri); + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "deactivate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::ONE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::SECOND]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +bool FilePermission::IsSystemApp() +{ + uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +bool FilePermission::CheckPermission(const string &permission) +{ + Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission.h b/interfaces/kits/js/file_permission/file_permission.h new file mode 100644 index 000000000..aa7d478b0 --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_PERMISSION_H +#define FILE_PERMISSION_H + +#include "filemgmt_libn.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +using namespace std; +enum class ModeSetting : int32_t { + O_RDWR_FILE_URI = 2, +}; +class FilePermission final { +public: + static napi_value GrantPolicy(napi_env env, napi_callback_info info); + static napi_value PersistPermission(napi_env env, napi_callback_info info); + static napi_value DesistPersistPermission(napi_env env, napi_callback_info info); + static napi_value ActivateAccessingUri(napi_env env, napi_callback_info info); + static napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info); + +private: + static bool IsSystemApp(); + static bool CheckPermission(const std::string &permission); +}; +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS +#endif // FILE_PERMISSION_H diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp new file mode 100644 index 000000000..1f0e5af96 --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission_n_exporter.h" +#include "file_permission.h" +#include "log.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +using namespace FileManagement; +using namespace FileManagement::LibN; +/*********************************************** + * Module export and register + ***********************************************/ +napi_value FilePermissionExport(napi_env env, napi_value exports) +{ + InitModeSetting(env, exports); + static napi_property_descriptor desc[] = { + DECLARE_NAPI_FUNCTION("grantPolicy", FilePermission::GrantPolicy), + DECLARE_NAPI_FUNCTION("persistPermission", FilePermission::PersistPermission), + DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermission::DesistPersistPermission), + DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermission::ActivateAccessingUri), + DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermission::DeactivateAccessingUri), + }; + napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); + return exports; +} + +void InitModeSetting(napi_env env, napi_value exports) +{ + char propertyName[] = "ModeSetting"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("O_RDWR", + NVal::CreateInt32(env, static_cast(ModeSetting::O_RDWR_FILE_URI)).val_), + }; + napi_value obj = nullptr; + napi_status status = napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to create object at initializing ModeSetting"); + return; + } + status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); + if (status != napi_ok) { + HILOGE("Failed to set properties of character at initializing ModeSetting"); + return; + } + status = napi_set_named_property(env, exports, propertyName, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing ModeSetting"); + return; + } +} + +NAPI_MODULE(filepermission, FilePermissionExport) +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.h b/interfaces/kits/js/file_permission/file_permission_n_exporter.h new file mode 100644 index 000000000..e64c52d8a --- /dev/null +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef FILE_PERMISSION_N_EXPOTER_H +#define FILE_PERMISSION_N_EXPOTER_H + +#include "filemgmt_libn.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleFilePermission { +void InitModeSetting(napi_env env, napi_value exports); + +napi_value FilePermissionExport(napi_env env, napi_value exports); +} // namespace ModuleFilePermission +} // namespace AppFileService +} // namespace OHOS +#endif // FILE_PERMISSION_N_EXPOTER_H -- Gitee From a8aac76c1d50735fd82d70384ea2528252393b9b Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Thu, 9 Nov 2023 18:00:31 +0800 Subject: [PATCH 2/7] modify Signed-off-by: LVB8189 --- interfaces/kits/js/BUILD.gn | 2 +- .../file_permission_n_exporter.cpp | 12 ++++----- ...ermission.cpp => file_permission_napi.cpp} | 25 ++++++++----------- ...le_permission.h => file_permission_napi.h} | 2 +- 4 files changed, 18 insertions(+), 23 deletions(-) rename interfaces/kits/js/file_permission/{file_permission.cpp => file_permission_napi.cpp} (88%) rename interfaces/kits/js/file_permission/{file_permission.h => file_permission_napi.h} (97%) diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index ce391d404..5395d33a4 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -156,7 +156,7 @@ ohos_shared_library("filepermission") { sources = [ "file_permission/file_permission_n_exporter.cpp", - "file_permission/file_permission.cpp", + "file_permission/file_permission_napi.cpp", ] external_deps = [ diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp index 1f0e5af96..8db51c1a0 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -13,7 +13,7 @@ * limitations under the License. */ #include "file_permission_n_exporter.h" -#include "file_permission.h" +#include "file_permission_napi.h" #include "log.h" namespace OHOS { @@ -28,11 +28,11 @@ napi_value FilePermissionExport(napi_env env, napi_value exports) { InitModeSetting(env, exports); static napi_property_descriptor desc[] = { - DECLARE_NAPI_FUNCTION("grantPolicy", FilePermission::GrantPolicy), - DECLARE_NAPI_FUNCTION("persistPermission", FilePermission::PersistPermission), - DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermission::DesistPersistPermission), - DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermission::ActivateAccessingUri), - DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermission::DeactivateAccessingUri), + DECLARE_NAPI_FUNCTION("grantPolicy", FilePermissionNapi::GrantPolicy), + DECLARE_NAPI_FUNCTION("persistPermission", FilePermissionNapi::PersistPermission), + DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermissionNapi::DesistPersistPermission), + DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermissionNapi::ActivateAccessingUri), + DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermissionNapi::DeactivateAccessingUri), }; napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); return exports; diff --git a/interfaces/kits/js/file_permission/file_permission.