diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 136d70f60ec4ef7c48b80b9ea07e700db57c02f1..211cbc5d0f826da50e9c5fc7fccbce8d2e30465e 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -39,6 +39,7 @@ ohos_shared_library("accesstoken_manager_service") { "//base/security/access_token/interfaces/innerkits/accesstoken/include", "//base/security/access_token/interfaces/innerkits/privacy/include", "//base/security/access_token/interfaces/innerkits/tokensync/src", + "//base/security/access_token/services/privacymanager/include/record", "//base/security/access_token/services/tokensyncmanager/include/common", "//foundation/distributedhardware/devicemanager/interfaces/inner_kits/native_cpp/include", "//third_party/json/include", @@ -68,8 +69,8 @@ ohos_shared_library("accesstoken_manager_service") { "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx", "//base/security/access_token/frameworks/common:accesstoken_common_cxx", "//base/security/access_token/frameworks/database:accesstoken_database_cxx", - "//base/security/access_token/interfaces/innerkits/privacy:libprivacy_sdk", "//base/security/access_token/services/accesstokenmanager:access_token.rc", + "//base/security/access_token/services/privacymanager:privacy_manager_service", "//third_party/sqlite:sqlite", "//utils/native/base:utils", ] diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index 8c69021be4ed5039e5e943982b2b37c99d7e2b80..781a64907a4478cbd87fdc65b5bfbd8679027a44 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -29,7 +29,7 @@ #include "native_token_receptor.h" #include "permission_list_state.h" #include "permission_manager.h" -#include "privacy_kit.h" +#include "permission_record_manager.h" namespace OHOS { namespace Security { @@ -89,9 +89,9 @@ int AccessTokenManagerService::VerifyAccessToken(AccessTokenID tokenID, const st tokenID, permissionName.c_str()); int isGranted = PermissionManager::GetInstance().VerifyAccessToken(tokenID, permissionName); if (isGranted != PERMISSION_GRANTED) { - PrivacyKit::AddPermissionUsedRecord(tokenID, permissionName, 0, 1); + PermissionRecordManager::GetInstance().AddPermissionUsedRecord(tokenID, permissionName, 0, 1); } else { - PrivacyKit::AddPermissionUsedRecord(tokenID, permissionName, 1, 0); + PermissionRecordManager::GetInstance().AddPermissionUsedRecord(tokenID, permissionName, 1, 0); } return isGranted; } @@ -201,7 +201,7 @@ int AccessTokenManagerService::ClearUserGrantedPermissionState(AccessTokenID tok ACCESSTOKEN_LOG_INFO(LABEL, "called, tokenID: 0x%{public}x", tokenID); PermissionManager::GetInstance().ClearUserGrantedPermissionState(tokenID); AccessTokenInfoManager::GetInstance().RefreshTokenInfoIfNeeded(); - PrivacyKit::RemovePermissionUsedRecords(tokenID, ""); + PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenID, ""); return RET_SUCCESS; } @@ -222,7 +222,7 @@ AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& in int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { ACCESSTOKEN_LOG_INFO(LABEL, "called, tokenID: 0x%{public}x", tokenID); - PrivacyKit::RemovePermissionUsedRecords(tokenID, ""); + PermissionRecordManager::GetInstance().RemovePermissionUsedRecords(tokenID, ""); // only support hap token deletion return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); } diff --git a/services/privacymanager/src/service/privacy_manager_stub.cpp b/services/privacymanager/src/service/privacy_manager_stub.cpp index 5a078274dd3cdd70430915f3900b721b853276b7..d6483464830d8a7096cb30d44be8d3981b22ea3b 100644 --- a/services/privacymanager/src/service/privacy_manager_stub.cpp +++ b/services/privacymanager/src/service/privacy_manager_stub.cpp @@ -15,6 +15,7 @@ #include "privacy_manager_stub.h" +#include "accesstoken_kit.h" #include "accesstoken_log.h" #include "ipc_skeleton.h" @@ -67,6 +68,13 @@ int32_t PrivacyManagerStub::OnRemoteRequest( void PrivacyManagerStub::AddPermissionUsedRecordInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::VerifyAccessToken( + callingTokenID, "ohos.permission.PPERMISSION_USED_STATS") == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_INFO(LABEL, "permission denied"); + reply.WriteInt32(-1); + return; + } AccessTokenID tokenID = data.ReadUint32(); std::string permissionName = data.ReadString(); int32_t successCount = data.ReadInt32(); @@ -93,6 +101,13 @@ void PrivacyManagerStub::StopUsingPermissionInner(MessageParcel& data, MessagePa void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::VerifyAccessToken( + callingTokenID, "ohos.permission.PPERMISSION_USED_STATS") == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_INFO(LABEL, "permission denied"); + reply.WriteInt32(-1); + return; + } AccessTokenID tokenID = data.ReadUint32(); std::string deviceID = data.ReadString(); int32_t result = this->RemovePermissionUsedRecords(tokenID, deviceID); @@ -101,6 +116,13 @@ void PrivacyManagerStub::RemovePermissionUsedRecordsInner(MessageParcel& data, M void PrivacyManagerStub::GetPermissionUsedRecordsInner(MessageParcel& data, MessageParcel& reply) { + uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); + if (AccessTokenKit::VerifyAccessToken( + callingTokenID, "ohos.permission.PPERMISSION_USED_STATS") == PERMISSION_DENIED) { + ACCESSTOKEN_LOG_INFO(LABEL, "permission denied"); + reply.WriteInt32(-1); + return; + } sptr requestParcel = data.ReadParcelable(); if (requestParcel == nullptr) { ACCESSTOKEN_LOG_ERROR(LABEL, "ReadParcelable faild");