From 5a791911b4ca77dc452c051e1bd2589a45d06d9c Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Mon, 5 Feb 2024 09:47:34 +0800 Subject: [PATCH 1/6] fix: add ndk&js interface Signed-off-by: weishaoxiong --- bundle.json | 12 +- .../file_share/include/file_permission.h | 2 + .../native/file_share/src/file_permission.cpp | 64 ++++++ .../kits/js/file_share/grant_permissions.cpp | 66 +++++++ .../kits/js/file_share/grant_permissions.h | 7 + interfaces/ndk/fileshare/BUILD.gn | 26 +++ .../ndk/fileshare/include/file_share_ndk.h | 186 ++++++++++++++++++ .../ndk/fileshare/libfile_share.ndk.json | 7 + interfaces/ndk/fileshare/src/BUILD.gn | 47 +++++ .../ndk/fileshare/src/file_share_ndk.cpp | 157 +++++++++++++++ 10 files changed, 573 insertions(+), 1 deletion(-) create mode 100644 interfaces/ndk/fileshare/BUILD.gn create mode 100644 interfaces/ndk/fileshare/include/file_share_ndk.h create mode 100644 interfaces/ndk/fileshare/libfile_share.ndk.json create mode 100644 interfaces/ndk/fileshare/src/BUILD.gn create mode 100644 interfaces/ndk/fileshare/src/file_share_ndk.cpp diff --git a/bundle.json b/bundle.json index c2bf2f5a5..38d32f0ba 100644 --- a/bundle.json +++ b/bundle.json @@ -59,7 +59,8 @@ "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:app_file_service_native", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileshare", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileuri", - "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup" + "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup", + "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/src:file_share_ndk" ], "service_group": [ "//foundation/filemanagement/app_file_service:tgt_backup_extension", @@ -69,6 +70,15 @@ ] }, "inner_kits": [ + { + "name": "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/src:file_share_ndk", + "header": { + "header_files": [ + "file_share_ndk.h" + ], + "header_base": "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/include" + } + }, { "name": "//foundation/filemanagement/app_file_service/interfaces/innerkits/native:fileshare_native", "header": { diff --git a/interfaces/innerkits/native/file_share/include/file_permission.h b/interfaces/innerkits/native/file_share/include/file_permission.h index d563e234a..f4488d5ce 100644 --- a/interfaces/innerkits/native/file_share/include/file_permission.h +++ b/interfaces/innerkits/native/file_share/include/file_permission.h @@ -71,6 +71,8 @@ public: deque &errorResults); static int32_t DeactivatePermission(const vector &uriPolicies, deque &errorResults); + static int32_t CheckPersistentPermission(const vector &uriPolicies, + vector &errorResults); #ifdef SANDBOX_MANAGER private: static void ParseErrorResults(const vector &resultCodes, diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index dbcd11f9f..87e54e29b 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -88,6 +88,18 @@ int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode, } return FileManagement::LibN::E_UNKNOWN_ERROR; } + +int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode) +{ + if (sandboxManagerErrorCode == INVALID_PARAMTER) { + LOGE("The number of incoming URIs is too many"); + return FileManagement::LibN::E_PARAMS; + } + if (sandboxManagerErrorCode == SANDBOX_MANAGER_OK) { + return 0; + } + return FileManagement::LibN::E_UNKNOWN_ERROR; +} } // namespace void FilePermission::ParseErrorResults(const vector &resultCodes, const vector &pathPolicies, @@ -115,6 +127,16 @@ void FilePermission::ParseErrorResults(const vector &resultCodes, } } +void FilePermission::ParseErrorResults(const vector &resultCodes, + vector &errorResults) +{ + for (size_t i = 0, j = 0; i < errorResults.size(); i++) { + if (errorResults[i]) { + errorResults[i] = resultCodes[j++]; + } + } +} + vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, deque &errorResults) { @@ -138,6 +160,30 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect } return pathPolicies; } + +vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, + vector &errorResults) +{ + vector pathPolicies; + for (auto uriPolicy : uriPolicies) { + Uri uri(uriPolicy.uri); + string path = uri.GetPath(); + if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) { + LOGE("Not correct uri!"); + errorResults.emplace_back(false); + } else { + string currentUserId = to_string(IPCSkeleton::GetCallingTokenID() / AppExecFwk::Constants::BASE_USER_RANGE); + int32_t ret = SandboxHelper::GetPhysicalPath(uri.ToString(), currentUserId, path); + if (ret != 0) { + LOGE("Failed to get physical path, errorcode: %{public}d", ret); + } + PolicyInfo policyInfo = {path, uriPolicy.mode}; + pathPolicies.emplace_back(policyInfo); + errorResults.emplace_back(true); + } + } + return pathPolicies; +} #endif int32_t FilePermission::PersistPermission(const vector &uriPolicies, deque &errorResults) @@ -202,5 +248,23 @@ int32_t FilePermission::DeactivatePermission(const vector &uriPol #endif return errorCode; } + +int32_t FilePermission::CheckPersistentPermission(const vector &uriPolicies, + vector &errorResults) +{ + int errorCode = 0; +#ifdef SANDBOX_MANAGER + vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); + vector resultCodes; + auto tokenId = IPCSkeleton::GetCallingTokenID(); + int32_t errorCode = SandboxManagerKit::CheckPersistPolicy(tokenId, pathPolicies, resultCodes); + errorCode = ErrorCodeConversion(sandboxManagerErrorCode); + if (errorCode != 0) { + resultCodes.resize(pathPolicies.size()); + } + ParseErrorResults(resultCodes, pathPolicies, errorResults); +#endif + return errorCode; +} } // namespace AppFileService } // namespace OHOS \ No newline at end of file diff --git a/interfaces/kits/js/file_share/grant_permissions.cpp b/interfaces/kits/js/file_share/grant_permissions.cpp index c038a0923..65c238d55 100644 --- a/interfaces/kits/js/file_share/grant_permissions.cpp +++ b/interfaces/kits/js/file_share/grant_permissions.cpp @@ -20,6 +20,7 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "ipc_skeleton.h" +#include "js_native_api.h" #include "log.h" #include "n_napi.h" #include "parameter.h" @@ -78,6 +79,27 @@ static napi_value GetErrData(napi_env env, deque &erro return res; } +static napi_value GetResultData(napi_env env, vector &results) +{ + napi_value res = nullptr; + napi_status status = napi_create_array(env, &res); + if (status != napi_ok) { + LOGE("Failed to create array"); + return nullptr; + } + size_t index = 0; + for (const auto &iter : results) { + napi_value value; + napi_get_boolean(env, iter, &value); + status = napi_set_element(env, res, index++, value); + if (status != napi_ok) { + LOGE("Failed to set element on data"); + return nullptr; + } + } + return res; +} + static napi_status GetUriPoliciesArg(napi_env env, napi_value agrv, std::vector &uriPolicies) { uint32_t count; @@ -319,6 +341,50 @@ napi_value DeactivatePermission(napi_env env, napi_callback_info info) NVal thisVar(env, funcArg.GetThisVar()); return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; } + +napi_value CheckPersistentPermission(napi_env env, napi_callback_info info) +{ + if (!CheckFileManagerFullMountEnable()) { + LOGE("The device doesn't support this api"); + NError(E_DEVICENOTSUPPORT).ThrowErr(env); + return nullptr; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + LOGE("PersistPermission has not ohos permission!"); + NError(E_PERMISSION).ThrowErr(env); + return nullptr; + } + NFuncArg funcArg(env, info); + if (!funcArg.InitArgs(NARG_CNT::ONE)) { + LOGE("ActivatePermission Number of arguments unmatched"); + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + std::vector uriPolicies; + if (GetUriPoliciesArg(env, funcArg[NARG_POS::FIRST], uriPolicies) != napi_ok) { + NError(E_PARAMS).ThrowErr(env); + return nullptr; + } + shared_ptr arg = make_shared(); + if (arg == nullptr) { + NError(EILSEQ).ThrowErr(env); + return nullptr; + } + auto cbExec = [uriPolicies, arg]() -> NError { + arg->errNo = FilePermission::CheckPersistentPermission(uriPolicies, arg->resultData); + return NError(arg->errNo); + }; + auto cbCompl = [arg](napi_env env, NError err) -> NVal { + if (arg->errNo != 0) { + return {env, err.GetNapiErr(env)}; + } + return {env, GetResultData(env, arg->resultData)}; + }; + const string procedureName = "check_persist_permission"; + NVal thisVar(env, funcArg.GetThisVar()); + return NAsyncWorkPromise(env, thisVar).Schedule(procedureName, cbExec, cbCompl).val_; +} + } // namespace ModuleFileShare } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/kits/js/file_share/grant_permissions.h b/interfaces/kits/js/file_share/grant_permissions.h index c025a4b77..285033667 100644 --- a/interfaces/kits/js/file_share/grant_permissions.h +++ b/interfaces/kits/js/file_share/grant_permissions.h @@ -28,12 +28,19 @@ napi_value PersistPermission(napi_env env, napi_callback_info info); napi_value RevokePermission(napi_env env, napi_callback_info info); napi_value ActivatePermission(napi_env env, napi_callback_info info); napi_value DeactivatePermission(napi_env env, napi_callback_info info); +napi_value CheckPersistentPermission(napi_env env, napi_callback_info info); struct PolicyErrorArgs { deque errorResults; int32_t errNo = 0; ~PolicyErrorArgs() = default; }; + +struct PolicyInfoResultArgs { + vector resultData; + int32_t errNo = 0; + ~PolicyInfoResultArgs() = default; +}; } // namespace ModuleFileShare } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/ndk/fileshare/BUILD.gn b/interfaces/ndk/fileshare/BUILD.gn new file mode 100644 index 000000000..97c89dcad --- /dev/null +++ b/interfaces/ndk/fileshare/BUILD.gn @@ -0,0 +1,26 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("//build/ohos/ndk/ndk.gni") + +ohos_ndk_library("libfile_share_ndk") { + ndk_description_file = "./libfile_share.ndk.json" + min_compact_version = "12" + output_name = "fileshare" +} + +ohos_ndk_headers("fileshare_header") { + dest_dir = "$ndk_headers_out_dir/fileshare/" + sources = [ "./include/file_share_ndk.h" ] +} \ No newline at end of file diff --git a/interfaces/ndk/fileshare/include/file_share_ndk.h b/interfaces/ndk/fileshare/include/file_share_ndk.h new file mode 100644 index 000000000..427f4d05c --- /dev/null +++ b/interfaces/ndk/fileshare/include/file_share_ndk.h @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_SHARE_NDK_H +#define FILE_SHARE_NDK_H +/** + * @addtogroup fileShare + * + * @brief This module provides file sharing capabilities and provides an interface for system applications to authorize + * the Uniform Resource Identifier (URI) of public directory files with read and write permissions to other applications. + * @since 12 + */ + +/** + * @file file_share_ndk.h + * + * @brief Provides fileshare APIS. + * @library libfile_share_ndk.z.so + * @syscap SystemCapability.FileManagement.AppFileService.FolderAuthorization + * @since 12 + */ +#ifdef __cplusplus +extern "C" { +#endif +/** + * @brief Enumerates the uri operate mode types. + * + * @since 12 + */ +typedef enum OH_OperationMode { + /** + * @brief Indicates read permissions. + */ + READ_MODE = 0b1, + + /** + * @brief Indicates write permissions. + */ + WRITE_MODE = 0b10 +} OH_OperationMode; + +/** + * @brief Enumerates the error code of the permission policy for the URI operation. + * + * @since 12 + */ +typedef enum OH_PolicyErrorCode { + /** + * @brief Indicates that the policy is not allowed to be persisted. + */ + PERSISTENCE_FORBIDDEN = 1, + + /** + * @brief Indicates that the mode of this policy is invalid. + */ + INVALID_MODE = 2, + + /** + * @brief Indicates that the path of this policy is invalid. + */ + INVALID_PATH = 3 +} OH_PolicyErrorCode; + +/** + * @brief Define the OH_PolicyErrorResult structure type. + * + * Failed policy result on URI. + * + * @since 12 + */ +typedef struct OH_PolicyErrorResult { + /** + * Indicates the failed uri of the policy information. + */ + char* uri; + + /** + * Indicates the error code of the failure in the policy information. + */ + OH_PolicyErrorCode code; + + /** + * Indicates the reason of the failure in the policy information. + */ + char* message; +} OH_PolicyErrorResult; + +/** + * @brief Define the OH_PolicyInfo structure type. + * + * Policy information to manager permissions on a URI. + * + * @since 12 + */ +typedef struct OH_PolicyInfo { + /** + * Indicates the uri of the policy information. + */ + char* uri; + + /** + * Indicates the mode of operation for the URI. + * example { OH_OperationMode.READ_MODE } or { OH_OperationMode.READ_MODE | OH_OperationMode.WRITE_MODE }. + */ + int operationMode; +} OH_PolicyInfo; + +/** + * @brief Set persistence permissions for the URI. + * + * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @param policyNum Indicates the size of the policies array. + * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. + * @param resultNum Indicates the size of the result array. + * @return Returns the status code of the execution. + * @see OH_PolicyInfo, OH_PolicyErrorResult + * @since 12 + */ +int OH_FileShare_PersistPermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); + +/** + * @brief Revoke persistence permissions for the URI. + * + * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @param policyNum Indicates the size of the policies array. + * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. + * @param resultNum Indicates the size of the result array. + * @return Returns the status code of the execution. + * @see OH_PolicyInfo, OH_PolicyErrorResult + * @since 12 + */ +int OH_FileShare_RevokePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); + +/** + * @brief Enable the URI that have been permanently authorized. + * + * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @param policyNum Indicates the size of the policies array. + * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. + * @param resultNum Indicates the size of the result array. + * @return Returns the status code of the execution. + * @see OH_PolicyInfo, OH_PolicyErrorResult + * @since 12 + */ +int OH_FileShare_ActivatePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); + +/** + * @brief Stop the authorized URI that has been enabled. + * + * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @param policyNum Indicates the size of the policies array. + * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. + * @param resultNum Indicates the size of the result array. + * @return Returns the status code of the execution. + * @see OH_PolicyInfo, OH_PolicyErrorResult + * @since 12 + */ +int OH_FileShare_DeactivatePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); + +/** + * @brief Check persistence permissions for the URI.. + * + * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @param policyNum Indicates the size of the policies array. + * @param result Represents a pointer to an bool instance. + * @return Returns the status code of the execution. + * @see OH_PolicyInfo, OH_PolicyErrorResult + * @since 12 + */ +int OH_FileShare_CheckPersistentPermission(const OH_PolicyInfo *policies, int policyNum, bool **result); +#ifdef __cplusplus +}; +#endif +#endif //FILE_SHARE_NDK_H diff --git a/interfaces/ndk/fileshare/libfile_share.ndk.json b/interfaces/ndk/fileshare/libfile_share.ndk.json new file mode 100644 index 000000000..7f0b7832e --- /dev/null +++ b/interfaces/ndk/fileshare/libfile_share.ndk.json @@ -0,0 +1,7 @@ +[ + {"name":"OH_FileShare_PersistPermission" }, + {"name":"OH_FileShare_RevokePermission" }, + {"name":"OH_FileShare_ActivatePermission" }, + {"name":"OH_FileShare_DeactivatePermission" }, + {"name":"OH_FileShare_CheckPersistPermission" } +] \ No newline at end of file diff --git a/interfaces/ndk/fileshare/src/BUILD.gn b/interfaces/ndk/fileshare/src/BUILD.gn new file mode 100644 index 000000000..06c3057bf --- /dev/null +++ b/interfaces/ndk/fileshare/src/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") + +ohos_shared_library("file_share_ndk"){ + branch_protector_ret = "pac_ret" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + + include_dirs = [ + "../include", + "${app_file_service_path}/interfaces/innerkits/native/file_share/include/", + ] + sources = [ + "file_share_ndk.cpp", + ] + deps = [ + "${app_file_service_path}/interfaces/innerkits/native:fileshare_native", + ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "init:libbegetutil", + ] + + relative_install_dir = "ndk" + part_name = "app_file_service" + subsystem_name = "filemanagement" +} \ No newline at end of file diff --git a/interfaces/ndk/fileshare/src/file_share_ndk.cpp b/interfaces/ndk/fileshare/src/file_share_ndk.cpp new file mode 100644 index 000000000..14b35b134 --- /dev/null +++ b/interfaces/ndk/fileshare/src/file_share_ndk.cpp @@ -0,0 +1,157 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "file_share_ndk.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "ipc_skeleton.h" +#include "log.h" +#include "parameter.h" +#include "securec.h" +#include "tokenid_kit.h" +#include +#include +#include "file_permission.h" + +using namespace OHOS; +using namespace OHOS::AppFileService; +using namespace OHOS::Security::AccessToken; +const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; +const char *g_fullMountEnableParameter = "const.filemanager.full_mount.enable"; +using Exec = std::function &uriPolicies, + deque &errorResults)>; +static bool CheckPermission(const string &permission) +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + return AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == PermissionState::PERMISSION_GRANTED; +} + +static bool CheckFileManagerFullMountEnable() +{ + char value[] = "false"; + int retSystem = GetParameter(g_fullMountEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !strcmp(value, "true")) { + LOGE("The full mount enable parameter is true"); + return true; + } + LOGD("The full mount enable parameter is false"); + return false; +} + +bool ConvertPolicyInfo(const OH_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) +{ + if (policies == nullptr || policyNum <= 0) { + return false; + } + for (int32_t i = 0; i < policyNum; i++) { + UriPolicyInfo policyInfo; + policyInfo.uri = policies[i].uri; + policyInfo.mode = policies[i].operationMode; + uriPolicies.push_back(policyInfo); + } + return true; +} + +bool ConvertPolicyErrorResult(const deque &errorResults, OH_PolicyErrorResult **result) +{ + auto count = errorResults.size(); + *result = (OH_PolicyErrorResult*)malloc(count * sizeof(OH_PolicyErrorResult)); + if (*result == nullptr) { + return false; + } + for (int32_t i = 0; i < count; i++) { + strcpy_s((*result)[i].uri, errorResults[i].uri.size() + 1, errorResults[i].uri.c_str()); + (*result)[i].code = static_cast(errorResults[i].code); + strcpy_s((*result)[i].message, errorResults[i].message.size() + 1, errorResults[i].message.c_str()); + } + return true; +} + +bool ConvertPolicyErrorResult(const vector &errorResults, bool **result) +{ + auto count = errorResults.size(); + *result = (bool*)malloc(count * sizeof(bool)); + if (*result == nullptr) { + return false; + } + for (uint32_t i = 0; i < count; i++) { + (*result)[i] = errorResults[i]; + } + return true; +} + +int ExecAction(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum, Exec exec) +{ + if (!CheckFileManagerFullMountEnable()) { + return -1; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + return -1; + } + std::vector uriPolicies; + if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { + return -1; + } + deque errorResults; + auto ret = exec(uriPolicies, errorResults); + (*resultNum) = errorResults.size(); + if (ret == 0) { + return ret; + } + if (!ConvertPolicyErrorResult(errorResults, result)) { + return -1; + } + return ret; +} +int OH_FileShare_PersistPermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +{ + return ExecAction(policies, policyNum, result, resultNum, FilePermission::PersistPermission); +} + +int OH_FileShare_RevokePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +{ + return ExecAction(policies, policyNum, result, resultNum, FilePermission::RevokePermission); +} + +int OH_FileShare_ActivatePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +{ + return ExecAction(policies, policyNum, result, resultNum, FilePermission::ActivatePermission); +} + +int OH_FileShare_DeactivatePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +{ + return ExecAction(policies, policyNum, result, resultNum, FilePermission::DeactivatePermission); +} + +int OH_FileShare_CheckPersistentPermission(const OH_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum) +{ + if (!CheckFileManagerFullMountEnable()) { + return -1; + } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + return -1; + } + std::vector uriPolicies; + if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { + return -1; + } + vector errorResults; + auto ret = FilePermission::CheckPersistentPermission(uriPolicies, errorResults); + (*resultNum) = errorResults.size(); + if (!ConvertPolicyErrorResult(errorResults, result)) { + return -1; + } + return ret; +} \ No newline at end of file -- Gitee From f95cecff0d3b735108893652a461966706130367 Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Mon, 19 Feb 2024 15:25:36 +0800 Subject: [PATCH 2/6] fix: Signed-off-by: weishaoxiong --- bundle.json | 8 +- .../native/file_share/src/file_permission.cpp | 2 +- interfaces/{ => kits}/ndk/fileshare/BUILD.gn | 18 ++- .../kits/ndk/fileshare/include/native_error.h | 28 ++++ .../ndk/fileshare/include/oh_file_share.h} | 136 +++++++++++------- .../kits/ndk/fileshare/libfile_share.ndk.json | 26 ++++ .../{ => kits}/ndk/fileshare/src/BUILD.gn | 17 +-- .../ndk/fileshare/src/oh_file_share.cpp} | 117 ++++++++------- .../ndk/fileshare/libfile_share.ndk.json | 7 - 9 files changed, 218 insertions(+), 141 deletions(-) rename interfaces/{ => kits}/ndk/fileshare/BUILD.gn (60%) create mode 100644 interfaces/kits/ndk/fileshare/include/native_error.h rename interfaces/{ndk/fileshare/include/file_share_ndk.h => kits/ndk/fileshare/include/oh_file_share.h} (41%) create mode 100644 interfaces/kits/ndk/fileshare/libfile_share.ndk.json rename interfaces/{ => kits}/ndk/fileshare/src/BUILD.gn (83%) rename interfaces/{ndk/fileshare/src/file_share_ndk.cpp => kits/ndk/fileshare/src/oh_file_share.cpp} (36%) delete mode 100644 interfaces/ndk/fileshare/libfile_share.ndk.json