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp similarity index 88% rename from interfaces/kits/js/file_permission/file_permission.cpp rename to interfaces/kits/js/file_permission/file_permission_napi.cpp index 096e5bb1f..c030ac348 100644 --- a/interfaces/kits/js/file_permission/file_permission.cpp +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -12,7 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "file_permission.h" +#include "file_permission_napi.h" #include "access_token.h" #include "accesstoken_kit.h" #include "ipc_skeleton.h" @@ -30,7 +30,7 @@ using namespace std; const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; -napi_value FilePermission::GrantPolicy(napi_env env, napi_callback_info info) +napi_value FilePermissionNapi::GrantPolicy(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::THREE, NARG_CNT::FOUR)) { @@ -55,7 +55,6 @@ napi_value FilePermission::GrantPolicy(napi_env env, napi_callback_info info) return nullptr; } auto cbExec = [uri, tokenId, modeSetting]() -> NError { - // int32_t ret = CommonFunc::GrantPolicy(uri, tokenId, modeSetting); return NError(0); }; @@ -76,7 +75,7 @@ napi_value FilePermission::GrantPolicy(napi_env env, napi_callback_info info) } } -napi_value FilePermission::PersistPermission(napi_env env, napi_callback_info info) +napi_value FilePermissionNapi::PersistPermission(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { @@ -84,7 +83,7 @@ napi_value FilePermission::PersistPermission(napi_env env, napi_callback_info in NError(E_PARAMS).ThrowErr(env); return nullptr; } - if (!FilePermission::CheckPermission(FILE_ACCESS_PERMISSION)) { + if (!FilePermissionNapi::CheckPermission(FILE_ACCESS_PERMISSION)) { LOGE("PersistPermission has not ohos permission!"); NError(E_PERMISSION).ThrowErr(env); return nullptr; @@ -102,7 +101,6 @@ napi_value FilePermission::PersistPermission(napi_env env, napi_callback_info in } auto cbExec = [uri, modeSetting]() -> NError { - // int32_t ret = CommonFunc::PersistPermission(uri, modeSetting); return NError(0); }; @@ -123,7 +121,7 @@ napi_value FilePermission::PersistPermission(napi_env env, napi_callback_info in } } -napi_value FilePermission::DesistPersistPermission(napi_env env, napi_callback_info info) +napi_value FilePermissionNapi::DesistPersistPermission(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { @@ -131,7 +129,7 @@ napi_value FilePermission::DesistPersistPermission(napi_env env, napi_callback_i NError(E_PARAMS).ThrowErr(env); return nullptr; } - if (!FilePermission::CheckPermission(FILE_ACCESS_PERMISSION)) { + if (!FilePermissionNapi::CheckPermission(FILE_ACCESS_PERMISSION)) { LOGE("DesistPersistPermission has not ohos permission!"); NError(E_PERMISSION).ThrowErr(env); return nullptr; @@ -148,7 +146,6 @@ napi_value FilePermission::DesistPersistPermission(napi_env env, napi_callback_i } auto cbExec = [uri, modeSetting]() -> NError { - // int32_t ret = CommonFunc::DesistPersistPermission(uri, modeSetting); return NError(0); }; @@ -169,7 +166,7 @@ napi_value FilePermission::DesistPersistPermission(napi_env env, napi_callback_i } } -napi_value FilePermission::ActivateAccessingUri(napi_env env, napi_callback_info info) +napi_value FilePermissionNapi::ActivateAccessingUri(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { @@ -187,7 +184,6 @@ napi_value FilePermission::ActivateAccessingUri(napi_env env, napi_callback_info return nullptr; } auto cbExec = [uri]() -> NError { - // int32_t ret = CommonFunc::ActivateAccessingUri(uri); return NError(0); }; @@ -208,7 +204,7 @@ napi_value FilePermission::ActivateAccessingUri(napi_env env, napi_callback_info } } -napi_value FilePermission::DeactivateAccessingUri(napi_env env, napi_callback_info info) +napi_value FilePermissionNapi::DeactivateAccessingUri(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { @@ -226,7 +222,6 @@ napi_value FilePermission::DeactivateAccessingUri(napi_env env, napi_callback_in } auto cbExec = [uri]() -> NError { - // int32_t ret = CommonFunc::DeactivateAccessingUri(uri); return NError(0); }; @@ -247,13 +242,13 @@ napi_value FilePermission::DeactivateAccessingUri(napi_env env, napi_callback_in } } -bool FilePermission::IsSystemApp() +bool FilePermissionNapi::IsSystemApp() { uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); } -bool FilePermission::CheckPermission(const string &permission) +bool FilePermissionNapi::CheckPermission(const string &permission) { Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == diff --git a/interfaces/kits/js/file_permission/file_permission.h b/interfaces/kits/js/file_permission/file_permission_napi.h similarity index 97% rename from interfaces/kits/js/file_permission/file_permission.h rename to interfaces/kits/js/file_permission/file_permission_napi.h index aa7d478b0..7fcc9226e 100644 --- a/interfaces/kits/js/file_permission/file_permission.h +++ b/interfaces/kits/js/file_permission/file_permission_napi.h @@ -25,7 +25,7 @@ using namespace std; enum class ModeSetting : int32_t { O_RDWR_FILE_URI = 2, }; -class FilePermission final { +class FilePermissionNapi final { public: static napi_value GrantPolicy(napi_env env, napi_callback_info info); static napi_value PersistPermission(napi_env env, napi_callback_info info); -- Gitee From ca3af5bbd390c43afe71d02151dcf81fc15fd0f7 Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Fri, 10 Nov 2023 09:42:38 +0800 Subject: [PATCH 3/7] modify Signed-off-by: LVB8189 --- .../file_permission_n_exporter.cpp | 264 +++++++++++++++--- .../file_permission_n_exporter.h | 12 +- .../file_permission/file_permission_napi.cpp | 264 +++--------------- .../js/file_permission/file_permission_napi.h | 24 +- 4 files changed, 279 insertions(+), 285 deletions(-) diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp index 8db51c1a0..1da9e6bf8 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -13,57 +13,247 @@ * limitations under the License. */ #include "file_permission_n_exporter.h" -#include "file_permission_napi.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" #include "log.h" +#include "tokenid_kit.h" +#include + +using namespace OHOS::FileManagement::LibN; namespace OHOS { namespace AppFileService { namespace ModuleFilePermission { -using namespace FileManagement; -using namespace FileManagement::LibN; -/*********************************************** - * Module export and register - ***********************************************/ -napi_value FilePermissionExport(napi_env env, napi_value exports) +using namespace OHOS::FileManagement::LibN; +using namespace std; + +const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; + +napi_value GrantPolicy(napi_env env, napi_callback_info info) { - InitModeSetting(env, exports); - static napi_property_descriptor desc[] = { - DECLARE_NAPI_FUNCTION("grantPolicy", FilePermissionNapi::GrantPolicy), - DECLARE_NAPI_FUNCTION("persistPermission", FilePermissionNapi::PersistPermission), - DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermissionNapi::DesistPersistPermission), - DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermissionNapi::ActivateAccessingUri), - DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermissionNapi::DeactivateAccessingUri), + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::THREE, NARG_CNT::FOUR)) { + LOGE("GrantPolicy Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!IsSystemApp()) { + LOGE("GrantPolicy is not System App!"); + NError(E_PERMISSION_SYS).