From c284d7c2f7a7f1005657de4b623d1060a0d60649 Mon Sep 17 00:00:00 2001 From: lihehe Date: Sat, 22 Mar 2025 11:19:24 +0800 Subject: [PATCH] add hisysevent when error occurred Signed-off-by: lihehe Change-Id: I219e94ad36000fa5582d6ef14f17d8b99947cd19 --- frameworks/common/BUILD.gn | 36 ++++- .../common/include/accesstoken_common_log.h | 24 +++- .../common/src/accesstoken_common_log.cpp | 132 ++++++++++++++++++ frameworks/common/src/data_validator.cpp | 29 +++- hisysevent.yaml | 22 +++ .../accesstoken/include/hap_token_info.h | 4 +- .../main/cpp/include/dfx/hisysevent_adapter.h | 12 ++ .../include/permission/permission_manager.h | 2 + .../service/accesstoken_manager_service.h | 2 + .../main/cpp/src/database/access_token_db.cpp | 37 +++-- .../main/cpp/src/dfx/hisysevent_adapter.cpp | 14 ++ .../src/permission/permission_data_brief.cpp | 8 +- .../cpp/src/permission/permission_manager.cpp | 61 +++++--- .../permission/temp_permission_observer.cpp | 4 +- .../service/accesstoken_manager_service.cpp | 75 +++++++++- .../src/service/accesstoken_manager_stub.cpp | 4 +- .../src/token/accesstoken_info_manager.cpp | 54 ++++--- .../cpp/src/token/hap_token_info_inner.cpp | 2 + 18 files changed, 441 insertions(+), 81 deletions(-) create mode 100644 frameworks/common/src/accesstoken_common_log.cpp diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn index d8c90e817..a970dab5e 100644 --- a/frameworks/common/BUILD.gn +++ b/frameworks/common/BUILD.gn @@ -21,6 +21,8 @@ config("accesstoken_common_cxx_public_config") { action("permission_definition_parse") { script = "permission_definition_parser.py" + inputs = [ rebase_path("${access_token_path}") + + "/services/accesstokenmanager/permission_definitions.json" ] args = [ "--input-json", rebase_path("${access_token_path}") + @@ -31,6 +33,35 @@ action("permission_definition_parse") { outputs = [ "$target_out_dir" ] } +ohos_static_library("accesstoken_static_log") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false + } + branch_protector_ret = "pac_ret" + + public_configs = [ ":accesstoken_common_cxx_public_config" ] + + include_dirs = [ "include" ] + + sources = [ "src/accesstoken_common_log.cpp" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} + ohos_shared_library("accesstoken_common_cxx") { subsystem_name = "security" innerapi_tags = [ @@ -61,7 +92,10 @@ ohos_shared_library("accesstoken_common_cxx") { "src/time_util.cpp", ] - deps = [ ":permission_definition_parse" ] + deps = [ + ":accesstoken_static_log", + ":permission_definition_parse", + ] external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/frameworks/common/include/accesstoken_common_log.h b/frameworks/common/include/accesstoken_common_log.h index 634f533a0..3286f0bc3 100644 --- a/frameworks/common/include/accesstoken_common_log.h +++ b/frameworks/common/include/accesstoken_common_log.h @@ -16,6 +16,7 @@ #ifndef ACCESSTOKEN_COMMON_LOG_H #define ACCESSTOKEN_COMMON_LOG_H +#include #include "hilog/log.h" #define ATM_DOMAIN 0xD005A01 @@ -24,9 +25,11 @@ #define PRI_DOMAIN 0xD005A02 #define PRI_TAG "PRIVACY" +#define LOG_PUBLIC "{public}" + #define LOGF(domain, tag, fmt, ...) \ ((void)HILOG_IMPL(LOG_CORE, LOG_FATAL, domain, tag, \ - "[%{upblic}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) #define LOGE(domain, tag, fmt, ...) \ ((void)HILOG_IMPL(LOG_CORE, LOG_ERROR, domain, tag, \ "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) @@ -40,6 +43,25 @@ ((void)HILOG_IMPL(LOG_CORE, LOG_DEBUG, domain, tag, \ "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)) +namespace OHOS { +namespace Security { +namespace AccessToken { +uint32_t GetThreadErrorMsgLen(void); +const char *GetThreadErrorMsg(void); +void ClearThreadErrorMsg(void); +void AddEventMessage(unsigned int domain, const char *tag, const char *format, ...); +} +} +} + +#define LOGC(domain, tag, fmt, ...) \ +do { \ + ((void)HILOG_IMPL(LOG_CORE, LOG_ERROR, domain, tag, \ + "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)); \ + OHOS::Security::AccessToken::AddEventMessage(domain, tag, \ + "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt, __func__, __LINE__, ##__VA_ARGS__); \ +} while (0) + #define IF_FALSE_PRINT_LOG(domain, tag, cond, fmt, ...) \ do { \ if (!(cond)) { \ diff --git a/frameworks/common/src/accesstoken_common_log.cpp b/frameworks/common/src/accesstoken_common_log.cpp new file mode 100644 index 000000000..47f6fa8e8 --- /dev/null +++ b/frameworks/common/src/accesstoken_common_log.cpp @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstoken_common_log.h" + +#include +#include +#include +#include +#include +#include +#include "securec.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +constexpr uint32_t MAX_ERROR_MESSAGE_LEN = 4096; +static __thread uint32_t g_msgLen = 0; +static __thread char g_errMsg[MAX_ERROR_MESSAGE_LEN + 1]; + +uint32_t GetThreadErrorMsgLen(void) +{ + return g_msgLen; +} + +const char *GetThreadErrorMsg(void) +{ + return g_errMsg; +} + +void ClearThreadErrorMsg(void) +{ + (void)memset_s(g_errMsg, MAX_ERROR_MESSAGE_LEN + 1, 0, MAX_ERROR_MESSAGE_LEN + 1); + g_msgLen = 0; +} + +void AppendThreadErrMsg(unsigned int domain, const char *tag, + const uint8_t *buff, uint32_t buffLen) +{ + if (g_msgLen + buffLen >= MAX_ERROR_MESSAGE_LEN) { + LOGE(domain, tag, "buff will overflow!" + "g_msgLen = %{public}u, buffLen = %{public}u", g_msgLen, buffLen); + return; + } + if (memcpy_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN - g_msgLen, buff, buffLen) != EOK) { + LOGE(domain, tag, "memcpy_s fail!" + "g_msgLen = %{public}u, buffLen = %{public}u", g_msgLen, buffLen); + return; + } + g_msgLen += buffLen; +} + +static bool ReplaceSubstring(unsigned int domain, const char *tag, + const char *format, char result[MAX_ERROR_MESSAGE_LEN]) +{ + std::string formatString(format); + std::string::size_type pos; + while ((pos = formatString.find(LOG_PUBLIC)) != std::string::npos) { + formatString.replace(pos, strlen(LOG_PUBLIC), ""); + } + if (memcpy_s(result, MAX_ERROR_MESSAGE_LEN, formatString.c_str(), formatString.size()) != EOK) { + return false; + } + return true; +} + +void AddEventMessage(unsigned int domain, const char *tag, + const char *format, ...) +{ + va_list ap; + + if (g_msgLen == 0) { + char newFormat[MAX_ERROR_MESSAGE_LEN] = {0}; + if (!ReplaceSubstring(domain, tag, format, newFormat)) { + LOGE(domain, tag, "skip to add errMsg"); + return; + } + va_start(ap, format); + char buff[MAX_ERROR_MESSAGE_LEN] = {0}; + int32_t buffLen = vsnprintf_s(buff, MAX_ERROR_MESSAGE_LEN, MAX_ERROR_MESSAGE_LEN - 1, newFormat, ap); + va_end(ap); + if (buffLen < 0) { + LOGE(domain, tag, "vsnprintf_s fail! ret: %{public}d, newFormat:[%{public}s]", buffLen, + newFormat); + return; + } + if (g_msgLen + static_cast(buffLen) >= MAX_ERROR_MESSAGE_LEN) { + LOGE(domain, tag, "errMsg is almost full!"); + return; + } + + if (memcpy_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN, buff, buffLen) != EOK) { + LOGE(domain, tag, "copy errMsg buff fail!"); + return; + } + g_msgLen += static_cast(buffLen); + } else { + va_start(ap, format); + char *funName = va_arg(ap, char *); + uint32_t lineNo = va_arg(ap, uint32_t); + va_end(ap); + + if (funName == nullptr) { + LOGE(domain, tag, "Get funName fail!"); + return; + } + int32_t offset = sprintf_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN - g_msgLen, " <%s[%u]", + funName, lineNo); + if (offset <= 0) { + LOGE(domain, tag, "append call chain fail! offset: [%{public}d]", offset); + return; + } + g_msgLen += static_cast(offset); + } +} + +} // namespace AccessToken +} // namespace Security +} // namespace OHOS \ No newline at end of file diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 88b217f2a..329636c47 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -27,23 +27,35 @@ namespace AccessToken { bool DataValidator::IsBundleNameValid(const