diff --git a/bundle.json b/bundle.json index 38d32f0ba..1e432a144 100644 --- a/bundle.json +++ b/bundle.json @@ -60,7 +60,7 @@ "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileshare", "//foundation/filemanagement/app_file_service/interfaces/kits/js:fileuri", "//foundation/filemanagement/app_file_service/interfaces/kits/js:backup", - "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/src:file_share_ndk" + "//foundation/filemanagement/app_file_service/interfaces/kits/ndk/fileshare/src:ohfileshare" ], "service_group": [ "//foundation/filemanagement/app_file_service:tgt_backup_extension", @@ -71,12 +71,12 @@ }, "inner_kits": [ { - "name": "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/src:file_share_ndk", + "name": "//foundation/filemanagement/app_file_service/interfaces/kits/ndk/fileshare/src:ohfileshare", "header": { "header_files": [ - "file_share_ndk.h" + "oh_file_share.h" ], - "header_base": "//foundation/filemanagement/app_file_service/interfaces/ndk/fileshare/include" + "header_base": "//foundation/filemanagement/app_file_service/interfaces/kits/ndk/fileshare/include" } }, { diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index 87e54e29b..dd4af2df4 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -257,7 +257,7 @@ int32_t FilePermission::CheckPersistentPermission(const vector &u vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); vector resultCodes; auto tokenId = IPCSkeleton::GetCallingTokenID(); - int32_t errorCode = SandboxManagerKit::CheckPersistPolicy(tokenId, pathPolicies, resultCodes); + int32_t sandboxManagerErrorCode = SandboxManagerKit::CheckPersistPolicy(tokenId, pathPolicies, resultCodes); errorCode = ErrorCodeConversion(sandboxManagerErrorCode); if (errorCode != 0) { resultCodes.resize(pathPolicies.size()); diff --git a/interfaces/ndk/fileshare/BUILD.gn b/interfaces/kits/ndk/fileshare/BUILD.gn similarity index 60% rename from interfaces/ndk/fileshare/BUILD.gn rename to interfaces/kits/ndk/fileshare/BUILD.gn index 97c89dcad..95e1fecee 100644 --- a/interfaces/ndk/fileshare/BUILD.gn +++ b/interfaces/kits/ndk/fileshare/BUILD.gn @@ -14,13 +14,21 @@ import("//build/ohos.gni") import("//build/ohos/ndk/ndk.gni") -ohos_ndk_library("libfile_share_ndk") { +ohos_ndk_library("libohfileshare") { ndk_description_file = "./libfile_share.ndk.json" min_compact_version = "12" - output_name = "fileshare" + output_name = "ohfileshare" + output_extension = "so" + system_capability = "SystemCapability.FileManagement.AppFileService.FolderAuthorization" + system_capability_headers = [ + "$ndk_headers_out_dir/filemanagement/fileshare/oh_file_share.h", + ] } -ohos_ndk_headers("fileshare_header") { - dest_dir = "$ndk_headers_out_dir/fileshare/" - sources = [ "./include/file_share_ndk.h" ] +ohos_ndk_headers("oh_file_share_header") { + dest_dir = "$ndk_headers_out_dir/filemanagement/fileshare/" + sources = [ + "./include/oh_file_share.h", + "../fileio/include/error_code.h", + ] } \ No newline at end of file diff --git a/interfaces/kits/ndk/fileshare/include/native_error.h b/interfaces/kits/ndk/fileshare/include/native_error.h new file mode 100644 index 000000000..8615642c2 --- /dev/null +++ b/interfaces/kits/ndk/fileshare/include/native_error.h @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H +#define FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H + +#include +enum OH_FileManagement_ErrCode { + E_NO_ERROR = 0, + E_PERMISSION = 201, + E_PARAMS = 401, + E_DEVICE_NOT_SUPPORT = 801, + E_UNKNOWN_ERROR = 13900042 +}; + +#endif // FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H \ No newline at end of file diff --git a/interfaces/ndk/fileshare/include/file_share_ndk.h b/interfaces/kits/ndk/fileshare/include/oh_file_share.h similarity index 41% rename from interfaces/ndk/fileshare/include/file_share_ndk.h rename to interfaces/kits/ndk/fileshare/include/oh_file_share.h index 427f4d05c..b6c874aa7 100644 --- a/interfaces/ndk/fileshare/include/file_share_ndk.h +++ b/interfaces/kits/ndk/fileshare/include/oh_file_share.h @@ -13,21 +13,25 @@ * limitations under the License. */ -#ifndef FILE_SHARE_NDK_H -#define FILE_SHARE_NDK_H +#ifndef FILE_MANAGEMENT_OH_FILE_SHARE_H +#define FILE_MANAGEMENT_OH_FILE_SHARE_H + +#include "native_error.h" + /** * @addtogroup fileShare - * + * @{ + * * @brief This module provides file sharing capabilities and provides an interface for system applications to authorize * the Uniform Resource Identifier (URI) of public directory files with read and write permissions to other applications. * @since 12 */ /** - * @file file_share_ndk.h + * @file oh_file_share.h * - * @brief Provides fileshare APIS. - * @library libfile_share_ndk.z.so + * @brief Provides fileShare APIS. + * @library libohfileshare.so * @syscap SystemCapability.FileManagement.AppFileService.FolderAuthorization * @since 12 */ @@ -39,24 +43,24 @@ extern "C" { * * @since 12 */ -typedef enum OH_OperationMode { +typedef enum FileShare_OperationMode { /** * @brief Indicates read permissions. */ - READ_MODE = 0b1, + READ_MODE = 1 << 0, /** * @brief Indicates write permissions. */ - WRITE_MODE = 0b10 -} OH_OperationMode; + WRITE_MODE = 1 << 1 +} FileShare_OperationMode; /** * @brief Enumerates the error code of the permission policy for the URI operation. * * @since 12 */ -typedef enum OH_PolicyErrorCode { +typedef enum FileShare_PolicyErrorCode { /** * @brief Indicates that the policy is not allowed to be persisted. */ @@ -70,117 +74,143 @@ typedef enum OH_PolicyErrorCode { /** * @brief Indicates that the path of this policy is invalid. */ - INVALID_PATH = 3 -} OH_PolicyErrorCode; + INVALID_PATH = 3, + + /** + * @brief Indicates that the policy is no persistent capability. + */ + PERMISSION_NOT_PERSISTED = 4 +} FileShare_PolicyErrorCode; /** - * @brief Define the OH_PolicyErrorResult structure type. + * @brief Define the FileShare_PolicyErrorResult structure type. * * Failed policy result on URI. * * @since 12 */ -typedef struct OH_PolicyErrorResult { +typedef struct FileShare_PolicyErrorResult { /** * Indicates the failed uri of the policy information. */ - char* uri; + char *uri; /** * Indicates the error code of the failure in the policy information. */ - OH_PolicyErrorCode code; + FileShare_PolicyErrorCode code; /** * Indicates the reason of the failure in the policy information. */ - char* message; -} OH_PolicyErrorResult; + char *message; +} FileShare_PolicyErrorResult; /** - * @brief Define the OH_PolicyInfo structure type. + * @brief Define the FileShare_PolicyInfo structure type. * * Policy information to manager permissions on a URI. * * @since 12 */ -typedef struct OH_PolicyInfo { +typedef struct FileShare_PolicyInfo { /** * Indicates the uri of the policy information. */ - char* uri; + char *uri; + + /** + * Indicates The length of the uri. + */ + unsigned int length; /** * Indicates the mode of operation for the URI. - * example { OH_OperationMode.READ_MODE } or { OH_OperationMode.READ_MODE | OH_OperationMode.WRITE_MODE }. + * example { FileShare_OperationMode.READ_MODE } or { FileShare_OperationMode.READ_MODE | FileShare_OperationMode.WRITE_MODE }. */ - int operationMode; -} OH_PolicyInfo; + unsigned int operationMode; +} FileShare_PolicyInfo; /** - * @brief Set persistence permissions for the URI. + * @brief Set persistent permissions for the URI. * - * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @permission ohos.permission.FILE_ACCESS_PERSIST + * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. - * @param resultNum Indicates the size of the result array. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. - * @see OH_PolicyInfo, OH_PolicyErrorResult * @since 12 */ -int OH_FileShare_PersistPermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); +OH_FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, + FileShare_PolicyErrorResult **result, unsigned int *resultNum); /** - * @brief Revoke persistence permissions for the URI. + * @brief Revoke persistent permissions for the URI. * - * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @permission ohos.permission.FILE_ACCESS_PERSIST + * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. - * @param resultNum Indicates the size of the result array. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. - * @see OH_PolicyInfo, OH_PolicyErrorResult * @since 12 */ -int OH_FileShare_RevokePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); +OH_FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, + FileShare_PolicyErrorResult **result, unsigned int *resultNum); /** * @brief Enable the URI that have been permanently authorized. * - * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @permission ohos.permission.FILE_ACCESS_PERSIST + * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. - * @param resultNum Indicates the size of the result array. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. - * @see OH_PolicyInfo, OH_PolicyErrorResult * @since 12 */ -int OH_FileShare_ActivatePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); +OH_FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, + FileShare_PolicyErrorResult **result, unsigned int *resultNum); /** * @brief Stop the authorized URI that has been enabled. * - * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @permission ohos.permission.FILE_ACCESS_PERSIST + * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Represents a pointer to an {@link OH_PolicyErrorResult} instance. - * @param resultNum Indicates the size of the result array. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. - * @see OH_PolicyInfo, OH_PolicyErrorResult * @since 12 */ -int OH_FileShare_DeactivatePermission(const OH_PolicyInfo *policies, int policyNum, OH_PolicyErrorResult **result, int *resultNum); +OH_FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum); /** - * @brief Check persistence permissions for the URI.. + * @brief Check persistent permissions for the URI. * - * @param policies Represents a pointer to an {@link OH_PolicyInfo} instance. + * @permission ohos.permission.FILE_ACCESS_PERSIST + * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Represents a pointer to an bool instance. + * @param result Output a pointer to an bool instance. Please use free() to clear Resource. + * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. - * @see OH_PolicyInfo, OH_PolicyErrorResult * @since 12 */ -int OH_FileShare_CheckPersistentPermission(const OH_PolicyInfo *policies, int policyNum, bool **result); +OH_FileManagement_ErrCode OH_FileShare_CheckPersistentPermission( + const FileShare_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum); + +/** + * @brief Free FileShare_PolicyErrorResult pointer points to address memory. + * + * @param errorResult Input a pointer to an {@link FileShare_PolicyErrorResult} instance. + * @param resultNum Indicates the size of the errorResult array. + * @since 12 + */ +void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *errorResult, unsigned int resultNum); #ifdef __cplusplus }; #endif -#endif //FILE_SHARE_NDK_H +/** @} */ +#endif // FILE_MANAGEMENT_OH_FILE_SHARE_H diff --git a/interfaces/kits/ndk/fileshare/libfile_share.ndk.json b/interfaces/kits/ndk/fileshare/libfile_share.ndk.json new file mode 100644 index 000000000..fb133d6bd --- /dev/null +++ b/interfaces/kits/ndk/fileshare/libfile_share.ndk.json @@ -0,0 +1,26 @@ +[ + { + "first_introduced": "12", + "name": "OH_FileShare_PersistPermission" + }, + { + "first_introduced": "12", + "name": "OH_FileShare_RevokePermission" + }, + { + "first_introduced": "12", + "name": "OH_FileShare_ActivatePermission" + }, + { + "first_introduced": "12", + "name": "OH_FileShare_DeactivatePermission" + }, + { + "first_introduced": "12", + "name": "OH_FileShare_CheckPersistPermission" + }, + { + "first_introduced": "12", + "name": "OH_FileShare_ReleasePolicyErrorResult" + } +] \ No newline at end of file diff --git a/interfaces/ndk/fileshare/src/BUILD.gn b/interfaces/kits/ndk/fileshare/src/BUILD.gn similarity index 83% rename from interfaces/ndk/fileshare/src/BUILD.gn rename to interfaces/kits/ndk/fileshare/src/BUILD.gn index 06c3057bf..132aa90d4 100644 --- a/interfaces/ndk/fileshare/src/BUILD.gn +++ b/interfaces/kits/ndk/fileshare/src/BUILD.gn @@ -10,11 +10,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - import("//build/ohos.gni") import("//foundation/filemanagement/app_file_service/app_file_service.gni") -ohos_shared_library("file_share_ndk"){ +ohos_shared_library("ohfileshare"){ branch_protector_ret = "pac_ret" sanitize = { cfi = true @@ -26,21 +25,17 @@ ohos_shared_library("file_share_ndk"){ "../include", "${app_file_service_path}/interfaces/innerkits/native/file_share/include/", ] - sources = [ - "file_share_ndk.cpp", - ] - deps = [ - "${app_file_service_path}/interfaces/innerkits/native:fileshare_native", - ] + + sources = [ "oh_file_share.cpp" ] + deps = [ "${app_file_service_path}/interfaces/innerkits/native:fileshare_native" ] external_deps = [ "c_utils:utils", "hilog:libhilog", "ipc:ipc_core", "access_token:libaccesstoken_sdk", - "access_token:libtokenid_sdk", - "init:libbegetutil", + "access_token:libtokenid_sdk" ] - + output_extension = "so" relative_install_dir = "ndk" part_name = "app_file_service" subsystem_name = "filemanagement" diff --git a/interfaces/ndk/fileshare/src/file_share_ndk.cpp b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp similarity index 36% rename from interfaces/ndk/fileshare/src/file_share_ndk.cpp rename to interfaces/kits/ndk/fileshare/src/oh_file_share.cpp index 14b35b134..41d52d1c2 100644 --- a/interfaces/ndk/fileshare/src/file_share_ndk.cpp +++ b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp @@ -13,50 +13,37 @@ * limitations under the License. */ -#include "file_share_ndk.h" +#include "oh_file_share.h" #include "access_token.h" #include "accesstoken_kit.h" #include "ipc_skeleton.h" #include "log.h" -#include "parameter.h" #include "securec.h" #include "tokenid_kit.h" #include #include +#include #include "file_permission.h" +#include "native_error.h" -using namespace OHOS; -using namespace OHOS::AppFileService; -using namespace OHOS::Security::AccessToken; +using namespace std; const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const char *g_fullMountEnableParameter = "const.filemanager.full_mount.enable"; -using Exec = std::function &uriPolicies, - deque &errorResults)>; +using Exec = std::function &uriPolicies, + deque &errorResults)>; static bool CheckPermission(const string &permission) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - return AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == PermissionState::PERMISSION_GRANTED; + OHOS::Security::AccessToken::AccessTokenID tokenCaller = OHOS::IPCSkeleton::GetCallingTokenID(); + return OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED; } -static bool CheckFileManagerFullMountEnable() -{ - char value[] = "false"; - int retSystem = GetParameter(g_fullMountEnableParameter, "false", value, sizeof(value)); - if (retSystem > 0 && !strcmp(value, "true")) { - LOGE("The full mount enable parameter is true"); - return true; - } - LOGD("The full mount enable parameter is false"); - return false; -} - -bool ConvertPolicyInfo(const OH_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) +bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) { if (policies == nullptr || policyNum <= 0) { return false; } for (int32_t i = 0; i < policyNum; i++) { - UriPolicyInfo policyInfo; + OHOS::AppFileService::UriPolicyInfo policyInfo; policyInfo.uri = policies[i].uri; policyInfo.mode = policies[i].operationMode; uriPolicies.push_back(policyInfo); @@ -64,22 +51,26 @@ bool ConvertPolicyInfo(const OH_PolicyInfo *policies, int policyNum, std::vector return true; } -bool ConvertPolicyErrorResult(const deque &errorResults, OH_PolicyErrorResult **result) +bool ConvertPolicyErrorResult(const deque &errorResults, FileShare_PolicyErrorResult **result) { auto count = errorResults.size(); - *result = (OH_PolicyErrorResult*)malloc(count * sizeof(OH_PolicyErrorResult)); + *result = (FileShare_PolicyErrorResult*)malloc(count * sizeof(FileShare_PolicyErrorResult)); if (*result == nullptr) { return false; } - for (int32_t i = 0; i < count; i++) { - strcpy_s((*result)[i].uri, errorResults[i].uri.size() + 1, errorResults[i].uri.c_str()); - (*result)[i].code = static_cast(errorResults[i].code); - strcpy_s((*result)[i].message, errorResults[i].message.size() + 1, errorResults[i].message.c_str()); + for (uint32_t i = 0; i < count; i++) { + int size = errorResults[i].uri.size() + 1; + (*result)[i].uri = (char*)malloc(size); + strcpy_s((*result)[i].uri, size, errorResults[i].uri.c_str()); + (*result)[i].code = static_cast(errorResults[i].code); + size = errorResults[i].message.size() + 1; + (*result)[i].message = (char*)malloc(size); + strcpy_s((*result)[i].message, size, errorResults[i].message.c_str()); } return true; } -bool ConvertPolicyErrorResult(const vector &errorResults, bool **result) +bool ConvertPolicyErrorResultBool(const vector &errorResults, bool **result) { auto count = errorResults.size(); *result = (bool*)malloc(count * sizeof(bool)); @@ -92,66 +83,72 @@ bool ConvertPolicyErrorResult(const vector &errorResults, bool **result) return true; } -int ExecAction(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum, Exec exec) +OH_FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum, Exec exec) { - if (!CheckFileManagerFullMountEnable()) { - return -1; - } if (!CheckPermission(FILE_ACCESS_PERMISSION)) { - return -1; + return E_PERMISSION; } - std::vector uriPolicies; + std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { - return -1; + return E_PARAMS; } - deque errorResults; + deque errorResults; auto ret = exec(uriPolicies, errorResults); (*resultNum) = errorResults.size(); if (ret == 0) { - return ret; + return E_NO_ERROR; } if (!ConvertPolicyErrorResult(errorResults, result)) { - return -1; + return E_UNKNOWN_ERROR; } - return ret; + return E_NO_ERROR; } -int OH_FileShare_PersistPermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +OH_FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) { - return ExecAction(policies, policyNum, result, resultNum, FilePermission::PersistPermission); + return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::PersistPermission); } -int OH_FileShare_RevokePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +OH_FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) { - return ExecAction(policies, policyNum, result, resultNum, FilePermission::RevokePermission); + return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::RevokePermission); } -int OH_FileShare_ActivatePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +OH_FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) { - return ExecAction(policies, policyNum, result, resultNum, FilePermission::ActivatePermission); + return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::ActivatePermission); } -int OH_FileShare_DeactivatePermission(const OH_PolicyInfo *policies, unsigned int policyNum, OH_PolicyErrorResult **result, unsigned int *resultNum) +OH_FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) { - return ExecAction(policies, policyNum, result, resultNum, FilePermission::DeactivatePermission); + return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::DeactivatePermission); } -int OH_FileShare_CheckPersistentPermission(const OH_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum) +OH_FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum) { - if (!CheckFileManagerFullMountEnable()) { - return -1; - } if (!CheckPermission(FILE_ACCESS_PERMISSION)) { - return -1; + return E_PERMISSION; } - std::vector uriPolicies; + std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { - return -1; + return E_PARAMS; } vector errorResults; - auto ret = FilePermission::CheckPersistentPermission(uriPolicies, errorResults); + auto ret = OHOS::AppFileService::FilePermission::CheckPersistentPermission(uriPolicies, errorResults); + if (ret != 0) { + return E_UNKNOWN_ERROR; + } (*resultNum) = errorResults.size(); - if (!ConvertPolicyErrorResult(errorResults, result)) { - return -1; + if (!ConvertPolicyErrorResultBool(errorResults, result)) { + return E_UNKNOWN_ERROR; + } + return E_NO_ERROR; +} + +void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *result, unsigned int num) +{ + for(unsigned i = 0; i < num; i++) { + free(result[i].uri); + free(result[i].message); } - return ret; + free(result); } \ No newline at end of file diff --git a/interfaces/ndk/fileshare/libfile_share.ndk.json b/interfaces/ndk/fileshare/libfile_share.ndk.json deleted file mode 100644 index 7f0b7832e..000000000 --- a/interfaces/ndk/fileshare/libfile_share.ndk.json +++ /dev/null @@ -1,7 +0,0 @@ -[ - {"name":"OH_FileShare_PersistPermission" }, - {"name":"OH_FileShare_RevokePermission" }, - {"name":"OH_FileShare_ActivatePermission" }, - {"name":"OH_FileShare_DeactivatePermission" }, - {"name":"OH_FileShare_CheckPersistPermission" } -] \ No newline at end of file -- Gitee From 526a6710c169b158ce066aca8c482a986aca3cac Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Wed, 21 Feb 2024 11:10:11 +0800 Subject: [PATCH 3/6] fix: Signed-off-by: weishaoxiong --- .../file_share/include/file_permission.h | 13 +- .../native/file_share/src/file_permission.cpp | 37 ++-- .../js/file_share/fileshare_n_exporter.cpp | 1 + interfaces/kits/ndk/fileshare/BUILD.gn | 14 +- .../include/{native_error.h => error_code.h} | 9 +- .../ndk/fileshare/include/oh_file_share.h | 52 +++-- interfaces/kits/ndk/fileshare/src/BUILD.gn | 17 +- .../kits/ndk/fileshare/src/oh_file_share.cpp | 190 ++++++++++++++---- 8 files changed, 237 insertions(+), 96 deletions(-) rename interfaces/kits/ndk/fileshare/include/{native_error.h => error_code.h} (73%) diff --git a/interfaces/innerkits/native/file_share/include/file_permission.h b/interfaces/innerkits/native/file_share/include/file_permission.h index f4488d5ce..61b254725 100644 --- a/interfaces/innerkits/native/file_share/include/file_permission.h +++ b/interfaces/innerkits/native/file_share/include/file_permission.h @@ -43,6 +43,7 @@ enum PolicyErrorCode { PERSISTENCE_FORBIDDEN = 1, INVALID_MODE = 2, INVALID_PATH = 3, + PERMISSION_NOT_PERSISTED = 