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succTokenId, id] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::THIRD]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + int32_t tokenId = id; + std::string uri = fileUri.get(); + if (!succUri || !succTokenId || !succModeSetting) { + LOGE("The first/second argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto cbExec = [uri, tokenId, modeSetting]() -> NError { + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); }; - napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); - return exports; + + const string PROCEDURENAME = "grant_policy"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::THREE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::FOURTH]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } } -void InitModeSetting(napi_env env, napi_value exports) +napi_value PersistPermission(napi_env env, napi_callback_info info) { - char propertyName[] = "ModeSetting"; - napi_property_descriptor desc[] = { - DECLARE_NAPI_STATIC_PROPERTY("O_RDWR", - NVal::CreateInt32(env, static_cast(ModeSetting::O_RDWR_FILE_URI)).val_), + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { + LOGE("PersistPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("PersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + std::string uri = fileUri.get(); + + if (!succModeSetting || !succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri, modeSetting]() -> NError { + return NError(0); }; - napi_value obj = nullptr; - napi_status status = napi_create_object(env, &obj); - if (status != napi_ok) { - HILOGE("Failed to create object at initializing ModeSetting"); - return; - } - status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); - if (status != napi_ok) { - HILOGE("Failed to set properties of character at initializing ModeSetting"); - return; - } - status = napi_set_named_property(env, exports, propertyName, obj); - if (status != napi_ok) { - HILOGE("Failed to set direction property at initializing ModeSetting"); - return; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::TWO) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::THIRD]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; } } -NAPI_MODULE(filepermission, FilePermissionExport) +napi_value DesistPersistPermission(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { + LOGE("DesistPersistPermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("DesistPersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); + ModeSetting modeSetting = static_cast(mode); + std::string uri = fileUri.get(); + + if (!succModeSetting || !succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri, modeSetting]() -> NError { + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "desist_persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::TWO) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::THIRD]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { + LOGE("ActivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + std::string uri = fileUri.get(); + + if (!succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto cbExec = [uri]() -> NError { + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "activate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::ONE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::SECOND]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) +{ + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { + LOGE("DeactivateAccessingUri Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); + std::string uri = fileUri.get(); + + if (!succUri) { + LOGE("The argument error"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + + auto cbExec = [uri]() -> NError { + return NError(0); + }; + + auto cbCompl = [](napi_env env, NError err) -> NVal { + if (err) { + return {env, err.GetNapiErr(env)}; + } + return NVal::CreateUndefined(env); + }; + + const string PROCEDURENAME = "deactivate_accessing_uri"; + NVal thisVar(env, funcArg.GetThisVar()); + if (funcArg.GetArgc() == NARG_CNT::ONE) { + return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } else { + NVal cb(env, funcArg[NARG_POS::SECOND]); + return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + } +} + +static bool IsSystemApp() +{ + uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +static bool CheckPermission(const string &permission) +{ + Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} } // namespace ModuleFilePermission } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.h b/interfaces/kits/js/file_permission/file_permission_n_exporter.h index e64c52d8a..5f3d7a262 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.h +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.h @@ -12,6 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + #ifndef FILE_PERMISSION_N_EXPOTER_H #define FILE_PERMISSION_N_EXPOTER_H @@ -20,9 +21,16 @@ namespace OHOS { namespace AppFileService { namespace ModuleFilePermission { -void InitModeSetting(napi_env env, napi_value exports); +using namespace std; +enum class ModeSetting : int32_t { + O_RDWR_FILE_URI = 2, +}; +napi_value GrantPolicy(napi_env env, napi_callback_info info); +napi_value PersistPermission(napi_env env, napi_callback_info info); +napi_value DesistPersistPermission(napi_env env, napi_callback_info info); +napi_value ActivateAccessingUri(napi_env env, napi_callback_info info); +napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info); -napi_value FilePermissionExport(napi_env env, napi_value exports); } // namespace ModuleFilePermission } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_napi.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp index c030ac348..8db51c1a0 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.cpp +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -12,248 +12,58 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#include "file_permission_n_exporter.h" #include "file_permission_napi.h" -#include "access_token.h" -#include "accesstoken_kit.h" -#include "ipc_skeleton.h" #include "log.h" -#include "tokenid_kit.h" -#include - -using namespace OHOS::FileManagement::LibN; namespace OHOS { namespace AppFileService { namespace ModuleFilePermission { -using namespace OHOS::FileManagement::LibN; -using namespace std; - -const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; - -napi_value FilePermissionNapi::GrantPolicy(napi_env env, napi_callback_info info) +using namespace FileManagement; +using namespace FileManagement::LibN; +/*********************************************** + * Module export and register + ***********************************************/ +napi_value FilePermissionExport(napi_env env, napi_value exports) { - NFuncArg funcArg(env, info); - if (!funcArg.InitArgs(NARG_CNT::THREE, NARG_CNT::FOUR)) { - LOGE("GrantPolicy Number of arguments unmatched"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - if (!IsSystemApp()) { - LOGE("GrantPolicy is not System App!"); - NError(E_PERMISSION_SYS).ThrowErr(env); - return nullptr; - } - auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); - auto [succTokenId, id] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); - auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::THIRD]).ToInt32(); - ModeSetting modeSetting = static_cast(mode); - int32_t tokenId = id; - std::string uri = fileUri.get(); - if (!succUri || !succTokenId || !succModeSetting) { - LOGE("The first/second argument error"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - auto cbExec = [uri, tokenId, modeSetting]() -> NError { - return NError(0); - }; - - auto cbCompl = [](napi_env env, NError err) -> NVal { - if (err) { - return {env, err.GetNapiErr(env)}; - } - return NVal::CreateUndefined(env); + InitModeSetting(env, exports); + static napi_property_descriptor desc[] = { + DECLARE_NAPI_FUNCTION("grantPolicy", FilePermissionNapi::GrantPolicy), + DECLARE_NAPI_FUNCTION("persistPermission", FilePermissionNapi::PersistPermission), + DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermissionNapi::DesistPersistPermission), + DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermissionNapi::ActivateAccessingUri), + DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermissionNapi::DeactivateAccessingUri), }; - - const string PROCEDURENAME = "grant_policy"; - NVal thisVar(env, funcArg.GetThisVar()); - if (funcArg.GetArgc() == NARG_CNT::THREE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } else { - NVal cb(env, funcArg[NARG_POS::FOURTH]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } + napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); + return exports; } -napi_value FilePermissionNapi::PersistPermission(napi_env env, napi_callback_info info) +void InitModeSetting(napi_env env, napi_value exports) { - NFuncArg funcArg(env, info); - if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { - LOGE("PersistPermission Number of arguments unmatched"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - if (!FilePermissionNapi::CheckPermission(FILE_ACCESS_PERMISSION)) { - LOGE("PersistPermission has not ohos permission!"); - NError(E_PERMISSION).ThrowErr(env); - return nullptr; - } - - auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); - auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); - ModeSetting modeSetting = static_cast(mode); - std::string uri = fileUri.get(); - - if (!succModeSetting || !succUri) { - LOGE("The argument error"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - - auto cbExec = [uri, modeSetting]() -> NError { - return NError(0); + char propertyName[] = "ModeSetting"; + napi_property_descriptor desc[] = { + DECLARE_NAPI_STATIC_PROPERTY("O_RDWR", + NVal::CreateInt32(env, static_cast(ModeSetting::O_RDWR_FILE_URI)).val_), }; - - auto cbCompl = [](napi_env env, NError err) -> NVal { - if (err) { - return {env, err.GetNapiErr(env)}; - } - return NVal::CreateUndefined(env); - }; - - const string PROCEDURENAME = "persist_permission"; - NVal thisVar(env, funcArg.GetThisVar()); - if (funcArg.GetArgc() == NARG_CNT::TWO) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } else { - NVal cb(env, funcArg[NARG_POS::THIRD]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + napi_value obj = nullptr; + napi_status status = napi_create_object(env, &obj); + if (status != napi_ok) { + HILOGE("Failed to create object at initializing ModeSetting"); + return; + } + status = napi_define_properties(env, obj, sizeof(desc) / sizeof(desc[0]), desc); + if (status != napi_ok) { + HILOGE("Failed to set properties of character at initializing ModeSetting"); + return; + } + status = napi_set_named_property(env, exports, propertyName, obj); + if (status != napi_ok) { + HILOGE("Failed to set direction property at initializing ModeSetting"); + return; } } -napi_value FilePermissionNapi::DesistPersistPermission(napi_env env, napi_callback_info info) -{ - NFuncArg funcArg(env, info); - if (!funcArg.InitArgs(NARG_CNT::TWO, NARG_CNT::THREE)) { - LOGE("DesistPersistPermission Number of arguments unmatched"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - if (!FilePermissionNapi::CheckPermission(FILE_ACCESS_PERMISSION)) { - LOGE("DesistPersistPermission has not ohos permission!"); - NError(E_PERMISSION).ThrowErr(env); - return nullptr; - } - auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); - auto [succModeSetting, mode] = NVal(env, funcArg[NARG_POS::SECOND]).ToInt32(); - ModeSetting modeSetting = static_cast(mode); - std::string uri = fileUri.get(); - - if (!succModeSetting || !succUri) { - LOGE("The argument error"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - - auto cbExec = [uri, modeSetting]() -> NError { - return NError(0); - }; - - auto cbCompl = [](napi_env env, NError err) -> NVal { - if (err) { - return {env, err.GetNapiErr(env)}; - } - return NVal::CreateUndefined(env); - }; - - const string PROCEDURENAME = "desist_persist_permission"; - NVal thisVar(env, funcArg.GetThisVar()); - if (funcArg.GetArgc() == NARG_CNT::TWO) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } else { - NVal cb(env, funcArg[NARG_POS::THIRD]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } -} - -napi_value FilePermissionNapi::ActivateAccessingUri(napi_env env, napi_callback_info info) -{ - NFuncArg funcArg(env, info); - if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { - LOGE("ActivateAccessingUri Number of arguments unmatched"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - - auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); - std::string uri = fileUri.get(); - - if (!succUri) { - LOGE("The argument error"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - auto cbExec = [uri]() -> NError { - return NError(0); - }; - - auto cbCompl = [](napi_env env, NError err) -> NVal { - if (err) { - return {env, err.GetNapiErr(env)}; - } - return NVal::CreateUndefined(env); - }; - - const string PROCEDURENAME = "activate_accessing_uri"; - NVal thisVar(env, funcArg.GetThisVar()); - if (funcArg.GetArgc() == NARG_CNT::ONE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } else { - NVal cb(env, funcArg[NARG_POS::SECOND]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } -} - -napi_value FilePermissionNapi::DeactivateAccessingUri(napi_env env, napi_callback_info info) -{ - NFuncArg funcArg(env, info); - if (!funcArg.InitArgs(NARG_CNT::ONE, NARG_CNT::TWO)) { - LOGE("DeactivateAccessingUri Number of arguments unmatched"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - auto [succUri, fileUri, lenUri] = NVal(env, funcArg[NARG_POS::FIRST]).ToUTF8String(); - std::string uri = fileUri.get(); - - if (!succUri) { - LOGE("The argument error"); - NError(E_PARAMS).ThrowErr(env); - return nullptr; - } - - auto cbExec = [uri]() -> NError { - return NError(0); - }; - - auto cbCompl = [](napi_env env, NError err) -> NVal { - if (err) { - return {env, err.GetNapiErr(env)}; - } - return NVal::CreateUndefined(env); - }; - - const string PROCEDURENAME = "deactivate_accessing_uri"; - NVal thisVar(env, funcArg.GetThisVar()); - if (funcArg.GetArgc() == NARG_CNT::ONE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } else { - NVal cb(env, funcArg[NARG_POS::SECOND]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; - } -} - -bool