From 5d361a417735dfa979e66d5740c4e3023ab14850 Mon Sep 17 00:00:00 2001
From: hunili <lihucheng2@huawei.com>
Date: Fri, 31 May 2024 11:01:37 +0800
Subject: [PATCH] Fix the bug: stub no check about the calling issue:
 https://gitee.com/openharmony/filemanagement_user_file_service/issues/I9TOIO
 Signed-off-by: hunili <lihucheng2@huawei.com>

---
 .../file_access/src/file_access_ext_stub.cpp  | 12 ++--
 services/file_access_service.cfg              |  5 +-
 .../src/file_access_service_stub.cpp          | 12 ++--
 test/unittest/external_notify_test.cpp        | 69 ++++++++++++++++++-
 4 files changed, 84 insertions(+), 14 deletions(-)

diff --git a/interfaces/inner_api/file_access/src/file_access_ext_stub.cpp b/interfaces/inner_api/file_access/src/file_access_ext_stub.cpp
index 6cd2c599..b8ac96a6 100644
--- a/interfaces/inner_api/file_access/src/file_access_ext_stub.cpp
+++ b/interfaces/inner_api/file_access/src/file_access_ext_stub.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -78,15 +78,15 @@ int FileAccessExtStub::OnRemoteRequest(uint32_t code, MessageParcel& data, Messa
         return ERR_INVALID_STATE;
     }
 
-    const auto &itFunc = stubFuncMap_.find(code);
-    if (itFunc != stubFuncMap_.end()) {
-        return (this->*(itFunc->second))(data, reply);
-    }
-
     if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
         HILOG_ERROR("permission error");
         return E_PERMISSION;
     }
+
+    const auto &itFunc = stubFuncMap_.find(code);
+    if (itFunc != stubFuncMap_.end()) {
+        return (this->*(itFunc->second))(data, reply);
+    }
     return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
 }
 
diff --git a/services/file_access_service.cfg b/services/file_access_service.cfg
index f7428302..641f1be4 100644
--- a/services/file_access_service.cfg
+++ b/services/file_access_service.cfg
@@ -4,7 +4,10 @@
             "path" : ["/system/bin/sa_main", "/system/profile/file_access_service.json"],
             "uid" : "file_manager",
             "ondemand" : true,
-            "secon" : "u:r:file_access_service:s0"
+            "secon" : "u:r:file_access_service:s0",
+            "permission" : [
+                "ohos.permission.FILE_ACCESS_MANAGER"
+            ]
         }
     ]
 }
\ No newline at end of file
diff --git a/services/native/file_access_service/src/file_access_service_stub.cpp b/services/native/file_access_service/src/file_access_service_stub.cpp
index 92a5e218..3790342b 100644
--- a/services/native/file_access_service/src/file_access_service_stub.cpp
+++ b/services/native/file_access_service/src/file_access_service_stub.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -61,15 +61,15 @@ int32_t FileAccessServiceStub::OnRemoteRequest(uint32_t code, MessageParcel &dat
         return ERR_INVALID_STATE;
     }
 
-    const auto &itFunc = stubFuncMap_.find(code);
-    if (itFunc != stubFuncMap_.end()) {
-        return (this->*(itFunc->second))(data, reply);
-    }
-
     if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
         HILOG_ERROR("permission error");
         return E_PERMISSION;
     }
+
+    const auto &itFunc = stubFuncMap_.find(code);
+    if (itFunc != stubFuncMap_.end()) {
+        return (this->*(itFunc->second))(data, reply);
+    }
     return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
 }
 
diff --git a/test/unittest/external_notify_test.cpp b/test/unittest/external_notify_test.cpp
index 73e9bbde..44092379 100644
--- a/test/unittest/external_notify_test.cpp
+++ b/test/unittest/external_notify_test.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -48,6 +48,7 @@ string g_notifyUri = "";
 const int SLEEP_TIME = 100 * 1000;
 const int UID_TRANSFORM_TMP = 20000000;
 const int UID_DEFAULT = 0;
+const uint64_t SYSTEM_APP_MASK =  (static_cast<uint64_t>(1) << 32); // 1: Base number, 32: Left shifted bit numbers
 shared_ptr<OHOS::AbilityRuntime::Context> g_context = nullptr;
 
 void SetNativeToken()
@@ -74,6 +75,25 @@ void SetNativeToken()
     delete[] perms;
 }
 
+void SetNativeToken(const char* processName, const char*perms[], int32_t permsNum)
+{
+    uint64_t tokenId;
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = permsNum,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = SYSTEM_APP_MASK;
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+}
+
 class FileExtensionNotifyTest : public testing::Test {
 public:
     static void SetUpTestCase(void)
@@ -1036,4 +1056,51 @@ HWTEST_F(FileExtensionNotifyTest, external_file_access_notify_0016, testing::ext
     }
     GTEST_LOG_(INFO) << "FileExtensionNotifyTest-end external_file_access_notify_0016";
 }
+
+HWTEST_F(FileExtensionNotifyTest, external_file_access_notify_0020, testing::ext::TestSize.Level1)
+{
+    GTEST_LOG_(INFO) << "FileExtensionNotifyTest-begin external_file_access_notify_0020";
+    try {
+        g_notifyEvent = -1;
+        vector<RootInfo> info;
+        const char* perms[] = {
+            "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED"
+        };
+        SetNativeToken("SetUpTestCase", perms, sizeof(perms) / sizeof(perms[0]));
+        int result = g_fah->GetRoots(info);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::E_PERMISSION);
+        SetNativeToken();
+        result = g_fah->GetRoots(info);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::ERR_OK);
+
+        bool notifyForDescendants = true;
+        sptr<IFileAccessObserver> myObserver1 = new (std::nothrow) MyObserver();
+        Uri parentUri(info[1].uri);
+        Uri newFileDir1("");
+        SetNativeToken("SetUpTestCase", perms, sizeof(perms) / sizeof(perms[0]));
+        result = g_fah->Mkdir(parentUri, "uri_dir", newFileDir1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::E_PERMISSION);
+        SetNativeToken();
+        result = g_fah->Mkdir(parentUri, "uri_dir", newFileDir1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::ERR_OK);
+
+        SetNativeToken("SetUpTestCase", perms, sizeof(perms) / sizeof(perms[0]));
+        result = g_fah->RegisterNotify(newFileDir1, notifyForDescendants, myObserver1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::E_PERMISSION);
+
+        result = g_fah->UnregisterNotify(newFileDir1, myObserver1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::E_PERMISSION);
+
+        result = g_fah->Delete(newFileDir1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::E_PERMISSION);
+
+        SetNativeToken();
+        result = g_fah->Delete(newFileDir1);
+        EXPECT_EQ(result, OHOS::FileAccessFwk::ERR_OK);
+
+    } catch (...) {
+        GTEST_LOG_(ERROR) << "external_file_access_notify_0020 occurs an exception.";
+    }
+    GTEST_LOG_(INFO) << "FileExtensionNotifyTest-end external_file_access_notify_0020";
+}
 } // namespace
-- 
Gitee