diff --git a/frameworks/js/napi/accesstoken/BUILD.gn b/frameworks/js/napi/accesstoken/BUILD.gn index 6cebe5c4c58380e6392910cf5b676301cad5ec80..e665ee5aa313157f4022591ae7390d8cc9534f01 100644 --- a/frameworks/js/napi/accesstoken/BUILD.gn +++ b/frameworks/js/napi/accesstoken/BUILD.gn @@ -33,6 +33,7 @@ ohos_shared_library("libabilityaccessctrl") { sources = [ "src/napi_atmanager.cpp", "src/napi_context_common.cpp", + "src/napi_hisysevent_adapter.cpp", "src/napi_request_global_switch_on_setting.cpp", "src/napi_request_permission.cpp", "src/napi_request_permission_on_setting.cpp", diff --git a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp index 81cb0889869e964212aff2fb9a285dbd90d610a3..3f07256749afe924bef3b370da02cb59208f898b 100644 --- a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp @@ -15,6 +15,7 @@ #include "napi_atmanager.h" #include "access_token.h" +#include "napi_hisysevent_adapter.h" #include "napi_request_global_switch_on_setting.h" #include "napi_request_permission.h" #include "napi_request_permission_on_setting.h" @@ -421,6 +422,12 @@ void NapiAtManager::VerifyAccessTokenExecute(napi_env env, void *data) if (asyncContext == nullptr) { return; } + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + std::string errMsg = "selfTokenID=" + std::to_string(selfTokenId) + ", contextTokenID=" + + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); } @@ -487,7 +494,12 @@ void NapiAtManager::CheckAccessTokenExecute(napi_env env, void *data) asyncContext->errorCode = JS_ERROR_PARAM_INVALID; return; } - + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + std::string errMsg = "selfTokenID=" + std::to_string(selfTokenId) + ", contextTokenID=" + + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); } @@ -616,6 +628,12 @@ napi_value NapiAtManager::VerifyAccessTokenSync(napi_env env, napi_callback_info return nullptr; } if (asyncContext->tokenId != static_cast(selfTokenId)) { + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != static_cast(selfTokenId)) { + std::string errMsg = "selfTokenID=" + std::to_string(static_cast(selfTokenId)) + + ", contextTokenID=" + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); napi_value result = nullptr; NAPI_CALL(env, napi_create_int32(env, asyncContext->result, &result)); diff --git a/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp b/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ac26713f8bbce1ef54db66140222b95d1864e9dd --- /dev/null +++ b/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "napi_hisysevent_adapter.h" +#include "accesstoken_log.h" +#include "hisysevent.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AtmDfx"}; +} + +void ReportSysEventBehavior(const std::string& event, int32_t code, const std::string& eventMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "EVENT_CODE", code, "EVENT_MSG", eventMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} + +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", code, "ERROR_MSG", errMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp index 72b3ef84b02a5d947e36d761db78b2eabf5eca10..d4eab3f19447e2135804cb359512fe8e2763f5df 100644 --- a/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp @@ -19,8 +19,8 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "accesstoken_log.h" -#include "hisysevent.h" #include "napi_base_context.h" +#include "napi_hisysevent_adapter.h" #include "token_setproc.h" #include "want.h" @@ -133,6 +133,7 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as Ace::UIContent* uiContent = GetUIContent(asyncContext); if (uiContent == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", GET_UI_CONTENT_FAILED, "Get uiContent failed"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; return; @@ -146,6 +147,8 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as sessionId, asyncContext->tokenId, asyncContext->permissionList.size()); if (sessionId == 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "Create component failed, sessionId is 0"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", CREATE_MODAL_UI_FAILED, + "Create UIExtensionComponent failed"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; return; @@ -407,6 +410,8 @@ static void CreateServiceExtension(std::shared_ptr asyncCon } if (!asyncContext->uiAbilityFlag) { ACCESSTOKEN_LOG_ERROR(LABEL, "UIExtension ability can not pop service ablility window!"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", ABILITY_FLAG_ERROR, + "UIExtension ability can't pop service ability window"); asyncContext->needDynamicRequest = false; asyncContext->result = RET_FAILED; return; @@ -512,6 +517,10 @@ void UIExtensionCallback::SetSessionId(int32_t sessionId) */ void UIExtensionCallback::OnResult(int32_t resultCode, const AAFwk::Want& result) { + { + std::lock_guard lock(callbackMutex_); + isOnResult_ = true; + } ACCESSTOKEN_LOG_INFO(LABEL, "ResultCode is %{public}d", resultCode); this->reqContext_->permissionList = result.GetStringArrayParam(PERMISSION_KEY); this->reqContext_->permissionsState = result.GetIntArrayParam(RESULT_KEY); @@ -533,7 +542,7 @@ void UIExtensionCallback::OnReceive(const AAFwk::WantParams& receive) void UIExtensionCallback::OnRelease(int32_t releaseCode) { ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseCode is %{public}d", releaseCode); - + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_RELEASE, "release code=" + std::to_string(releaseCode)); ReleaseHandler(-1); } @@ -544,7 +553,8 @@ void UIExtensionCallback::OnError(int32_t code, const std::string& name, const s { ACCESSTOKEN_LOG_INFO(LABEL, "Code is %{public}d, name is %{public}s, message is %{public}s", code, name.c_str(), message.c_str()); - + std::string errMsg = "code=" + std::to_string(code) + ", name=" + name + ", message=" + message; + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_ONERROR, errMsg); ReleaseHandler(-1); } @@ -563,6 +573,12 @@ void UIExtensionCallback::OnRemoteReady(const std::shared_ptr lock(callbackMutex_); + if (isOnResult_ == false) { + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_DESTROY, "UIExtension destroy without OnRelease"); + } + } ReleaseHandler(-1); } @@ -690,6 +706,9 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void ACCESSTOKEN_LOG_ERROR(LABEL, "The context tokenID: %{public}d, selfTokenID: %{public}d.", asyncContextHandle->asyncContextPtr->tokenId, selfTokenID); asyncContextHandle->asyncContextPtr->result = RET_FAILED; + std::string errorMsg = "selfTokenID=" + std::to_string(selfTokenID) + ", context tokenID=" + + std::to_string(asyncContextHandle->asyncContextPtr->tokenId); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TOKENID_INCONSISTENCY, errorMsg); return; } @@ -711,18 +730,17 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void } else if (asyncContextHandle->asyncContextPtr->instanceId == -1) { ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog, instanceId is -1."); CreateServiceExtension(asyncContextHandle->asyncContextPtr); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, - "UIEXTENSION_FLAG", false); + std::string eventMsg = "bundleName=" + asyncContextHandle->asyncContextPtr->bundleName + + ", uiExtensionFlag=0, selfTokenID=" + std::to_string(selfTokenID); + ReportSysEventBehavior("REQUEST_PERMISSIONS_FROM_USER", START_POP_SERVICE, eventMsg); } else { ACCESSTOKEN_LOG_INFO(LABEL, "Pop ui extension dialog"); asyncContextHandle->asyncContextPtr->uiExtensionFlag = true; RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, - "UIEXTENSION_FLAG", asyncContextHandle->asyncContextPtr->uiExtensionFlag); + std::string eventMsg = "bundleName=" + asyncContextHandle->asyncContextPtr->bundleName + ", uiExtensionFlag=" + + std::to_string(asyncContextHandle->asyncContextPtr->uiExtensionFlag) + ", selfTokenID=" + + std::to_string(selfTokenID); + ReportSysEventBehavior("REQUEST_PERMISSIONS_FROM_USER", START_POP_UIEXTENSION, eventMsg); if (!asyncContextHandle->asyncContextPtr->uiExtensionFlag) { ACCESSTOKEN_LOG_WARN(LABEL, "Pop uiextension dialog fail, start to pop service extension dialog."); RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); diff --git a/hisysevent.yaml b/hisysevent.yaml index c87c7986128b881a97ac3b0e040c2ee0fb9352a3..cb59f347112cd90fa53167e1fc5443633d78d786 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -82,11 +82,6 @@ GRANT_TEMP_PERMISSION: BUNDLENAME: {type: STRING, desc: bundle name} PERMISSION_NAME: {type: STRING, desc: permission name} -REQUEST_PERMISSIONS_FROM_USER: - __BASE: {type: BEHAVIOR, level: MINOR, desc: request permissions from user} - BUNDLENAME: {type: STRING, desc: bundle name} - UIEXTENSION_FLAG: {type: BOOL, desc: uiextension flag} - UPDATE_PERMISSION: __BASE: {type: BEHAVIOR, level: MINOR, desc: grant or revoke permission} TOKENID: {type: UINT32, desc: tokenID} @@ -114,3 +109,23 @@ SET_PERMISSION_DIALOG_CAP: INSTINDEX: {type: INT32, desc: inst index} ENABLE: {type: BOOL, desc: enable or disable} +REQUEST_PERMISSIONS_FROM_USER: + __BASE: {type: BEHAVIOR, level: CRITICAL, desc: request permissions from user} + EVENT_CODE: {type: INT32, desc: event code} + EVENT_MSG: {type: STRING, desc: event msg} + +REQ_PERM_FROM_USER_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to request permission from user} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + +UPDATE_PERMISSION_STATUS_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to grant or revoke permission} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + +CHECK_TOKENID_INCONSISTENCY: + __BASE: {type: BEHAVIOR, level: CRITICAL, desc: check tokenid inconsistency} + EVENT_CODE: {type: INT32, desc: event code} + EVENT_MSG: {type: STRING, desc: event msg} + diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h new file mode 100644 index 0000000000000000000000000000000000000000..8fada673b88ba47b07f7423d7f715c5b5f1689ba --- /dev/null +++ b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H +#define ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum ReqPermFromUserEventCode { + START_POP_SERVICE = 0, + START_POP_UIEXTENSION = 1, +}; +enum ReqPermFromUserErrorCode { + TOKENID_INCONSISTENCY = 0, + ABILITY_FLAG_ERROR = 1, + GET_UI_CONTENT_FAILED = 2, + CREATE_MODAL_UI_FAILED = 3, + TRIGGER_RELEASE = 4, + TRIGGER_ONERROR = 5, + TRIGGER_DESTROY = 6, +}; +enum CheckTokenIDInconsistencyEventCode { + VERIFY_TOKENID_INCONSISTENCY = 0, +}; +void ReportSysEventBehavior(const std::string& event, int32_t code, const std::string& eventMsg); +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h index 74077ccd3004ceab09020643659a4c4984351d50..2b332a6f647a3a624e1c14df593b5598f751ca29 100644 --- a/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h @@ -93,6 +93,8 @@ public: private: int32_t sessionId_ = 0; std::shared_ptr reqContext_ = nullptr; + std::mutex callbackMutex_; + bool isOnResult_ = false; }; struct ResultCallback { diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h index f900db8e19e04db7fb2781aade147119e31579d8..73562df549947d3a45ee154899c68babc636fecc 100644 --- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -21,16 +21,25 @@ namespace OHOS { namespace Security { namespace AccessToken { -enum SceneCode { +enum ServiceStartErrorSceneCode { SA_PUBLISH_FAILED, EVENTRUNNER_CREATE_ERROR, INIT_HAP_TOKENINFO_ERROR, INIT_NATIVE_TOKENINFO_ERROR, INIT_PERM_DEF_JSON_ERROR, }; +enum ServiceStartErrorErrorCode { + TOKENID_NOT_EQUAL = 1000, +}; +enum UpdatePermStatusErrorCode { + GRANT_TEMP_PERMISSION_FAILED = 0, + DLP_CHECK_FAILED = 1, + UPDATE_PERMISSION_STATUS_FAILED = 2, +}; void ReportSysEventPerformance(); void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); -void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); +void ReportSysEventServiceStartError(ServiceStartErrorSceneCode scene, const std::string& errMsg, int32_t errCode); +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index a0c20e0807b49c75a73684c06b4e8a51d6975f20..2b06d2245d6b644e82dd8fc3bdc6c1baf48f246e 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -113,6 +113,8 @@ private: int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); int32_t UpdateTokenPermissionState( AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); + int32_t UpdateTokenPermissionStateInner(std::shared_ptr infoPtr, + const std::string& permission, bool isGranted, uint32_t flag, bool needKill); bool IsPermissionVaild(const std::string& permissionName); bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp index 