diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index e0b4eb58ccdf3f6fbfdd309c3a3abb4c9fa93fc9..ffd6be696ab4ba2c5d9d5fef8dd1620b2668a133 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -20,7 +20,6 @@ #include #include -#include "ability_manager_access_loader.h" #include "access_token.h" #include "hap_token_info_inner.h" #include "iremote_broker.h" @@ -114,7 +113,6 @@ private: bool GetLocationPermissionState(AccessTokenID tokenID, std::vector& reqPermList, std::vector& permsList, int32_t apiVersion, const LocationIndex& locationIndex); bool IsPermissionStateOrFlagMatched(const PermissionStatus& stata1, const PermissionStatus& stata2); - AbilityManagerAccessLoaderInterface* GetAbilityManager(); PermissionGrantEvent grantEvent_; static std::recursive_mutex mutex_; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 74d7934018f6057452cf25f8082a3b12e706e9a5..dcaaa05911637698f88d2aae2308b5c940ec5c4e 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -19,6 +19,7 @@ #include #include +#include "ability_manager_access_loader.h" #include "access_token.h" #include "access_token_error.h" #include "accesstoken_dfx_define.h" @@ -262,18 +263,6 @@ int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::strin return ret; } -AbilityManagerAccessLoaderInterface* PermissionManager::GetAbilityManager() -{ - if (abilityManagerLoader_ == nullptr) { - std::lock_guard lock(abilityManagerMutex_); - if (abilityManagerLoader_ == nullptr) { - abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); - } - } - - return abilityManagerLoader_->GetObject(); -} - int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, const std::string& bundleName, const std::string& abilityName) { @@ -289,7 +278,15 @@ int32_t PermissionManager::RequestAppPermOnSetting(const HapTokenInfo& hapInfo, .callerTokenId = IPCSkeleton::GetCallingTokenID() }; - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); + { + std::lock_guard lock(abilityManagerMutex_); + if (abilityManagerLoader_ == nullptr) { + abilityManagerLoader_ = std::make_shared(ABILITY_MANAGER_LIBPATH); + } + } + + AbilityManagerAccessLoaderInterface* abilityManager = + abilityManagerLoader_->GetObject(); if (abilityManager == nullptr) { LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); return AccessTokenError::ERR_SERVICE_ABNORMAL; @@ -370,10 +367,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( // To notify kill process when perm is revoke if (needKill && (!isGranted && !isSecCompGrantedBefore)) { LOGI(ATM_DOMAIN, ATM_TAG, "(%{public}s) is revoked, kill process(%{public}u).", permission.c_str(), id); - AbilityManagerAccessLoaderInterface* abilityManager = GetAbilityManager(); - if (abilityManager == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "AbilityManager is nullptr!"); - } else if ((ret = abilityManager->KillProcessForPermissionUpdate(id)) != ERR_OK) { + if ((ret = AppManagerAccessClient::GetInstance().KillProcessesByAccessTokenId(id)) != ERR_OK) { LOGE(ATM_DOMAIN, ATM_TAG, "kill process failed, ret=%{public}d.", ret); } } diff --git a/services/accesstokenmanager/test/mock/library_loader_mock.cpp b/services/accesstokenmanager/test/mock/library_loader_mock.cpp index 5d5275cd51bea9d56d9e53b40c1525b7d64f8e1c..0fddd8429cb1559dee2f0f060cedc11fd3d8a527 100644 --- a/services/accesstokenmanager/test/mock/library_loader_mock.cpp +++ b/services/accesstokenmanager/test/mock/library_loader_mock.cpp @@ -27,7 +27,6 @@ static constexpr uint32_t INVALID_INDEX = 0; class AbilityManagerAccessLoaderMock final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, @@ -39,11 +38,6 @@ int32_t AbilityManagerAccessLoaderMock::StartAbility(const InnerWant &innerWant, return ERR_OK; } -int32_t AbilityManagerAccessLoaderMock::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return ERR_OK; -} - LibraryLoader::LibraryLoader(const std::string& path) { instance_ = new AbilityManagerAccessLoaderMock(); diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 3b4a6b43f158c6cf3be90dd43c8fe721dd7c43fb..d9e57623222c2e148f5638b2b5d2aff902c0e6da 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -44,6 +44,7 @@ ohos_static_library("accesstoken_service_common") { public_configs = [ ":accesstoken_service_common_public_config" ] sources = [ + "app_manager/src/ams_manager_access_proxy.cpp", "app_manager/src/app_manager_access_client.cpp", "app_manager/src/app_state_data.cpp", "app_manager/src/app_status_change_callback.cpp", diff --git a/services/common/ability_manager/include/ability_manager_access_loader.h b/services/common/ability_manager/include/ability_manager_access_loader.h index da312b15eb88dbf35476cede7b2a49c44708793a..f11745177ad63b39de99f008c4f574e37007cb7f 100644 --- a/services/common/ability_manager/include/ability_manager_access_loader.h +++ b/services/common/ability_manager/include/ability_manager_access_loader.h @@ -40,12 +40,10 @@ public: AbilityManagerAccessLoaderInterface() {} virtual ~AbilityManagerAccessLoaderInterface() {} virtual int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - virtual int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); }; class AbilityManagerAccessLoader final: public AbilityManagerAccessLoaderInterface { int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken) override; - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId) override; }; #ifdef __cplusplus diff --git a/services/common/ability_manager/include/ability_manager_adapter.h b/services/common/ability_manager/include/ability_manager_adapter.h index 5dab21b8698299bb079243ee31a8a914429a6133..d2e0ee4f13076b619f6363c20fb92ed1546dd431 100644 --- a/services/common/ability_manager/include/ability_manager_adapter.h +++ b/services/common/ability_manager/include/ability_manager_adapter.h @@ -36,12 +36,6 @@ public: static AbilityManagerAdapter& GetInstance(); int32_t StartAbility(const InnerWant &innerWant, const sptr &callerToken); - int32_t KillProcessForPermissionUpdate(uint32_t accessTokenId); - - enum class Message { - START_ABILITY = 1001, - KILL_PROCESS_FOR_PERMISSION_UPDATE = 5300, - }; private: void InitProxy(); diff --git a/services/common/ability_manager/src/ability_manager_access_loader.cpp b/services/common/ability_manager/src/ability_manager_access_loader.cpp index b1812b6bd78b638e51a104f31dec449d2abb6741..9a59e08c2699325de31fc37735607373c1061b47 100644 --- a/services/common/ability_manager/src/ability_manager_access_loader.cpp +++ b/services/common/ability_manager/src/ability_manager_access_loader.cpp @@ -29,11 +29,6 @@ int32_t AbilityManagerAccessLoader::StartAbility( #endif } -int32_t AbilityManagerAccessLoader::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - return AbilityManagerAdapter::GetInstance().KillProcessForPermissionUpdate(accessTokenId); -} - void* Create() { return reinterpret_cast(new AbilityManagerAccessLoader); diff --git a/services/common/ability_manager/src/ability_manager_adapter.cpp b/services/common/ability_manager/src/ability_manager_adapter.cpp index 922d1cf4e41620723cf6accc428b94249df7429e..dc8f09ab950da234e3fe92c6bced50f8412df841 100644 --- a/services/common/ability_manager/src/ability_manager_adapter.cpp +++ b/services/common/ability_manager/src/ability_manager_adapter.cpp @@ -14,6 +14,7 @@ */ #include "ability_manager_adapter.h" +#include "ability_manager_ipc_interface_code.h" #include "access_token_error.h" #include "accesstoken_common_log.h" #include @@ -100,7 +101,7 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp LOGE(ATM_DOMAIN, ATM_TAG, "RequestCode write failed."); return AccessTokenError::ERR_WRITE_PARCEL_FAILED; } - int32_t error = abms->SendRequest(static_cast(AbilityManagerAdapter::Message::START_ABILITY), + int32_t error = abms->SendRequest(static_cast(AbilityManagerInterfaceCode::START_ABILITY), data, reply, option); if (error != NO_ERROR) { LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); @@ -109,35 +110,6 @@ int32_t AbilityManagerAdapter::StartAbility(const InnerWant &innerWant, const sp return reply.ReadInt32(); } -int32_t AbilityManagerAdapter::KillProcessForPermissionUpdate(uint32_t accessTokenId) -{ - auto abms = GetProxy(); - if (abms == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to GetProxy."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - - MessageParcel data; - MessageParcel reply; - MessageOption option; - - if (!data.WriteInterfaceToken(ABILITY_MGR_DESCRIPTOR)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write WriteInterfaceToken."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - if (!data.WriteUint32(accessTokenId)) { - LOGE(ATM_DOMAIN, ATM_TAG, "WriteUint32 failed."); - return AccessTokenError::ERR_WRITE_PARCEL_FAILED; - } - int32_t error = abms->SendRequest(static_cast( - AbilityManagerAdapter::Message::KILL_PROCESS_FOR_PERMISSION_UPDATE), data, reply, option); - if (error != NO_ERROR) { - LOGE(ATM_DOMAIN, ATM_TAG, "SendRequest error: %{public}d", error); - return error; - } - return reply.ReadInt32(); -} - void AbilityManagerAdapter::InitProxy() { if (proxy_ != nullptr && (!proxy_->IsObjectDead())) { diff --git a/services/common/app_manager/BUILD.gn b/services/common/app_manager/BUILD.gn index a6026e7f25159c1d72caf9398cdc98317edb5da8..7f1a2c24597d9872bc0edcf544e7c14456c500be 100644 --- a/services/common/app_manager/BUILD.gn +++ b/services/common/app_manager/BUILD.gn @@ -33,6 +33,7 @@ ohos_shared_library("accesstoken_app_manager") { ] sources = [ + "src/ams_manager_access_proxy.cpp", "src/app_manager_access_client.cpp", "src/app_state_data.cpp", "src/app_status_change_callback.cpp", diff --git a/services/common/app_manager/include/ams_manager_access_proxy.h b/services/common/app_manager/include/ams_manager_access_proxy.h new file mode 100644 index 0000000000000000000000000000000000000000..d54f6cae00fce5dd4cee24a374d13d7e0c9f2726 --- /dev/null +++ b/services/common/app_manager/include/ams_manager_access_proxy.