diff --git a/interfaces/innerkits/accesstoken/include/permission_def.h b/interfaces/innerkits/accesstoken/include/permission_def.h index 39352b4e582cbd8070741fe02ce6c75e3438d679..c1fa9ca7c9c6b19a62a061ace58084361f82a15f 100644 --- a/interfaces/innerkits/accesstoken/include/permission_def.h +++ b/interfaces/innerkits/accesstoken/include/permission_def.h @@ -36,6 +36,12 @@ public: std::string description; int descriptionId; }; + +class PermissionDefData final { +public: + AccessTokenID tokenId; + PermissionDef permDef; +}; } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h index 59e31d77702eb7373bca8d794a228a1b3cfe3aeb..b83802b17a6af5fa5d73d361cfede4e7eeabe77f 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h @@ -33,7 +33,7 @@ public: virtual ~PermissionDefinitionCache(); - bool Insert(const PermissionDef& info); + bool Insert(const PermissionDef& info, AccessTokenID tokenId); bool Update(const PermissionDef& info); @@ -49,6 +49,12 @@ public: bool IsPermissionDefEmpty(); + void StorePermissionDef(std::vector& valueList); + + void GetDefPermissionsByTokenId(std::vector& permList, AccessTokenID tokenId); + + int32_t RestorePermDefInfo(std::vector permDefRes); + private: PermissionDefinitionCache(); @@ -58,9 +64,9 @@ private: /** * key: the permission name. - * value: the object of PermissionDef. + * value: the object of PermissionDefData. */ - std::map permissionDefinitionMap_; + std::map permissionDefinitionMap_; OHOS::Utils::RWLock cacheLock_; }; diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h index 1db448e10bdad2343559591962a11c3a553ac3d7..3869fe3d33a8ef6c283c565c8d67c87dcda60941 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h @@ -35,11 +35,10 @@ public: virtual ~PermissionPolicySet(); static std::shared_ptr BuildPermissionPolicySet(AccessTokenID tokenId, - const std::vector& permList, const std::vector& permStateList); + const std::vector& permStateList); static std::shared_ptr RestorePermissionPolicy(AccessTokenID tokenId, const std::vector& permDefRes, const std::vector& permStateRes); - void StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList); + void StorePermissionPolicySet(std::vector& permStateValueList); void Update(const std::vector& permList, const std::vector& permStateList); int VerifyPermissStatus(const std::string& permissionName); @@ -63,7 +62,6 @@ private: void PermStateFullToString(const PermissionStateFull& state, std::string& info) const; OHOS::Utils::RWLock permPolicySetLock_; - std::vector permList_; std::vector permStateList_; AccessTokenID tokenId_; }; diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h index 3108dd9821d351ba008671bb32006a743cdbec76..1ecf8dd785501e741fea1784f900ff57e1453f44 100644 --- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h +++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h @@ -41,7 +41,6 @@ public: void Update(const std::string& appIDDesc, const HapPolicyParams& policy); void TranslateToHapTokenInfo(HapTokenInfo& InfoParcel) const; void StoreHapInfo(std::vector& hapInfoValues, - std::vector& permDefValues, std::vector& permStateValues) const; int RestoreHapTokenInfo(AccessTokenID tokenId, GenericValues& tokenValue, const std::vector& permDefRes, const std::vector& permStateRes); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp index 942e280c7035279dbd54aeb77ed06c6afbf45e48..08b359c89c02fb33f087371c98f31188b86e1cdb 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp @@ -39,7 +39,7 @@ PermissionDefinitionCache::PermissionDefinitionCache() PermissionDefinitionCache::~PermissionDefinitionCache() {} -bool PermissionDefinitionCache::Insert(const PermissionDef& info) +bool PermissionDefinitionCache::Insert(const PermissionDef& info, AccessTokenID tokenId) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.find(info.permissionName); @@ -48,14 +48,15 @@ bool PermissionDefinitionCache::Insert(const PermissionDef& info) info.permissionName.c_str()); return false; } - permissionDefinitionMap_[info.permissionName] = info; + permissionDefinitionMap_[info.permissionName].permDef = info; + permissionDefinitionMap_[info.permissionName].tokenId= tokenId; return true; } bool PermissionDefinitionCache::Update(const PermissionDef& info) { Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); - permissionDefinitionMap_[info.permissionName] = info; + permissionDefinitionMap_[info.permissionName].permDef = info; return true; } @@ -64,7 +65,7 @@ void PermissionDefinitionCache::DeleteByBundleName(const std::string& bundleName Utils::UniqueWriteGuard