diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index a5f846015267ca34fdaadf44a6f7f8aba1d6b5f2..79510f9a72a24f5d3a6f1985718b51e4edd19a81 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -56,7 +56,7 @@ public: std::shared_ptr GetHapPermissionPolicySet(AccessTokenID id); int RemoveHapTokenInfo(AccessTokenID id); int RemoveNativeTokenInfo(AccessTokenID id); - int32_t ModifyHapTokenInfoFromDb(AccessTokenID tokenID); + int32_t ModifyHapTokenInfoFromDb(AccessTokenID tokenID, const std::shared_ptr& hapInner); int CreateHapTokenInfo(const HapInfoParams& info, const HapPolicyParams& policy, AccessTokenIDEx& tokenIdEx); AccessTokenIDEx GetHapTokenID(int32_t userID, const std::string& bundleName, int32_t instIndex); AccessTokenID AllocLocalTokenID(const std::string& remoteDeviceID, AccessTokenID remoteTokenID); @@ -74,7 +74,8 @@ public: int32_t UpdateUserPolicy(const std::vector& userList); int32_t ClearUserPolicy(); bool GetPermDialogCap(AccessTokenID tokenID); - int32_t ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission); + int32_t ModifyHapPermStateFromDb( + AccessTokenID tokenID, const std::string& permission, const std::shared_ptr& hapInfo); void DumpToken(); int32_t GetCurDumpTaskNum(); void AddDumpTaskNum(); @@ -112,7 +113,7 @@ private: std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; bool TryUpdateExistNativeToken(const std::shared_ptr& infoPtr); int AllocNativeToken(const std::shared_ptr& infoPtr); - int AddHapTokenInfoToDb(AccessTokenID tokenID); + int AddHapTokenInfoToDb(AccessTokenID tokenID, const std::shared_ptr& hapInfo); int AddNativeTokenInfoToDb( const std::vector& nativeInfoValues, const std::vector& permStateValues); int RemoveTokenInfoFromDb(AccessTokenID tokenID, bool isHap = true); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 39fe6dd2792f31390d5d0fb1188f1f9dc8bb88a5..ac96de151d060c8a4230b5adf5b1ae150b880e8e 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -140,12 +140,6 @@ void PermissionManager::AddDefPermissions(const std::vector& perm void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID); - std::shared_ptr tokenInfo = - AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID); - if (tokenInfo == nullptr) { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenInfo is null, tokenId=%{public}u", tokenID); - return; - } PermissionDefinitionCache::GetInstance().DeleteByToken(tokenID); } @@ -547,8 +541,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(id); #endif - AccessTokenInfoManager::GetInstance().ModifyHapPermStateFromDb(id, permission); - return RET_SUCCESS; + return AccessTokenInfoManager::GetInstance().ModifyHapPermStateFromDb(id, permission, infoPtr); } int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index f7e8a6b996313a8842296bad0292fc0c5d6d2396..e126fc0aa1fed9301ab8f880d8750eca77fee731 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -303,8 +303,51 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( if (iter != hapTokenInfoMap_.end()) { return iter->second; } - ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u is invalid.", id); - return nullptr; + int32_t ret = RET_SUCCESS; + GenericValues conditionValue; + if (PermissionDefinitionCache::GetInstance().IsHapPermissionDefEmpty()) { + std::vector permDefRes; + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, permDefRes); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to find perm def from perm_def_table, err: %{public}d, " + "mapSize: %{public}zu.", ret, hapTokenInfoMap_.size()); + return nullptr; + } + PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); // restore all permission definition + ACCESSTOKEN_LOG_ERROR(LABEL, "Restore per def size: %{public}zu.", permDefRes.size()); + } + + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); + std::vector hapTokenResults; + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); + if (ret != RET_SUCCESS || hapTokenResults.empty()) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); + return nullptr; + } + std::vector permStateRes; + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " + "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); + return nullptr; + } + + std::shared_ptr hap = std::make_shared(); + ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", + id, ret, hapTokenInfoMap_.size()); + return