From 54521a36ea69f9361393cdf275766f7270451f50 Mon Sep 17 00:00:00 2001
From: lisirui <l00845305@china.huawei.com>
Date: Sat, 25 Nov 2023 18:14:18 +0800
Subject: [PATCH] =?UTF-8?q?mmi-=E9=89=B4=E6=9D=83=E6=95=B4=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: j30052604 < juzijian@huawei.com>
---
 .../src/permission_helper.cpp                 | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/service/permission_helper/src/permission_helper.cpp b/service/permission_helper/src/permission_helper.cpp
index ac17e5cafb..9557ec284c 100644
--- a/service/permission_helper/src/permission_helper.cpp
+++ b/service/permission_helper/src/permission_helper.cpp
@@ -36,10 +36,10 @@ bool PermissionHelper::VerifySystemApp()
     auto callerToken = IPCSkeleton::GetCallingTokenID();
     auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
     MMI_HILOGD("token type is %{public}d", static_cast<int32_t>(tokenType));
-    int32_t callingUid = IPCSkeleton::GetCallingUid();
-    if (tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE
-        || tokenType == OHOS::Security::AccessToken::ATokenTypeEnum::TOKEN_SHELL
-        || callingUid == ROOT_UID) {
+    if (OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken,"ohos.permission.DISTRIBUTED_DATASYNC") == OHOS::Security::AccessToken::PERMISSION_GRANTED
+    ||OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, "ohos.permission.ACCESS_SERVICE_DM") == OHOS::Security::AccessToken::PERMISSION_GRANTED
+    ||OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, "ohos.permission.REPORT_RESOURCE_SCHEDULE_EVENT") == OHOS::Security::AccessToken::PERMISSION_GRANTED)
+    {
         MMI_HILOGD("called tokenType is native, verify success");
         return true;
     }
@@ -119,16 +119,19 @@ bool PermissionHelper::CheckDispatchControl()
 {
     CALL_DEBUG_ENTER;
     auto tokenId = IPCSkeleton::GetCallingTokenID();
+    auto callerToken = IPCSkeleton::GetCallingTokenID();
     auto tokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
     if ((tokenType == OHOS::Security::AccessToken::TOKEN_HAP) ||
         (tokenType == OHOS::Security::AccessToken::TOKEN_NATIVE)) {
         return CheckDispatchControlPermission(tokenId);
-    } else if (tokenType == OHOS::Security::AccessToken::TOKEN_SHELL) {
+    } else if (!(OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken,"ohos.permission.DISTRIBUTED_DATASYNC") == OHOS::Security::AccessToken::PERMISSION_GRANTED
+    ||OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, "ohos.permission.ACCESS_SERVICE_DM") == OHOS::Security::AccessToken::PERMISSION_GRANTED
+    ||OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(callerToken, "ohos.permission.REPORT_RESOURCE_SCHEDULE_EVENT") == OHOS::Security::AccessToken::PERMISSION_GRANTED)) {
+       MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
+        return false;
+    } else {
         MMI_HILOGI("Token type is shell");
         return true;
-    } else {
-        MMI_HILOGE("Unsupported token type:%{public}d", tokenType);
-        return false;
     }
 }
 
-- 
Gitee