FilePermissionNapi::IsSystemApp() -{ - uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); - return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -bool FilePermissionNapi::CheckPermission(const string &permission) -{ - Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == - Security::AccessToken::PermissionState::PERMISSION_GRANTED; -} +NAPI_MODULE(filepermission, FilePermissionExport) } // namespace ModuleFilePermission } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_napi.h b/interfaces/kits/js/file_permission/file_permission_napi.h index 7fcc9226e..012bfd472 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.h +++ b/interfaces/kits/js/file_permission/file_permission_napi.h @@ -12,32 +12,18 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -#ifndef FILE_PERMISSION_H -#define FILE_PERMISSION_H +#ifndef FILE_PERMISSION_NAPI_H +#define FILE_PERMISSION_NAPI_H #include "filemgmt_libn.h" namespace OHOS { namespace AppFileService { namespace ModuleFilePermission { -using namespace std; -enum class ModeSetting : int32_t { - O_RDWR_FILE_URI = 2, -}; -class FilePermissionNapi final { -public: - static napi_value GrantPolicy(napi_env env, napi_callback_info info); - static napi_value PersistPermission(napi_env env, napi_callback_info info); - static napi_value DesistPersistPermission(napi_env env, napi_callback_info info); - static napi_value ActivateAccessingUri(napi_env env, napi_callback_info info); - static napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info); +void InitModeSetting(napi_env env, napi_value exports); -private: - static bool IsSystemApp(); - static bool CheckPermission(const std::string &permission); -}; +napi_value FilePermissionExport(napi_env env, napi_value exports); } // namespace ModuleFilePermission } // namespace AppFileService } // namespace OHOS -#endif // FILE_PERMISSION_H +#endif // FILE_PERMISSION_NAPI_H -- Gitee From 4e127220dbeaccda84919f02e7765d5a35ad4d51 Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Fri, 10 Nov 2023 11:17:38 +0800 Subject: [PATCH 4/7] modify Signed-off-by: LVB8189 --- .../file_permission_n_exporter.cpp | 48 ++++++++----------- .../file_permission/file_permission_napi.cpp | 10 ++-- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp index 1da9e6bf8..8f4e8e767 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -30,6 +30,21 @@ using namespace std; const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; +namespace { +bool IsSystemApp() +{ + uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + +bool CheckPermission(const string &permission) +{ + Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} +} // namespace + napi_value GrantPolicy(napi_env env, napi_callback_info info) { NFuncArg funcArg(env, info); @@ -54,9 +69,7 @@ napi_value GrantPolicy(napi_env env, napi_callback_info info) NError(E_PARAMS).ThrowErr(env); return nullptr; } - auto cbExec = [uri, tokenId, modeSetting]() -> NError { - return NError(0); - }; + auto cbExec = [uri, tokenId, modeSetting]() -> NError { return NError(0); }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -100,9 +113,7 @@ napi_value PersistPermission(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri, modeSetting]() -> NError { - return NError(0); - }; + auto cbExec = [uri, modeSetting]() -> NError { return NError(0); }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -145,9 +156,7 @@ napi_value DesistPersistPermission(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri, modeSetting]() -> NError { - return NError(0); - }; + auto cbExec = [uri, modeSetting]() -> NError { return NError(0); }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -183,9 +192,7 @@ napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) NError(E_PARAMS).ThrowErr(env); return nullptr; } - auto cbExec = [uri]() -> NError { - return NError(0); - }; + auto cbExec = [uri]() -> NError { return NError(0); }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -221,9 +228,7 @@ napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri]() -> NError { - return NError(0); - }; + auto cbExec = [uri]() -> NError { return NError(0); }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -241,19 +246,6 @@ napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; } } - -static bool IsSystemApp() -{ - uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); - return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); -} - -static bool CheckPermission(const string &permission) -{ - Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == - Security::AccessToken::PermissionState::PERMISSION_GRANTED; -} } // namespace ModuleFilePermission } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/kits/js/file_permission/file_permission_napi.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp index 8db51c1a0..d5e168752 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.cpp +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -28,11 +28,11 @@ napi_value FilePermissionExport(napi_env env, napi_value exports) { InitModeSetting(env, exports); static napi_property_descriptor desc[] = { - DECLARE_NAPI_FUNCTION("grantPolicy", FilePermissionNapi::GrantPolicy), - DECLARE_NAPI_FUNCTION("persistPermission", FilePermissionNapi::PersistPermission), - DECLARE_NAPI_FUNCTION("desistPersistPermission", FilePermissionNapi::DesistPersistPermission), - DECLARE_NAPI_FUNCTION("activateAccessingUri", FilePermissionNapi::ActivateAccessingUri), - DECLARE_NAPI_FUNCTION("deactivateAccessingUri", FilePermissionNapi::DeactivateAccessingUri), + DECLARE_NAPI_FUNCTION("grantPolicy", GrantPolicy), + DECLARE_NAPI_FUNCTION("persistPermission", PersistPermission), + DECLARE_NAPI_FUNCTION("desistPersistPermission", DesistPersistPermission), + DECLARE_NAPI_FUNCTION("activateAccessingUri", ActivateAccessingUri), + DECLARE_NAPI_FUNCTION("deactivateAccessingUri", DeactivateAccessingUri), }; napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); return exports; -- Gitee From 6520142be8b74797c8c2fbb93dcc39458079a8d0 Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Mon, 13 Nov 2023 18:51:02 +0800 Subject: [PATCH 5/7] modify Signed-off-by: LVB8189 --- .../file_permission_n_exporter.cpp | 29 ++++++++++++++----- .../file_permission_n_exporter.h | 2 +- .../file_permission/file_permission_napi.cpp | 2 +- .../js/file_permission/file_permission_napi.h | 2 +- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp index 8f4e8e767..53f59ce87 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -28,7 +28,7 @@ namespace ModuleFilePermission { using namespace OHOS::FileManagement::LibN; using namespace std; -const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER"; +const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; namespace { bool IsSystemApp() @@ -69,7 +69,10 @@ napi_value GrantPolicy(napi_env env, napi_callback_info info) NError(E_PARAMS).ThrowErr(env); return nullptr; } - auto cbExec = [uri, tokenId, modeSetting]() -> NError { return NError(0); }; + auto cbExec = [uri, tokenId, modeSetting]() -> NError { + // TODO:SandboxManager interface call + return NError(0); + }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -113,7 +116,10 @@ napi_value PersistPermission(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri, modeSetting]() -> NError { return NError(0); }; + auto cbExec = [uri, modeSetting]() -> NError { + // TODO:SandboxManager interface call + return NError(0); + }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -156,7 +162,10 @@ napi_value DesistPersistPermission(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri, modeSetting]() -> NError { return NError(0); }; + auto cbExec = [uri, modeSetting]() -> NError { + // TODO:SandboxManager interface call + return NError(0); + }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -192,7 +201,10 @@ napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) NError(E_PARAMS).ThrowErr(env); return nullptr; } - auto cbExec = [uri]() -> NError { return NError(0); }; + auto cbExec = [uri]() -> NError { + // TODO:SandboxManager interface call + return NError(0); + }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { @@ -228,7 +240,10 @@ napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) return nullptr; } - auto cbExec = [uri]() -> NError { return NError(0); }; + auto cbExec = [uri]() -> NError { + // TODO:SandboxManager interface call + return NError(0); + }; auto cbCompl = [](napi_env env, NError err) -> NVal { if (err) { diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.h b/interfaces/kits/js/file_permission/file_permission_n_exporter.h index 5f3d7a262..087eaf02e 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.h +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/interfaces/kits/js/file_permission/file_permission_napi.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp index d5e168752..ea5eb83df 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.cpp +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/interfaces/kits/js/file_permission/file_permission_napi.h b/interfaces/kits/js/file_permission/file_permission_napi.h index 012bfd472..4b609f7a7 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.h +++ b/interfaces/kits/js/file_permission/file_permission_napi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at -- Gitee From cd0b018b74161e80a844e318eb29e138e85c0cb1 Mon Sep 17 00:00:00 2001 From: LVB8189 Date: Fri, 17 Nov 2023 11:06:01 +0800 Subject: [PATCH 6/7] modify Signed-off-by: LVB8189 --- interfaces/innerkits/native/BUILD.gn | 31 ++++ .../file_permission/include/file_permission.h | 39 +++++ .../file_permission/src/file_permission.cpp | 119 +++++++++++++ interfaces/kits/js/BUILD.gn | 2 + .../file_permission_n_exporter.cpp | 51 +++--- .../file_permission_n_exporter.h | 4 - .../file_permission/file_permission_napi.cpp | 3 +- test/unittest/BUILD.gn | 1 + test/unittest/file_permission_native/BUILD.gn | 40 +++++ .../file_permission_test.cpp | 160 ++++++++++++++++++ test/unittest/resource/ohos_test.xml | 9 + 11 files changed, 429 insertions(+), 30 deletions(-) create mode 100644 interfaces/innerkits/native/file_permission/include/file_permission.h create mode 100644 interfaces/innerkits/native/file_permission/src/file_permission.cpp create mode 100644 test/unittest/file_permission_native/BUILD.gn create mode 100644 test/unittest/file_permission_native/file_permission_test.cpp diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn index 67c3c077e..518189607 100644 --- a/interfaces/innerkits/native/BUILD.gn +++ b/interfaces/innerkits/native/BUILD.gn @@ -150,12 +150,43 @@ ohos_shared_library("sandbox_helper_native") { subsystem_name = "filemanagement" } +config("file_permission_config") { + visibility = [ ":*" ] + include_dirs = [ + "file_permission/include", + "//third_party/json/include", + "../../common/include", + ] +} + +ohos_shared_library("filepermission_native") { + sources = [ + "../../common/src/json_utils.cpp", + "../../common/src/sandbox_helper.cpp", + "file_permission/src/file_permission.cpp", + ] + + public_configs = [ ":file_permission_config" ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "ability_base:zuri", + "c_utils:utils", + "hilog:libhilog", + ] + + part_name = "app_file_service" + subsystem_name = "filemanagement" +} + group("app_file_service_native") { deps = [ ":fileshare_native", ":fileuri_native", ":remote_file_share_native", ":sandbox_helper_native", + ":filepermission_native" ] } diff --git a/interfaces/innerkits/native/file_permission/include/file_permission.h b/interfaces/innerkits/native/file_permission/include/file_permission.h new file mode 100644 index 000000000..1c79a5133 --- /dev/null +++ b/interfaces/innerkits/native/file_permission/include/file_permission.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef APP_FILE_SERVICE_FILE_PERMISSION +#define APP_FILE_SERVICE_FILE_PERMISSION + +#include +#include + +namespace OHOS { +namespace AppFileService { +using namespace std; +enum class ModeSetting : int32_t { + O_RDWR_FILE_URI = 2, +}; +class FilePermission { +public: + static int32_t GrantPolicy(string uri, int32_t tokenId, ModeSetting modeSetting); + static int32_t PersistPermission(string uri, ModeSetting modeSetting); + static int32_t DesistPersistPermission(string uri, ModeSetting modeSetting); + static int32_t ActivateAccessingUri(string uri); + static int32_t DeactivateAccessingUri(string uri); +}; +} // namespace AppFileService +} // namespace OHOS + +#endif \ No newline at end of file diff --git a/interfaces/innerkits/native/file_permission/src/file_permission.cpp b/interfaces/innerkits/native/file_permission/src/file_permission.cpp new file mode 100644 index 000000000..e4907c2fc --- /dev/null +++ b/interfaces/innerkits/native/file_permission/src/file_permission.cpp @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "file_permission.h" +#include + +#include "log.h" +#include "uri.h" + +namespace OHOS { +namespace AppFileService { +const std::string MEDIA_AUTHORITY = "media"; +const std::string REMOTE_SHARE_PATH_DIR = "/.remote_share"; +namespace { +bool CheckValidUri(const string &uriStr) +{ + Uri uri(uriStr); + std::string bundleName = uri.GetAuthority(); + if (bundleName == MEDIA_AUTHORITY) { + LOGE("the URI is media URI"); + return false; + } + if (uriStr.find(REMOTE_SHARE_PATH_DIR) != string::npos) { + LOGE("the URI is distributed URI"); + return false; + } + return true; +} +} // namespace + +int32_t FilePermission::GrantPolicy(string uriStr, int32_t tokenId, ModeSetting modeSetting) +{ + if (!CheckValidUri(uriStr)) { + LOGE("Not the correct uri!"); + return EILSEQ; + } + Uri uri(uriStr); + string path = uri.GetPath(); + if (access(path.c_str(), F_OK) != 0) { + LOGE("The path does not exist!"); + return ENOENT; + } + // SandboxManager interface call + return 0; +} +int32_t FilePermission::PersistPermission(string uriStr, ModeSetting modeSetting) +{ + if (!CheckValidUri(uriStr)) { + LOGE("Not the correct uri!"); + return EILSEQ; + } + Uri uri(uriStr); + string path = uri.GetPath(); + if (access(path.c_str(), F_OK) != 