diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf97537af37433da66c892757cf3a9c615565..707ed8a680dacf3e313ef19b3611c660e134b629 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -35,6 +35,11 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "accesstoken_communication_adapter_cxx.map" + } + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken_communication_adapter_cxx_public_config" ] diff --git a/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map new file mode 100644 index 0000000000000000000000000000000000000000..22428ac849f7957f5fa1db2bbc575aee62d674a1 --- /dev/null +++ b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map @@ -0,0 +1,61 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "VTT for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "vtable for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "VTT for OHOS::Security::AccessToken::PermissionDefParcel"; + "vtable for OHOS::Security::AccessToken::PermissionDefParcel"; + "VTT for OHOS::Security::AccessToken::PermissionListStateParcel"; + "vtable for OHOS::Security::AccessToken::PermissionListStateParcel"; + "VTT for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; + "vtable for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; + "VTT for OHOS::Security::AccessToken::HapInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapInfoParcel"; + "VTT for OHOS::Security::AccessToken::HapPolicyParcel"; + "vtable for OHOS::Security::AccessToken::HapPolicyParcel"; + "VTT for OHOS::Security::AccessToken::HapTokenInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapTokenInfoParcel"; + "VTT for OHOS::Security::AccessToken::NativeTokenInfoParcel"; + "vtable for OHOS::Security::AccessToken::NativeTokenInfoParcel"; + "VTT for OHOS::Security::AccessToken::AtmToolsParamInfoParcel"; + "vtable for OHOS::Security::AccessToken::AtmToolsParamInfoParcel"; + "VTT for OHOS::Security::AccessToken::HapBaseInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapBaseInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionStatusParcel"; + "vtable for OHOS::Security::AccessToken::PermissionStatusParcel"; + "VTT for OHOS::Security::AccessToken::PermissionStateChangeInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionStateChangeInfoParcel"; + "OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "OHOS::Security::AccessToken::PermissionDefParcel"; + "OHOS::Security::AccessToken::PermissionStateChangeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapTokenInfoForSyncParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionGrantInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::NativeTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionListStateParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionStatusParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionDefParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapPolicyParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermStateChangeScopeParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapBaseInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::AtmToolsParamInfoParcel::Unmarshalling(OHOS::Parcel&)"; + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index 84a20c2c2b6acd9990e420015802728e80bd312f..21037fecaa1cb4cb73ffc414e365de373562aed1 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -31,6 +31,11 @@ ohos_shared_library("accesstoken_common_cxx") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "accesstoken_common_cxx.map" + } + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken_common_cxx_public_config" ] diff --git a/frameworks/common/accesstoken_common_cxx.map b/frameworks/common/accesstoken_common_cxx.map new file mode 100644 index 0000000000000000000000000000000000000000..bcbf4a0367dea9958d486571fb32b8e694683cb2 --- /dev/null +++ b/frameworks/common/accesstoken_common_cxx.map @@ -0,0 +1,58 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::ConstantCommon::EncryptDevId(std::__h::basic_string, std::__h::allocator>)"; + "OHOS::Security::AccessToken::TimeUtil::GetCurrentTimestamp()"; + "OHOS::Security::AccessToken::FindAndInsertRecord(OHOS::Security::AccessToken::AddPermParamInfo