nullptr; + } + AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_HAP); + hapTokenIdMap_[GetHapUniqueStr(hap)] = id; + hapTokenInfoMap_[id] = hap; + + ACCESSTOKEN_LOG_INFO(LABEL, " Token %{public}u is not found in map(mapSize: %{public}zu), begin load from DB," + " restore bundle %{public}s user %{public}d, idx %{public}d, permSize %{public}d.", id, hapTokenInfoMap_.size(), + hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex(), hap->GetReqPermissionSize()); + return hap; } int32_t AccessTokenInfoManager::GetHapTokenDlpType(AccessTokenID id) @@ -416,6 +459,11 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) PermissionManager::GetInstance().RemoveDefPermissions(id); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + RemoveTokenInfoFromDb(id, true); + // remove hap to kernel + PermissionManager::GetInstance().RemovePermFromKernel(id); + AccessTokenIDManager::GetInstance().ReleaseTokenId(id); + if (hapTokenInfoMap_.count(id) == 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "Hap token %{public}u no exist.", id); return ERR_TOKENID_NOT_EXIST; @@ -438,11 +486,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) hapTokenInfoMap_.erase(id); } - AccessTokenIDManager::GetInstance().ReleaseTokenId(id); ACCESSTOKEN_LOG_INFO(LABEL, "Remove hap token %{public}u ok!", id); - RemoveTokenInfoFromDb(id, true); - // remove hap to kernel - PermissionManager::GetInstance().RemovePermFromKernel(id); PermissionStateNotify(info, id); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); @@ -540,7 +584,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( ACCESSTOKEN_LOG_INFO(LABEL, "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d ok", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); AllocAccessTokenIDEx(info, tokenId, tokenIdEx); - AddHapTokenInfoToDb(tokenId); + AddHapTokenInfoToDb(tokenId, tokenInfo); return RET_SUCCESS; } @@ -713,12 +757,12 @@ inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleNam (std::find(inactiveUserList_.begin(), inactiveUserList_.end(), userId) != inactiveUserList_.end())) { ACCESSTOKEN_LOG_INFO(LABEL, "Execute user policy."); PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet, permPolicyList_); - ModifyHapTokenInfoFromDb(tokenID); + ModifyHapTokenInfoFromDb(tokenID, infoPtr); return RET_SUCCESS; } } PermissionManager::GetInstance().AddPermToKernel(tokenID, policySet); - return ModifyHapTokenInfoFromDb(tokenID); + return ModifyHapTokenInfoFromDb(tokenID, infoPtr); } #ifdef TOKEN_SYNC_ENABLE @@ -982,9 +1026,9 @@ AccessTokenInfoManager& AccessTokenInfoManager::GetInstance() return *instance; } -int AccessTokenInfoManager::ModifyHapTokenInfoFromDb(AccessTokenID tokenID) +int AccessTokenInfoManager::ModifyHapTokenInfoFromDb( + AccessTokenID tokenID, const std::shared_ptr& hapInner) { - std::shared_ptr hapInner = GetHapTokenInfoInner(tokenID); if (hapInner == nullptr) { ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u info is null!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; @@ -1011,11 +1055,11 @@ int AccessTokenInfoManager::ModifyHapTokenInfoFromDb(AccessTokenID tokenID) permStateValues); } -int32_t AccessTokenInfoManager::ModifyHapPermStateFromDb(AccessTokenID tokenID, const std::string& permission) +int32_t AccessTokenInfoManager::ModifyHapPermStateFromDb( + AccessTokenID tokenID, const std::string& permission, const std::shared_ptr& hapInfo) { std::vector permStateValues; Utils::UniqueWriteGuard infoGuard(this->modifyLock_); - std::shared_ptr hapInfo = GetHapTokenInfoInner(tokenID); if (hapInfo == nullptr) { ACCESSTOKEN_LOG_INFO(LABEL, "Token %{public}u info is null!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; @@ -1035,13 +1079,12 @@ int32_t AccessTokenInfoManager::ModifyHapPermStateFromDb(AccessTokenID tokenID, return RET_SUCCESS; } -int AccessTokenInfoManager::AddHapTokenInfoToDb(AccessTokenID tokenID) +int AccessTokenInfoManager::AddHapTokenInfoToDb( + AccessTokenID tokenID, const std::shared_ptr& hapInfo) { std::vector hapInfoValues; std::vector permDefValues; std::vector permStateValues; - - std::shared_ptr hapInfo = GetHapTokenInfoInner(tokenID); if (hapInfo == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Token %{public}u info is null!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST;