From 71654becf9d2dc4a7b4e0acd893c9654eb2e8487 Mon Sep 17 00:00:00 2001 From: luowei Date: Mon, 3 Mar 2025 10:59:54 +0800 Subject: [PATCH 1/5] =?UTF-8?q?sa=E7=AC=A6=E5=8F=B7=E4=BC=98=E5=8C=96=5Flu?= =?UTF-8?q?owei?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: luowei --- frameworks/accesstoken/BUILD.gn | 6 ++ .../accesstoken_communication_adapter_cxx.map | 61 +++++++++++++++++++ frameworks/common/BUILD.gn | 5 ++ frameworks/common/accesstoken_common_cxx.map | 58 ++++++++++++++++++ frameworks/js/napi/accesstoken/BUILD.gn | 6 ++ .../napi/accesstoken/libabilityaccessctrl.map | 20 ++++++ frameworks/js/napi/el5filekeymanager/BUILD.gn | 5 ++ .../screenlockfilemanager.map | 20 ++++++ frameworks/js/napi/privacy/BUILD.gn | 5 ++ .../js/napi/privacy/libprivacymanager.map | 20 ++++++ frameworks/privacy/BUILD.gn | 5 ++ .../privacy_communication_adapter_cxx.map | 38 ++++++++++++ .../inner_api/el5filekeymanager/BUILD.gn | 5 ++ .../el5_filekey_manager_sdk.map | 26 ++++++++ interfaces/innerkits/accesstoken/BUILD.gn | 5 ++ .../innerkits/accesstoken/libtokenid_sdk.map | 22 +++++++ interfaces/innerkits/analysis_model/BUILD.gn | 6 ++ .../libcodesignature_analysis.map | 20 ++++++ interfaces/innerkits/nativetoken/BUILD.gn | 3 + interfaces/innerkits/token_setproc/BUILD.gn | 5 ++ .../token_setproc/libtokensetproc_shared.map | 21 +++++++ interfaces/innerkits/tokensync/BUILD.gn | 3 + interfaces/kits/capi/accesstoken/BUILD.gn | 2 + interfaces/kits/cj/accesstoken/BUILD.gn | 3 + .../kits/cj/screenlockfilemanager/BUILD.gn | 3 + services/common/ability_manager/BUILD.gn | 3 + services/common/app_manager/BUILD.gn | 3 + services/common/screenlock_manager/BUILD.gn | 3 + 28 files changed, 382 insertions(+) create mode 100644 frameworks/accesstoken/accesstoken_communication_adapter_cxx.map create mode 100644 frameworks/common/accesstoken_common_cxx.map create mode 100644 frameworks/js/napi/accesstoken/libabilityaccessctrl.map create mode 100644 frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map create mode 100644 frameworks/js/napi/privacy/libprivacymanager.map create mode 100644 frameworks/privacy/privacy_communication_adapter_cxx.map create mode 100644 interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map create mode 100644 interfaces/innerkits/accesstoken/libtokenid_sdk.map create mode 100644 interfaces/innerkits/analysis_model/libcodesignature_analysis.map create mode 100644 interfaces/innerkits/token_setproc/libtokensetproc_shared.map diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 905cf9753..50ed52fab 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -35,6 +35,12 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { cfi_cross_dso = true debug = false } + + if(!use_clang_coverage) + { + version_script = "accesstoken_communication_adapter_cxx.map" + } + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken_communication_adapter_cxx_public_config" ] diff --git a/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map new file mode 100644 index 000000000..66b1c315a --- /dev/null +++ b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map @@ -0,0 +1,61 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "VVT for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "vtable for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "VTT for OHOS::Security::AccessToken::PermissionDefParcel"; + "vtable for OHOS::Security::AccessToken::PermissionDefParcel"; + "VTT for OHOS::Security::AccessToken::PermissionListStateParcel"; + "vtable for OHOS::Security::AccessToken::PermissionListStateParcel"; + "VTT for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; + "vtable for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; + "VTT for OHOS::Security::AccessToken::HapInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapInfoParcel"; + "VTT for OHOS::Security::AccessToken::HapPolicyParcel"; + "vtable for OHOS::Security::AccessToken::HapPolicyParcel"; + "VTT for OHOS::Security::AccessToken::HapTokenInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapTokenInfoParcel"; + "VTT for OHOS::Security::AccessToken::NativeTokenInfoParcel"; + "vtable for OHOS::Security::AccessToken::NativeTokenInfoParcel"; + "VTT for OHOS::Security::AccessToken::AtmToolsParamInfoParcel"; + "vtable for OHOS::Security::AccessToken::AtmToolsParamInfoParcel"; + "VTT for OHOS::Security::AccessToken::HapBaseInfoParcel"; + "vtable for OHOS::Security::AccessToken::HapBaseInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionStatusParcel"; + "vtable for OHOS::Security::AccessToken::PermissionStatusParcel"; + "VTT for OHOS::Security::AccessToken::PermissionStateChangeInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionStateChangeInfoParcel"; + "OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "OHOS::Security::AccessToken::PermissionDefParcel"; + "OHOS::Security::AccessToken::PermissionStateChangeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapTokenInfoForSyncParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionStateChangeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::NativeTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionListStateParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionStatusParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionDefParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapPolicyParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermStateChangeScopeParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::HapBaseInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::AtmToolsParamInfoParcel::Unmarshalling(OHOS::Parcel&)"; + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index 84a20c2c2..21037feca 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -31,6 +31,11 @@ ohos_shared_library("accesstoken_common_cxx") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "accesstoken_common_cxx.map" + } + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken_common_cxx_public_config" ] diff --git a/frameworks/common/accesstoken_common_cxx.map b/frameworks/common/accesstoken_common_cxx.map new file mode 100644 index 000000000..bcbf4a036 --- /dev/null +++ b/frameworks/common/accesstoken_common_cxx.map @@ -0,0 +1,58 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::ConstantCommon::EncryptDevId(std::__h::basic_string, std::__h::allocator>)"; + "OHOS::Security::AccessToken::TimeUtil::GetCurrentTimestamp()"; + "OHOS::Security::AccessToken::FindAndInsertRecord(OHOS::Security::AccessToken::AddPermParamInfo const&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionUsedTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsTokenIDValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsHapCaller(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsUserIdValid(int)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionUsedFlagValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsPolicyTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsCallerTypeValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsAppIDDescValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsBundleNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsAplNumValid(int)"; + "OHOS::Security::AccessToken::DataValidator::IsDomainValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsDlpTypeValid(int)"; + "OHOS::Security::AccessToken::TransferPermissionToOpcode(std::__h::basic_string, std::__h::allocator> const&, unsigned int&)"; + "OHOS::Security::AccessToken::DataValidator::IsPermissionFlagValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsToggleStatusValid(unsigned int)"; + "OHOS::Security::AccessToken::DataValidator::IsProcessNameValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::JsonParser::IsDirExsit(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::JsonParser::GetStringFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::JsonParser::GetIntFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, int&)"; + "OHOS::Security::AccessToken::JsonParser::ReadCfgFile(std::__h::basic_string, std::__h::allocator> const&, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::DataValidator::IsDeviceIdValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::ConstantCommon::GetLocalDeviceId()"; + "OHOS::Security::AccessToken::TransferOpcodeToPermission(unsigned int, std::__h::basic_string, std::__h::allocator>&)"; + "OHOS::Security::AccessToken::ConstantCommon::GetFlagWithoutSpecifiedElement(unsigned int, unsigned int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermOperatedByUser(int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermOperatedBySystem(int)"; + "OHOS::Security::AccessToken::ConstantCommon::IsPermGrantedBySecComp(int)"; + "OHOS::Security::AccessToken::JsonParser::GetBoolFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, bool&)"; + "OHOS::Security::AccessToken::DataValidator::IsLabelValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::DataValidator::IsAvailableTypeValid(int)"; + "OHOS::Security::AccessToken::JsonParser::GetUnsignedIntFromJson(nlohmann::json_abi_v3_11_2::basic_json, std::__h::allocator>, bool, long, unsigned long, double, std::__h::allocator, nlohmann::json_abi_v3_11_2::adl_serializer, std::__h::vector>> const&, std::__h::basic_string, std::__h::allocator> const&, unsigned int&)"; + "OHOS::Security::AccessToken::DataValidator::IsDescValid(std::__h::basic_string, std::__h::allocator> const&)"; + "OHOS::Security::AccessToken::TimeUtil::IsTimeStampsSameMinute(long, long)"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/accesstoken/BUILD.gn b/frameworks/js/napi/accesstoken/BUILD.gn index 6cebe5c4c..50d826964 100644 --- a/frameworks/js/napi/accesstoken/BUILD.gn +++ b/frameworks/js/napi/accesstoken/BUILD.gn @@ -20,6 +20,12 @@ ohos_shared_library("libabilityaccessctrl") { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libabilityaccessctrl.map" + shlib_type = "sa" + } + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/frameworks/js/napi/accesstoken/libabilityaccessctrl.map b/frameworks/js/napi/accesstoken/libabilityaccessctrl.map new file mode 100644 index 000000000..ff09ec0f9 --- /dev/null +++ b/frameworks/js/napi/accesstoken/libabilityaccessctrl.