From ecf43ba9a17316d16e266c1a7a7f1dcd91c56ed1 Mon Sep 17 00:00:00 2001 From: bigtea Date: Tue, 7 Jan 2025 16:47:49 +0800 Subject: [PATCH] Add ACCESS_TOKEN hisysevent Signed-off-by: bigtea --- frameworks/js/napi/accesstoken/BUILD.gn | 1 + .../napi/accesstoken/src/napi_atmanager.cpp | 20 +++++++- .../src/napi_hisysevent_adapter.cpp | 46 +++++++++++++++++++ .../src/napi_request_permission.cpp | 40 +++++++++++----- hisysevent.yaml | 25 ++++++++-- .../include/napi_hisysevent_adapter.h | 45 ++++++++++++++++++ .../include/napi_request_permission.h | 2 + .../main/cpp/include/dfx/hisysevent_adapter.h | 13 +++++- .../include/permission/permission_manager.h | 2 + .../main/cpp/src/dfx/hisysevent_adapter.cpp | 11 ++++- .../cpp/src/permission/permission_manager.cpp | 14 ++++++ .../permission/temp_permission_observer.cpp | 6 +++ .../src/token/accesstoken_info_manager.cpp | 9 ++-- .../accesstoken_info_manager_test.cpp | 19 -------- 14 files changed, 209 insertions(+), 44 deletions(-) create mode 100644 frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp create mode 100644 interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h diff --git a/frameworks/js/napi/accesstoken/BUILD.gn b/frameworks/js/napi/accesstoken/BUILD.gn index 6cebe5c4c..e665ee5aa 100644 --- a/frameworks/js/napi/accesstoken/BUILD.gn +++ b/frameworks/js/napi/accesstoken/BUILD.gn @@ -33,6 +33,7 @@ ohos_shared_library("libabilityaccessctrl") { sources = [ "src/napi_atmanager.cpp", "src/napi_context_common.cpp", + "src/napi_hisysevent_adapter.cpp", "src/napi_request_global_switch_on_setting.cpp", "src/napi_request_permission.cpp", "src/napi_request_permission_on_setting.cpp", diff --git a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp index 81cb08898..3f0725674 100644 --- a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp @@ -15,6 +15,7 @@ #include "napi_atmanager.h" #include "access_token.h" +#include "napi_hisysevent_adapter.h" #include "napi_request_global_switch_on_setting.h" #include "napi_request_permission.h" #include "napi_request_permission_on_setting.h" @@ -421,6 +422,12 @@ void NapiAtManager::VerifyAccessTokenExecute(napi_env env, void *data) if (asyncContext == nullptr) { return; } + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + std::string errMsg = "selfTokenID=" + std::to_string(selfTokenId) + ", contextTokenID=" + + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); } @@ -487,7 +494,12 @@ void NapiAtManager::CheckAccessTokenExecute(napi_env env, void *data) asyncContext->errorCode = JS_ERROR_PARAM_INVALID; return; } - + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != selfTokenId) { + std::string errMsg = "selfTokenID=" + std::to_string(selfTokenId) + ", contextTokenID=" + + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); } @@ -616,6 +628,12 @@ napi_value NapiAtManager::VerifyAccessTokenSync(napi_env env, napi_callback_info return nullptr; } if (asyncContext->tokenId != static_cast(selfTokenId)) { + AccessTokenID selfTokenId = static_cast(GetSelfTokenID()); + if (asyncContext->tokenId != static_cast(selfTokenId)) { + std::string errMsg = "selfTokenID=" + std::to_string(static_cast(selfTokenId)) + + ", contextTokenID=" + std::to_string(asyncContext->tokenId); + ReportSysEventBehavior("CHECK_TOKENID_INCONSISTENCY", VERIFY_TOKENID_INCONSISTENCY, errMsg); + } asyncContext->result = AccessTokenKit::VerifyAccessToken(asyncContext->tokenId, asyncContext->permissionName); napi_value result = nullptr; NAPI_CALL(env, napi_create_int32(env, asyncContext->result, &result)); diff --git a/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp b/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp new file mode 100644 index 000000000..ac26713f8 --- /dev/null +++ b/frameworks/js/napi/accesstoken/src/napi_hisysevent_adapter.