const&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionUsedTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsTokenIDValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsHapCaller(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsUserIdValid(int)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionUsedFlagValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsPolicyTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsCallerTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsAppIDDescValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsBundleNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsAplNumValid(int)"; + "OHOS::Security::AccessToken::DataValidator::IsDomainValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsDlpTypeValid(int)"; + "OHOS::Security::AccessToken::TransferPermissionToOpcode(std::__h::basic_string, std::__h::allocator> const&, unsigned int&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionFlagValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsToggleStatusValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsProcessNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::JsonParser::IsDirExsit(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::JsonParser::GetStringFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::JsonParser::GetIntFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, int&)"; + "OHOS::Security::AccessToken::JsonParser::ReadCfgFile(std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::DataValidator::IsDeviceIdValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::ConstantCommon::GetLocalDeviceId()"; + "OHOS::Security::AccessToken::TransferOpcodeToPermission(unsigned int, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::ConstantCommon::GetFlagWithoutSpecifiedElement(unsigned int, unsigned int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermOperatedByUser(int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermOperatedBySystem(int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermGrantedBySecComp(int)"; + "OHOS::Security::AccessToken::JsonParser::GetBoolFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, bool&)"; + "OHOS::Security::AccessToken::DataValidator::IsLabelValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsAvailableTypeValid(int)"; + "OHOS::Security::AccessToken::JsonParser::GetUnsignedIntFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, unsigned int&)"; + "OHOS::Security::AccessToken::DataValidator::IsDescValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::TimeUtil::IsTimeStampsSameMinute(long, long)"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/accesstoken/BUILD.gn b/frameworks/js/napi/accesstoken/BUILD.gn index 6cebe5c4c58380e6392910cf5b676301cad5ec80..50d8269648797c1747dadfee347df25317a556a5 100644 --- a/frameworks/js/napi/accesstoken/BUILD.gn +++ b/frameworks/js/napi/accesstoken/BUILD.gn @@ -20,6 +20,12 @@ ohos_shared_library("libabilityaccessctrl") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libabilityaccessctrl.map" + shlib_type = "sa" + } + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/frameworks/js/napi/accesstoken/libabilityaccessctrl.map b/frameworks/js/napi/accesstoken/libabilityaccessctrl.map new file mode 100644 index 0000000000000000000000000000000000000000..ff09ec0f9780e9190cb03d1f6121e0f56fa7076e --- /dev/null +++ b/frameworks/js/napi/accesstoken/libabilityaccessctrl.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/el5filekeymanager/BUILD.gn b/frameworks/js/napi/el5filekeymanager/BUILD.gn index 7a42453e552fd6246abf2496fcff4f6426a8d98f..0c5a2946721347f2a4d3c36da32d6c32d12f679b 100644 --- a/frameworks/js/napi/el5filekeymanager/BUILD.gn +++ b/frameworks/js/napi/el5filekeymanager/BUILD.gn @@ -22,6 +22,11 @@ ohos_shared_library("screenlockfilemanager") { } branch_protector_ret = "pac_ret" + if (!use_clang_coverage) { + version_script = "screenlockfilemanager.map" + shlib_type = "sa" + } + include_dirs = [ "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", "${access_token_path}/interfaces/inner_api/el5filekeymanager/include", diff --git a/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map b/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map new file mode 100644 index 0000000000000000000000000000000000000000..ff09ec0f9780e9190cb03d1f6121e0f56fa7076e --- /dev/null +++ b/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/privacy/BUILD.gn b/frameworks/js/napi/privacy/BUILD.gn index 4621e476019064ad2a4560bb51c3b5b6b8c98f0e..2ecf04e6ea8cc997169097031ad1f54cefb271e3 100644 --- a/frameworks/js/napi/privacy/BUILD.gn +++ b/frameworks/js/napi/privacy/BUILD.gn @@ -20,6 +20,11 @@ ohos_shared_library("libprivacymanager") { cfi_cross_dso = true debug = false } + if (!use_clang_coverage) { + version_script = "libprivacymanager.map" + } + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/frameworks/js/napi/privacy/libprivacymanager.map b/frameworks/js/napi/privacy/libprivacymanager.map new file mode 100644 index 0000000000000000000000000000000000000000..ff09ec0f9780e9190cb03d1f6121e0f56fa7076e --- /dev/null +++ b/frameworks/js/napi/privacy/libprivacymanager.