4, }; struct UriPolicyInfo { @@ -71,15 +72,17 @@ public: deque &errorResults); static int32_t DeactivatePermission(const vector &uriPolicies, deque &errorResults); - static int32_t CheckPersistentPermission(const vector &uriPolicies, - vector &errorResults); + static int32_t CheckPersistentPermission(const vector &uriPolicies, vector &errorResults); #ifdef SANDBOX_MANAGER private: static void ParseErrorResults(const vector &resultCodes, - const vector &pathPolicies, - deque &errorResults); + const vector &pathPolicies, + deque &errorResults); + static void ParseErrorResults(const vector &resultCodes, vector &errorResults); static vector GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, - deque &errorResults); + deque &errorResults); + static vector GetPathPolicyInfoFromUriPolicyInfo(const vector &uriPolicies, + vector &errorResults); #endif }; } // namespace AppFileService diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index dd4af2df4..20301d636 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -34,6 +34,7 @@ const std::string NETWORK_PARA = "?networkid="; const std::string PERSISTENCE_FORBIDDEN_MESSAGE = "URI forbid to be persisted!"; const std::string INVALID_MODE_MESSAGE = "Invalid operation mode!"; const std::string INVALID_PATH_MESSAGE = "Invalid path!"; +const std::string PERMISSION_NOT_PERSISTED_MESSAGE = "The policy is no persistent capability!"; const std::string FILE_SCHEME_PREFIX = "file://"; #ifdef SANDBOX_MANAGER @@ -91,9 +92,9 @@ int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode, int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode) { - if (sandboxManagerErrorCode == INVALID_PARAMTER) { - LOGE("The number of incoming URIs is too many"); - return FileManagement::LibN::E_PARAMS; + if (sandboxManagerErrorCode == PERMISSION_DENIED) { + LOGE("The app does not have the authorization URI permission"); + return FileManagement::LibN::E_PERMISSION; } if (sandboxManagerErrorCode == SANDBOX_MANAGER_OK) { return 0; @@ -121,19 +122,26 @@ void FilePermission::ParseErrorResults(const vector &resultCodes, result = {uri.ToString(), PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE}; errorResults.emplace_back(result); break; + case static_cast(PolicyErrorCode::PERMISSION_NOT_PERSISTED): + result = {uri.ToString(), PolicyErrorCode::PERMISSION_NOT_PERSISTED, PERMISSION_NOT_PERSISTED_MESSAGE}; + errorResults.emplace_back(result); + break; default: break; } } } -void FilePermission::ParseErrorResults(const vector &resultCodes, - vector &errorResults) +void FilePermission::ParseErrorResults(const vector &resultCodes, vector &errorResults) { - for (size_t i = 0, j = 0; i < errorResults.size(); i++) { - if (errorResults[i]) { - errorResults[i] = resultCodes[j++]; - } + auto count = resultCodes.size(); + if (count == 0) { + return; + } + for (size_t i = 0, j = 0; i < errorResults.size() && j < count; i++) { + if (errorResults[i]) { + errorResults[i] = resultCodes[j++]; + } } } @@ -249,20 +257,19 @@ int32_t FilePermission::DeactivatePermission(const vector &uriPol return errorCode; } -int32_t FilePermission::CheckPersistentPermission(const vector &uriPolicies, - vector &errorResults) +int32_t FilePermission::CheckPersistentPermission(const vector &uriPolicies, vector &errorResults) { int errorCode = 0; #ifdef SANDBOX_MANAGER vector pathPolicies = GetPathPolicyInfoFromUriPolicyInfo(uriPolicies, errorResults); + if (pathPolicies.size() == 0) { + return errorCode; + } vector resultCodes; auto tokenId = IPCSkeleton::GetCallingTokenID(); int32_t sandboxManagerErrorCode = SandboxManagerKit::CheckPersistPolicy(tokenId, pathPolicies, resultCodes); errorCode = ErrorCodeConversion(sandboxManagerErrorCode); - if (errorCode != 0) { - resultCodes.resize(pathPolicies.size()); - } - ParseErrorResults(resultCodes, pathPolicies, errorResults); + ParseErrorResults(resultCodes, errorResults); #endif return errorCode; } diff --git a/interfaces/kits/js/file_share/fileshare_n_exporter.cpp b/interfaces/kits/js/file_share/fileshare_n_exporter.cpp index ad07413ae..8502be925 100644 --- a/interfaces/kits/js/file_share/fileshare_n_exporter.cpp +++ b/interfaces/kits/js/file_share/fileshare_n_exporter.cpp @@ -39,6 +39,7 @@ napi_value FileShareExport(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("revokePermission", RevokePermission), DECLARE_NAPI_FUNCTION("activatePermission", ActivatePermission), DECLARE_NAPI_FUNCTION("deactivatePermission", DeactivatePermission), + DECLARE_NAPI_FUNCTION("checkPersistentPermission", CheckPersistentPermission), }; napi_define_properties(env, exports, sizeof(desc) / sizeof(desc[0]), desc); return exports; diff --git a/interfaces/kits/ndk/fileshare/BUILD.gn b/interfaces/kits/ndk/fileshare/BUILD.gn index 95e1fecee..eb0851c77 100644 --- a/interfaces/kits/ndk/fileshare/BUILD.gn +++ b/interfaces/kits/ndk/fileshare/BUILD.gn @@ -19,16 +19,16 @@ ohos_ndk_library("libohfileshare") { min_compact_version = "12" output_name = "ohfileshare" output_extension = "so" - system_capability = "SystemCapability.FileManagement.AppFileService.FolderAuthorization" - system_capability_headers = [ - "$ndk_headers_out_dir/filemanagement/fileshare/oh_file_share.h", - ] + system_capability = + "SystemCapability.FileManagement.AppFileService.FolderAuthorization" + system_capability_headers = + [ "$ndk_headers_out_dir/filemanagement/fileshare/oh_file_share.h" ] } ohos_ndk_headers("oh_file_share_header") { dest_dir = "$ndk_headers_out_dir/filemanagement/fileshare/" - sources = [ - "./include/oh_file_share.h", + sources = [ "../fileio/include/error_code.h", + "./include/oh_file_share.h", ] -} \ No newline at end of file +} diff --git a/interfaces/kits/ndk/fileshare/include/native_error.h b/interfaces/kits/ndk/fileshare/include/error_code.h similarity index 73% rename from interfaces/kits/ndk/fileshare/include/native_error.h rename to interfaces/kits/ndk/fileshare/include/error_code.h index 8615642c2..0361cdca1 100644 --- a/interfaces/kits/ndk/fileshare/include/native_error.h +++ b/interfaces/kits/ndk/fileshare/include/error_code.h @@ -13,16 +13,17 @@ * limitations under the License. */ -#ifndef FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H -#define FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H +#ifndef FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_FILE_SHARE_ERROR_CODE_H +#define FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_FILE_SHARE_ERROR_CODE_H #include -enum OH_FileManagement_ErrCode { +enum FileManagement_ErrCode { E_NO_ERROR = 0, E_PERMISSION = 201, E_PARAMS = 401, E_DEVICE_NOT_SUPPORT = 801, + E_EPERM = 13900001, E_UNKNOWN_ERROR = 13900042 }; -#endif // FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_NDK_FILE_SHARE_NATIVE_ERROR_H \ No newline at end of file +#endif // FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_FILE_SHARE_ERROR_CODE_H \ No newline at end of file diff --git a/interfaces/kits/ndk/fileshare/include/oh_file_share.h b/interfaces/kits/ndk/fileshare/include/oh_file_share.h index b6c874aa7..8d16ff3e3 100644 --- a/interfaces/kits/ndk/fileshare/include/oh_file_share.h +++ b/interfaces/kits/ndk/fileshare/include/oh_file_share.h @@ -16,14 +16,15 @@ #ifndef FILE_MANAGEMENT_OH_FILE_SHARE_H #define FILE_MANAGEMENT_OH_FILE_SHARE_H -#include "native_error.h" +#include "error_code.h" /** * @addtogroup fileShare * @{ - * + * * @brief This module provides file sharing capabilities and provides an interface for system applications to authorize - * the Uniform Resource Identifier (URI) of public directory files with read and write permissions to other applications. + * the Uniform Resource Identifier (URI) of public directory files with read and write permissions to other + * applications. * @since 12 */ @@ -126,7 +127,8 @@ typedef struct FileShare_PolicyInfo { /** * Indicates the mode of operation for the URI. - * example { FileShare_OperationMode.READ_MODE } or { FileShare_OperationMode.READ_MODE | FileShare_OperationMode.WRITE_MODE }. + * example { FileShare_OperationMode.READ_MODE } or { FileShare_OperationMode.READ_MODE | + * FileShare_OperationMode.WRITE_MODE }. */ unsigned int operationMode; } FileShare_PolicyInfo; @@ -137,13 +139,16 @@ typedef struct FileShare_PolicyInfo { * @permission ohos.permission.FILE_ACCESS_PERSIST * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use + * OH_FileShare_ReleasePolicyErrorResult() to clear Resource. * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. * @since 12 */ -OH_FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, - FileShare_PolicyErrorResult **result, unsigned int *resultNum); +FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum); /** * @brief Revoke persistent permissions for the URI. @@ -151,13 +156,16 @@ OH_FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyI * @permission ohos.permission.FILE_ACCESS_PERSIST * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use + * OH_FileShare_ReleasePolicyErrorResult() to clear Resource. * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. * @since 12 */ -OH_FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, - FileShare_PolicyErrorResult **result, unsigned int *resultNum); +FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum); /** * @brief Enable the URI that have been permanently authorized. @@ -165,13 +173,16 @@ OH_FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyIn * @permission ohos.permission.FILE_ACCESS_PERSIST * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use + * OH_FileShare_ReleasePolicyErrorResult() to clear Resource. * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. * @since 12 */ -OH_FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, - FileShare_PolicyErrorResult **result, unsigned int *resultNum); +FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum); /** * @brief Stop the authorized URI that has been enabled. @@ -179,13 +190,16 @@ OH_FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_Policy * @permission ohos.permission.FILE_ACCESS_PERSIST * @param policies Input a pointer to an {@link FileShare_PolicyInfo} instance. * @param policyNum Indicates the size of the policies array. - * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use OH_FileShare_ReleasePolicyErrorResult() to clear Resource. + * @param result Output a pointer to an {@link FileShare_PolicyErrorResult} instance. Please use + * OH_FileShare_ReleasePolicyErrorResult() to clear Resource. * @param resultNum Output the size of the result array. * @return Returns the status code of the execution. * @since 12 */ -OH_FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, - unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum); +FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum); /** * @brief Check persistent permissions for the URI. @@ -198,8 +212,10 @@ OH_FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_Poli * @return Returns the status code of the execution. * @since 12 */ -OH_FileManagement_ErrCode OH_FileShare_CheckPersistentPermission( - const FileShare_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum); +FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + bool **result, + unsigned