4ec3b2618c3d3f4aeed2cf1eb931f24b6b02dca5..98d112ef80da2110c0573de219920bdb717b6734 100644 --- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -50,7 +50,7 @@ void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSi } } -void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode) +void ReportSysEventServiceStartError(ServiceStartErrorSceneCode scene, const std::string& errMsg, int32_t errCode) { int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", scene, "ERROR_CODE", errCode, "ERROR_MSG", errMsg); @@ -58,6 +58,15 @@ void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); } } + +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", code, "ERROR_MSG", errMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 61864f6b32abb5fd096e83747f0f571d852021b9..69547b9b8136f33c62270b30b61fb005be4b1932 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -34,6 +34,7 @@ #include "dlp_permission_set_manager.h" #endif #include "ipc_skeleton.h" +#include "hisysevent_adapter.h" #include "parameter.h" #include "permission_definition_cache.h" #include "short_grant_manager.h" @@ -513,15 +514,28 @@ int32_t PermissionManager::UpdateTokenPermissionState( int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + std::string errMsg = "tokenID=" + std::to_string(id) + ", permission=" + permission + ", hapDlpType=" + + std::to_string(hapDlpType) + ", permDlpMode=" + std::to_string(permDlpMode); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", DLP_CHECK_FAILED, errMsg); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } } #endif + return UpdateTokenPermissionStateInner(infoPtr, permission, isGranted, flag, needKill); +} + +int32_t PermissionManager::UpdateTokenPermissionStateInner(std::shared_ptr infoPtr, + const std::string& permission, bool isGranted, uint32_t flag, bool needKill) +{ + AccessTokenID id = infoPtr->GetTokenID(); // statusBefore cannot use VerifyPermissionStatus in permPolicySet, because the function exclude secComp bool isSecCompGrantedBefore = HapTokenInfoInner::IsPermissionGrantedWithSecComp(id, permission); bool statusChanged = false; int32_t ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); if (ret != RET_SUCCESS) { + std::string errMsg = "ret=" + std::to_string(ret) + ", tokenID=" + std::to_string(id) + ", permission=" + + permission + ", flag=" + std::to_string(flag) + ", needKill=" + std::to_string(needKill); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", UPDATE_PERMISSION_STATUS_FAILED, errMsg); return ret; } if (statusChanged) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index 8e4472604ffda11f6db33427b7e1ded0ebb7aa6b..3e4a40f0ccfd906253c0d13017db620d73810779 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -27,6 +27,7 @@ #endif #include "form_manager_access_client.h" #include "hisysevent.h" +#include "hisysevent_adapter.h" #include "ipc_skeleton.h" namespace OHOS { @@ -481,6 +482,11 @@ bool TempPermissionObserver::CheckPermissionState(AccessTokenID tokenID, AddTempPermTokenToList(tokenID, bundleName, permissionName, list); return true; } + std::string errMsg = "tokenID=" + std::to_string(tokenID) + ", permission=" + permissionName + ", bundleName=" + + bundleName + ", userEnable=" + std::to_string(userEnable) + ", isForeground=" + std::to_string(isForeground) + + ", isFormVisible=" + std::to_string(isFormVisible) + ", isContinuousTaskExist=" + + std::to_string(isContinuousTaskExist); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", GRANT_TEMP_PERMISSION_FAILED, errMsg); return false; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 09f25184b7e565e2dc7bd254794c672f9fe60c05..a8df0990844ce02611d2edf5ce80b162ce26f5be 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -759,11 +759,6 @@ void AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr& deleteTokenList, std::vector& nativeTokenValues, std::vector& permStateValues) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return; - } - AccessTokenID cfgTokenId = infoPtr->GetTokenID(); std::string cfgProcessName = infoPtr->GetProcessName(); AccessTokenID oriTokenId = INVALID_TOKENID; @@ -796,6 +791,10 @@ void AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr