From 2d392410915b7b04d0b483e5a3a121bfaf67c3b3 Mon Sep 17 00:00:00 2001
From: zhouoaoteng <zhouaoteng@huawei.com>
Date: Sat, 24 Aug 2024 11:30:32 +0800
Subject: [PATCH] fix:code

Signed-off-by: zhouoaoteng <zhouaoteng@huawei.com>
---
 .../kits/native/recent/recent_n_exporter.cpp  | 42 ++++++++++++++-----
 .../trash/src/file_trash_n_exporter.cpp       | 37 ++++++++++++----
 2 files changed, 60 insertions(+), 19 deletions(-)

diff --git a/interfaces/kits/native/recent/recent_n_exporter.cpp b/interfaces/kits/native/recent/recent_n_exporter.cpp
index 77bc688f..bcf2c011 100644
--- a/interfaces/kits/native/recent/recent_n_exporter.cpp
+++ b/interfaces/kits/native/recent/recent_n_exporter.cpp
@@ -25,6 +25,7 @@
 #include "file_utils.h"
 #include "hilog_wrapper.h"
 #include "ipc_skeleton.h"
+#include "tokenid_kit.h"
 #include "user_access_common_utils.h"
 
 namespace OHOS {
@@ -43,6 +44,27 @@ static bool CheckPermission(const std::string &permission)
         Security::AccessToken::PermissionState::PERMISSION_GRANTED;
 }
 
+static bool IsSystemApp()
+{
+    uint64_t accessTokenIDEx = OHOS::IPCSkeleton::GetCallingFullTokenID();
+    return OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIDEx);
+}
+
+static bool CheckSystemAppAndPermission(const std::string &permission, napi_env env)
+{
+    if (!IsSystemApp()) {
+        HILOG_ERROR("FileTrashNExporter::Recover check IsSystemAppByFullTokenID failed");
+        NError(E_PERMISSION_SYS).ThrowErr(env);
+        return false;
+    }
+    if (!CheckPermission(FILE_ACCESS_PERMISSION)) {
+        HILOG_ERROR("Check permission error");
+        NError(E_PERMISSION).ThrowErr(env);
+        return false;
+    }
+    return true;
+}
+
 static napi_value SetFileTime(napi_env env, const string &recentFilePath)
 {
     if (lutimes(recentFilePath.c_str(), nullptr) < 0) {
@@ -59,11 +81,11 @@ static napi_value SetFileTime(napi_env env, const string &recentFilePath)
 
 napi_value RecentNExporter::AddRecentFile(napi_env env, napi_callback_info cbinfo)
 {
-    if (!CheckPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("Failed to get file access permission");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("AddRecentFile CheckSystemAppAndPermission error");
         return nullptr;
     }
+
     NFuncArg funcArg(env, cbinfo);
     if (!funcArg.InitArgs(NARG_CNT::ONE)) {
         HILOG_ERROR("Number of arguments unmatched");
@@ -107,11 +129,11 @@ napi_value RecentNExporter::AddRecentFile(napi_env env, napi_callback_info cbinf
 
 napi_value RecentNExporter::RemoveRecentFile(napi_env env, napi_callback_info cbinfo)
 {
-    if (!CheckPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("Failed to get file access permission");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("AddRecentFile CheckSystemAppAndPermission error");
         return nullptr;
     }
+
     NFuncArg funcArg(env, cbinfo);
     if (!funcArg.InitArgs(NARG_CNT::ONE)) {
         HILOG_ERROR("Number of arguments unmatched");
@@ -291,11 +313,11 @@ static napi_value ListFileCore(napi_env env)
 
 napi_value RecentNExporter::ListRecentFile(napi_env env, napi_callback_info cbinfo)
 {
-    if (!CheckPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("Failed to get file access permission");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("ListRecentFile CheckSystemAppAndPermission error");
         return nullptr;
     }
+
     NFuncArg funcArg(env, cbinfo);
     if (!funcArg.InitArgs(NARG_CNT::ZERO)) {
         HILOG_ERROR("Number of arguments unmatched");
@@ -346,4 +368,4 @@ RecentNExporter::RecentNExporter(napi_env env, napi_value exports) : NExporter(e
 RecentNExporter::~RecentNExporter() {}
 } // namespace Recent
 } // namespace FileManagement
-} // namespace OHOS
+} // namespace OHOS
\ No newline at end of file
diff --git a/interfaces/kits/native/trash/src/file_trash_n_exporter.cpp b/interfaces/kits/native/trash/src/file_trash_n_exporter.cpp
index 69ae0ac8..dfb19a2e 100644
--- a/interfaces/kits/native/trash/src/file_trash_n_exporter.cpp
+++ b/interfaces/kits/native/trash/src/file_trash_n_exporter.cpp
@@ -25,6 +25,7 @@
 #include "file_util.h"
 #include "ipc_skeleton.h"
 #include "rust_file.h"
+#include "tokenid_kit.h"
 #include "user_access_common_utils.h"
 
 namespace OHOS {
@@ -40,6 +41,12 @@ using namespace FileAccessFwk;
 
 static std::mutex g_trashPathMutex;
 
+static bool IsSystemApp()
+{
+    uint64_t accessTokenIDEx = OHOS::IPCSkeleton::GetCallingFullTokenID();
+    return OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(accessTokenIDEx);
+}
+
 static bool CheckCallingPermission(const std::string &permission)
 {
     Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
@@ -51,6 +58,21 @@ static bool CheckCallingPermission(const std::string &permission)
     return true;
 }
 
+static bool CheckSystemAppAndPermission(const std::string &permission, napi_env env)
+{
+    if (!IsSystemApp()) {
+        HILOG_ERROR("FileTrashNExporter::Recover check IsSystemAppByFullTokenID failed");
+        NError(E_PERMISSION_SYS).ThrowErr(env);
+        return false;
+    }
+    if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
+        HILOG_ERROR("Check permission error");
+        NError(E_PERMISSION).ThrowErr(env);
+        return false;
+    }
+    return true;
+}
+
 static bool GetRealPath(string &path)
 {
     unique_ptr<char[]> absPath = make_unique<char[]>(PATH_MAX + 1);
@@ -387,9 +409,8 @@ static bool GenerateFileInfoEntity(FileInfo& fileInfoEntity, string filterDirent
 
 napi_value FileTrashNExporter::ListFile(napi_env env, napi_callback_info info)
 {
-    if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("permission error");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("ListFile CheckSystemAppAndPermission error");
         return nullptr;
     }
 
@@ -560,9 +581,8 @@ static napi_value RecoverDir(napi_env env, const string &dirPath)
 
 napi_value FileTrashNExporter::Recover(napi_env env, napi_callback_info info)
 {
-    if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("permission error");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("Recover CheckSystemAppAndPermission error");
         return nullptr;
     }
 
@@ -616,9 +636,8 @@ napi_value FileTrashNExporter::Recover(napi_env env, napi_callback_info info)
 
 napi_value FileTrashNExporter::CompletelyDelete(napi_env env, napi_callback_info info)
 {
-    if (!CheckCallingPermission(FILE_ACCESS_PERMISSION)) {
-        HILOG_ERROR("permission error");
-        NError(E_PERMISSION).ThrowErr(env);
+    if (!CheckSystemAppAndPermission(FILE_ACCESS_PERMISSION, env)) {
+        HILOG_ERROR("CompletelyDelete CheckSystemAppAndPermission error");
         return nullptr;
     }
 
-- 
Gitee