cacheGuard(this->cacheLock_); auto it = permissionDefinitionMap_.begin(); while (it != permissionDefinitionMap_.end()) { - if (bundleName == it->second.bundleName) { + if (bundleName == it->second.permDef.bundleName) { permissionDefinitionMap_.erase(it++); } else { ++it; @@ -81,7 +82,7 @@ int PermissionDefinitionCache::FindByPermissionName(const std::string& permissio permissionName.c_str()); return RET_FAILED; } - info = it->second; + info = it->second.permDef; return RET_SUCCESS; } @@ -103,7 +104,7 @@ bool PermissionDefinitionCache::IsGrantedModeEqualInner(const std::string& permi if (it == permissionDefinitionMap_.end()) { return false; } - return it->second.grantMode == grantMode; + return it->second.permDef.grantMode == grantMode; } bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName) @@ -117,6 +118,47 @@ bool PermissionDefinitionCache::IsPermissionDefEmpty() Utils::UniqueReadGuard cacheGuard(this->cacheLock_); return permissionDefinitionMap_.empty(); } + +void PermissionDefinitionCache::StorePermissionDef(std::vector& valueList) +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + auto it = permissionDefinitionMap_.begin(); + while (it != permissionDefinitionMap_.end()) { + GenericValues genericValues; + genericValues.Put(FIELD_TOKEN_ID, it->second.tokenId); + DataTranslator::TranslationIntoGenericValues(it->second.permDef, genericValues); + valueList.emplace_back(genericValues); + } +} + +void PermissionDefinitionCache::GetDefPermissionsByTokenId(std::vector& permList, + AccessTokenID tokenId) +{ + Utils::UniqueReadGuard cacheGuard(this->cacheLock_); + auto it = permissionDefinitionMap_.begin(); + while (it != permissionDefinitionMap_.end()) { + if (tokenId == it->second.tokenId) { + permList.emplace_back(it->second.permDef); + } + } +} + +int32_t PermissionDefinitionCache::RestorePermDefInfo(std::vector permDefRes) +{ + std::vector permDataList; + for (GenericValues& defValue : permDefRes) { + PermissionDef def; + AccessTokenID tokenId = (AccessTokenID)defValue.GetInt(FIELD_TOKEN_ID); + int32_t ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); + if (ret != RET_SUCCESS) { + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x permDef is wrong.", tokenId); + return ret; + } + Insert(def, tokenId); + } + return RET_SUCCESS; +} + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index d41a88b6863949ccd732aa63c300f95d44502405..5fd7dc135b84e9c8f54b5968de797c50ae9d77aa 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -45,17 +45,9 @@ PermissionManager::~PermissionManager() { } -void PermissionManager::AddDefPermissions(std::shared_ptr tokenInfo, bool updateFlag) +void PermissionManager::AddDefPermissions(const std::vector permList, AccessTokenID tokenId, + bool updateFlag) { - if (tokenInfo == nullptr) { - return; - } - std::shared_ptr permPolicySet = tokenInfo->GetHapInfoPermissionPolicySet(); - if (permPolicySet == nullptr) { - return; - } - std::vector permList; - permPolicySet->GetDefPermissions(permList); for (auto perm : permList) { if (!PermissionValidator::IsPermissionDefValid(perm)) { ACCESSTOKEN_LOG_INFO(LABEL, "invalid permission definition info: %{public}s", @@ -69,7 +61,7 @@ void PermissionManager::AddDefPermissions(std::shared_ptr tok } if (!PermissionDefinitionCache::GetInstance().HasDefinition(perm.permissionName)) { - PermissionDefinitionCache::GetInstance().Insert(perm); + PermissionDefinitionCache::GetInstance().Insert(perm, tokenId); } else { ACCESSTOKEN_LOG_INFO(LABEL, "permission %{public}s has define", TransferPermissionDefToString(perm).c_str()); diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp index 471ed5f2688377484e2653b83815a68effee2a6b..a413e2eb6ecbfc743a62b70fca9bc9b98f239f54 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp @@ -36,12 +36,10 @@ PermissionPolicySet::~PermissionPolicySet() } std::shared_ptr PermissionPolicySet::BuildPermissionPolicySet( - AccessTokenID tokenId, const std::vector& permList, - const std::vector& permStateList) + AccessTokenID tokenId, const std::vector& permStateList) { std::shared_ptr policySet = std::make_shared(); if (policySet != nullptr) { - PermissionValidator::FilterInvalidPermisionDef(permList, policySet->permList_); PermissionValidator::FilterInvalidPermisionState(permStateList, policySet->permStateList_); policySet->tokenId_ = tokenId; } @@ -67,19 +65,6 @@ void PermissionPolicySet::Update(const std::vector& permList, PermissionValidator::FilterInvalidPermisionState(permStateList, permStateFilterList); Utils::UniqueWriteGuard