diff --git a/frameworks/accesstoken/src/hap_policy_parcel.cpp b/frameworks/accesstoken/src/hap_policy_parcel.cpp index 09e785e4f96a976853f9c27dad674f931ebad22d..2f97c490c1e1e5e56af4d911ebb7765919810f9a 100644 --- a/frameworks/accesstoken/src/hap_policy_parcel.cpp +++ b/frameworks/accesstoken/src/hap_policy_parcel.cpp @@ -66,6 +66,8 @@ bool HapPolicyParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteString(info[i].permissionName)); RETURN_IF_FALSE(out.WriteBool(info[i].userCancelable)); } + + RETURN_IF_FALSE(out.WriteInt32(this->hapPolicy.checkIgnore)); return true; } @@ -117,6 +119,9 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadBool(info.userCancelable), hapPolicyParcel); hapPolicyParcel->hapPolicy.preAuthorizationInfo.emplace_back(info); } + int32_t checkIgnore; + RELEASE_IF_FALSE(in.ReadInt32(checkIgnore), hapPolicyParcel); + hapPolicyParcel->hapPolicy.checkIgnore = HapPolicyCheckIgnore(checkIgnore); return hapPolicyParcel; } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 1eee23e8ce404adc2cd90fdd7ded63f711a00e5d..7c0ab39e84e3c2f79f84bcd132d2bd31e818ad59 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -333,6 +333,17 @@ typedef enum RegisterPermissionChangeType { /** app register permissions state change info of itself */ SELF_REGISTER_TYPE = 1, } RegisterPermChangeType; + +/** + * @brief Whether acl check + */ +typedef enum HapPolicyCheckIgnoreType { + /** normal */ + None = 0, + /** ignore acl check */ + ACLRequestedCheck, +} HapPolicyCheckIgnore; + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index b8b79d432f2e99edaae4fc7a88aec717eb142645..c8f1c7a4f7b0f59e218f38a642dad9111b384dde 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -165,6 +165,7 @@ public: std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; }; /** @@ -199,6 +200,7 @@ public: std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index c740150ab92790442e3e4817acae72713bfd16aa..053eab4b70a6edb92b57c83c5b050a4d8c890787 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -69,6 +69,7 @@ int AccessTokenKit::GrantPermissionForSpecifiedTime( static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& policyOut) { + LOGI(ATM_DOMAIN, ATM_TAG, "zhawei policyIn.checkIgnore: %{public}d", static_cast(policyIn.checkIgnore)); policyOut.apl = policyIn.apl; policyOut.domain = policyIn.domain; policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); @@ -81,6 +82,7 @@ static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& tmp.grantFlag = perm.grantFlags[0]; policyOut.permStateList.emplace_back(tmp); } + policyOut.checkIgnore = policyIn.checkIgnore; } AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) @@ -110,8 +112,8 @@ int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { - LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu", + LOGI(ATM_DOMAIN, ATM_TAG, "zhawei policyIn.checkIgnore: %{public}d", static_cast(policy.checkIgnore)); + LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, permList: %{public}zu, stateList: %{public}zu", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 8614bcb99362638ea521e3e926df01b32e4dca45..d84b3b1c7d559c077fd46fcf644b6a5ba8435263 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -834,6 +834,11 @@ void PermissionManager::SetPermToKernel( bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) { + if (policy.checkIgnore == HapPolicyCheckIgnore::ACLRequestedCheck) { + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", permDef.permissionName.c_str()); + return true; + } + if (policy.apl < permDef.availableLevel) { if (!permDef.provisionEnable) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", permDef.permissionName.c_str());