0) { + LOGE("The path does not exist!"); + return ENOENT; + } + // SandboxManager interface call + return 0; +} +int32_t FilePermission::DesistPersistPermission(string uriStr, ModeSetting modeSetting) +{ + if (!CheckValidUri(uriStr)) { + LOGE("Not the correct uri!"); + return EILSEQ; + } + Uri uri(uriStr); + string path = uri.GetPath(); + if (access(path.c_str(), F_OK) != 0) { + LOGE("The path does not exist!"); + return ENOENT; + } + // SandboxManager interface call + return 0; +} +int32_t FilePermission::ActivateAccessingUri(string uriStr) +{ + if (!CheckValidUri(uriStr)) { + LOGE("Not the correct uri!"); + return EILSEQ; + } + Uri uri(uriStr); + string path = uri.GetPath(); + if (access(path.c_str(), F_OK) != 0) { + LOGE("The path does not exist!"); + return ENOENT; + } + // SandboxManager interface call + return 0; +} +int32_t FilePermission::DeactivateAccessingUri(string uriStr) +{ + if (!CheckValidUri(uriStr)) { + LOGE("Not the correct uri!"); + return EILSEQ; + } + Uri uri(uriStr); + string path = uri.GetPath(); + if (access(path.c_str(), F_OK) != 0) { + LOGE("The path does not exist!"); + return ENOENT; + } + // SandboxManager interface call + return 0; +} + +} // namespace AppFileService +} // namespace OHOS \ No newline at end of file diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index 5395d33a4..7db48e462 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -152,9 +152,11 @@ ohos_shared_library("filepermission") { include_dirs = [ ".", "../../common/include", + "${app_file_service_path}/interfaces/innerkits/native/file_permission/include", ] sources = [ + "../../innerkits/native/file_permission/src/file_permission.cpp", "file_permission/file_permission_n_exporter.cpp", "file_permission/file_permission_napi.cpp", ] diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp index 53f59ce87..259583b01 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.cpp @@ -15,6 +15,7 @@ #include "file_permission_n_exporter.h" #include "access_token.h" #include "accesstoken_kit.h" +#include "file_permission.h" #include "ipc_skeleton.h" #include "log.h" #include "tokenid_kit.h" @@ -70,8 +71,8 @@ napi_value GrantPolicy(napi_env env, napi_callback_info info) return nullptr; } auto cbExec = [uri, tokenId, modeSetting]() -> NError { - // TODO:SandboxManager interface call - return NError(0); + int32_t ret = FilePermission::GrantPolicy(uri, tokenId, modeSetting); + return NError(ret); }; auto cbCompl = [](napi_env env, NError err) -> NVal { @@ -81,13 +82,13 @@ napi_value GrantPolicy(napi_env env, napi_callback_info info) return NVal::CreateUndefined(env); }; - const string PROCEDURENAME = "grant_policy"; + const string procedureName = "grant_policy"; NVal thisVar(env, funcArg.GetThisVar()); if (funcArg.GetArgc() == NARG_CNT::THREE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } else { NVal cb(env, funcArg[NARG_POS::FOURTH]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkCallback(env, thisVar, cb).Schedule(procedureName, cbExec, cbCompl).val_; } } @@ -117,8 +118,8 @@ napi_value PersistPermission(napi_env env, napi_callback_info info) } auto cbExec = [uri, modeSetting]() -> NError { - // TODO:SandboxManager interface call - return NError(0); + int32_t ret = FilePermission::PersistPermission(uri, modeSetting); + return NError(ret); }; auto cbCompl = [](napi_env env, NError err) -> NVal { @@ -128,13 +129,13 @@ napi_value PersistPermission(napi_env env, napi_callback_info info) return NVal::CreateUndefined(env); }; - const string PROCEDURENAME = "persist_permission"; + const string procedureName = "persist_permission"; NVal thisVar(env, funcArg.GetThisVar()); if (funcArg.GetArgc() == NARG_CNT::TWO) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } else { NVal cb(env, funcArg[NARG_POS::THIRD]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkCallback(env, thisVar, cb).Schedule(procedureName, cbExec, cbCompl).val_; } } @@ -163,8 +164,8 @@ napi_value DesistPersistPermission(napi_env env, napi_callback_info info) } auto cbExec = [uri, modeSetting]() -> NError { - // TODO:SandboxManager interface call - return NError(0); + int32_t ret = FilePermission::DesistPersistPermission(uri, modeSetting); + return NError(ret); }; auto cbCompl = [](napi_env env, NError err) -> NVal { @@ -174,13 +175,13 @@ napi_value DesistPersistPermission(napi_env env, napi_callback_info info) return NVal::CreateUndefined(env); }; - const string PROCEDURENAME = "desist_persist_permission"; + const string procedureName = "desist_persist_permission"; NVal thisVar(env, funcArg.GetThisVar()); if (funcArg.GetArgc() == NARG_CNT::TWO) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } else { NVal cb(env, funcArg[NARG_POS::THIRD]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkCallback(env, thisVar, cb).Schedule(procedureName, cbExec, cbCompl).val_; } } @@ -202,8 +203,8 @@ napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) return nullptr; } auto cbExec = [uri]() -> NError { - // TODO:SandboxManager interface call - return NError(0); + int32_t ret = FilePermission::ActivateAccessingUri(uri); + return NError(ret); }; auto cbCompl = [](napi_env env, NError err) -> NVal { @@ -213,13 +214,13 @@ napi_value ActivateAccessingUri(napi_env env, napi_callback_info info) return NVal::CreateUndefined(env); }; - const string PROCEDURENAME = "activate_accessing_uri"; + const string procedureName = "activate_accessing_uri"; NVal thisVar(env, funcArg.GetThisVar()); if (funcArg.GetArgc() == NARG_CNT::ONE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } else { NVal cb(env, funcArg[NARG_POS::SECOND]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkCallback(env, thisVar, cb).Schedule(procedureName, cbExec, cbCompl).val_; } } @@ -241,8 +242,8 @@ napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) } auto cbExec = [uri]() -> NError { - // TODO:SandboxManager interface call - return NError(0); + int32_t ret = FilePermission::DeactivateAccessingUri(uri); + return NError(ret); }; auto cbCompl = [](napi_env env, NError err) -> NVal { @@ -252,13 +253,13 @@ napi_value DeactivateAccessingUri(napi_env env, napi_callback_info info) return NVal::CreateUndefined(env); }; - const string PROCEDURENAME = "deactivate_accessing_uri"; + const string procedureName = "deactivate_accessing_uri"; NVal thisVar(env, funcArg.GetThisVar()); if (funcArg.GetArgc() == NARG_CNT::ONE) { - return NAsyncWorkPromise(env, thisVar).