From b54e8f932baf2a3024b2fc185fabd1edd09dec3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9F=A5=E7=BB=B4?= Date: Fri, 14 Feb 2025 19:08:54 +0800 Subject: [PATCH] =?UTF-8?q?description:1D=E6=A8=A1=E6=8B=9F=E5=99=A8?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=94=BE=E9=80=9A=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 查维 --- frameworks/accesstoken/src/hap_policy_parcel.cpp | 5 +++++ .../innerkits/accesstoken/include/access_token.h | 11 +++++++++++ .../innerkits/accesstoken/include/hap_token_info.h | 2 ++ .../innerkits/accesstoken/src/accesstoken_kit.cpp | 6 ++++-- .../main/cpp/src/permission/permission_manager.cpp | 5 +++++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/frameworks/accesstoken/src/hap_policy_parcel.cpp b/frameworks/accesstoken/src/hap_policy_parcel.cpp index 09e785e4f..2f97c490c 100644 --- a/frameworks/accesstoken/src/hap_policy_parcel.cpp +++ b/frameworks/accesstoken/src/hap_policy_parcel.cpp @@ -66,6 +66,8 @@ bool HapPolicyParcel::Marshalling(Parcel& out) const RETURN_IF_FALSE(out.WriteString(info[i].permissionName)); RETURN_IF_FALSE(out.WriteBool(info[i].userCancelable)); } + + RETURN_IF_FALSE(out.WriteInt32(this->hapPolicy.checkIgnore)); return true; } @@ -117,6 +119,9 @@ HapPolicyParcel* HapPolicyParcel::Unmarshalling(Parcel& in) RELEASE_IF_FALSE(in.ReadBool(info.userCancelable), hapPolicyParcel); hapPolicyParcel->hapPolicy.preAuthorizationInfo.emplace_back(info); } + int32_t checkIgnore; + RELEASE_IF_FALSE(in.ReadInt32(checkIgnore), hapPolicyParcel); + hapPolicyParcel->hapPolicy.checkIgnore = HapPolicyCheckIgnore(checkIgnore); return hapPolicyParcel; } } // namespace AccessToken diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index 1eee23e8c..7c0ab39e8 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -333,6 +333,17 @@ typedef enum RegisterPermissionChangeType { /** app register permissions state change info of itself */ SELF_REGISTER_TYPE = 1, } RegisterPermChangeType; + +/** + * @brief Whether acl check + */ +typedef enum HapPolicyCheckIgnoreType { + /** normal */ + None = 0, + /** ignore acl check */ + ACLRequestedCheck, +} HapPolicyCheckIgnore; + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index b8b79d432..c8f1c7a4f 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -165,6 +165,7 @@ public: std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; }; /** @@ -199,6 +200,7 @@ public: std::vector permStateList; std::vector aclRequestedList; std::vector preAuthorizationInfo; + HapPolicyCheckIgnore checkIgnore = HapPolicyCheckIgnore::None; }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index c740150ab..053eab4b7 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -69,6 +69,7 @@ int AccessTokenKit::GrantPermissionForSpecifiedTime( static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& policyOut) { + LOGI(ATM_DOMAIN, ATM_TAG, "zhawei policyIn.checkIgnore: %{public}d", static_cast(policyIn.checkIgnore)); policyOut.apl = policyIn.apl; policyOut.domain = policyIn.domain; policyOut.permList.assign(policyIn.permList.begin(), policyIn.permList.end()); @@ -81,6 +82,7 @@ static void TransferHapPolicyParams(const HapPolicyParams& policyIn, HapPolicy& tmp.grantFlag = perm.grantFlags[0]; policyOut.permStateList.emplace_back(tmp); } + policyOut.checkIgnore = policyIn.checkIgnore; } AccessTokenIDEx AccessTokenKit::AllocHapToken(const HapInfoParams& info, const HapPolicyParams& policy) @@ -110,8 +112,8 @@ int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& int32_t AccessTokenKit::InitHapToken(const HapInfoParams& info, HapPolicyParams& policy, AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result) { - LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, \ -permList: %{public}zu, stateList: %{public}zu", + LOGI(ATM_DOMAIN, ATM_TAG, "zhawei policyIn.checkIgnore: %{public}d", static_cast(policy.checkIgnore)); + LOGI(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d, bundleName :%{public}s, permList: %{public}zu, stateList: %{public}zu", info.userID, info.bundleName.c_str(), policy.permList.size(), policy.permStateList.size()); if ((!DataValidator::IsUserIdValid(info.userID)) || !DataValidator::IsAppIDDescValid(info.appIDDesc) || !DataValidator::IsBundleNameValid(info.bundleName) || !DataValidator::IsAplNumValid(policy.apl) || diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 8614bcb99..d84b3b1c7 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -834,6 +834,11 @@ void PermissionManager::SetPermToKernel( bool IsAclSatisfied(const PermissionDef& permDef, const HapPolicy& policy) { + if (policy.checkIgnore == HapPolicyCheckIgnore::ACLRequestedCheck) { + LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s ignore acl check.", permDef.permissionName.c_str()); + return true; + } + if (policy.apl < permDef.availableLevel) { if (!permDef.provisionEnable) { LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", permDef.permissionName.c_str()); -- Gitee