From 26b80d9ca229dd8a0e8ace9798765babcb63f5a6 Mon Sep 17 00:00:00 2001 From: bigtea Date: Sat, 22 Mar 2025 17:50:45 +0800 Subject: [PATCH] Add access_token dfx event Signed-off-by: bigtea --- hisysevent.yaml | 22 ++++ .../accesstoken/include/hap_token_info.h | 4 +- .../main/cpp/include/dfx/hisysevent_adapter.h | 12 +++ .../include/permission/permission_manager.h | 2 + .../service/accesstoken_manager_service.h | 2 + .../include/token/accesstoken_info_manager.h | 2 + .../main/cpp/src/database/access_token_db.cpp | 31 +++--- .../main/cpp/src/dfx/hisysevent_adapter.cpp | 2 +- .../src/permission/permission_data_brief.cpp | 8 +- .../cpp/src/permission/permission_manager.cpp | 48 ++++++--- .../permission/temp_permission_observer.cpp | 4 +- .../service/accesstoken_manager_service.cpp | 101 +++++++++++++++++- .../src/service/accesstoken_manager_stub.cpp | 1 - .../src/token/accesstoken_info_manager.cpp | 97 ++++++++++------- .../cpp/src/token/hap_token_info_inner.cpp | 9 +- 15 files changed, 265 insertions(+), 80 deletions(-) diff --git a/hisysevent.yaml b/hisysevent.yaml index 9db48c4d2..388f0e811 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -69,6 +69,9 @@ DEL_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + DURATION: {type: int64, desc: duration} PERM_DIALOG_STATUS_INFO: __BASE: {type: STATISTIC, level: MINOR, desc: status information of permission dialog} @@ -93,6 +96,11 @@ UPDATE_PERMISSION: PERMISSION_NAME: {type: STRING, desc: permission name} PERMISSION_FLAG: {type: UINT32, desc: permission flag} GRANTED_FLAG: {type: BOOL, desc: grant or revoke} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} UPDATE_HAP: __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device} @@ -100,6 +108,14 @@ UPDATE_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + TOKENIDEX: {type: UINT64, desc: tokenIDEx} + PERM_INFO: {type: STRING, desc: perm info} + ACL_INFO: {type: STRING, desc: acl info} + PREAUTH_INFO: {type: STRING, desc: pre-auth info} + EXTEND_INFO: {type: STRING, desc: extend info} + DURATION: {type: int64, desc: duration} CLEAR_USER_PERMISSION_STATE: __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state} @@ -136,3 +152,9 @@ VERIFY_ACCESS_TOKEN_EVENT: SELF_TOKENID: {type: UINT32, desc: self tokenID} CONTEXT_TOKENID: {type: UINT32, desc: context tokenID} +ACCESSTOKEN_EXCEPTION: + __BASE: {type: FAULT, level: CRITICAL, desc: accesstoken exception} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 5e80c3ced..0292fc395 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -96,12 +96,12 @@ public: class HapTokenInfo final { public: char ver; - int userID; + int userID = 0; std::string bundleName; /** which version of the SDK is used to develop this hap */ int32_t apiVersion; /** instance index */ - int instIndex; + int instIndex = 0; /** * dlp type, for details about the valid values, * see the definition of HapDlpType in the access_token.h file. diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h index be526063a..1be640712 100644 --- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -34,6 +34,18 @@ enum UpdatePermStatusErrorCode { DLP_CHECK_FAILED = 1, UPDATE_PERMISSION_STATUS_FAILED = 2, }; +enum UpdateHapTokenSceneCode { + UPDATE_HAP_START = 0, + UPDATE_HAP_FINISH = 1, +}; +enum DeleteTokenInfoSceneCode { + DELETE_HAP_START = 0, + DELETE_HAP_FINISH = 1, +}; +enum UpdatePermSceneCode { + UPDATE_PERM_START = 0, + UPDATE_PERM_FINISH = 1, +}; void ReportSysEventPerformance(); void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index e0b4eb58c..25bc25c51 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -67,6 +67,8 @@ public: const std::string& bundleName, const std::string& abilityName); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); + int32_t CheckAndUpdatePermissionWithDfx(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag); int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, bool needKill); int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index befb3df1b..eed01c0f8 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -121,6 +121,8 @@ private: bool Initialize(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); + int32_t UpdateHapTokenWithoutDfx(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result); ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index e2819047c..1404d810a 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -139,6 +139,8 @@ private: void NativeTokenToString(AccessTokenID tokenID, std::string& info); int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy); void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId); + int32_t GetHapTokenInfoInnerFromDb(AccessTokenID id, std::vector& hapTokenResults, + std::vector& permStateRes, std::vector& extendedPermRes); bool hasInited_; std::atomic_int32_t dumpTaskNum_; diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index b1c4631b9..407ffa316 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -244,6 +244,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif std::string tableName; AccessTokenDbUtil::GetTableNameByType(type, tableName); if (tableName.empty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "Get table name failed!"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -251,6 +252,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket); if (bucket.IsEmpty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "To rdb value bucket failed!"