diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index d78b3c41bde4436e3c5f564da7a70219abee6b1a..5ef5ab824b8667fcf9c0a8b074c0860841888deb 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -46,6 +46,7 @@ ohos_shared_library("accesstoken_common_cxx") { "src/data_validator.cpp", "src/json_parser.cpp", "src/permission_map.cpp", + "src/time_util.cpp", ] external_deps = [ diff --git a/services/common/utils/include/time_util.h b/frameworks/common/include/time_util.h similarity index 100% rename from services/common/utils/include/time_util.h rename to frameworks/common/include/time_util.h diff --git a/services/common/utils/src/time_util.cpp b/frameworks/common/src/time_util.cpp similarity index 100% rename from services/common/utils/src/time_util.cpp rename to frameworks/common/src/time_util.cpp diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index d312b70c727f8a7bab9dfd8a4ab1b53560e7f30a..462739b93fd9a049f1bad07e9bc2ae206c428e53 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -18,15 +18,42 @@ #include #include -#include "accesstoken_log.h" #include "constant_common.h" #include "data_validator.h" #include "privacy_error.h" #include "privacy_manager_client.h" +#include "time_util.h" namespace OHOS { namespace Security { namespace AccessToken { +namespace { +constexpr const uint64_t MERGE_TIMESTAMP = 200; // 200ms +std::mutex g_lockCache; +std::map g_recordMap; +} +static std::string GetRecordUniqueStr(const AddPermParamInfo& record) +{ + return std::to_string(record.tokenId) + "_" + record.permissionName + "_" + std::to_string(record.type); +} + +bool FindAndInsertRecord(const AddPermParamInfo& record) +{ + std::string newRecordStr = GetRecordUniqueStr(record); + uint64_t curTimestamp = TimeUtil::GetCurrentTimestamp(); + std::lock_guard lock(g_lockCache); + auto iter = g_recordMap.find(newRecordStr); + if (iter == g_recordMap.end()) { + g_recordMap[newRecordStr] = curTimestamp; + return false; + } + if (curTimestamp - iter->second < MERGE_TIMESTAMP) { + return true; + } + g_recordMap[newRecordStr] = curTimestamp; + return false; +} + int32_t PrivacyKit::AddPermissionUsedRecord(AccessTokenID tokenID, const std::string& permissionName, int32_t successCount, int32_t failCount, bool asyncMode) { @@ -49,7 +76,11 @@ int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool a if (!DataValidator::IsHapCaller(info.tokenId)) { return PrivacyError::ERR_PARAM_INVALID; } - return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + + if (!FindAndInsertRecord(info)) { + return PrivacyManagerClient::GetInstance().AddPermissionUsedRecord(info, asyncMode); + } + return RET_SUCCESS; } int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::string& permissionName, int32_t pid) diff --git a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp index 1385c695acf6b4ba0aa02469da7c5f41627ff2dc..d7c68b16bf2781748c53264c26a761ccb4d968b9 100644 --- a/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp +++ b/interfaces/innerkits/privacy/test/unittest/src/privacy_kit_test.cpp @@ -587,9 +587,12 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord006, TestSize.Level1) info.successCount = 1; info.failCount = 0; + // <200ms, record is dropped ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; @@ -602,7 +605,7 @@ HWTEST_F(PrivacyKitTest, AddPermissionUsedRecord006, TestSize.Level1) ASSERT_EQ(static_cast(1), result.bundleRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords.size()); ASSERT_EQ(static_cast(1), result.bundleRecords[0].permissionRecords[0].accessRecords.size()); - CheckPermissionUsedResult(request, result, 1, 4, 0); // records in the same minute combine to one + CheckPermissionUsedResult(request, result, 1, 3, 0); // records in the same minute combine to one } /** @@ -865,8 +868,11 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords003, TestSize.Level1) info.successCount = 1; info.failCount = 0; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); PermissionUsedRequest request; @@ -877,12 +883,15 @@ HWTEST_F(PrivacyKitTest, GetPermissionUsedRecords003, TestSize.Level1) ASSERT_EQ(static_cast(1), result.bundleRecords.size()); CheckPermissionUsedResult(request, result, 1, 4, 0); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CONTACTS"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.READ_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); + usleep(200000); // 200000us = 200ms info.permissionName = "ohos.permission.WRITE_CALENDAR"; ASSERT_EQ(RET_NO_ERROR, PrivacyKit::AddPermissionUsedRecord(info)); diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 8d9b1ea5494ef84497dedd374014b114906fec16..74b7ccb74544166913580d6592fa36486943adb6 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -234,13 +234,13 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptrIsRemote()) { - std::string HapUniqueKey = GetHapUniqueStr(info); - auto iter = hapTokenIdMap_.find(HapUniqueKey); + std::string hapUniqueKey = GetHapUniqueStr(info); + auto iter = hapTokenIdMap_.find(hapUniqueKey); if (iter != hapTokenIdMap_.end()) { ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u Unique info has exist, update.", id); idRemoved = iter->second; } - hapTokenIdMap_[HapUniqueKey] = id; + hapTokenIdMap_[hapUniqueKey] = id; } hapTokenInfoMap_[id] = info; } diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index c6a33b647222e374298509a9f431b7d307fe047c..74f31e0f377a549a6754fa7dc01d738eafaa3cf6 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -21,7 +21,6 @@ config("accesstoken_service_common_public_config") { "database/include", "libraryloader/include", "random/include", - "utils/include", ] if (eventhandler_enable) { include_dirs += [ "handler/include" ] @@ -59,7 +58,6 @@ ohos_static_library("accesstoken_service_common") { "database/src/variant_value.cpp", "libraryloader/src/libraryloader.cpp", "random/src/random_openssl.cpp", - "utils/src/time_util.cpp", ] cflags_cc = [ diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index ca7f4a9a2ae2a0f3ae176b5a0e056475e48de716..bc4ffb76295a97e9e2e48699a9ef8401d1ca8c82 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -1061,8 +1061,6 @@ bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, co int32_t PermissionRecordManager::SetMutePolicy(const PolicyType& policyType, const CallerType& callerType, bool isMute) { - ACCESSTOKEN_LOG_INFO(LABEL, "CallerType: %{public}d, policyType: %{public}d, isMute: %{public}d", - callerType, policyType, isMute); std::string permissionName; if (callerType == MICROPHONE) { permissionName = MICROPHONE_PERMISSION_NAME; diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp index f4f34e25ccd38823c8b2a1bd68b583258e05a227..6e2395b9c28459c451341449527fea7ba09f1a95 100644 --- a/services/privacymanager/src/service/privacy_manager_service.cpp +++ b/services/privacymanager/src/service/privacy_manager_service.cpp @@ -284,7 +284,8 @@ bool PrivacyManagerService::IsAllowedUsingPermission(AccessTokenID tokenId, cons int32_t PrivacyManagerService::SetMutePolicy(uint32_t policyType, uint32_t callerType, bool isMute) { - ACCESSTOKEN_LOG_INFO(LABEL, "CallerType: %{public}d, isMute: %{public}d", callerType, isMute); + ACCESSTOKEN_LOG_INFO(LABEL, "PolicyType: %{public}d, callerType: %{public}d, isMute: %{public}d", + policyType, callerType, isMute); return PermissionRecordManager::GetInstance().SetMutePolicy( static_cast(policyType), static_cast(callerType), isMute); }