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } else { NVal cb(env, funcArg[NARG_POS::SECOND]); - return NAsyncWorkCallback(env, thisVar, cb).Schedule(PROCEDURENAME, cbExec, cbCompl).val_; + return NAsyncWorkCallback(env, thisVar, cb).Schedule(procedureName, cbExec, cbCompl).val_; } } } // namespace ModuleFilePermission diff --git a/interfaces/kits/js/file_permission/file_permission_n_exporter.h b/interfaces/kits/js/file_permission/file_permission_n_exporter.h index 087eaf02e..eed5f37f5 100644 --- a/interfaces/kits/js/file_permission/file_permission_n_exporter.h +++ b/interfaces/kits/js/file_permission/file_permission_n_exporter.h @@ -17,14 +17,10 @@ #define FILE_PERMISSION_N_EXPOTER_H #include "filemgmt_libn.h" - namespace OHOS { namespace AppFileService { namespace ModuleFilePermission { using namespace std; -enum class ModeSetting : int32_t { - O_RDWR_FILE_URI = 2, -}; napi_value GrantPolicy(napi_env env, napi_callback_info info); napi_value PersistPermission(napi_env env, napi_callback_info info); napi_value DesistPersistPermission(napi_env env, napi_callback_info info); diff --git a/interfaces/kits/js/file_permission/file_permission_napi.cpp b/interfaces/kits/js/file_permission/file_permission_napi.cpp index ea5eb83df..776752235 100644 --- a/interfaces/kits/js/file_permission/file_permission_napi.cpp +++ b/interfaces/kits/js/file_permission/file_permission_napi.cpp @@ -12,8 +12,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "file_permission_n_exporter.h" #include "file_permission_napi.h" +#include "file_permission.h" +#include "file_permission_n_exporter.h" #include "log.h" namespace OHOS { diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 8ae868099..6a4a28f1c 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -14,6 +14,7 @@ group("unittest") { testonly = true deps = [ + "file_permission_native:file_permission_test", "file_share_native:file_share_test", "file_uri_native:file_uri_test", "remote_file_share:remote_file_share_test", diff --git a/test/unittest/file_permission_native/BUILD.gn b/test/unittest/file_permission_native/BUILD.gn new file mode 100644 index 000000000..8c6968457 --- /dev/null +++ b/test/unittest/file_permission_native/BUILD.gn @@ -0,0 +1,40 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/test.gni") + +ohos_unittest("file_permission_test") { + module_out_path = "filemanagement/app_file_service" + resource_config_file = "../resource/ohos_test.xml" + sources = [ "file_permission_test.cpp" ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "ability_base:zuri", + "access_token:libaccesstoken_sdk", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + ] + + include_dirs = [ + "../../../interfaces/innerkits/native/file_permission/include", + ] + + deps = [ + "../../../interfaces/innerkits/native:filepermission_native", + "//third_party/googletest:gmock_main", + "//third_party/googletest:gtest_main", + ] +} diff --git a/test/unittest/file_permission_native/file_permission_test.cpp b/test/unittest/file_permission_native/file_permission_test.cpp new file mode 100644 index 000000000..20ce4ad8a --- /dev/null +++ b/test/unittest/file_permission_native/file_permission_test.cpp @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "file_permission.h" + +#include +#include +#include + +#include "uri.h" + +#include "log.h" + +using namespace std; +using namespace OHOS::AppFileService; + +namespace OHOS::AppFileService { +const string bundleA = "com.example.filesharea"; + +class FilePermissionTest : public testing::Test { +public: + static void SetUpTestCase(void) {}; + static void TearDownTestCase() {}; + void SetUp() {}; + void TearDown() {}; +}; + +/** + * @tc.name: file_permission_test_0000 + * @tc.desc: Test function of GrantPolicy() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, file_permission_test_0000, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin GrantPolicy"; + + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t tokenId = 0; + int32_t ret = FilePermission::GrantPolicy(inexistentUri, tokenId, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, ENOENT); + ret = FilePermission::GrantPolicy(mediaUri, tokenId, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, EILSEQ); + ret = FilePermission::GrantPolicy(uri, tokenId, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, 0); + GTEST_LOG_(INFO) << "FilePermissionTest-end GrantPolicy"; +} + +/** + * @tc.name: file_permission_test_0001 + * @tc.desc: Test function of PersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, file_permission_test_0001, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin PersistPermission"; + + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t ret = FilePermission::PersistPermission(inexistentUri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, ENOENT); + ret = FilePermission::PersistPermission(mediaUri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, EILSEQ); + ret = FilePermission::PersistPermission(uri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, 0); + GTEST_LOG_(INFO) << "FilePermissionTest-end PersistPermission"; +} + +/** + * @tc.name: file_permission_test_0002 + * @tc.desc: Test function of DesistPersistPermission() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, file_permission_test_0002, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DesistPersistPermission"; + + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t ret = FilePermission::DesistPersistPermission(inexistentUri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, ENOENT); + ret = FilePermission::DesistPersistPermission(mediaUri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, EILSEQ); + ret = FilePermission::DesistPersistPermission(uri, ModeSetting::O_RDWR_FILE_URI); + EXPECT_EQ(ret, 0); + GTEST_LOG_(INFO) << "FilePermissionTest-end DesistPersistPermission"; +} + +/** + * @tc.name: file_permission_test_0003 + * @tc.desc: Test function of ActivateAccessingUri() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, file_permission_test_0003, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin ActivateAccessingUri"; + + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t ret = FilePermission::ActivateAccessingUri(inexistentUri); + EXPECT_EQ(ret, ENOENT); + ret = FilePermission::ActivateAccessingUri(mediaUri); + EXPECT_EQ(ret, EILSEQ); + ret = FilePermission::ActivateAccessingUri(uri); + EXPECT_EQ(ret, 0); + GTEST_LOG_(INFO) << "FilePermissionTest-end ActivateAccessingUri"; +} + +/** + * @tc.name: file_permission_test_0004 + * @tc.desc: Test function of DeactivateAccessingUri() interface for SUCCESS. + * @tc.size: MEDIUM + * @tc.type: FUNC + * @tc.level Level 1 + * @tc.require: + */ +HWTEST_F(FilePermissionTest, file_permission_test_0004, testing::ext::TestSize.Level1) +{ + GTEST_LOG_(INFO) << "FilePermissionTest-begin DeactivateAccessingUri"; + + string inexistentUri = "file://" + bundleA + "/data/storage/el2/base/files/inexistentTest.txt"; + string mediaUri = "file://media/data/storage/el2/base"; + string uri = "file://" + bundleA + "/data/storage/el2/base"; + int32_t ret = FilePermission::DeactivateAccessingUri(inexistentUri); + EXPECT_EQ(ret, ENOENT); + ret = FilePermission::DeactivateAccessingUri(mediaUri); + EXPECT_EQ(ret, EILSEQ); + ret = FilePermission::DeactivateAccessingUri(uri); + EXPECT_EQ(ret, 0); + GTEST_LOG_(INFO) << "FilePermissionTest-end DeactivateAccessingUri"; +} +} // namespace OHOS::AppFileService \ No newline at end of file diff --git a/test/unittest/resource/ohos_test.xml b/test/unittest/resource/ohos_test.xml index df7e93bd1..70d1b61dc 100644 --- a/test/unittest/resource/ohos_test.xml +++ b/test/unittest/resource/ohos_test.xml @@ -43,4 +43,13 @@