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -262,18 +264,19 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } int32_t res = db->Update(changedRows, bucket, predicates); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s, res is %{public}d.", - tableName.c_str(), res); int32_t result = RestoreAndUpdateIfCorrupt(res, changedRows, bucket, predicates, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and update, result is %{public}d.", result); return result; } + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s, res is %{public}d.", + tableName.c_str(), res); } } @@ -298,19 +301,19 @@ int32_t AccessTokenDb::RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates& LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try query again!"); queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", predicates.GetTableName().c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } @@ -337,19 +340,20 @@ int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValu OHOS::Utils::UniqueReadGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } auto queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", tableName.c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } int32_t res = RestoreAndQueryIfCorrupt(predicates, columns, queryResultSet, db); if (res != 0) { + LOGC(ATM_DOMAIN, ATM_TAG, "Restore and query failed!"); return res; } @@ -382,14 +386,14 @@ int32_t AccessTokenDb::RestoreAndCommitIfCorrupt(const int32_t resultCode, LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try commit again!"); res = db->Commit(); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); return res; } @@ -406,7 +410,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::shared_ptr db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -418,6 +422,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = RemoveValues(delDataTypes[i], delValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Remove values failed, res is %{public}d.", res); return res; } } @@ -427,17 +432,19 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = AddValues(addDataTypes[i], addValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Add values failed, res is %{public}d.", res); return res; } } res = db->Commit(); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to commit, res is %{public}d.", res); int32_t result = RestoreAndCommitIfCorrupt(res, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and commit, result is %{public}d.", result); return result; } + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to commit, res is %{public}d.", res); } } diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp index 19ce1ffbb..a0ce74de9 100644 --- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -63,7 +63,7 @@ void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode) if (GetThreadErrorMsgLen() == 0) { return; } - int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR", + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_EXCEPTION", HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", ipcCode, "ERROR_CODE", errCode, "ERROR_MSG", GetThreadErrorMsg()); if (ret != 0) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index 3c76de837..f9f9ca828 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -411,7 +411,7 @@ int32_t PermissionDataBrief::UpdatePermStateList( { auto iterPermData = requestedPermData_.find(tokenId); if (iterPermData == requestedPermData_.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); + LOGC(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); return ERR_TOKEN_INVALID; } std::vector& permBriefDatalist = requestedPermData_[tokenId]; @@ -420,12 +420,12 @@ int32_t PermissionDataBrief::UpdatePermStateList( return opCode == permData.permCode; }); if (iter == permBriefDatalist.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission not request!"); return AccessTokenError::ERR_PARAM_INVALID; } if ((static_cast(iter->flag) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); return AccessTokenError::ERR_PARAM_INVALID; } iter->status = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; @@ -450,7 +450,7 @@ int32_t PermissionDataBrief::UpdateSecCompGrantedPermList(AccessTokenID tokenId, if (status == PERMISSION_GRANTED) { return RET_SUCCESS; } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); return ERR_PERMISSION_DENIED; } } else { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 30d1882b3..14d128dce 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -43,6 +43,7 @@ #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif +#include "accesstoken_service_ipc_interface_code.h" namespace OHOS { namespace Security { @@ -345,7 +346,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); + LOGC(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -359,6 +360,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( bool statusChanged = false; ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update info perm status failed, ret is %{public}d", ret); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", UPDATE_PERMISSION_STATUS_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", ret, @@ -389,12 +391,12 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag) { if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) { if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); return ERR_IDENTITY_CHECK_FAILED; } } @@ -404,7 +406,7 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr if (hapDlpType != DLP_COMMON) { int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", DLP_CHECK_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", hapDlpType, "INT_VAL2", permDlpMode); @@ -420,6 +422,8 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st { int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update permission %{public}u %{public}s failed, ret is %{public}d", tokenID, + permissionName.c_str(), ret); return