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/privacy/BUILD.gn b/frameworks/privacy/BUILD.gn index b452f0cda89a9310f87a1c980fb21a5b32c4ff2b..48afddee96ab623172d83d0c17c2c3e3969e8dd1 100644 --- a/frameworks/privacy/BUILD.gn +++ b/frameworks/privacy/BUILD.gn @@ -23,6 +23,11 @@ ohos_shared_library("privacy_communication_adapter_cxx") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "privacy_communication_adapter_cxx.map" + } + branch_protector_ret = "pac_ret" include_dirs = [ diff --git a/frameworks/privacy/privacy_communication_adapter_cxx.map b/frameworks/privacy/privacy_communication_adapter_cxx.map new file mode 100644 index 0000000000000000000000000000000000000000..b08ade653825ef10a406085583aad0d715ea5446 --- /dev/null +++ b/frameworks/privacy/privacy_communication_adapter_cxx.map @@ -0,0 +1,38 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "VTT for OHOS::Security::AccessToken::AddPermParamInfoParcel"; + "vtable for OHOS::Security::AccessToken::AddPermParamInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedResultParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedResultParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedRequestParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedRequestParcel"; + "VTT for OHOS::Security::AccessToken::SecCompEnhanceDataParcel"; + "vtable for OHOS::Security::AccessToken::SecCompEnhanceDataParcel"; + "VTT for OHOS::Security::AccessToken::ActiveChangeResponseParcel"; + "vtable for OHOS::Security::AccessToken::ActiveChangeResponseParcel"; + "OHOS::Security::AccessToken::AddPermParamInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedResultParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedRequestParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::SecCompEnhanceDataParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::ActiveChangeResponseParcel::Unmarshalling(OHOS::Parcel&)"; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/inner_api/el5filekeymanager/BUILD.gn b/interfaces/inner_api/el5filekeymanager/BUILD.gn index d4c36ca0dc8166aa6c5b2e4acde8ca20689b62f2..4147e8cf17dddd91bdd38e0c152537af043d7cca 100644 --- a/interfaces/inner_api/el5filekeymanager/BUILD.gn +++ b/interfaces/inner_api/el5filekeymanager/BUILD.gn @@ -28,6 +28,11 @@ ohos_shared_library("el5_filekey_manager_sdk") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "el5_filekey_manager_sdk.map" + } + branch_protector_ret = "pac_ret" cflags_cc = [ diff --git a/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map b/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map new file mode 100644 index 0000000000000000000000000000000000000000..69615252618d3143f9c74b3a13c443168b0ae3d4 --- /dev/null +++ b/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map @@ -0,0 +1,26 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::El5FilekeyManagerKit::AcquireAccess(OHOS::Security::AccessToken::DataLockType)"; + "OHOS::Security::AccessToken::El5FilekeyManagerKit::ReleaseAccess(OHOS::Security::AccessToken::DataLockType)"; + "OHOS::Security::AccessToken::El5FilekeyManagerKit::QueryAppKeyState(OHOS::Security::AccessToken::DataLockType)"; + "VTT for OHOS::Security::AccessToken::AppKeyInfo"; + "vtable for OHOS::Security::AccessToken::AppKeyInfo"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 72f24f1d600b94427e6e990ccc29233df29e3ee5..a9cb5e55005253be7dda5a77cc7cd282efed2b4a 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -102,6 +102,11 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libtokenid_sdk.map" + } + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk", diff --git a/interfaces/innerkits/accesstoken/libtokenid_sdk.map b/interfaces/innerkits/accesstoken/libtokenid_sdk.map new file mode 100644 index 0000000000000000000000000000000000000000..de5f99573f771f0623e6dbe33a0d3db884267346 --- /dev/null +++ b/interfaces/innerkits/accesstoken/libtokenid_sdk.map @@ -0,0 +1,22 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(unsigned long)"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/analysis_model/BUILD.gn b/interfaces/innerkits/analysis_model/BUILD.gn index