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_AMS_MANAGER_ACCESS_PROXY_H +#define ACCESS_AMS_MANAGER_ACCESS_PROXY_H + +#include + +#include "app_state_data.h" +#include "process_data.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class IAmsMgr : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.appexecfwk.IAmsMgr"); + + virtual int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) = 0; + + enum class Message { + FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID = 49, + }; +}; + +class AmsManagerAccessProxy : public IRemoteProxy { +public: + explicit AmsManagerAccessProxy(const sptr& impl) : IRemoteProxy(impl) {} + + virtual ~AmsManagerAccessProxy() = default; + + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId) override; +private: + static inline BrokerDelegator delegator_; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_AMS_MANAGER_ACCESS_PROXY_H diff --git a/services/common/app_manager/include/app_manager_access_client.h b/services/common/app_manager/include/app_manager_access_client.h index 2e2bbcdd0b995add7e4b26267315e04117c50675..732287dffbe7b8f89242bd7f251706231401496b 100644 --- a/services/common/app_manager/include/app_manager_access_client.h +++ b/services/common/app_manager/include/app_manager_access_client.h @@ -31,6 +31,7 @@ public: static AppManagerAccessClient& GetInstance(); virtual ~AppManagerAccessClient(); + int32_t KillProcessesByAccessTokenId(const uint32_t accessTokenId); int32_t RegisterApplicationStateObserver(const sptr& observer); int32_t UnregisterApplicationStateObserver(const sptr& observer); int32_t GetForegroundApplications(std::vector& list); @@ -38,6 +39,7 @@ public: void OnRemoteDiedHandle(); enum class Message { + APP_GET_MGR_INSTANCE = 6, REGISTER_APPLICATION_STATE_OBSERVER = 12, UNREGISTER_APPLICATION_STATE_OBSERVER = 13, GET_FOREGROUND_APPLICATIONS = 14, diff --git a/services/common/app_manager/src/ams_manager_access_proxy.cpp b/services/common/app_manager/src/ams_manager_access_proxy.cpp new file mode 100644 index 0000000000000000000000000000000000000000..5f2ae4a49a8c8e27918e03fee173b04f954883e6 --- /dev/null +++ b/services/common/app_manager/src/ams_manager_access_proxy.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ams_manager_access_proxy.h" +#include "accesstoken_common_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t ERROR = -1; +} +int32_t AmsManagerAccessProxy::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + MessageParcel data; + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + if (!data.WriteInterfaceToken(GetDescriptor())) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed."); + return ERROR; + } + + if (!data.WriteInt32(accessTokenId)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInt32 failed."); + return ERROR; + } + sptr remote = Remote(); + if (remote == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Remote service is null."); + return ERROR; + } + int32_t error = remote->SendRequest( + static_cast(IAmsMgr::Message::FORCE_KILL_APPLICATION_BY_ACCESS_TOKEN_ID), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "KillProcessesByAccessTokenId failed, error: %{public}d", error); + return ERROR; + } + return reply.ReadInt32(); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp index 374f3e86d0d5400a3bbfeeb388e2dee38e49ccab..483470cc70f5b705f21ec4d740e12b416d416ef1 100644 --- a/services/common/app_manager/src/app_manager_access_client.cpp +++ b/services/common/app_manager/src/app_manager_access_client.cpp @@ -16,6 +16,7 @@ #include #include "accesstoken_common_log.h" +#include "ams_manager_access_proxy.h" #include "iservice_registry.h" #include "system_ability_definition.h" @@ -51,6 +52,36 @@ AppManagerAccessClient::~AppManagerAccessClient() ReleaseProxy(); } +int32_t AppManagerAccessClient::KillProcessesByAccessTokenId(const uint32_t accessTokenId) +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return ERROR; + } + + MessageParcel data; + MessageParcel reply; + MessageOption option; + if (!data.WriteInterfaceToken(DESCRIPTOR)) { + LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed"); + return ERROR; + } + int32_t error = proxy->SendRequest( + static_cast(AppManagerAccessClient::Message::APP_GET_MGR_INSTANCE), data, reply, option); + if (error != ERR_NONE) { + LOGE(ATM_DOMAIN, ATM_TAG, "GetAmsMgr failed, error: %{public}d", error); + return ERROR; + } + sptr object = reply.ReadRemoteObject(); + sptr amsService = new AmsManagerAccessProxy(object); + if (amsService == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "AmsService is null."); + return ERROR; + } + return amsService->KillProcessesByAccessTokenId(accessTokenId); +} + int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr& observer) { LOGI(ATM_DOMAIN, ATM_TAG, "Entry");