ret; } @@ -432,10 +436,6 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st } #endif - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME", - permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); return RET_SUCCESS; } @@ -443,15 +443,15 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const bool isGranted, uint32_t flag) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!IsDefinedPermission(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } if (!PermissionValidator::IsPermissionFlagValid(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); + LOGC(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); return AccessTokenError::ERR_PARAM_INVALID; } bool needKill = false; @@ -465,18 +465,40 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill); } +int32_t PermissionManager::CheckAndUpdatePermissionWithDfx(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag) +{ + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", UpdatePermSceneCode::UPDATE_PERM_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); + + int32_t ret = CheckAndUpdatePermission(tokenID, permissionName, isGranted, flag); + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", UpdatePermSceneCode::UPDATE_PERM_FINISH, + "TOKENID", tokenID, "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted, + "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(isGranted ? AccessTokenInterfaceCode::GRANT_PERMISSION : + AccessTokenInterfaceCode::REVOKE_PERMISSION), ret); + return ret; +} + int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", tokenID, permissionName.c_str(), flag); - return CheckAndUpdatePermission(tokenID, permissionName, true, flag); + return CheckAndUpdatePermissionWithDfx(tokenID, permissionName, true, flag); } int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", tokenID, permissionName.c_str(), flag); - return CheckAndUpdatePermission(tokenID, permissionName, false, flag); + return CheckAndUpdatePermissionWithDfx(tokenID, permissionName, false, flag); } int32_t PermissionManager::GrantPermissionForSpecifiedTime( diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index ccb878ac6..d965600c0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -425,12 +425,12 @@ bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, c { HapTokenInfo tokenInfo; if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); return false; } auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName); if (iterator == g_tempPermission.end()) { - LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); return false; } return CheckPermissionState(tokenID, permissionName, tokenInfo.bundleName); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index ff56b39dd..cbba93469 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -45,6 +45,7 @@ #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" +#include "time_util.h" #include "token_field_const.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" @@ -433,8 +434,24 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", DeleteTokenInfoSceneCode::DELETE_HAP_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex); + // only support hap token deletion - return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", DeleteTokenInfoSceneCode::DELETE_HAP_FINISH, + "TOKENID", tokenID, "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(AccessTokenInterfaceCode::TOKEN_DELETE), ret); + return ret; } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) @@ -460,19 +477,95 @@ AccessTokenID AccessTokenManagerService::AllocLocalTokenID( return tokenID; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, +int32_t AccessTokenManagerService::UpdateHapTokenWithoutDfx(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) { - LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); std::vector InitializedList; + if (!PermissionManager::GetInstance().InitPermissionList( info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { + LOGC(ATM_DOMAIN, ATM_TAG, "InitPermissionList failed, tokenId=%{public}u.", tokenIdEx.tokenIdExStruct.tokenID); return ERR_PERM_REQUEST_CFG_FAILED; } - int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, + + return AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicy); +} + +static void DumpEventInfo(const HapPolicy& policy, std::string& permInfo, std::string& aclInfo, + std::string& preauthInfo, std::string& extendInfo) +{ + permInfo = std::to_string(policy.permStateList.size()); + permInfo += "{"; + for (auto& permState : policy.permStateList) { + permInfo += permState.permissionName; + permInfo += ","; + permInfo += std::to_string(permState.grantStatus); + permInfo += ","; + permInfo += std::to_string(permState.grantFlag); + permInfo += ","; + } + permInfo += "}"; + + aclInfo = std::to_string(policy.aclRequestedList.size()); + aclInfo += "{"; + for (auto& perm : policy.aclRequestedList) { + aclInfo += perm; + aclInfo += ","; + } + aclInfo += "}"; + + preauthInfo = std::to_string(policy.preAuthorizationInfo.size()); + preauthInfo += "{"; + for (auto& info : policy.preAuthorizationInfo) { + aclInfo += info.permissionName; + aclInfo += ","; + } + preauthInfo += "}"; + + extendInfo = std::to_string(policy.aclExtendedMap.size()); + extendInfo += "{"; + for (auto& iter : policy.aclExtendedMap) { + extendInfo += "{"; + extendInfo += iter.first; + extendInfo += ","; + extendInfo += iter.second; + extendInfo += "},"; + } + extendInfo += "}"; +} + +int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo); + ClearThreadErrorMsg(); + std::string permInfo; + std::string aclInfo; + std::string preauthInfo; + std::string