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/el5filekeymanager/BUILD.gn b/frameworks/js/napi/el5filekeymanager/BUILD.gn index 7a42453e5..0c5a29467 100644 --- a/frameworks/js/napi/el5filekeymanager/BUILD.gn +++ b/frameworks/js/napi/el5filekeymanager/BUILD.gn @@ -22,6 +22,11 @@ ohos_shared_library("screenlockfilemanager") { } branch_protector_ret = "pac_ret" + if (!use_clang_coverage) { + version_script = "screenlockfilemanager.map" + shlib_type = "sa" + } + include_dirs = [ "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", "${access_token_path}/interfaces/inner_api/el5filekeymanager/include", diff --git a/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map b/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map new file mode 100644 index 000000000..ff09ec0f9 --- /dev/null +++ b/frameworks/js/napi/el5filekeymanager/screenlockfilemanager.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/js/napi/privacy/BUILD.gn b/frameworks/js/napi/privacy/BUILD.gn index 4621e4760..885f7364a 100644 --- a/frameworks/js/napi/privacy/BUILD.gn +++ b/frameworks/js/napi/privacy/BUILD.gn @@ -20,6 +20,11 @@ ohos_shared_library("libprivacymanager") { cfi_cross_dso = true debug = false } + if (!use_clang_coverage) { + version_script = "accesstoken_manager_service.map" + } + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/frameworks/js/napi/privacy/libprivacymanager.map b/frameworks/js/napi/privacy/libprivacymanager.map new file mode 100644 index 000000000..ff09ec0f9 --- /dev/null +++ b/frameworks/js/napi/privacy/libprivacymanager.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/frameworks/privacy/BUILD.gn b/frameworks/privacy/BUILD.gn index b452f0cda..1b65ac456 100644 --- a/frameworks/privacy/BUILD.gn +++ b/frameworks/privacy/BUILD.gn @@ -23,6 +23,11 @@ ohos_shared_library("privacy_communication_adapter_cxx") { cfi_cross_dso = true debug = false } + + if(!use_clang_coverage) { + version_script = "privacy_communication_adapter_cxx.map" + } + branch_protector_ret = "pac_ret" include_dirs = [ diff --git a/frameworks/privacy/privacy_communication_adapter_cxx.map b/frameworks/privacy/privacy_communication_adapter_cxx.map new file mode 100644 index 000000000..b08ade653 --- /dev/null +++ b/frameworks/privacy/privacy_communication_adapter_cxx.map @@ -0,0 +1,38 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "VTT for OHOS::Security::AccessToken::AddPermParamInfoParcel"; + "vtable for OHOS::Security::AccessToken::AddPermParamInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedResultParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedResultParcel"; + "VTT for OHOS::Security::AccessToken::PermissionUsedRequestParcel"; + "vtable for OHOS::Security::AccessToken::PermissionUsedRequestParcel"; + "VTT for OHOS::Security::AccessToken::SecCompEnhanceDataParcel"; + "vtable for OHOS::Security::AccessToken::SecCompEnhanceDataParcel"; + "VTT for OHOS::Security::AccessToken::ActiveChangeResponseParcel"; + "vtable for OHOS::Security::AccessToken::ActiveChangeResponseParcel"; + "OHOS::Security::AccessToken::AddPermParamInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedTypeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedResultParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionUsedRequestParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::SecCompEnhanceDataParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::ActiveChangeResponseParcel::Unmarshalling(OHOS::Parcel&)"; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/inner_api/el5filekeymanager/BUILD.gn b/interfaces/inner_api/el5filekeymanager/BUILD.gn index d4c36ca0d..e1c6ce866 100644 --- a/interfaces/inner_api/el5filekeymanager/BUILD.gn +++ b/interfaces/inner_api/el5filekeymanager/BUILD.gn @@ -28,6 +28,11 @@ ohos_shared_library("el5_filekey_manager_sdk") { cfi_cross_dso = true debug = false } + + if(!use_clang_coverage) { + version_script = "el5_filekey_manager_sdk.map" + } + branch_protector_ret = "pac_ret" cflags_cc = [ diff --git a/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map b/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map new file mode 100644 index 000000000..696152526 --- /dev/null +++ b/interfaces/inner_api/el5filekeymanager/el5_filekey_manager_sdk.map @@ -0,0 +1,26 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::El5FilekeyManagerKit::AcquireAccess(OHOS::Security::AccessToken::DataLockType)"; + "OHOS::Security::AccessToken::El5FilekeyManagerKit::ReleaseAccess(OHOS::Security::AccessToken::DataLockType)"; + "OHOS::Security::AccessToken::El5FilekeyManagerKit::QueryAppKeyState(OHOS::Security::AccessToken::DataLockType)"; + "VTT for OHOS::Security::AccessToken::AppKeyInfo"; + "vtable for