From 4c6fa5ba2e381c6628eddb73b056c524f23dbc36 Mon Sep 17 00:00:00 2001 From: lsq Date: Fri, 27 May 2022 09:58:46 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E5=BC=80=E6=94=BE=E7=BB=99ac?= =?UTF-8?q?cess=5Ftoken=E7=94=A8=E6=88=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I19d9de170415a7a6f9423dbf5c4dedb06d6a676f --- .../service/accesstoken_manager_stub.h | 8 +++++--- .../src/service/accesstoken_manager_stub.cpp | 20 ++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 30cfd3f7d..6bd9a3ec2 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -60,7 +60,7 @@ private: void GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply); void SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply); - void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); + void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply); void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply); void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply); void GetRemoteHapTokenIDInner(MessageParcel& data, MessageParcel& reply); @@ -69,8 +69,10 @@ private: void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply); bool IsAuthorizedCalling() const; - static const int SYSTEM_UID = 1000; - static const int ROOT_UID = 0; + bool IsAccessTokenCalling() const; + static const int32_t SYSTEM_UID = 1000; + static const int32_t ROOT_UID = 0; + static const int32_t ACCESSTOKEN_UID = 3020; using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply); std::map requestFuncMap_; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index a4147fca0..c3d785007 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -325,7 +325,7 @@ void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, Messag #ifdef TOKEN_SYNC_ENABLE void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -340,7 +340,7 @@ void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -356,7 +356,7 @@ void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, Mes void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -374,7 +374,7 @@ void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, Mes void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -404,7 +404,7 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -418,7 +418,7 @@ void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, Message void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -432,7 +432,7 @@ void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, Me void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply) { - if (!IsAuthorizedCalling()) { + if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) { ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -462,6 +462,12 @@ bool AccessTokenManagerStub::IsAuthorizedCalling() const return callingUid == SYSTEM_UID || callingUid == ROOT_UID; } +bool AccessTokenManagerStub::IsAccessTokenCalling() const +{ + int callingUid = IPCSkeleton::GetCallingUid(); + return callingUid == ACCESSTOKEN_UID; +} + AccessTokenManagerStub::AccessTokenManagerStub() { requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN)] = -- Gitee