dd19cabbabdfc0758419e69a7445d4000011b9d9..ba437bceccc1f76f282b77acb838e77db70fee46 100644 --- a/interfaces/innerkits/analysis_model/BUILD.gn +++ b/interfaces/innerkits/analysis_model/BUILD.gn @@ -28,6 +28,12 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libcodesignature_analysis.map" + } + shlib_type = "sa" + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken" ] diff --git a/interfaces/innerkits/analysis_model/libcodesignature_analysis.map b/interfaces/innerkits/analysis_model/libcodesignature_analysis.map new file mode 100644 index 0000000000000000000000000000000000000000..ff09ec0f9780e9190cb03d1f6121e0f56fa7076e --- /dev/null +++ b/interfaces/innerkits/analysis_model/libcodesignature_analysis.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn index 1caeae894427823727ad971a3135f003a84cab9b..e194328f51d5c1f07ad6dacf0b66b64cd2fadc21 100644 --- a/interfaces/innerkits/nativetoken/BUILD.gn +++ b/interfaces/innerkits/nativetoken/BUILD.gn @@ -63,6 +63,9 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk" ] public_configs = [ ":accesstokenlib" ] diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn index 0b0d7d83aaea52a51be31f3150996639f4dceeca..bfa1d172702eb3470882ee5c59d96c9fe3484a75 100644 --- a/interfaces/innerkits/token_setproc/BUILD.gn +++ b/interfaces/innerkits/token_setproc/BUILD.gn @@ -43,6 +43,11 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libtokensetproc_shared.map" + } + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk" ] public_configs = [ ":setproc_config" ] diff --git a/interfaces/innerkits/token_setproc/libtokensetproc_shared.map b/interfaces/innerkits/token_setproc/libtokensetproc_shared.map new file mode 100644 index 0000000000000000000000000000000000000000..8e25162104dbe8a311bd45555e0481004ad35ea8 --- /dev/null +++ b/interfaces/innerkits/token_setproc/libtokensetproc_shared.map @@ -0,0 +1,21 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "GetSelfTokenID"; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/tokensync/BUILD.gn b/interfaces/innerkits/tokensync/BUILD.gn index 4053b2bf1276a3464141f59db174a46b75611fe4..f0ebe8c94daa73e177851bc41d542501ebc069c4 100644 --- a/interfaces/innerkits/tokensync/BUILD.gn +++ b/interfaces/innerkits/tokensync/BUILD.gn @@ -28,6 +28,9 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" output_name = "libtokensync_sdk" diff --git a/interfaces/kits/capi/accesstoken/BUILD.gn b/interfaces/kits/capi/accesstoken/BUILD.gn index 11093e09e2c258a134a697180aeaafc6d6b613ff..481c0c4fc9cbd060428c7e67f37e5344c5083543 100644 --- a/interfaces/kits/capi/accesstoken/BUILD.gn +++ b/interfaces/kits/capi/accesstoken/BUILD.gn @@ -34,6 +34,8 @@ ohos_shared_library("libability_access_control") { sources = [ "src/ability_access_control.cpp" ] + shlib_type = "sa" + deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", diff --git a/interfaces/kits/cj/accesstoken/BUILD.gn b/interfaces/kits/cj/accesstoken/BUILD.gn index b2af68dca668ce8a5a6381e286d0391915e571c4..bc9e646602bb3a5d060e68a376e0856875438389 100644 --- a/interfaces/kits/cj/accesstoken/BUILD.gn +++ b/interfaces/kits/cj/accesstoken/BUILD.gn @@ -24,6 +24,9 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/interfaces/kits/cj/screenlockfilemanager/BUILD.gn b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn index ff1dd353da3acd269671ed34c0c4f0326ea1f6f3..d4d4009a99e793816b6023bf686cd73c01cac473 100644 --- a/interfaces/kits/cj/screenlockfilemanager/BUILD.gn +++ b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn @@ -24,6 +24,9 @@ ohos_shared_library("cj_screen_lock_file_manager_ffi") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1b11210d4fdef7d4aa9dc052cfdcefff7ad190ae..2150418c7ecf65da0a588c9fcd772e319e9d98e5 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -20,7 +20,6 @@ #include #include -#include "ability_manager_access_loader.h" #include "access_token.h" #include "hap_token_info_inner.h" #include "iremote_broker.h" @@ -119,7 +118,6 @@ private: bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); - AbilityManagerAccessLoaderInterface* GetAbilityManager(); PermissionGrantEvent grantEvent_; static std::recursive_mutex mutex_; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 82b8fb437447858203781273ec537c87c7cc8d03..f659e87b0331fa8da2dd5ae88f558a529c68d8d3 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -19,6 +19,7 @@ #include #include +#include "ability_manager_access_loader.h" #include "access_token.h" #include "access_token_error.h" #include "accesstoken_dfx_define.h" @@ -302,18 +303,6 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin return ret; } -AbilityManagerAccessLoaderInterface* PermissionManager::GetAbilityManager() -{ - if (abilityManagerLoader_ == nullptr) { - std::lock_guard lock(abilityManagerMutex_); - if (abilityManagerLoader_ == nullptr) { - abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); - } - } - - return abilityManagerLoader_->GetObject(); -} - int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName) { @@ -329,7 +318,15 @@ int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, .callerTokenId = IPCSkeleton::GetCallingTokenID() }; - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); + { + std::lock_guard lock(abilityManagerMutex_); + if (abilityManagerLoader_ == nullptr) { + abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); + } + } + + AbilityManagerAccessLoaderInterface* abilityManager = + abilityManagerLoader_->GetObject(); if (abilityManager == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); return AccessTokenError::ERR_SERVICE_ABNORMAL; @@ -410,10 +407,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( // To notify kill process when perm is revoke if (needKill && (!isGranted && !isSecCompGrantedBefore)) { LOGI(ATM_DOMAIN, ATM_TAG, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); - if (abilityManager == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); - } else if ((ret = abilityManager->KillProcessForPermissionUpdate(id)) != ERR_OK) { + if ((ret = AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(id)) != ERR_OK) { LOGE(ATM_DOMAIN, ATM_TAG, "kill process failed, ret=%{public}d.", ret); } } diff --git a/services/accesstokenmanager/test/mock/library_loader_mock.cpp b/services/accesstokenmanager/test/mock/library_loader_mock.cpp index 5d5275cd51bea9d56d9e53b40c1525b7d64f8e1c..0fddd8429cb1559dee2f0f060cedc11fd3d8a527 100644 --- a/services/accesstokenmanager/test/mock/library_loader_mock.cpp +++ b/services/accesstokenmanager/test/mock/library_loader_mock.cpp @@ -27,7 +27,6 @@ static constexpr uint32_t INVALID_INDEX = 0; class AbilityManagerAccessLoaderMock final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, @@ -39,11 +38,6 @@ int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, return ERR_OK; } -int32_t AbilityManagerAccessLoaderMock::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return ERR_OK; -} - LibraryLoader::LibraryLoader(const std::string& path) { instance_ = new AbilityManagerAccessLoaderMock(); diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 3b4a6b43f158c6cf3be90dd43c8fe721dd7c43fb..d9e57623222c2e148f5638b2b5d2aff902c0e6da 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -44,6 +44,7 @@ ohos_static_library("accesstoken_service_common") { public_configs = [ ":accesstoken_service_common_public_config" ] sources = [ + "app_manager/src/ams_manager_access_proxy.cpp", "app_manager/src/app_manager_access_client.cpp", "app_manager/src/app_state_data.cpp", "app_manager/src/app_status_change_callback.cpp", diff --git a/services/common/ability_manager/BUILD.gn b/services/common/ability_manager/BUILD.gn index ba8f9d65f25f8a257f494093e242ea5776670ce8..23c3bed946606fb3f1f3d658b1427d8eb9635908 100644 --- a/services/common/ability_manager/BUILD.gn +++ b/services/common/ability_manager/BUILD.gn @@ -29,6 +29,9 @@ ohos_shared_library("accesstoken_ability_manager_adapter") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ diff --git a/services/common/ability_manager/include/ability_manager_access_loader.h b/services/common/ability_manager/include/ability_manager_access_loader.h index da312b15eb88dbf35476cede7b2a49c44708793a..f11745177ad63b39de99f008c4f574e37007cb7f 100644 --- a/services/common/ability_manager/include/ability_manager_access_loader.h +++ b/services/common/ability_manager/include/ability_manager_access_loader.h @@ -40,12 +40,10 @@ public: AbilityManagerAccessLoaderInterface() {} virtual ~AbilityManagerAccessLoaderInterface() {} virtual int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - virtual int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); }; class AbilityManagerAccessLoader final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; #ifdef __cplusplus diff --git a/services/common/ability_manager/include/ability_manager_adapter.h b/services/common/ability_manager/include/ability_manager_adapter.h index 5dab21b8698299bb079243ee31a8a914429a6133..d2e0ee4f13076b619f6363c20fb92ed1546dd431 100644 --- a/services/common/ability_manager/include/ability_manager_adapter.h +++ b/services/common/ability_manager/include/ability_manager_adapter.h @@ -36,12 +36,6 @@ public: static AbilityManagerAdapter& GetInstance(); int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); - - enum class Message { - START_ABILITY = 1001, - KILL_PROCESS_FOR_PERMISSION_UPDATE = 5300, - }; private: void InitProxy(); diff --git a/services/common/ability_manager/src/ability_manager_access_loader.cpp b/services/common/ability_manager/src/ability_manager_access_loader.cpp index b1812b6bd78b638e51a104f31dec449d2abb6741..9a59e08c2699325de31fc37735607373c1061b47 100644 --- a/services/common/ability_manager/src/ability_manager_access_loader.cpp +++ b/services/common/ability_manager/src/ability_manager_access_loader.cpp @@ -29,11 +29,6 @@ int32_t AbilityManagerAccessLoader::StartAbility( #endif } -int32_t AbilityManagerAccessLoader::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return AbilityManagerAdapter::GetInstance().KillProcessForPermissionUpdate(accessTokenId); -} - void* Create() { return reinterpret_cast(new AbilityManagerAccessLoader); diff --git a/services/common/ability_manager/src/ability_manager_adapter.cpp b/services/common/ability_manager/src/ability_manager_adapter.cpp index 922d1cf4e41620723cf6accc428b94249df7429e..dc8f09ab950da234e3fe92c6bced50f8412df841 100644 --- a/services/common/ability_manager/src/ability_manager_adapter.cpp +++ b/services/common/ability_manager/src/ability_manager_adapter.cpp @@ -14,6 +14,7 @@ */ #include "ability_manager_adapter.h" +#include "ability_manager_ipc_interface_code.h" #include "access_token_error.h" #include "accesstoken_common_log.h" #include @@ -100,7 +101,7 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp LOGE(ATM_DOMAIN, ATM_TAG, "RequestCode write failed."); return AccessTokenError::ERR_WRITE_PARCEL_FAILED; } - int32_t error = abms->SendRequest(static_cast(AbilityManagerAdapter::Message::START_ABILITY), + int32_t error = abms->SendRequest(static_cast(AbilityManagerInterfaceCode::START_ABILITY), data, reply, option); if (error != NO_ERROR) { LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); @@ -109,35 +110,6 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp return reply.ReadInt32(); } -int32_t AbilityManagerAdapter::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - auto abms = GetProxy(); - if (abms == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to GetProxy."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel data; - MessageParcel reply; - MessageOption option; - - if (!data.WriteInterfaceToken(ABILITY_MGR_DESCRIPTOR)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write WriteInterfaceToken."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(accessTokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - int32_t error = abms->SendRequest(static_cast( - AbilityManagerAdapter::Message::KILL_PROCESS_FOR_PERMISSION_UPDATE), data, reply, option); - if (error != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); - return error; - } - return reply.ReadInt32(); -} - void AbilityManagerAdapter::InitProxy() { if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn index a6026e7f25159c1d72caf9398cdc98317edb5da8..40870c894b3b4efebe4c4e2e527bd5bad1819339 100644 --- a/services/common/app_manager/BUILD.gn +++ b/services/common/app_manager/BUILD.gn @@ -22,6 +22,9 @@ ohos_shared_library("accesstoken_app_manager") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ @@ -33,6 +36,7 @@ ohos_shared_library("accesstoken_app_manager") { ] sources = [ + "src/ams_manager_access_proxy.cpp", "src/app_manager_access_client.cpp", "src/app_state_data.cpp", "src/app_status_change_callback.cpp", diff --git a/services/common/app_manager/include/ams_manager_access_proxy.h b/services/common/app_manager/include/ams_manager_access_proxy.h new file mode 100644 index 0000000000000000000000000000000000000000..d54f6cae00fce5dd4cee24a374d13d7e0c9f2726 --- /dev/null +++ b/services/common/app_manager/include/ams_manager_access_proxy.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_AMS_MANAGER_ACCESS_PROXY_H +#define ACCESS_AMS_MANAGER_ACCESS_PROXY_H + +#include + +#include "app_state_data.h" +#include "process_data.