OHOS::Security::AccessToken::AppKeyInfo"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn index 72f24f1d6..a9cb5e550 100644 --- a/interfaces/innerkits/accesstoken/BUILD.gn +++ b/interfaces/innerkits/accesstoken/BUILD.gn @@ -102,6 +102,11 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if (!use_clang_coverage) { + version_script = "libtokenid_sdk.map" + } + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk", diff --git a/interfaces/innerkits/accesstoken/libtokenid_sdk.map b/interfaces/innerkits/accesstoken/libtokenid_sdk.map new file mode 100644 index 000000000..de5f99573 --- /dev/null +++ b/interfaces/innerkits/accesstoken/libtokenid_sdk.map @@ -0,0 +1,22 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(unsigned long)"; + ""; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/analysis_model/BUILD.gn b/interfaces/innerkits/analysis_model/BUILD.gn index dd19cabba..983775974 100644 --- a/interfaces/innerkits/analysis_model/BUILD.gn +++ b/interfaces/innerkits/analysis_model/BUILD.gn @@ -28,6 +28,12 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if(!use_clang_coverage) { + version_script = "libcodesignature_analysis.map" + } + shlib_type = "sa" + branch_protector_ret = "pac_ret" public_configs = [ ":accesstoken" ] diff --git a/interfaces/innerkits/analysis_model/libcodesignature_analysis.map b/interfaces/innerkits/analysis_model/libcodesignature_analysis.map new file mode 100644 index 000000000..ff09ec0f9 --- /dev/null +++ b/interfaces/innerkits/analysis_model/libcodesignature_analysis.map @@ -0,0 +1,20 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn index 1caeae894..e194328f5 100644 --- a/interfaces/innerkits/nativetoken/BUILD.gn +++ b/interfaces/innerkits/nativetoken/BUILD.gn @@ -63,6 +63,9 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk" ] public_configs = [ ":accesstokenlib" ] diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn index 0b0d7d83a..4d7f335b7 100644 --- a/interfaces/innerkits/token_setproc/BUILD.gn +++ b/interfaces/innerkits/token_setproc/BUILD.gn @@ -43,6 +43,11 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + if(!use_clang_coverage) { + version_script = "libtokensetproc_shared.map" + } + branch_protector_ret = "pac_ret" innerapi_tags = [ "platformsdk" ] public_configs = [ ":setproc_config" ] diff --git a/interfaces/innerkits/token_setproc/libtokensetproc_shared.map b/interfaces/innerkits/token_setproc/libtokensetproc_shared.map new file mode 100644 index 000000000..8e2516210 --- /dev/null +++ b/interfaces/innerkits/token_setproc/libtokensetproc_shared.map @@ -0,0 +1,21 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1.0 { + global: + extern "C++" { + "GetSelfTokenID"; + }; + local: + *; +}; \ No newline at end of file diff --git a/interfaces/innerkits/tokensync/BUILD.gn b/interfaces/innerkits/tokensync/BUILD.gn index 4053b2bf1..f0ebe8c94 100644 --- a/interfaces/innerkits/tokensync/BUILD.gn +++ b/interfaces/innerkits/tokensync/BUILD.gn @@ -28,6 +28,9 @@ if (is_standard_system) { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" output_name = "libtokensync_sdk" diff --git a/interfaces/kits/capi/accesstoken/BUILD.gn b/interfaces/kits/capi/accesstoken/BUILD.gn index 11093e09e..481c0c4fc 100644 --- a/interfaces/kits/capi/accesstoken/BUILD.gn +++ b/interfaces/kits/capi/accesstoken/BUILD.gn @@ -34,6 +34,8 @@ ohos_shared_library("libability_access_control") { sources = [ "src/ability_access_control.cpp" ] + shlib_type = "sa" + deps = [ "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", diff --git a/interfaces/kits/cj/accesstoken/BUILD.gn b/interfaces/kits/cj/accesstoken/BUILD.gn index b2af68dca..bc9e64660 100644 --- a/interfaces/kits/cj/accesstoken/BUILD.gn +++ b/interfaces/kits/cj/accesstoken/BUILD.gn @@ -24,6 +24,9 @@ ohos_shared_library("cj_ability_access_ctrl_ffi") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/interfaces/kits/cj/screenlockfilemanager/BUILD.gn b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn index ff1dd353d..d4d4009a9 100644 --- a/interfaces/kits/cj/screenlockfilemanager/BUILD.gn +++ b/interfaces/kits/cj/screenlockfilemanager/BUILD.gn @@ -24,6 +24,9 @@ ohos_shared_library("cj_screen_lock_file_manager_ffi") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/inner_api/el5filekeymanager/include", diff --git a/services/common/ability_manager/BUILD.gn b/services/common/ability_manager/BUILD.gn index ba8f9d65f..23c3bed94 100644 --- a/services/common/ability_manager/BUILD.gn +++ b/services/common/ability_manager/BUILD.gn @@ -29,6 +29,9 @@ ohos_shared_library("accesstoken_ability_manager_adapter") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn index a6026e7f2..2b819f6f6 100644 --- a/services/common/app_manager/BUILD.gn +++ b/services/common/app_manager/BUILD.gn @@ -22,6 +22,9 @@ ohos_shared_library("accesstoken_app_manager") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ diff --git a/services/common/screenlock_manager/BUILD.gn b/services/common/screenlock_manager/BUILD.gn index 8a03c4ba4..c51e92a88 100644 --- a/services/common/screenlock_manager/BUILD.gn +++ b/services/common/screenlock_manager/BUILD.gn @@ -28,6 +28,9 @@ ohos_shared_library("accesstoken_screenlock_manager") { cfi_cross_dso = true debug = false } + + shlib_type = "sa" + branch_protector_ret = "pac_ret" include_dirs = [ "include" ] -- Gitee From a0531c3861faa6b741346f00f22bf3201fb4d885 Mon Sep 17 00:00:00 2001 From: luowei Date: Mon, 3 Mar 2025 11:42:57 +0800 Subject: [PATCH 2/5] =?UTF-8?q?sa=E7=AC=A6=E5=8F=B7=E4=BC=98=E5=8C=96=5Flu?