extendInfo; + DumpEventInfo(policyParcel.hapPolicy, permInfo, aclInfo, preauthInfo, extendInfo); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", UpdateHapTokenSceneCode::UPDATE_HAP_START, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERM_INFO", permInfo, "ACL_INFO", aclInfo, "PREAUTH_INFO", preauthInfo, "EXTEND_INFO", extendInfo); + + int32_t ret = UpdateHapTokenWithoutDfx(tokenIdEx, info, policyParcel, result); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", UpdateHapTokenSceneCode::UPDATE_HAP_FINISH, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN), ret); return ret; } + int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 9271dc038..373fedc8b 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -76,7 +76,6 @@ int32_t AccessTokenManagerStub::OnRemoteRequest( #ifdef HICOLLIE_ENABLE HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); #endif // HICOLLIE_ENABLE - ReportSysCommonEventError(code, 0); return NO_ERROR; } } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index a9c1e538d..b140140d8 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -267,47 +267,66 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner(AccessTokenID id) +int32_t AccessTokenInfoManager::GetHapTokenInfoInnerFromDb(AccessTokenID id, + std::vector& hapTokenResults, std::vector& permStateRes, + std::vector& extendedPermRes) { - { - Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); - auto iter = hapTokenInfoMap_.find(id); - if (iter != hapTokenInfoMap_.end()) { - return iter->second; - } - } - - Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); - std::vector hapTokenResults; + int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); - if (ret != RET_SUCCESS || hapTokenResults.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); - return nullptr; + return ret; } - std::vector permStateRes; + if (hapTokenResults.empty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); + return ERR_TOKENID_NOT_EXIST; + } + ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); - return nullptr; + return ret; } - std::vector extendedPermRes; ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes); if (ret != RET_SUCCESS) { // extendedPermRes may be empty - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); + return ret; + } + + return RET_SUCCESS; +} + +std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner(AccessTokenID id) +{ + { + Utils::UniqueReadGuard infoGuard(this->hapTokenInfoLock_); + auto iter = hapTokenInfoMap_.find(id); + if (iter != hapTokenInfoMap_.end()) { + return iter->second; + } + } + + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + + std::vector hapTokenResults; + std::vector permStateRes; + std::vector extendedPermRes; + if (GetHapTokenInfoInnerFromDb(id, hapTokenResults, permStateRes, extendedPermRes) != RET_SUCCESS) { return nullptr; } std::shared_ptr hap = std::make_shared(); - ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes, extendedPermRes); + int32_t ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes, extendedPermRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", + LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -400,7 +419,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); return ERR_PARAM_INVALID; } std::shared_ptr info; @@ -411,17 +430,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) AccessTokenIDManager::GetInstance().ReleaseTokenId(id); if (hapTokenInfoMap_.count(id) == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); return ERR_TOKENID_NOT_EXIST; } info = hapTokenInfoMap_[id]; if (info == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); return ERR_TOKEN_INVALID; } if (info->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); return ERR_IDENTITY_CHECK_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -431,7 +450,12 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); } - RemoveHapTokenInfoFromDb(info); + int ret = RemoveHapTokenInfoFromDb(info); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Remove info from db failed, ret is %{public}d", ret); + ReportSysCommonEventError(0, ret); + ClearThreadErrorMsg(); + } LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); @@ -439,10 +463,6 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); #endif - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC, - "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), - "INSTINDEX", info->GetInstIndex()); - return RET_SUCCESS; } @@ -626,17 +646,17 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); return ERR_IDENTITY_CHECK_FAILED; } if (info.isSystemApp) { @@ -651,15 +671,12 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Add hap info %{public}u to db failed!", tokenID); return ret; } LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u bundle name %{public}s user %{public}d \ inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", tokenID, "USERID", - infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); @@ -957,11 +974,11 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrIsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); + LOGC(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } AccessTokenID tokenID = hapInfo->GetTokenID(); @@ -1040,7 +1057,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr(tokenInfoBasic_.tokenID)); conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); - AccessTokenDb::GetInstance().Modify( + ret = AccessTokenDb::GetInstance().Modify( AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Modify info from db failed, ret is %{public}d", ret); + ReportSysCommonEventError(0, ret); + ClearThreadErrorMsg(); + } } return RET_SUCCESS; } -- Gitee