From 1dec614e26826f98ead46f9c0630ac84f86dca7a Mon Sep 17 00:00:00 2001 From: xuhanyang Date: Sat, 25 Mar 2023 17:01:35 +0800 Subject: [PATCH 1/4] add permission cherking of reminder event Signed-off-by: xuhanyang --- services/ans/include/reminder_event_manager.h | 1 + services/ans/src/reminder_event_manager.cpp | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/services/ans/include/reminder_event_manager.h b/services/ans/include/reminder_event_manager.h index dbc625f26..1897ec52c 100644 --- a/services/ans/include/reminder_event_manager.h +++ b/services/ans/include/reminder_event_manager.h @@ -44,6 +44,7 @@ private: sptr GetBundleOption(const OHOS::EventFwk::Want &want) const; void HandlePackageRemove(const EventFwk::Want &want) const; void HandleProcessDied(const EventFwk::Want &want) const; + bool CheckCallingPermission(); std::shared_ptr reminderDataManager_ = nullptr; }; diff --git a/services/ans/src/reminder_event_manager.cpp b/services/ans/src/reminder_event_manager.cpp index 1a9c2b265..89446a0e1 100644 --- a/services/ans/src/reminder_event_manager.cpp +++ b/services/ans/src/reminder_event_manager.cpp @@ -83,8 +83,24 @@ ReminderEventManager::ReminderEventSubscriber::ReminderEventSubscriber( reminderDataManager_ = reminderDataManager; } +bool ReminderEventManager::ReminderEventSubscriber::CheckCallingPermission() +{ + Security::AccessToken::NativeTokenInfo nativeTokenInfo; + uint32_t accessToken = IPCSkeleton::GetCallingTokenID(); + auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(accessToken); + bool isSystemApp = Security::AccessToken::TokenIdKit::ISystemAppByFullTokenID(accessToken); + if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || isSystemApp) { + return true; + } + return false; +} + void ReminderEventManager::ReminderEventSubscriber::OnReceiveEvent(const EventFwk::CommonEventData &data) { + if (!CheckCallingPermission()) { + ANSR_LOGD("Don't have calling permission!"); + return; + } Want want = data.GetWant(); std::string action = want.GetAction(); ANSR_LOGI("Recieved common event:%{public}s", action.c_str()); -- Gitee From cd4909ce742c9a034057cdfd503baa458a9e9da5 Mon Sep 17 00:00:00 2001 From: xuhanyang Date: Sat, 25 Mar 2023 17:08:45 +0800 Subject: [PATCH 2/4] change Signed-off-by: xuhanyang --- services/ans/src/reminder_event_manager.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/services/ans/src/reminder_event_manager.cpp b/services/ans/src/reminder_event_manager.cpp index 89446a0e1..a244cc3c2 100644 --- a/services/ans/src/reminder_event_manager.cpp +++ b/services/ans/src/reminder_event_manager.cpp @@ -85,7 +85,6 @@ ReminderEventManager::ReminderEventSubscriber::ReminderEventSubscriber( bool ReminderEventManager::ReminderEventSubscriber::CheckCallingPermission() { - Security::AccessToken::NativeTokenInfo nativeTokenInfo; uint32_t accessToken = IPCSkeleton::GetCallingTokenID(); auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(accessToken); bool isSystemApp = Security::AccessToken::TokenIdKit::ISystemAppByFullTokenID(accessToken); -- Gitee From 70f328242dde2e6064e7671a7d20b39cd42b9cbe Mon Sep 17 00:00:00 2001 From: xuhanyang Date: Sat, 25 Mar 2023 17:21:05 +0800 Subject: [PATCH 3/4] change Signed-off-by: xuhanyang --- services/ans/src/reminder_event_manager.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/ans/src/reminder_event_manager.cpp b/services/ans/src/reminder_event_manager.cpp index a244cc3c2..33ad8cedf 100644 --- a/services/ans/src/reminder_event_manager.cpp +++ b/services/ans/src/reminder_event_manager.cpp @@ -97,7 +97,7 @@ bool ReminderEventManager::ReminderEventSubscriber::CheckCallingPermission() void ReminderEventManager::ReminderEventSubscriber::OnReceiveEvent(const EventFwk::CommonEventData &data) { if (!CheckCallingPermission()) { - ANSR_LOGD("Don't have calling permission!"); + ANSR_LOGW("Don't have calling permission!"); return; } Want want = data.GetWant(); -- Gitee From fd75c56bb054c1038685dceec1e8b57fbebf5248 Mon Sep 17 00:00:00 2001 From: xuhanyang Date: Sat, 25 Mar 2023 18:23:33 +0800 Subject: [PATCH 4/4] change Signed-off-by: xuhanyang --- services/ans/src/reminder_event_manager.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/ans/src/reminder_event_manager.cpp b/services/ans/src/reminder_event_manager.cpp index 33ad8cedf..e79b421ac 100644 --- a/services/ans/src/reminder_event_manager.cpp +++ b/services/ans/src/reminder_event_manager.cpp @@ -15,6 +15,7 @@ #include "reminder_event_manager.h" +#include "accesstoken_kit.h" #include "ans_log_wrapper.h" #include "bundle_constants.h" #include "bundle_mgr_interface.h" @@ -24,6 +25,7 @@ #include "ipc_skeleton.h" #include "iservice_registry.h" #include "system_ability_definition.h" +#include "tokenid_kit.h" using namespace OHOS::EventFwk; namespace OHOS { @@ -87,7 +89,8 @@ bool ReminderEventManager::ReminderEventSubscriber::CheckCallingPermission() { uint32_t accessToken = IPCSkeleton::GetCallingTokenID(); auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(accessToken); - bool isSystemApp = Security::AccessToken::TokenIdKit::ISystemAppByFullTokenID(accessToken); + uint64_t fullTokenId = IPCSkeleton::GetCallingFullTokenID(); + bool isSystemApp = Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE || isSystemApp) { return true; } -- Gitee