infoGuard(this->permPolicySetLock_); - for (const PermissionDef& permNew : permFilterList) { - bool found = false; - for (PermissionDef& permOld : permList_) { - if (permNew.permissionName == permOld.permissionName) { - permOld = permNew; - found = true; - break; - } - } - if (!found) { - permList_.emplace_back(permNew); - } - } for (PermissionStateFull& permStateNew : permStateFilterList) { for (const PermissionStateFull& permStateOld : permStateList_) { @@ -93,7 +78,7 @@ void PermissionPolicySet::Update(const std::vector& permList, } std::shared_ptr PermissionPolicySet::RestorePermissionPolicy(AccessTokenID tokenId, - const std::vector& permDefRes, const std::vector& permStateRes) + const std::vector& permStateRes) { std::shared_ptr policySet = std::make_shared(); if (policySet == nullptr) { @@ -102,18 +87,6 @@ std::shared_ptr PermissionPolicySet::RestorePermissionPolic } policySet->tokenId_ = tokenId; - for (GenericValues defValue : permDefRes) { - if ((AccessTokenID)defValue.GetInt(FIELD_TOKEN_ID) == tokenId) { - PermissionDef def; - int ret = DataTranslator::TranslationIntoPermissionDef(defValue, def); - if (ret == RET_SUCCESS) { - policySet->permList_.emplace_back(def); - } else { - ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x permDef is wrong.", tokenId); - } - } - } - for (GenericValues stateValue : permStateRes) { if ((AccessTokenID)stateValue.GetInt(FIELD_TOKEN_ID) == tokenId) { PermissionStateFull state; @@ -142,16 +115,6 @@ void PermissionPolicySet::MergePermissionStateFull(std::vector& valueList) const -{ - for (auto permissionDef : permList_) { - GenericValues genericValues; - genericValues.Put(FIELD_TOKEN_ID, tokenId_); - DataTranslator::TranslationIntoGenericValues(permissionDef, genericValues); - valueList.emplace_back(genericValues); - } -} - void PermissionPolicySet::StorePermissionState(std::vector& valueList) const { for (auto permissionState : permStateList_) { @@ -173,11 +136,9 @@ void PermissionPolicySet::StorePermissionState(std::vector& value } } -void PermissionPolicySet::StorePermissionPolicySet(std::vector& permDefValueList, - std::vector& permStateValueList) +void PermissionPolicySet::StorePermissionPolicySet(std::vector& permStateValueList) { Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - StorePermissionDef(permDefValueList); StorePermissionState(permStateValueList); } @@ -198,8 +159,7 @@ int PermissionPolicySet::VerifyPermissStatus(const std::string& permissionName) void PermissionPolicySet::GetDefPermissions(std::vector& permList) { - Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); - permList.assign(permList_.begin(), permList_.end()); + PermissionDefinitionCache::GetDefPermissionsByTokenId(permList, tokenId_); } void PermissionPolicySet::GetPermissionStateFulls(std::vector& permList) @@ -307,9 +267,11 @@ void PermissionPolicySet::ToString(std::string& info) Utils::UniqueReadGuard infoGuard(this->permPolicySetLock_); info.append(R"( "permDefList": [)"); info.append("\n"); - for (auto iter = permList_.begin(); iter != permList_.end(); iter++) { + std::vector permList; + PermissionDefinitionCache::GetDefPermissionsByTokenId(permList, tokenId_); + for (auto iter = permList.begin(); iter != permList.end(); iter++) { PermDefToString(*iter, info); - if (iter != (permList_.end() - 1)) { + if (iter != (permList.end() - 1)) { info.append(",\n"); } } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 18a62e12cabca22637c27fb38fe659ca173e1f5e..7d0ddeff7a2dae0ecb124938a4322b96d08bc1c5 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -87,7 +87,7 @@ void AccessTokenInfoManager::InitHapTokenInfos() ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId); continue; } - ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes); + ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes); if (ret != RET_SUCCESS) { AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId); @@ -104,6 +104,7 @@ void AccessTokenInfoManager::InitHapTokenInfos() " restore hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex()); } + PermissionDefinitionCache::GetInstance().RestorePermDefInfo(permDefRes); } void AccessTokenInfoManager::InitNativeTokenInfos() @@ -185,9 +186,6 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptrIsRemote()) { - PermissionManager::GetInstance().AddDefPermissions(info, false); - } return RET_SUCCESS; } @@ -399,6 +397,8 @@ int AccessTokenInfoManager::CreateHapTokenInfo( AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); return RET_FAILED; } + PermissionManager::GetInstance().AddDefPermissions(policy.permList, tokenId, false); + ACCESSTOKEN_LOG_INFO(LABEL, "create hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!", tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex()); @@ -603,9 +603,8 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok return RET_FAILED; } - std::vector permList = {}; std::shared_ptr newPermPolicySet = - PermissionPolicySet::BuildPermissionPolicySet(mapID, permList, hapSync.permStateList); + PermissionPolicySet::BuildPermissionPolicySet(mapID, hapSync.permStateList); { Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); @@ -857,7 +856,7 @@ void AccessTokenInfoManager::StoreAllTokenInfo() Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); for (auto iter = hapTokenInfoMap_.begin(); iter != hapTokenInfoMap_.end(); iter++) { if (iter->second != nullptr) { - iter->second->StoreHapInfo(hapInfoValues, permDefValues, permStateValues); + iter->second->StoreHapInfo(hapInfoValues,permStateValues); } } } @@ -871,6 +870,8 @@ void AccessTokenInfoManager::StoreAllTokenInfo() } } + PermissionDefinitionCache::GetInstance().StorePermissionDef(permDefValues); + DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_HAP_INFO, hapInfoValues); DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenValues); DataStorage::GetRealDataStorage().RefreshAll(DataStorage::ACCESSTOKEN_PERMISSION_DEF, permDefValues); diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 102565af1132c690419f0d8ec5cf8da9e5756ebf..8adc75401aa56b72e657d2603e4c3fe3540dfc2b 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -52,15 +52,14 @@ HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, tokenInfoBasic_.appID = info.appIDDesc; tokenInfoBasic_.deviceID = "0"; tokenInfoBasic_.apl = policy.apl; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permList, policy.permStateList); + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, policy.permStateList); } HapTokenInfoInner::HapTokenInfoInner(AccessTokenID id, const HapTokenInfo &info, const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = info; - const std::vector permDefList; - permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permDefList, permStateList); + permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, permStateList); } HapTokenInfoInner::~HapTokenInfoInner() @@ -75,7 +74,7 @@ void HapTokenInfoInner::Update(const std::string& appIDDesc, const HapPolicyPara tokenInfoBasic_.apl = policy.apl; if (permPolicySet_ == nullptr) { permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(tokenInfoBasic_.tokenID, - policy.permList, policy.permStateList); + policy.permStateList); return; } @@ -148,7 +147,7 @@ int HapTokenInfoInner::RestoreHapTokenBasicInfo(const GenericValues& inGenericVa } int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, - GenericValues& tokenValue, const std::vector& permDefRes, + GenericValues& tokenValue, const std::vector& permStateRes) { tokenInfoBasic_.tokenID = tokenId; @@ -157,7 +156,7 @@ int HapTokenInfoInner::RestoreHapTokenInfo(AccessTokenID tokenId, return RET_FAILED; } permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId, - permDefRes, permStateRes); + permStateRes); return RET_SUCCESS; } @@ -169,7 +168,6 @@ void HapTokenInfoInner::StoreHapBasicInfo(std::vector& valueList) } void HapTokenInfoInner::StoreHapInfo(std::vector& hapInfoValues, - std::vector& permDefValues, std::vector& permStateValues) const { if (isRemote_) { @@ -179,7 +177,7 @@ void HapTokenInfoInner::StoreHapInfo(std::vector& hapInfoValues, } StoreHapBasicInfo(hapInfoValues); if (permPolicySet_ != nullptr) { - permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues); + permPolicySet_->StorePermissionPolicySet(permStateValues); } } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 012433693a999db399197d70c0c89dd312be8970..957194a660228e9f39e63a9a05f1e2f97395fd88 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -41,9 +41,8 @@ NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native, const std::vector& permStateList) : isRemote_(false) { tokenInfoBasic_ = native; - std::vector permDefList = {}; permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID, - permDefList, permStateList); + permStateList); } NativeTokenInfoInner::~NativeTokenInfoInner() @@ -74,9 +73,8 @@ int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName, tokenInfoBasic_.dcap = dcap; tokenInfoBasic_.nativeAcls = nativeAcls; - std::vector permDefList = {}; permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id, - permDefList, permStateList); + permStateList); return RET_SUCCESS; }