= =?UTF-8?q?owei?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: luowei --- .../accesstoken/accesstoken_communication_adapter_cxx.map | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map index 66b1c315a..22428ac84 100644 --- a/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map +++ b/frameworks/accesstoken/accesstoken_communication_adapter_cxx.map @@ -14,7 +14,7 @@ 1.0 { global: extern "C++" { - "VVT for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; + "VTT for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; "vtable for OHOS::Security::AccessToken::HapTokenInfoForSyncParcel"; "VTT for OHOS::Security::AccessToken::PermissionDefParcel"; "vtable for OHOS::Security::AccessToken::PermissionDefParcel"; @@ -23,7 +23,7 @@ "VTT for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; "vtable for OHOS::Security::AccessToken::PermissionGrantInfoParcel"; "VTT for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; - "vtable for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; + "vtable for OHOS::Security::AccessToken::PermStateChangeScopeParcel"; "VTT for OHOS::Security::AccessToken::HapInfoParcel"; "vtable for OHOS::Security::AccessToken::HapInfoParcel"; "VTT for OHOS::Security::AccessToken::HapPolicyParcel"; @@ -44,7 +44,7 @@ "OHOS::Security::AccessToken::PermissionDefParcel"; "OHOS::Security::AccessToken::PermissionStateChangeInfoParcel::Unmarshalling(OHOS::Parcel&)"; "OHOS::Security::AccessToken::HapTokenInfoForSyncParcel::Unmarshalling(OHOS::Parcel&)"; - "OHOS::Security::AccessToken::PermissionStateChangeInfoParcel::Unmarshalling(OHOS::Parcel&)"; + "OHOS::Security::AccessToken::PermissionGrantInfoParcel::Unmarshalling(OHOS::Parcel&)"; "OHOS::Security::AccessToken::HapTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; "OHOS::Security::AccessToken::NativeTokenInfoParcel::Unmarshalling(OHOS::Parcel&)"; "OHOS::Security::AccessToken::PermissionListStateParcel::Unmarshalling(OHOS::Parcel&)"; -- Gitee From 01945db57800dc800026ab3efa27b7caf839954d Mon Sep 17 00:00:00 2001 From: luowei Date: Mon, 3 Mar 2025 19:43:07 +0800 Subject: [PATCH 3/5] sa symbol optimization Signed-off-by: luowei --- frameworks/accesstoken/BUILD.gn | 3 +-- frameworks/js/napi/privacy/BUILD.gn | 2 +- frameworks/privacy/BUILD.gn | 2 +- interfaces/inner_api/el5filekeymanager/BUILD.gn | 2 +- interfaces/innerkits/analysis_model/BUILD.gn | 2 +- interfaces/innerkits/token_setproc/BUILD.gn | 2 +- 6 files changed, 6 insertions(+), 7 deletions(-) diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn index 50ed52fab..707ed8a68 100644 --- a/frameworks/accesstoken/BUILD.gn +++ b/frameworks/accesstoken/BUILD.gn @@ -36,8 +36,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") { debug = false } - if(!use_clang_coverage) - { + if (!use_clang_coverage) { version_script = "accesstoken_communication_adapter_cxx.map" } diff --git a/frameworks/js/napi/privacy/BUILD.gn b/frameworks/js/napi/privacy/BUILD.gn index 885f7364a..a563c48e7 100644 --- a/frameworks/js/napi/privacy/BUILD.gn +++ b/frameworks/js/napi/privacy/BUILD.gn @@ -24,7 +24,7 @@ ohos_shared_library("libprivacymanager") { version_script = "accesstoken_manager_service.map" } shlib_type = "sa" - + branch_protector_ret = "pac_ret" include_dirs = [ "${access_token_path}/frameworks/common/include", diff --git a/frameworks/privacy/BUILD.gn b/frameworks/privacy/BUILD.gn index 1b65ac456..48afddee9 100644 --- a/frameworks/privacy/BUILD.gn +++ b/frameworks/privacy/BUILD.gn @@ -24,7 +24,7 @@ ohos_shared_library("privacy_communication_adapter_cxx") { debug = false } - if(!use_clang_coverage) { + if (!use_clang_coverage) { version_script = "privacy_communication_adapter_cxx.map" } diff --git a/interfaces/inner_api/el5filekeymanager/BUILD.gn b/interfaces/inner_api/el5filekeymanager/BUILD.gn index e1c6ce866..4147e8cf1 100644 --- a/interfaces/inner_api/el5filekeymanager/BUILD.gn +++ b/interfaces/inner_api/el5filekeymanager/BUILD.gn @@ -29,7 +29,7 @@ ohos_shared_library("el5_filekey_manager_sdk") { debug = false } - if(!use_clang_coverage) { + if (!use_clang_coverage) { version_script = "el5_filekey_manager_sdk.map" } diff --git a/interfaces/innerkits/analysis_model/BUILD.gn b/interfaces/innerkits/analysis_model/BUILD.gn index 983775974..ba437bcec 100644 --- a/interfaces/innerkits/analysis_model/BUILD.gn +++ b/interfaces/innerkits/analysis_model/BUILD.gn @@ -29,7 +29,7 @@ if (is_standard_system) { debug = false } - if(!use_clang_coverage) { + if (!use_clang_coverage) { version_script = "libcodesignature_analysis.map" } shlib_type = "sa" diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn index 4d7f335b7..bfa1d1727 100644 --- a/interfaces/innerkits/token_setproc/BUILD.gn +++ b/interfaces/innerkits/token_setproc/BUILD.gn @@ -44,7 +44,7 @@ if (is_standard_system) { debug = false } - if(!use_clang_coverage) { + if (!use_clang_coverage) { version_script = "libtokensetproc_shared.map" } -- Gitee From d43b49a35853549d0482af1ef11ad4e363aa97bc Mon Sep 17 00:00:00 2001 From: luowei Date: Mon, 3 Mar 2025 19:59:46 +0800 Subject: [PATCH 4/5] sa symbol opt Signed-off-by: luowei --- .../include/permission/permission_manager.h | 2 - .../cpp/src/permission/permission_manager.cpp | 28 ++++------ .../test/mock/library_loader_mock.cpp | 6 --- services/common/BUILD.gn | 1 + .../include/ability_manager_access_loader.h | 2 - .../include/ability_manager_adapter.h | 6 --- .../src/ability_manager_access_loader.cpp | 5 -- .../src/ability_manager_adapter.cpp | 32 +---------- services/common/app_manager/BUILD.gn | 1 + .../include/ams_manager_access_proxy.h | 51 ++++++++++++++++++ .../include/app_manager_access_client.h | 2 + .../src/ams_manager_access_proxy.cpp | 54 +++++++++++++++++++ .../src/app_manager_access_client.cpp | 31 +++++++++++ .../json_parse/src/json_parse_loader.cpp | 4 +- 14 files changed, 156 insertions(+), 69 deletions(-) create mode 100644 services/common/app_manager/include/ams_manager_access_proxy.h create mode 100644 services/common/app_manager/src/ams_manager_access_proxy.cpp diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index 1b11210d4..2150418c7 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -20,7 +20,6 @@ #include #include -#include "ability_manager_access_loader.h" #include "access_token.h" #include "hap_token_info_inner.h" #include "iremote_broker.h" @@ -119,7 +118,6 @@ private: bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); - AbilityManagerAccessLoaderInterface* GetAbilityManager(); PermissionGrantEvent grantEvent_; static std::recursive_mutex mutex_; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 82b8fb437..f659e87b0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -19,6 +19,7 @@ #include #include +#include "ability_manager_access_loader.h" #include "access_token.h" #include "access_token_error.h" #include "accesstoken_dfx_define.h" @@ -302,18 +303,6 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin return ret; } -AbilityManagerAccessLoaderInterface* PermissionManager::GetAbilityManager() -{ - if (abilityManagerLoader_ == nullptr) { - std::lock_guard lock(abilityManagerMutex_); - if (abilityManagerLoader_ == nullptr) { - abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); - } - } - - return abilityManagerLoader_->GetObject(); -} - int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName) { @@ -329,7 +318,15 @@ int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, .callerTokenId = IPCSkeleton::GetCallingTokenID() }; - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); + { + std::lock_guard lock(abilityManagerMutex_); + if (abilityManagerLoader_ == nullptr) { + abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); + } + } + + AbilityManagerAccessLoaderInterface* abilityManager = + abilityManagerLoader_->GetObject(); if (abilityManager == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); return AccessTokenError::ERR_SERVICE_ABNORMAL; @@ -410,10 +407,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( // To notify kill process when perm is revoke if (needKill && (!isGranted && !isSecCompGrantedBefore)) { LOGI(ATM_DOMAIN, ATM_TAG, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); - if (abilityManager == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); - } else if ((ret = abilityManager->KillProcessForPermissionUpdate(id)) != ERR_OK) { + if ((ret = AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(id)) != ERR_OK) { LOGE(ATM_DOMAIN, ATM_TAG, "kill process failed, ret=%{public}d.", ret); } } diff --git a/services/accesstokenmanager/test/mock/library_loader_mock.cpp b/services/accesstokenmanager/test/mock/library_loader_mock.cpp index 5d5275cd5..0fddd8429 100644 --- a/services/accesstokenmanager/test/mock/library_loader_mock.cpp +++ b/services/accesstokenmanager/test/mock/library_loader_mock.cpp @@ -27,7 +27,6 @@ static constexpr uint32_t INVALID_INDEX = 0; class AbilityManagerAccessLoaderMock final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, @@ -39,11 +38,6 @@ int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, return ERR_OK; } -int32_t AbilityManagerAccessLoaderMock::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return ERR_OK; -} - LibraryLoader::LibraryLoader(const std::string& path) { instance_ = new AbilityManagerAccessLoaderMock(); diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 3b4a6b43f..d9e576232 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -44,6 +44,7 @@ ohos_static_library("accesstoken_service_common") { public_configs = [ ":accesstoken_service_common_public_config" ] sources = [ + "app_manager/src/ams_manager_access_proxy.cpp", "app_manager/src/app_manager_access_client.cpp", "app_manager/src/app_state_data.cpp", "app_manager/src/app_status_change_callback.cpp", diff --git a/services/common/ability_manager/include/ability_manager_access_loader.h b/services/common/ability_manager/include/ability_manager_access_loader.h index da312b15e..f11745177 100644 --- a/services/common/ability_manager/include/ability_manager_access_loader.h +++ b/services/common/ability_manager/include/ability_manager_access_loader.h @@ -40,12 +40,10 @@ public: AbilityManagerAccessLoaderInterface() {} virtual ~AbilityManagerAccessLoaderInterface() {} virtual int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - virtual int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); }; class AbilityManagerAccessLoader final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; #ifdef __cplusplus diff --git a/services/common/ability_manager/include/ability_manager_adapter.h b/services/common/ability_manager/include/ability_manager_adapter.h index 5dab21b86..d2e0ee4f1 100644 --- a/services/common/ability_manager/include/ability_manager_adapter.h +++ b/services/common/ability_manager/include/ability_manager_adapter.h @@ -36,12 +36,6 @@ public: static AbilityManagerAdapter& GetInstance(); int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); - - enum class Message { - START_ABILITY = 1001, - KILL_PROCESS_FOR_PERMISSION_UPDATE = 5300, - }; private: void InitProxy(); diff --git a/services/common/ability_manager/src/ability_manager_access_loader.cpp b/services/common/ability_manager/src/ability_manager_access_loader.cpp index b1812b6bd..9a59e08c2 100644 --- a/services/common/ability_manager/src/ability_manager_access_loader.cpp +++ b/services/common/ability_manager/src/ability_manager_access_loader.cpp @@ -29,11 +29,6 @@ int32_t AbilityManagerAccessLoader::StartAbility( #endif } -int32_t AbilityManagerAccessLoader::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return AbilityManagerAdapter::GetInstance().KillProcessForPermissionUpdate(accessTokenId); -} - void* Create() { return reinterpret_cast(new AbilityManagerAccessLoader); diff --git a/services/common/ability_manager/src/ability_manager_adapter.cpp b/services/common/ability_manager/src/ability_manager_adapter.cpp index 922d1cf4e..dc8f09ab9 100644 --- a/services/common/ability_manager/src/ability_manager_adapter.cpp +++ b/services/common/ability_manager/src/ability_manager_adapter.cpp @@ -14,6 +14,7 @@ */ #include "ability_manager_adapter.h" +#include "ability_manager_ipc_interface_code.h" #include "access_token_error.h" #include "accesstoken_common_log.h" #include @@ -100,7 +101,7 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp LOGE(ATM_DOMAIN, ATM_TAG, "RequestCode write failed."); return AccessTokenError::ERR_WRITE_PARCEL_FAILED; } - int32_t error = abms->SendRequest(static_cast(AbilityManagerAdapter::Message::START_ABILITY), + int32_t error = abms->SendRequest(static_cast(AbilityManagerInterfaceCode::START_ABILITY), data, reply, option); if (error != NO_ERROR) { LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); @@ -109,35 +110,6 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp return reply.ReadInt32(); } -int32_t AbilityManagerAdapter::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - auto abms = GetProxy(); - if (abms == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to GetProxy."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel data; - MessageParcel reply; - MessageOption option; - - if (!data.WriteInterfaceToken(ABILITY_MGR_DESCRIPTOR)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write WriteInterfaceToken."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(accessTokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - int32_t error = abms->SendRequest(static_cast( - AbilityManagerAdapter::Message::KILL_PROCESS_FOR_PERMISSION_UPDATE), data, reply, option); - if (error != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); - return error; - } - return reply.ReadInt32(); -} - void AbilityManagerAdapter::InitProxy() { if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn index 2b819f6f6..40870c894 100644 --- a/services/common/app_manager/BUILD.gn +++ b/services/common/app_manager/BUILD.gn @@ -36,6 +36,7 @@ ohos_shared_library("accesstoken_app_manager") { ] sources = [ + "src/ams_manager_access_proxy.cpp", "src/app_manager_access_client.cpp", "src/app_state_data.cpp", "src/app_status_change_callback.cpp", diff --git a/services/common/app_manager/include/ams_manager_access_proxy.h b/services/common/app_manager/include/ams_manager_access_proxy.h new file mode 100644 index 000000000..d54f6cae0 --- /dev/null +++ b/services/common/app_manager/include/ams_manager_access_proxy.