From 947ab1028edfeeaf837d5163256ce286a53fecfa Mon Sep 17 00:00:00 2001
From: LVB8189 <lvbai1@huawei.com>
Date: Thu, 14 Dec 2023 11:04:31 +0800
Subject: [PATCH] add sandboxmanager

Signed-off-by: LVB8189 <lvbai1@huawei.com>
---
 app_file_service.gni                               |  7 +++++++
 interfaces/innerkits/native/BUILD.gn               |  5 +++++
 .../native/file_share/src/file_permission.cpp      | 14 +++++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app_file_service.gni b/app_file_service.gni
index e97d14426..b85f78087 100644
--- a/app_file_service.gni
+++ b/app_file_service.gni
@@ -16,3 +16,10 @@ utils_system_safwk_path = "//utils/system/safwk"
 path_base = "//commonlibrary/c_utils/base"
 path_napi = "//foundation/arkui/napi"
 app_file_service_path = "//foundation/filemanagement/app_file_service"
+declare_args() {
+    sandbox_manager = false
+    if (defined(global_parts_info) &&
+    defined(global_parts_info.accesscontrol_sandbox_manager)) {
+        sandbox_manager = true
+    }
+}
\ No newline at end of file
diff --git a/interfaces/innerkits/native/BUILD.gn b/interfaces/innerkits/native/BUILD.gn
index bc2f205ea..fb9c8a6eb 100644
--- a/interfaces/innerkits/native/BUILD.gn
+++ b/interfaces/innerkits/native/BUILD.gn
@@ -61,6 +61,11 @@ ohos_shared_library("fileshare_native") {
     "hilog:libhilog",
   ]
 
+  defines = []
+  if (sandbox_manager) {
+    external_deps += [ "sandbox_manager:libsandbox_manager_sdk" ]
+    defines += [ "SANDBOX_MANAGER" ]
+  }
   part_name = "app_file_service"
   subsystem_name = "filemanagement"
 }
diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp
index 492dd8584..fc7efb681 100644
--- a/interfaces/innerkits/native/file_share/src/file_permission.cpp
+++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp
@@ -18,6 +18,10 @@
 #include "log.h"
 #include "uri.h"
 
+#ifdef SANDBOX_MANAGER
+#include "sandbox_manager_kit.h"
+#endif
+
 namespace OHOS {
 namespace AppFileService {
 const std::string MEDIA_AUTHORITY = "media";
@@ -112,7 +116,15 @@ int32_t FilePermission::PersistPermission(const vector<UriPolicyInfo> &uriPolici
     vector<PathPolicyInfo> pathPolicies;
     vector<uint32_t> resultCodes;
     GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults, pathPolicies);
-    // SandboxManager interface call
+#ifdef SANDBOX_MANAGER
+    LOGE("SANDBOX_MANAGER success");
+    int32_t errorCode = persistPermission(pathPolicies, resultCodes);
+    if(errorCode != 0){
+        LOGE("sandbox manager persist permission failed");
+        return EPERM;
+    }
+#endif
+
     GetErrorResults(resultCodes, pathPolicies, errorResults);
     if (!errorResults.empty()) {
         LOGE("There are some URI operations that fail");
-- 
Gitee