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "napi_hisysevent_adapter.h" +#include "accesstoken_log.h" +#include "hisysevent.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "AtmDfx"}; +} + +void ReportSysEventBehavior(const std::string& event, int32_t code, const std::string& eventMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "EVENT_CODE", code, "EVENT_MSG", eventMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} + +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", code, "ERROR_MSG", errMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp index 72b3ef84b..d4eab3f19 100644 --- a/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp +++ b/frameworks/js/napi/accesstoken/src/napi_request_permission.cpp @@ -19,8 +19,8 @@ #include "access_token.h" #include "accesstoken_kit.h" #include "accesstoken_log.h" -#include "hisysevent.h" #include "napi_base_context.h" +#include "napi_hisysevent_adapter.h" #include "token_setproc.h" #include "want.h" @@ -133,6 +133,7 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as Ace::UIContent* uiContent = GetUIContent(asyncContext); if (uiContent == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "Get ui content failed!"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", GET_UI_CONTENT_FAILED, "Get uiContent failed"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; return; @@ -146,6 +147,8 @@ static void CreateUIExtensionMainThread(std::shared_ptr& as sessionId, asyncContext->tokenId, asyncContext->permissionList.size()); if (sessionId == 0) { ACCESSTOKEN_LOG_ERROR(LABEL, "Create component failed, sessionId is 0"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", CREATE_MODAL_UI_FAILED, + "Create UIExtensionComponent failed"); asyncContext->result = RET_FAILED; asyncContext->uiExtensionFlag = false; return; @@ -407,6 +410,8 @@ static void CreateServiceExtension(std::shared_ptr asyncCon } if (!asyncContext->uiAbilityFlag) { ACCESSTOKEN_LOG_ERROR(LABEL, "UIExtension ability can not pop service ablility window!"); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", ABILITY_FLAG_ERROR, + "UIExtension ability can't pop service ability window"); asyncContext->needDynamicRequest = false; asyncContext->result = RET_FAILED; return; @@ -512,6 +517,10 @@ void UIExtensionCallback::SetSessionId(int32_t sessionId) */ void UIExtensionCallback::OnResult(int32_t resultCode, const AAFwk::Want& result) { + { + std::lock_guard lock(callbackMutex_); + isOnResult_ = true; + } ACCESSTOKEN_LOG_INFO(LABEL, "ResultCode is %{public}d", resultCode); this->reqContext_->permissionList = result.GetStringArrayParam(PERMISSION_KEY); this->reqContext_->permissionsState = result.GetIntArrayParam(RESULT_KEY); @@ -533,7 +542,7 @@ void UIExtensionCallback::OnReceive(const AAFwk::WantParams& receive) void UIExtensionCallback::OnRelease(int32_t releaseCode) { ACCESSTOKEN_LOG_INFO(LABEL, "ReleaseCode is %{public}d", releaseCode); - + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_RELEASE, "release code=" + std::to_string(releaseCode)); ReleaseHandler(-1); } @@ -544,7 +553,8 @@ void UIExtensionCallback::OnError(int32_t code, const std::string& name, const s { ACCESSTOKEN_LOG_INFO(LABEL, "Code is %{public}d, name is %{public}s, message is %{public}s", code, name.c_str(), message.c_str()); - + std::string errMsg = "code=" + std::to_string(code) + ", name=" + name + ", message=" + message; + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_ONERROR, errMsg); ReleaseHandler(-1); } @@ -563,6 +573,12 @@ void UIExtensionCallback::OnRemoteReady(const std::shared_ptr lock(callbackMutex_); + if (isOnResult_ == false) { + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TRIGGER_DESTROY, "UIExtension destroy without OnRelease"); + } + } ReleaseHandler(-1); } @@ -690,6 +706,9 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void ACCESSTOKEN_LOG_ERROR(LABEL, "The context tokenID: %{public}d, selfTokenID: %{public}d.", asyncContextHandle->asyncContextPtr->tokenId, selfTokenID); asyncContextHandle->asyncContextPtr->result = RET_FAILED; + std::string errorMsg = "selfTokenID=" + std::to_string(selfTokenID) + ", context tokenID=" + + std::to_string(asyncContextHandle->asyncContextPtr->tokenId); + ReportSysEventFault("REQ_PERM_FROM_USER_ERROR", TOKENID_INCONSISTENCY, errorMsg); return; } @@ -711,18 +730,17 @@ void NapiRequestPermission::RequestPermissionsFromUserExecute(napi_env env, void } else if (asyncContextHandle->asyncContextPtr->instanceId == -1) { ACCESSTOKEN_LOG_INFO(LABEL, "Pop service extension dialog, instanceId is -1."); CreateServiceExtension(asyncContextHandle->asyncContextPtr); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, - "UIEXTENSION_FLAG", false); + std::string eventMsg = "bundleName=" + asyncContextHandle->asyncContextPtr->bundleName + + ", uiExtensionFlag=0, selfTokenID=" + std::to_string(selfTokenID); + ReportSysEventBehavior("REQUEST_PERMISSIONS_FROM_USER", START_POP_SERVICE, eventMsg); } else { ACCESSTOKEN_LOG_INFO(LABEL, "Pop ui extension dialog"); asyncContextHandle->asyncContextPtr->uiExtensionFlag = true; RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "REQUEST_PERMISSIONS_FROM_USER", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, - "BUNDLENAME", asyncContextHandle->asyncContextPtr->bundleName, - "UIEXTENSION_FLAG", asyncContextHandle->asyncContextPtr->uiExtensionFlag); + std::string eventMsg = "bundleName=" + asyncContextHandle->asyncContextPtr->bundleName + ", uiExtensionFlag=" + + std::to_string(asyncContextHandle->asyncContextPtr->uiExtensionFlag) + ", selfTokenID=" + + std::to_string(selfTokenID); + ReportSysEventBehavior("REQUEST_PERMISSIONS_FROM_USER", START_POP_UIEXTENSION, eventMsg); if (!asyncContextHandle->asyncContextPtr->uiExtensionFlag) { ACCESSTOKEN_LOG_WARN(LABEL, "Pop uiextension dialog fail, start to pop service extension dialog."); RequestAsyncInstanceControl::AddCallbackByInstanceId(asyncContextHandle->asyncContextPtr); diff --git a/hisysevent.yaml b/hisysevent.yaml index c87c79861..cb59f3471 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -82,11 +82,6 @@ GRANT_TEMP_PERMISSION: BUNDLENAME: {type: STRING, desc: bundle name} PERMISSION_NAME: {type: STRING, desc: permission name} -REQUEST_PERMISSIONS_FROM_USER: - __BASE: {type: BEHAVIOR, level: MINOR, desc: request permissions from user} - BUNDLENAME: {type: STRING, desc: bundle name} - UIEXTENSION_FLAG: {type: BOOL, desc: uiextension flag} - UPDATE_PERMISSION: __BASE: {type: BEHAVIOR, level: MINOR, desc: grant or revoke permission} TOKENID: {type: UINT32, desc: tokenID} @@ -114,3 +109,23 @@ SET_PERMISSION_DIALOG_CAP: INSTINDEX: {type: INT32, desc: inst index} ENABLE: {type: BOOL, desc: enable or disable} +REQUEST_PERMISSIONS_FROM_USER: + __BASE: {type: BEHAVIOR, level: CRITICAL, desc: request permissions from user} + EVENT_CODE: {type: INT32, desc: event code} + EVENT_MSG: {type: STRING, desc: event msg} + +REQ_PERM_FROM_USER_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to request permission from user} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + +UPDATE_PERMISSION_STATUS_ERROR: + __BASE: {type: FAULT, level: CRITICAL, desc: failed to grant or revoke permission} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + +CHECK_TOKENID_INCONSISTENCY: + __BASE: {type: BEHAVIOR, level: CRITICAL, desc: check tokenid inconsistency} + EVENT_CODE: {type: INT32, desc: event code} + EVENT_MSG: {type: STRING, desc: event msg} + diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h new file mode 100644 index 000000000..8fada673b --- /dev/null +++ b/interfaces/kits/js/napi/accesstoken/include/napi_hisysevent_adapter.