From f442148e7cf1daf231c29eb6ee10c7392d8f2fac Mon Sep 17 00:00:00 2001 From: zhuhongtao666 Date: Mon, 19 Dec 2022 17:46:46 +0800 Subject: [PATCH] environment_add_systemcheck Signed-off-by: zhuhongtao666 --- interfaces/kits/js/BUILD.gn | 5 ++++- interfaces/kits/js/src/common/uni_error.h | 15 ++++++++++++++- .../mod_environment/environment_n_exporter.cpp | 13 +++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn index 8b4b5914d..f693c3f9c 100644 --- a/interfaces/kits/js/BUILD.gn +++ b/interfaces/kits/js/BUILD.gn @@ -207,7 +207,10 @@ ohos_shared_library("environment") { deps = [ "//foundation/arkui/napi:ace_napi" ] - external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + external_deps = [ + "access_token:libtokenid_sdk", + "hiviewdfx_hilog_native:libhilog", + ] } ohos_shared_library("securitylabel") { diff --git a/interfaces/kits/js/src/common/uni_error.h b/interfaces/kits/js/src/common/uni_error.h index b9d2b7a30..85a4184f4 100644 --- a/interfaces/kits/js/src/common/uni_error.h +++ b/interfaces/kits/js/src/common/uni_error.h @@ -39,6 +39,14 @@ enum ErrCodeSystem { ERR_CODE_SYSTEM_POSIX, }; +enum CommonErrCode { + E_PERMISSION = 201, + E_PERMISSION_SYS = 202, + E_PARAMS = 401, + E_DEVICENOTSUPPORT = 801, + E_OSNOTSUPPORT = 901 +}; + enum ErrCodeSuffix { E_PERM = 1, E_NOENT, @@ -126,7 +134,12 @@ const std::unordered_map> errCodeTable { { EBADFD, { FILEIO_SYS_CAP_TAG + E_BADFD, "File descriptor in bad state" } }, { ERESTART, { FILEIO_SYS_CAP_TAG + E_RESTART, "Interrupted system call should be restarted" } }, { EDQUOT, { FILEIO_SYS_CAP_TAG + E_DQUOT, "Quota exceeded" } }, - { -1, { FILEIO_SYS_CAP_TAG + E_UKERR, "Unknown error" } } + { -1, { FILEIO_SYS_CAP_TAG + E_UKERR, "Unknown error" } }, + { E_PERMISSION, { E_PERMISSION, "Permission verification failed" } }, + { E_PERMISSION_SYS, { E_PERMISSION, "The caller is not a system application" } }, + { E_PARAMS, { E_PERMISSION, "The input parameter is invalid" } }, + { E_DEVICENOTSUPPORT, { E_PERMISSION, "The device doesn't support this api" } }, + { E_OSNOTSUPPORT, { E_PERMISSION, "The os doesn't support this api" } }, }; class UniError { diff --git a/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp b/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp index 780bdc2bc..470e0a76c 100644 --- a/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp +++ b/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp @@ -23,6 +23,8 @@ #include "../common/napi/n_func_arg.h" #include "../common/napi/n_val.h" #include "../common/uni_error.h" +#include "ipc_skeleton.h" +#include "tokenid_kit.h" namespace OHOS { namespace DistributedFS { @@ -30,8 +32,19 @@ namespace ModuleEnvironment { namespace { const std::string STORAGE_DATA_PATH = "/data"; } + +bool IsSystemApp() +{ + uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID(); + return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); +} + napi_value GetStorageDataDir(napi_env env, napi_callback_info info) { + if (IsSystemApp()) { + UniError(E_PERMISSION_SYS).ThrowErr(env); + return nullptr; + } NFuncArg funcArg(env, info); if (!funcArg.InitArgs(NARG_CNT::ZERO, NARG_CNT::ONE)) { UniError(EINVAL).ThrowErr(env, "Number of arguments unmatched"); -- Gitee