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_AMS_MANAGER_ACCESS_PROXY_H +#define ACCESS_AMS_MANAGER_ACCESS_PROXY_H + +#include + +#include "app_state_data.h" +#include "process_data.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IAmsMgr : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IAmsMgr"); + + virtual int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) = 0; + + enum class Message { + FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID = 49, + }; +}; + +class AmsManagerAccessProxy : public IRemoteProxy { +public: + explicit AmsManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} + + virtual ~AmsManagerAccessProxy() = default; + + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) override; +private: + static inline BrokerDelegator delegator_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_AMS_MANAGER_ACCESS_PROXY_H diff --git a/services/common/app_manager/include/app_manager_access_client.h b/services/common/app_manager/include/app_manager_access_client.h index 2e2bbcdd0..732287dff 100644 --- a/services/common/app_manager/include/app_manager_access_client.h +++ b/services/common/app_manager/include/app_manager_access_client.h @@ -31,6 +31,7 @@ public: static AppManagerAccessClient& GetInstance(); virtual ~AppManagerAccessClient(); + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId); int32_t RegisterApplicationStateObserver(const sptr& observer); int32_t UnregisterApplicationStateObserver(const sptr& observer); int32_t GetForegroundApplications(std::vector& list); @@ -38,6 +39,7 @@ public: void OnRemoteDiedHandle(); enum class Message { + APP_GET_MGR_INSTANCE = 6, REGISTER_APPLICATION_STATE_OBSERVER = 12, UNREGISTER_APPLICATION_STATE_OBSERVER = 13, GET_FOREGROUND_APPLICATIONS = 14, diff --git a/services/common/app_manager/src/ams_manager_access_proxy.cpp b/services/common/app_manager/src/ams_manager_access_proxy.cpp new file mode 100644 index 000000000..5f2ae4a49 --- /dev/null +++ b/services/common/app_manager/src/ams_manager_access_proxy.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ams_manager_access_proxy.h" +#include "accesstoken_common_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t ERROR = -1; +} +int32_t AmsManagerAccessProxy::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + if (!data.WriteInterfaceToken(GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERROR; + } + + if (!data.WriteInt32(accessTokenId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( + static_cast(IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "KillProcessesByAccessTokenId failed, error: %{public}d", error); + return ERROR; + } + return reply.ReadInt32(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp index 374f3e86d..483470cc7 100644 --- a/services/common/app_manager/src/app_manager_access_client.cpp +++ b/services/common/app_manager/src/app_manager_access_client.cpp @@ -16,6 +16,7 @@ #include #include "accesstoken_common_log.h" +#include "ams_manager_access_proxy.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -51,6 +52,36 @@ AppManagerAccessClient::~AppManagerAccessClient() ReleaseProxy(); } +int32_t AppManagerAccessClient::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return ERROR; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::APP_GET_MGR_INSTANCE), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetAmsMgr failed, error: %{public}d", error); + return ERROR; + } + sptr object = reply.ReadRemoteObject(); + sptr amsService = new AmsManagerAccessProxy(object); + if (amsService == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "AmsService is null."); + return ERROR; + } + return amsService->KillProcessesByAccessTokenId(accessTokenId); +} + int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr& observer) { LOGI(ATM_DOMAIN, ATM_TAG, "Entry"); diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp index 539182f81..494e77fbd 100644 --- a/services/common/json_parse/src/json_parse_loader.cpp +++ b/services/common/json_parse/src/json_parse_loader.cpp @@ -205,7 +205,9 @@ bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a) return false; } - GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName); + if (!GetStringFromJson(j, APPLICATION_SETTING_ABILITY_NAME_KEY, a.applicationSettingAbilityName)) { + return false; + } return true; } -- Gitee From 9906e7984304a605002c74a31fe7384630538a72 Mon Sep 17 00:00:00 2001 From: luowei Date: Tue, 4 Mar 2025 10:12:41 +0800 Subject: [PATCH 5/5] sa symbol opt Signed-off-by: luowei --- frameworks/js/napi/privacy/BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/js/napi/privacy/BUILD.gn b/frameworks/js/napi/privacy/BUILD.gn index a563c48e7..2ecf04e6e 100644 --- a/frameworks/js/napi/privacy/BUILD.gn +++ b/frameworks/js/napi/privacy/BUILD.gn @@ -21,7 +21,7 @@ ohos_shared_library("libprivacymanager") { debug = false } if (!use_clang_coverage) { - version_script = "accesstoken_manager_service.map" + version_script = "libprivacymanager.map" } shlib_type = "sa" -- Gitee