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H +#define ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H + +#include + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum ReqPermFromUserEventCode { + START_POP_SERVICE = 0, + START_POP_UIEXTENSION = 1, +}; +enum ReqPermFromUserErrorCode { + TOKENID_INCONSISTENCY = 0, + ABILITY_FLAG_ERROR = 1, + GET_UI_CONTENT_FAILED = 2, + CREATE_MODAL_UI_FAILED = 3, + TRIGGER_RELEASE = 4, + TRIGGER_ONERROR = 5, + TRIGGER_DESTROY = 6, +}; +enum CheckTokenIDInconsistencyEventCode { + VERIFY_TOKENID_INCONSISTENCY = 0, +}; +void ReportSysEventBehavior(const std::string& event, int32_t code, const std::string& eventMsg); +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg); +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESSTOKEN_NAPI_HISYSEVENT_ADAPTER_H diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h index 74077ccd3..2b332a6f6 100644 --- a/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h +++ b/interfaces/kits/js/napi/accesstoken/include/napi_request_permission.h @@ -93,6 +93,8 @@ public: private: int32_t sessionId_ = 0; std::shared_ptr reqContext_ = nullptr; + std::mutex callbackMutex_; + bool isOnResult_ = false; }; struct ResultCallback { diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h index f900db8e1..73562df54 100644 --- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -21,16 +21,25 @@ namespace OHOS { namespace Security { namespace AccessToken { -enum SceneCode { +enum ServiceStartErrorSceneCode { SA_PUBLISH_FAILED, EVENTRUNNER_CREATE_ERROR, INIT_HAP_TOKENINFO_ERROR, INIT_NATIVE_TOKENINFO_ERROR, INIT_PERM_DEF_JSON_ERROR, }; +enum ServiceStartErrorErrorCode { + TOKENID_NOT_EQUAL = 1000, +}; +enum UpdatePermStatusErrorCode { + GRANT_TEMP_PERMISSION_FAILED = 0, + DLP_CHECK_FAILED = 1, + UPDATE_PERMISSION_STATUS_FAILED = 2, +}; void ReportSysEventPerformance(); void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); -void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); +void ReportSysEventServiceStartError(ServiceStartErrorSceneCode scene, const std::string& errMsg, int32_t errCode); +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg); } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index a0c20e080..2b06d2245 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -113,6 +113,8 @@ private: int32_t ScopeFilter(const PermStateChangeScope& scopeSrc, PermStateChangeScope& scopeRes); int32_t UpdateTokenPermissionState( AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag, bool needKill); + int32_t UpdateTokenPermissionStateInner(std::shared_ptr infoPtr, + const std::string& permission, bool isGranted, uint32_t flag, bool needKill); bool IsPermissionVaild(const std::string& permissionName); bool GetLocationPermissionIndex(std::vector& reqPermList, LocationIndex& locationIndex); bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp index 4ec3b2618..98d112ef8 100644 --- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -50,7 +50,7 @@ void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSi } } -void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode) +void ReportSysEventServiceStartError(ServiceStartErrorSceneCode scene, const std::string& errMsg, int32_t errCode) { int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", scene, "ERROR_CODE", errCode, "ERROR_MSG", errMsg); @@ -58,6 +58,15 @@ void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); } } + +void