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IAmsMgr : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IAmsMgr"); + + virtual int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) = 0; + + enum class Message { + FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID = 49, + }; +}; + +class AmsManagerAccessProxy : public IRemoteProxy { +public: + explicit AmsManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} + + virtual ~AmsManagerAccessProxy() = default; + + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) override; +private: + static inline BrokerDelegator delegator_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_AMS_MANAGER_ACCESS_PROXY_H diff --git a/services/common/app_manager/include/app_manager_access_client.h b/services/common/app_manager/include/app_manager_access_client.h index 2e2bbcdd0b995add7e4b26267315e04117c50675..732287dffbe7b8f89242bd7f251706231401496b 100644 --- a/services/common/app_manager/include/app_manager_access_client.h +++ b/services/common/app_manager/include/app_manager_access_client.h @@ -31,6 +31,7 @@ public: static AppManagerAccessClient& GetInstance(); virtual ~AppManagerAccessClient(); + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId); int32_t RegisterApplicationStateObserver(const sptr& observer); int32_t UnregisterApplicationStateObserver(const sptr& observer); int32_t GetForegroundApplications(std::vector& list); @@ -38,6 +39,7 @@ public: void OnRemoteDiedHandle(); enum class Message { + APP_GET_MGR_INSTANCE = 6, REGISTER_APPLICATION_STATE_OBSERVER = 12, UNREGISTER_APPLICATION_STATE_OBSERVER = 13, GET_FOREGROUND_APPLICATIONS = 14, diff --git a/services/common/app_manager/src/ams_manager_access_proxy.cpp b/services/common/app_manager/src/ams_manager_access_proxy.cpp new file mode 100644 index 0000000000000000000000000000000000000000..5f2ae4a49a8c8e27918e03fee173b04f954883e6 --- /dev/null +++ b/services/common/app_manager/src/ams_manager_access_proxy.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ams_manager_access_proxy.h" +#include "accesstoken_common_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t ERROR = -1; +} +int32_t AmsManagerAccessProxy::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + if (!data.WriteInterfaceToken(GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERROR; + } + + if (!data.WriteInt32(accessTokenId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( + static_cast(IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "KillProcessesByAccessTokenId failed, error: %{public}d", error); + return ERROR; + } + return reply.ReadInt32(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp index 374f3e86d0d5400a3bbfeeb388e2dee38e49ccab..483470cc70f5b705f21ec4d740e12b416d416ef1 100644 --- a/services/common/app_manager/src/app_manager_access_client.cpp +++ b/services/common/app_manager/src/app_manager_access_client.cpp @@ -16,6 +16,7 @@ #include #include "accesstoken_common_log.h" +#include "ams_manager_access_proxy.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -51,6 +52,36 @@ AppManagerAccessClient::~AppManagerAccessClient() ReleaseProxy(); } +int32_t AppManagerAccessClient::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return ERROR; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::APP_GET_MGR_INSTANCE), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetAmsMgr failed, error: %{public}d", error); + return ERROR; + } + sptr object = reply.ReadRemoteObject(); + sptr amsService = new AmsManagerAccessProxy(object); + if (amsService == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "AmsService is null."); + return ERROR; + } + return amsService->KillProcessesByAccessTokenId(accessTokenId); +} + int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr& observer) { LOGI(ATM_DOMAIN, ATM_TAG, "Entry"); diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp index 539182f811d45f142f916bcfe1d237f04a4cd29f..494e77fbdccaec63bcba28926b9a1358abce5516 100644 --- a/services/common/json_parse/src/json_parse_loader.cpp +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -205,7 +205,9 @@ bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a) return false; } - GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName); + if (!GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName)) { + return false; + } return true; } diff --git a/services/common/screenlock_manager/BUILD.gn b/services/common/screenlock_manager/BUILD.gn index 8a03c4ba4df1187ea6bf360dc8aae98feb0249fd..c51e92a882dcb0aa3fc88ccdde25640f7c623c65 100644 --- a/services/common/screenlock_manager/BUILD.gn +++ b/services/common/screenlock_manager/BUILD.gn @@ -28,6 +28,9 @@ ohos_shared_library("accesstoken_screenlock_manager") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "include" ]