int *resultNum); /** * @brief Free FileShare_PolicyErrorResult pointer points to address memory. diff --git a/interfaces/kits/ndk/fileshare/src/BUILD.gn b/interfaces/kits/ndk/fileshare/src/BUILD.gn index 132aa90d4..b5fe1997f 100644 --- a/interfaces/kits/ndk/fileshare/src/BUILD.gn +++ b/interfaces/kits/ndk/fileshare/src/BUILD.gn @@ -13,9 +13,12 @@ import("//build/ohos.gni") import("//foundation/filemanagement/app_file_service/app_file_service.gni") -ohos_shared_library("ohfileshare"){ - branch_protector_ret = "pac_ret" +ohos_shared_library("ohfileshare") { + stack_protector_ret = true sanitize = { + integer_overflow = true + ubsan = true + boundary_sanitize = true cfi = true cfi_cross_dso = true debug = false @@ -24,16 +27,20 @@ ohos_shared_library("ohfileshare"){ include_dirs = [ "../include", "${app_file_service_path}/interfaces/innerkits/native/file_share/include/", + "${app_file_service_path}/interfaces/common/include/", ] sources = [ "oh_file_share.cpp" ] - deps = [ "${app_file_service_path}/interfaces/innerkits/native:fileshare_native" ] + deps = [ + "${app_file_service_path}/interfaces/innerkits/native:fileshare_native", + ] external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "hilog:libhilog", + "init:libbegetutil", "ipc:ipc_core", - "access_token:libaccesstoken_sdk", - "access_token:libtokenid_sdk" ] output_extension = "so" relative_install_dir = "ndk" diff --git a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp index 41d52d1c2..1891148dc 100644 --- a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp +++ b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp @@ -16,139 +16,245 @@ #include "oh_file_share.h" #include "access_token.h" #include "accesstoken_kit.h" +#include "file_permission.h" #include "ipc_skeleton.h" #include "log.h" +#include "parameter.h" #include "securec.h" #include "tokenid_kit.h" #include #include -#include -#include "file_permission.h" -#include "native_error.h" +#include -using namespace std; +constexpr int32_t FOO_MAX_LEN = 24000; // sizeof(FileShare_PolicyErrorResult) * 500 const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const char *g_fullMountEnableParameter = "const.filemanager.full_mount.enable"; -using Exec = std::function &uriPolicies, - deque &errorResults)>; -static bool CheckPermission(const string &permission) +using Exec = std::function &uriPolicies, + std::deque &errorResults)>; +static bool CheckPermission(const std::string &permission) { OHOS::Security::AccessToken::AccessTokenID tokenCaller = OHOS::IPCSkeleton::GetCallingTokenID(); - return OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED; + return OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} + +static bool CheckFileManagerFullMountEnable() +{ + char value[] = "false"; + int retSystem = GetParameter(g_fullMountEnableParameter, "false", value, sizeof(value)); + if (retSystem > 0 && !strcmp(value, "true")) { + LOGI("The full mount enable parameter is true"); + return true; + } + LOGI("The full mount enable parameter is false"); + return false; } -bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) +bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, + int policyNum, + std::vector &uriPolicies) { if (policies == nullptr || policyNum <= 0) { + LOGE("The policies pointer is nullptr or policyNum is 0"); return false; } for (int32_t i = 0; i < policyNum; i++) { OHOS::AppFileService::UriPolicyInfo policyInfo; - policyInfo.uri = policies[i].uri; + if (policies[i].uri == nullptr || policies[i].length == 0) { + LOGE("The uri pointer is nullptr or length is 0"); + return false; + } + auto uriLength = strnlen(policies[i].uri, policies[i].length); + if (uriLength != policies[i].length) { + LOGE("The uri length abnormal"); + return false; + } + policyInfo.uri = std::string(policies[i].uri, policies[i].length); policyInfo.mode = policies[i].operationMode; uriPolicies.push_back(policyInfo); } return true; } -bool ConvertPolicyErrorResult(const deque &errorResults, FileShare_PolicyErrorResult **result) +bool ConvertPolicyErrorResult(const std::deque &errorResults, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum) { + *resultNum = 0; auto count = errorResults.size(); - *result = (FileShare_PolicyErrorResult*)malloc(count * sizeof(FileShare_PolicyErrorResult)); + auto memorySize = count * sizeof(FileShare_PolicyErrorResult); + if (memorySize == 0 || memorySize > FOO_MAX_LEN) { + LOGE("malloc size is abnormal."); + return false; + } + *result = (FileShare_PolicyErrorResult *)malloc(memorySize); if (*result == nullptr) { + LOGE("*result is nullptr"); return false; } for (uint32_t i = 0; i < count; i++) { - int size = errorResults[i].uri.size() + 1; - (*result)[i].uri = (char*)malloc(size); - strcpy_s((*result)[i].uri, size, errorResults[i].uri.c_str()); - (*result)[i].code = static_cast(errorResults[i].code); - size = errorResults[i].message.size() + 1; - (*result)[i].message = (char*)malloc(size); - strcpy_s((*result)[i].message, size, errorResults[i].message.c_str()); + int size = errorResults[i].uri.size() + 1; + (*result)[i].uri = (char *)malloc(size); + auto ret = strcpy_s((*result)[i].uri, size, errorResults[i].uri.c_str()); + if (ret != 0) { + LOGE("strcpy uri failed uri:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); + *resultNum = i; + free((*result)[i].uri); + return false; + } + (*result)[i].code = static_cast(errorResults[i].code); + size = errorResults[i].message.size() + 1; + (*result)[i].message = (char *)malloc(size); + ret = strcpy_s((*result)[i].message, size, errorResults[i].message.c_str()); + if (ret != 0) { + LOGE("strcpy message failed message:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); + *resultNum = i; + free((*result)[i].uri); + free((*result)[i].message); + return false; + } } + *resultNum = count; return true; } -bool ConvertPolicyErrorResultBool(const vector &errorResults, bool **result) +bool ConvertPolicyErrorResultBool(const std::vector &errorResults, bool **result) { auto count = errorResults.size(); - *result = (bool*)malloc(count * sizeof(bool)); + auto memorySize = count * sizeof(bool); + if (memorySize == 0 || memorySize > FOO_MAX_LEN) { + LOGE("malloc size is abnormal."); + return false; + } + *result = (bool *)malloc(memorySize); if (*result == nullptr) { return false; } for (uint32_t i = 0; i < count; i++) { - (*result)[i] = errorResults[i]; + (*result)[i] = errorResults[i]; } return true; } -OH_FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum, Exec exec) +FileManagement_ErrCode ErrorCodeConversion(int32_t errorCode) +{ + FileManagement_ErrCode errCode = E_UNKNOWN_ERROR; + switch (errorCode) { + case static_cast(E_NO_ERROR): + errCode = E_NO_ERROR; + break; + case static_cast(E_PERMISSION): + errCode = E_PERMISSION; + break; + case static_cast(E_PARAMS): + errCode = E_PARAMS; + break; + case EPERM: + errCode = E_EPERM; + break; + default: + break; + } + return errCode; +} + +FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum, + Exec exec) { + (*resultNum) = 0; if (!CheckPermission(FILE_ACCESS_PERMISSION)) { return E_PERMISSION; } + + if (!CheckFileManagerFullMountEnable()) { + return E_DEVICE_NOT_SUPPORT; + } + std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { return E_PARAMS; } - deque errorResults; - auto ret = exec(uriPolicies, errorResults); - (*resultNum) = errorResults.size(); - if (ret == 0) { + std::deque errorResults; + auto ret = ErrorCodeConversion(exec(uriPolicies, errorResults)); + if (ret == E_NO_ERROR) { return E_NO_ERROR; } - if (!ConvertPolicyErrorResult(errorResults, result)) { + if (!ConvertPolicyErrorResult(errorResults, result, resultNum)) { return E_UNKNOWN_ERROR; } - return E_NO_ERROR; + return ret; } -OH_FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) + +FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum) { return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::PersistPermission); } -OH_FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) +FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum) { return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::RevokePermission); } -OH_FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) +FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum) { return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::ActivatePermission); } -OH_FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum) +FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum) { - return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::DeactivatePermission); + return ExecAction(policies, policyNum, result, resultNum, + OHOS::AppFileService::FilePermission::DeactivatePermission); } -OH_FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_PolicyInfo *policies, unsigned int policyNum, bool **result, unsigned int *resultNum) +FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_PolicyInfo *policies, + unsigned int policyNum, + bool **result, + unsigned int *resultNum) { + *resultNum = 0; if (!CheckPermission(FILE_ACCESS_PERMISSION)) { return E_PERMISSION; } + + if (!CheckFileManagerFullMountEnable()) { + return E_DEVICE_NOT_SUPPORT; + } std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { return E_PARAMS; } - vector errorResults; + std::vector errorResults; auto ret = OHOS::AppFileService::FilePermission::CheckPersistentPermission(uriPolicies, errorResults); if (ret != 0) { - return E_UNKNOWN_ERROR; + return ErrorCodeConversion(ret); } - (*resultNum) = errorResults.size(); if (!ConvertPolicyErrorResultBool(errorResults, result)) { return E_UNKNOWN_ERROR; } + *resultNum = errorResults.size(); return E_NO_ERROR; } void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *result, unsigned int num) { - for(unsigned i = 0; i < num; i++) { - free(result[i].uri); - free(result[i].message); + for (unsigned i = 0; i < num; i++) { + free(result[i].uri); + free(result[i].message); } - free(result); + free(result); } \ No newline at end of file -- Gitee From daeb13f1d1aeddf6547085dc7026deb0956ad6e0 Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Mon, 26 Feb 2024 10:00:55 +0800 Subject: [PATCH 4/6] fix: Signed-off-by: weishaoxiong --- .../native/file_share/src/file_permission.cpp | 17 +++-- .../kits/js/file_share/grant_permissions.cpp | 9 ++- .../kits/ndk/fileshare/include/error_code.h | 2 +- interfaces/kits/ndk/fileshare/src/BUILD.gn | 2 +- .../kits/ndk/fileshare/src/oh_file_share.cpp | 75 +++++++++++-------- 5 files changed, 60 insertions(+), 45 deletions(-) diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index 20301d636..01bcb2df5 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -92,13 +92,13 @@ int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode, int32_t ErrorCodeConversion(int32_t sandboxManagerErrorCode) { + if (sandboxManagerErrorCode == SANDBOX_MANAGER_OK) { + return 0; + } if (sandboxManagerErrorCode == PERMISSION_DENIED) { LOGE("The app does not have the authorization URI permission"); return FileManagement::LibN::E_PERMISSION; } - if (sandboxManagerErrorCode == SANDBOX_MANAGER_OK) { - return 0; - } return FileManagement::LibN::E_UNKNOWN_ERROR; } } // namespace @@ -134,11 +134,12 @@ void FilePermission::ParseErrorResults(const vector &resultCodes, void FilePermission::ParseErrorResults(const vector &resultCodes, vector &errorResults) { - auto count = resultCodes.size(); - if (count == 0) { + auto resultCodeSize = resultCodes.size(); + if (resultCodeSize == 0) { return; } - for (size_t i = 0, j = 0; i < errorResults.size() && j < count; i++) { + auto errorResultSize = errorResults.size(); + for (size_t i = 0, j = 0; i < errorResultSize && j < resultCodeSize; i++) { if (errorResults[i]) { errorResults[i] = resultCodes[j++]; } @@ -173,7 +174,7 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect vector &errorResults) { vector pathPolicies; - for (auto uriPolicy : uriPolicies) { + for (const auto &uriPolicy : uriPolicies) { Uri uri(uriPolicy.uri); string path = uri.GetPath(); if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) { @@ -183,7 +184,9 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect string currentUserId = to_string(IPCSkeleton::GetCallingTokenID() / AppExecFwk::Constants::BASE_USER_RANGE); int32_t ret = SandboxHelper::GetPhysicalPath(uri.ToString(), currentUserId, path); if (ret != 0) { + errorResults.emplace_back(false); LOGE("Failed to get physical path, errorcode: %{public}d", ret); + continue; } PolicyInfo policyInfo = {path, uriPolicy.mode}; pathPolicies.emplace_back(policyInfo); diff --git a/interfaces/kits/js/file_share/grant_permissions.cpp b/interfaces/kits/js/file_share/grant_permissions.cpp index 65c238d55..5eff6de3b 100644 --- a/interfaces/kits/js/file_share/grant_permissions.cpp +++ b/interfaces/kits/js/file_share/grant_permissions.cpp @@ -35,6 +35,7 @@ using namespace std; namespace { const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const char *g_fullMountEnableParameter = "const.filemanager.full_mount.enable"; +constexpr int32_t MAX_ARRAY_SIZE = 500; static bool CheckPermission(const string &permission) { @@ -108,6 +109,10 @@ static napi_status GetUriPoliciesArg(napi_env env, napi_value agrv, std::vector< LOGE("get array length failed"); return status; } + if (count > MAX_ARRAY_SIZE) { + LOGE("The length of the array is extra-long"); + return napi_invalid_arg; + } for (uint32_t i = 0; i < count; i++) { napi_handle_scope scope; status = napi_open_handle_scope(env, &scope); @@ -120,7 +125,6 @@ static napi_status GetUriPoliciesArg(napi_env env, napi_value agrv, std::vector< LOGE("get element failed"); return status; } - UriPolicyInfo uriPolicy; napi_value uriValue; napi_value modeValue; status = napi_get_named_property(env, object, "uri", &uriValue); @@ -139,8 +143,7 @@ static napi_status GetUriPoliciesArg(napi_env env, napi_value agrv, std::vector< LOGE("the argument error"); return napi_invalid_arg; } - uriPolicy.uri = str.get(); - uriPolicy.mode = mode; + UriPolicyInfo uriPolicy {.uri = str.get(), .mode = mode}; uriPolicies.emplace_back(uriPolicy); status = napi_close_handle_scope(env, scope); if (status != napi_ok) { diff --git a/interfaces/kits/ndk/fileshare/include/error_code.h b/interfaces/kits/ndk/fileshare/include/error_code.h index 0361cdca1..8ff5c44ce 100644 --- a/interfaces/kits/ndk/fileshare/include/error_code.h +++ b/interfaces/kits/ndk/fileshare/include/error_code.h @@ -16,13 +16,13 @@ #ifndef FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_FILE_SHARE_ERROR_CODE_H #define FILEMANAGEMENT_APP_FILE_SERVICE_INTERFACES_FILE_SHARE_ERROR_CODE_H -#include enum FileManagement_ErrCode { E_NO_ERROR = 0, E_PERMISSION = 201, E_PARAMS = 401, E_DEVICE_NOT_SUPPORT = 801, E_EPERM = 13900001, + E_ENOMEM = 13900011, E_UNKNOWN_ERROR = 13900042 }; diff --git a/interfaces/kits/ndk/fileshare/src/BUILD.gn b/interfaces/kits/ndk/fileshare/src/BUILD.gn index b5fe1997f..5b3755cd5 100644 --- a/interfaces/kits/ndk/fileshare/src/BUILD.gn +++ b/interfaces/kits/ndk/fileshare/src/BUILD.gn @@ -46,4 +46,4 @@ ohos_shared_library("ohfileshare") { relative_install_dir = "ndk" part_name = "app_file_service" subsystem_name = "filemanagement" -} \ No newline at end of file +} diff --git a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp index 1891148dc..069c6b7ab 100644 --- a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp +++ b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp @@ -23,12 +23,14 @@ #include "securec.h" #include "tokenid_kit.h" #include -#include #include +#include -constexpr int32_t FOO_MAX_LEN = 24000; // sizeof(FileShare_PolicyErrorResult) * 500 +constexpr int32_t MAX_ARRAY_SIZE = 500; +constexpr int32_t FOO_MAX_LEN = 24000; // sizeof(FileShare_PolicyErrorResult) * MAX_ARRAY_SIZE const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; -const char *g_fullMountEnableParameter = "const.filemanager.full_mount.enable"; +const std::string FULL_MOUNT_ENABLE_PARAMETER = "const.filemanager.full_mount.enable"; + using Exec = std::function &uriPolicies, std::deque &errorResults)>; static bool CheckPermission(const std::string &permission) @@ -41,7 +43,7 @@ static bool CheckPermission(const std::string &permission) static bool CheckFileManagerFullMountEnable() { char value[] = "false"; - int retSystem = GetParameter(g_fullMountEnableParameter, "false", value, sizeof(value)); + int retSystem = GetParameter(FULL_MOUNT_ENABLE_PARAMETER.c_str(), "false", value, sizeof(value)); if (retSystem > 0 && !strcmp(value, "true")) { LOGI("The full mount enable parameter is true"); return true; @@ -50,12 +52,12 @@ static bool CheckFileManagerFullMountEnable() return false; } -bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, +static bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) { - if (policies == nullptr || policyNum <= 0) { - LOGE("The policies pointer is nullptr or policyNum is 0"); + if (policies == nullptr || policyNum <= 0 || policyNum > MAX_ARRAY_SIZE) { + LOGE("The policies pointer is nullptr or policyNum is abnormal"); return false; } for (int32_t i = 0; i < policyNum; i++) { @@ -76,58 +78,66 @@ bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, return true; } -bool ConvertPolicyErrorResult(const std::deque &errorResults, +static bool ConvertPolicyErrorResult(const std::deque &errorResults, FileShare_PolicyErrorResult **result, - unsigned int *resultNum) + unsigned int &resultNum) { - *resultNum = 0; + resultNum = 0; auto count = errorResults.size(); auto memorySize = count * sizeof(FileShare_PolicyErrorResult); if (memorySize == 0 || memorySize > FOO_MAX_LEN) { - LOGE("malloc size is abnormal."); + LOGE("The size of the return value array is abnormal"); return false; } *result = (FileShare_PolicyErrorResult *)malloc(memorySize); if (*result == nullptr) { - LOGE("*result is nullptr"); + LOGE("Failed to apply for FileShare_PolicyErrorResult array memory"); return false; } for (uint32_t i = 0; i < count; i++) { int size = errorResults[i].uri.size() + 1; (*result)[i].uri = (char *)malloc(size); + if ((*result)[i].uri == nullptr) { + LOGE("Failed to apply for URI memory"); + return false; + } auto ret = strcpy_s((*result)[i].uri, size, errorResults[i].uri.c_str()); if (ret != 0) { - LOGE("strcpy uri failed uri:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); - *resultNum = i; + LOGE("Copy uri failed uri:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); free((*result)[i].uri); return false; } (*result)[i].code = static_cast(errorResults[i].code); size = errorResults[i].message.size() + 1; (*result)[i].message = (char *)malloc(size); + if ((*result)[i].message == nullptr) { + LOGE("Failed to apply for message memory"); + free((*result)[i].uri); + return false; + } ret = strcpy_s((*result)[i].message, size, errorResults[i].message.c_str()); if (ret != 0) { - LOGE("strcpy message failed message:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); - *resultNum = i; + LOGE("Copy message failed message:%{public}s, errno:%{public}d", errorResults[i].uri.c_str(), ret); free((*result)[i].uri); free((*result)[i].message); return false; } + resultNum++; } - *resultNum = count; return true; } -bool ConvertPolicyErrorResultBool(const std::vector &errorResults, bool **result) +static bool ConvertPolicyErrorResultBool(const std::vector &errorResults, bool **result) { auto count = errorResults.size(); auto memorySize = count * sizeof(bool); if (memorySize == 0 || memorySize > FOO_MAX_LEN) { - LOGE("malloc size is abnormal."); + LOGE("The size of the return value array is abnormal"); return false; } *result = (bool *)malloc(memorySize); if (*result == nullptr) { + LOGE("Failed to apply for bool array memory"); return false; } for (uint32_t i = 0; i < count; i++) { @@ -136,7 +146,7 @@ bool ConvertPolicyErrorResultBool(const std::vector &errorResults, bool ** return true; } -FileManagement_ErrCode ErrorCodeConversion(int32_t errorCode) +static FileManagement_ErrCode ErrorCodeConversion(int32_t errorCode) { FileManagement_ErrCode errCode = E_UNKNOWN_ERROR; switch (errorCode) { @@ -158,21 +168,20 @@ FileManagement_ErrCode ErrorCodeConversion(int32_t errorCode) return errCode; } -FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, +void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *result, unsigned int num); +static FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, unsigned int policyNum, FileShare_PolicyErrorResult **result, unsigned int *resultNum, Exec exec) { (*resultNum) = 0; - if (!CheckPermission(FILE_ACCESS_PERMISSION)) { - return E_PERMISSION; - } - if (!CheckFileManagerFullMountEnable()) { return E_DEVICE_NOT_SUPPORT; } - + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + return E_PERMISSION; + } std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { return E_PARAMS; @@ -182,8 +191,9 @@ FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, if (ret == E_NO_ERROR) { return E_NO_ERROR; } - if (!ConvertPolicyErrorResult(errorResults, result, resultNum)) { - return E_UNKNOWN_ERROR; + if (!ConvertPolicyErrorResult(errorResults, result, *resultNum)) { + OH_FileShare_ReleasePolicyErrorResult(*result, *resultNum); + return E_ENOMEM; } return ret; } @@ -227,13 +237,12 @@ FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_Po unsigned int *resultNum) { *resultNum = 0; - if (!CheckPermission(FILE_ACCESS_PERMISSION)) { - return E_PERMISSION; - } - if (!CheckFileManagerFullMountEnable()) { return E_DEVICE_NOT_SUPPORT; } + if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + return E_PERMISSION; + } std::vector uriPolicies; if (!ConvertPolicyInfo(policies, policyNum, uriPolicies)) { return E_PARAMS; @@ -244,7 +253,7 @@ FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_Po return ErrorCodeConversion(ret); } if (!ConvertPolicyErrorResultBool(errorResults, result)) { - return E_UNKNOWN_ERROR; + return E_ENOMEM; } *resultNum = errorResults.size(); return E_NO_ERROR; -- Gitee From 8ea02c6456bacb5e5bab1fc75265cdba488ff23c Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Thu, 29 Feb 2024 15:08:10 +0800 Subject: [PATCH 5/6] fix: Signed-off-by: weishaoxiong --- .../native/file_share/src/file_permission.cpp | 7 +++++-- .../kits/ndk/fileshare/include/oh_file_share.h | 8 ++++---- .../kits/ndk/fileshare/src/oh_file_share.cpp | 16 ++++++++-------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp index 01bcb2df5..25dd79321 100644 --- a/interfaces/innerkits/native/file_share/src/file_permission.cpp +++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp @@ -152,7 +152,7 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect vector pathPolicies; for (auto uriPolicy : uriPolicies) { Uri uri(uriPolicy.uri); - string path = uri.GetPath(); + string path = SandboxHelper::Decode(uri.GetPath()); if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) { LOGE("Not correct uri!"); PolicyErrorResult result = {uriPolicy.uri, PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE}; @@ -161,7 +161,10 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect string currentUserId = to_string(IPCSkeleton::GetCallingTokenID() / AppExecFwk::Constants::BASE_USER_RANGE); int32_t ret = SandboxHelper::GetPhysicalPath(uri.ToString(), currentUserId, path); if (ret != 0) { + PolicyErrorResult result = {uriPolicy.uri, PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE}; + errorResults.emplace_back(result); LOGE("Failed to get physical path, errorcode: %{public}d", ret); + continue; } PolicyInfo policyInfo = {path, uriPolicy.mode}; pathPolicies.emplace_back(policyInfo); @@ -176,7 +179,7 @@ vector FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect vector pathPolicies; for (const auto &uriPolicy : uriPolicies) { Uri uri(uriPolicy.uri); - string path = uri.GetPath(); + string path = SandboxHelper::Decode(uri.GetPath()); if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) { LOGE("Not correct uri!"); errorResults.emplace_back(false); diff --git a/interfaces/kits/ndk/fileshare/include/oh_file_share.h b/interfaces/kits/ndk/fileshare/include/oh_file_share.h index 8d16ff3e3..821336be5 100644 --- a/interfaces/kits/ndk/fileshare/include/oh_file_share.h +++ b/interfaces/kits/ndk/fileshare/include/oh_file_share.h @@ -22,16 +22,16 @@ * @addtogroup fileShare * @{ * - * @brief This module provides file sharing capabilities and provides an interface for system applications to authorize - * the Uniform Resource Identifier (URI) of public directory files with read and write permissions to other - * applications. + * @brief This module provides file sharing capabilities to authorize Uniform Resource Identifiers (URIs) + * for public directory files that have read and write access to other applications. * @since 12 */ /** * @file oh_file_share.h * - * @brief Provides fileShare APIS. + * @brief Provides URI-based file and directory authorization and persistence, permission activation, permission query, + * and other methods. * @library libohfileshare.so * @syscap SystemCapability.FileManagement.AppFileService.FolderAuthorization * @since 12 diff --git a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp index 069c6b7ab..87cea2861 100644 --- a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp +++ b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp @@ -53,8 +53,8 @@ static bool CheckFileManagerFullMountEnable() } static bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, - int policyNum, - std::vector &uriPolicies) + int policyNum, + std::vector &uriPolicies) { if (policies == nullptr || policyNum <= 0 || policyNum > MAX_ARRAY_SIZE) { LOGE("The policies pointer is nullptr or policyNum is abnormal"); @@ -79,8 +79,8 @@ static bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, } static bool ConvertPolicyErrorResult(const std::deque &errorResults, - FileShare_PolicyErrorResult **result, - unsigned int &resultNum) + FileShare_PolicyErrorResult **result, + unsigned int &resultNum) { resultNum = 0; auto count = errorResults.size(); @@ -170,10 +170,10 @@ static FileManagement_ErrCode ErrorCodeConversion(int32_t errorCode) void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *result, unsigned int num); static FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, - unsigned int policyNum, - FileShare_PolicyErrorResult **result, - unsigned int *resultNum, - Exec exec) + unsigned int policyNum, + FileShare_PolicyErrorResult **result, + unsigned int *resultNum, + Exec exec) { (*resultNum) = 0; if (!CheckFileManagerFullMountEnable()) { -- Gitee From 3ca27c64ec6a139ece8f3040c4943c2b3a69a8e8 Mon Sep 17 00:00:00 2001 From: weishaoxiong Date: Fri, 1 Mar 2024 16:47:05 +0800 Subject: [PATCH 6/6] fix: Signed-off-by: weishaoxiong --- .../file_share/include/file_permission.h | 1 + .../kits/js/file_share/grant_permissions.cpp | 1 - .../kits/ndk/fileshare/include/error_code.h | 2 +- .../kits/ndk/fileshare/src/oh_file_share.cpp | 72 +++++++++++++++---- 4 files changed, 60 insertions(+), 16 deletions(-) diff --git a/interfaces/innerkits/native/file_share/include/file_permission.h b/interfaces/innerkits/native/file_share/include/file_permission.h index 61b254725..cb56798ab 100644 --- a/interfaces/innerkits/native/file_share/include/file_permission.h +++ b/interfaces/innerkits/native/file_share/include/file_permission.h @@ -29,6 +29,7 @@ using namespace std; #ifdef SANDBOX_MANAGER using namespace AccessControl::SandboxManager; #endif +constexpr const int32_t MAX_ARRAY_SIZE = 500; typedef enum OperationMode { READ_MODE = 1 << 0, WRITE_MODE = 1 << 1, diff --git a/interfaces/kits/js/file_share/grant_permissions.cpp b/interfaces/kits/js/file_share/grant_permissions.cpp index bb9f4df5a..3bc1a3f4a 100644 --- a/interfaces/kits/js/file_share/grant_permissions.cpp +++ b/interfaces/kits/js/file_share/grant_permissions.cpp @@ -35,7 +35,6 @@ using namespace std; namespace { const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const std::string FULL_MOUNT_ENABLE_PARAMETER = "const.filemanager.full_mount.enable"; -constexpr int32_t MAX_ARRAY_SIZE = 500; static bool CheckPermission(const string &permission) { diff --git a/interfaces/kits/ndk/fileshare/include/error_code.h b/interfaces/kits/ndk/fileshare/include/error_code.h index 8ff5c44ce..7f28cd7a5 100644 --- a/interfaces/kits/ndk/fileshare/include/error_code.h +++ b/interfaces/kits/ndk/fileshare/include/error_code.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp index 87cea2861..64da424b5 100644 --- a/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp +++ b/interfaces/kits/ndk/fileshare/src/oh_file_share.cpp @@ -14,6 +14,11 @@ */ #include "oh_file_share.h" + +#include +#include +#include + #include "access_token.h" #include "accesstoken_kit.h" #include "file_permission.h" @@ -22,13 +27,9 @@ #include "parameter.h" #include "securec.h" #include "tokenid_kit.h" -#include -#include -#include -constexpr int32_t MAX_ARRAY_SIZE = 500; -constexpr int32_t FOO_MAX_LEN = 24000; // sizeof(FileShare_PolicyErrorResult) * MAX_ARRAY_SIZE -const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; +const int32_t FOO_MAX_LEN = sizeof(FileShare_PolicyErrorResult) * OHOS::AppFileService::MAX_ARRAY_SIZE; +const std::string FILE_ACCESS_PERSIST_PERMISSION = "ohos.permission.FILE_ACCESS_PERSIST"; const std::string FULL_MOUNT_ENABLE_PARAMETER = "const.filemanager.full_mount.enable"; using Exec = std::function &uriPolicies, @@ -56,10 +57,6 @@ static bool ConvertPolicyInfo(const FileShare_PolicyInfo *policies, int policyNum, std::vector &uriPolicies) { - if (policies == nullptr || policyNum <= 0 || policyNum > MAX_ARRAY_SIZE) { - LOGE("The policies pointer is nullptr or policyNum is abnormal"); - return false; - } for (int32_t i = 0; i < policyNum; i++) { OHOS::AppFileService::UriPolicyInfo policyInfo; if (policies[i].uri == nullptr || policies[i].length == 0) { @@ -179,7 +176,7 @@ static FileManagement_ErrCode ExecAction(const FileShare_PolicyInfo *policies, if (!CheckFileManagerFullMountEnable()) { return E_DEVICE_NOT_SUPPORT; } - if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + if (!CheckPermission(FILE_ACCESS_PERSIST_PERMISSION)) { return E_PERMISSION; } std::vector uriPolicies; @@ -203,6 +200,14 @@ FileManagement_ErrCode OH_FileShare_PersistPermission(const FileShare_PolicyInfo FileShare_PolicyErrorResult **result, unsigned int *resultNum) { + if (policies == nullptr || result == nullptr || resultNum == nullptr) { + LOGE("The external input pointer is abnormal"); + return E_PARAMS; + } + if (policyNum <= 0 || policyNum > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The policyNum is abnormal"); + return E_PARAMS; + } return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::PersistPermission); } @@ -211,6 +216,14 @@ FileManagement_ErrCode OH_FileShare_RevokePermission(const FileShare_PolicyInfo FileShare_PolicyErrorResult **result, unsigned int *resultNum) { + if (policies == nullptr || result == nullptr || resultNum == nullptr) { + LOGE("The external input pointer is abnormal"); + return E_PARAMS; + } + if (policyNum <= 0 || policyNum > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The policyNum is abnormal"); + return E_PARAMS; + } return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::RevokePermission); } @@ -219,6 +232,14 @@ FileManagement_ErrCode OH_FileShare_ActivatePermission(const FileShare_PolicyInf FileShare_PolicyErrorResult **result, unsigned int *resultNum) { + if (policies == nullptr || result == nullptr || resultNum == nullptr) { + LOGE("The external input pointer is abnormal"); + return E_PARAMS; + } + if (policyNum <= 0 || policyNum > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The policyNum is abnormal"); + return E_PARAMS; + } return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::ActivatePermission); } @@ -227,6 +248,14 @@ FileManagement_ErrCode OH_FileShare_DeactivatePermission(const FileShare_PolicyI FileShare_PolicyErrorResult **result, unsigned int *resultNum) { + if (policies == nullptr || result == nullptr || resultNum == nullptr) { + LOGE("The external input pointer is abnormal"); + return E_PARAMS; + } + if (policyNum <= 0 || policyNum > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The policyNum is abnormal"); + return E_PARAMS; + } return ExecAction(policies, policyNum, result, resultNum, OHOS::AppFileService::FilePermission::DeactivatePermission); } @@ -236,11 +265,19 @@ FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_Po bool **result, unsigned int *resultNum) { + if (policies == nullptr || result == nullptr || resultNum == nullptr) { + LOGE("The external input pointer is abnormal"); + return E_PARAMS; + } + if (policyNum <= 0 || policyNum > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The policyNum is abnormal"); + return E_PARAMS; + } *resultNum = 0; if (!CheckFileManagerFullMountEnable()) { return E_DEVICE_NOT_SUPPORT; } - if (!CheckPermission(FILE_ACCESS_PERMISSION)) { + if (!CheckPermission(FILE_ACCESS_PERSIST_PERMISSION)) { return E_PERMISSION; } std::vector uriPolicies; @@ -261,9 +298,16 @@ FileManagement_ErrCode OH_FileShare_CheckPersistentPermission(const FileShare_Po void OH_FileShare_ReleasePolicyErrorResult(FileShare_PolicyErrorResult *result, unsigned int num) { + if (result == nullptr) { + return; + } for (unsigned i = 0; i < num; i++) { - free(result[i].uri); - free(result[i].message); + if (result[i].uri != nullptr) { + free(result[i].uri); + } + if (result[i].message != nullptr) { + free(result[i].message); + } } free(result); } \ No newline at end of file -- Gitee