ReportSysEventFault(const std::string& event, int32_t code, const std::string& errMsg) +{ + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, event, + HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", code, "ERROR_MSG", errMsg); + if (ret != 0) { + ACCESSTOKEN_LOG_ERROR(LABEL, "Failed to write hisysevent write, ret %{public}d.", ret); + } +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 61864f6b3..69547b9b8 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -34,6 +34,7 @@ #include "dlp_permission_set_manager.h" #endif #include "ipc_skeleton.h" +#include "hisysevent_adapter.h" #include "parameter.h" #include "permission_definition_cache.h" #include "short_grant_manager.h" @@ -513,15 +514,28 @@ int32_t PermissionManager::UpdateTokenPermissionState( int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + std::string errMsg = "tokenID=" + std::to_string(id) + ", permission=" + permission + ", hapDlpType=" + + std::to_string(hapDlpType) + ", permDlpMode=" + std::to_string(permDlpMode); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", DLP_CHECK_FAILED, errMsg); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } } #endif + return UpdateTokenPermissionStateInner(infoPtr, permission, isGranted, flag, needKill); +} + +int32_t PermissionManager::UpdateTokenPermissionStateInner(std::shared_ptr infoPtr, + const std::string& permission, bool isGranted, uint32_t flag, bool needKill) +{ + AccessTokenID id = infoPtr->GetTokenID(); // statusBefore cannot use VerifyPermissionStatus in permPolicySet, because the function exclude secComp bool isSecCompGrantedBefore = HapTokenInfoInner::IsPermissionGrantedWithSecComp(id, permission); bool statusChanged = false; int32_t ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); if (ret != RET_SUCCESS) { + std::string errMsg = "ret=" + std::to_string(ret) + ", tokenID=" + std::to_string(id) + ", permission=" + + permission + ", flag=" + std::to_string(flag) + ", needKill=" + std::to_string(needKill); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", UPDATE_PERMISSION_STATUS_FAILED, errMsg); return ret; } if (statusChanged) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index 8e4472604..3e4a40f0c 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -27,6 +27,7 @@ #endif #include "form_manager_access_client.h" #include "hisysevent.h" +#include "hisysevent_adapter.h" #include "ipc_skeleton.h" namespace OHOS { @@ -481,6 +482,11 @@ bool TempPermissionObserver::CheckPermissionState(AccessTokenID tokenID, AddTempPermTokenToList(tokenID, bundleName, permissionName, list); return true; } + std::string errMsg = "tokenID=" + std::to_string(tokenID) + ", permission=" + permissionName + ", bundleName=" + + bundleName + ", userEnable=" + std::to_string(userEnable) + ", isForeground=" + std::to_string(isForeground) + + ", isFormVisible=" + std::to_string(isFormVisible) + ", isContinuousTaskExist=" + + std::to_string(isContinuousTaskExist); + ReportSysEventFault("UPDATE_PERMISSION_STATUS_ERROR", GRANT_TEMP_PERMISSION_FAILED, errMsg); return false; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 09f25184b..a8df09908 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -759,11 +759,6 @@ void AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr& deleteTokenList, std::vector& nativeTokenValues, std::vector& permStateValues) { - if (infoPtr == nullptr) { - ACCESSTOKEN_LOG_WARN(LABEL, "Info is null."); - return; - } - AccessTokenID cfgTokenId = infoPtr->GetTokenID(); std::string cfgProcessName = infoPtr->GetProcessName(); AccessTokenID oriTokenId = INVALID_TOKENID; @@ -796,6 +791,10 @@ void AccessTokenInfoManager::TryUpdateExistNativeToken(const std::shared_ptr