std::string& bundleName) { - return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH); + bool ret = (!bundleName.empty() && (bundleName.length() <= MAX_LENGTH)); + if (!ret) { + LOGC(ATM_DOMAIN, ATM_TAG, "bunldename %{public}s is invalid.", bundleName.c_str()); + } + return ret; } bool DataValidator::IsLabelValid(const std::string& label) { - return label.length() <= MAX_LENGTH; + bool ret = (label.length() <= MAX_LENGTH); + if (!ret) { + LOGC(ATM_DOMAIN, ATM_TAG, "label %{public}s is invalid.", label.c_str()); + } + return ret; } bool DataValidator::IsDescValid(const std::string& desc) { - return desc.length() <= MAX_LENGTH; + bool ret = desc.length() <= MAX_LENGTH; + if (!ret) { + LOGC(ATM_DOMAIN, ATM_TAG, "desc %{public}s is invalid.", desc.c_str()); + } + return ret; } bool DataValidator::IsPermissionNameValid(const std::string& permissionName) { if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast(permissionName.length())); + LOGC(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast(permissionName.length())); return false; } return true; @@ -51,12 +63,17 @@ bool DataValidator::IsPermissionNameValid(const std::string& permissionName) bool DataValidator::IsUserIdValid(const int userId) { - return userId >= 0; + bool ret = (userId >= 0); + if (!ret) { + LOGC(ATM_DOMAIN, ATM_TAG, "userId %{public}d is invalid.", userId); + } + return ret; } bool DataValidator::IsAclExtendedMapSizeValid(const std::map& aclExtendedMap) { if (aclExtendedMap.size() > MAX_EXTENDED_MAP_SIZE) { + LOGC(ATM_DOMAIN, ATM_TAG, "aclExtendedMap is oversize %{public}zu.", aclExtendedMap.size()); return false; } return true; @@ -69,7 +86,7 @@ bool DataValidator::IsAclExtendedMapContentValid(const std::string& permissionNa } if (value.empty() || (value.length() > MAX_VALUE_LENGTH)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast(value.length())); + LOGC(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast(value.length())); return false; } return true; diff --git a/hisysevent.yaml b/hisysevent.yaml index 9db48c4d2..3b4f5f5ec 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -69,6 +69,9 @@ DEL_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + DURATION: {type: INT64, desc: duration} PERM_DIALOG_STATUS_INFO: __BASE: {type: STATISTIC, level: MINOR, desc: status information of permission dialog} @@ -93,6 +96,11 @@ UPDATE_PERMISSION: PERMISSION_NAME: {type: STRING, desc: permission name} PERMISSION_FLAG: {type: UINT32, desc: permission flag} GRANTED_FLAG: {type: BOOL, desc: grant or revoke} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + USERID: {type: INT32, desc: user id} + BUNDLENAME: {type: STRING, desc: bundle name} + INSTINDEX: {type: INT32, desc: inst index} UPDATE_HAP: __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device} @@ -100,6 +108,14 @@ UPDATE_HAP: USERID: {type: INT32, desc: user id} BUNDLENAME: {type: STRING, desc: bundle name} INSTINDEX: {type: INT32, desc: inst index} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + TOKENIDEX: {type: UINT64, desc: tokenIDEx} + PERM_INFO: {type: STRING, desc: perm info} + ACL_INFO: {type: STRING, desc: acl info} + PREAUTH_INFO: {type: STRING, desc: pre-auth info} + EXTEND_INFO: {type: STRING, desc: extend info} + DURATION: {type: INT64, desc: duration} CLEAR_USER_PERMISSION_STATE: __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state} @@ -136,3 +152,9 @@ VERIFY_ACCESS_TOKEN_EVENT: SELF_TOKENID: {type: UINT32, desc: self tokenID} CONTEXT_TOKENID: {type: UINT32, desc: context tokenID} +ACCESSTOKEN_EXCEPTION: + __BASE: {type: FAULT, level: CRITICAL, desc: accesstoken exception} + SCENE_CODE: {type: INT32, desc: scene code} + ERROR_CODE: {type: INT32, desc: error code} + ERROR_MSG: {type: STRING, desc: error reason} + diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h index 5e80c3ced..0292fc395 100644 --- a/interfaces/innerkits/accesstoken/include/hap_token_info.h +++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h @@ -96,12 +96,12 @@ public: class HapTokenInfo final { public: char ver; - int userID; + int userID = 0; std::string bundleName; /** which version of the SDK is used to develop this hap */ int32_t apiVersion; /** instance index */ - int instIndex; + int instIndex = 0; /** * dlp type, for details about the valid values, * see the definition of HapDlpType in the access_token.h file. diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h index ea480d440..9b527e347 100644 --- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h +++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h @@ -34,9 +34,21 @@ enum UpdatePermStatusErrorCode { DLP_CHECK_FAILED = 1, UPDATE_PERMISSION_STATUS_FAILED = 2, }; +enum CommonSceneCode { + AT_COMMOM_START = 0, + AT_COMMON_FINISH = 1, +}; +struct AccessTokenDfxInfo { + std::string permInfo; + std::string aclInfo; + std::string preauthInfo; + std::string extendInfo; +}; void ReportSysEventPerformance(); void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize); void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode); +void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode); + } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h index e0b4eb58c..14cd8a00a 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h @@ -67,6 +67,8 @@ public: const std::string& bundleName, const std::string& abilityName); int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag); + int32_t CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag); int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName, bool isGranted, uint32_t flag, bool needKill); int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag); diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index befb3df1b..4164dbf1d 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -121,6 +121,8 @@ private: bool Initialize(); void AccessTokenServiceParamSet() const; PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector& reqPermList); + int32_t UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result); ServiceRunningState state_; std::string grantBundleName_; std::string grantAbilityName_; diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp index cbcbd7400..d2f056fdf 100644 --- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp @@ -64,14 +64,14 @@ int32_t AccessTokenDb::RestoreAndInsertIfCorrupt(const int32_t resultCode, int64 LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try insert again!"); res = db->BatchInsert(outInsertNum, tableName, buckets); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s again, res is %{public}d.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s again, res is %{public}d.", tableName.c_str(), res); return res; } @@ -160,14 +160,14 @@ int32_t AccessTokenDb::RestoreAndDeleteIfCorrupt(const int32_t resultCode, int32 LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try delete again!"); res = db->Delete(deletedRows, predicates); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s again, res is %{public}d.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s again, res is %{public}d.", predicates.GetTableName().c_str(), res); return res; } @@ -220,14 +220,14 @@ int32_t AccessTokenDb::RestoreAndUpdateIfCorrupt(const int32_t resultCode, int32 LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try update again!"); res = db->Update(changedRows, bucket, predicates); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s again, res is %{public}d.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s again, res is %{public}d.", predicates.GetTableName().c_str(), res); return res; } @@ -242,6 +242,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif std::string tableName; AccessTokenDbUtil::GetTableNameByType(type, tableName); if (tableName.empty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "Get table name failed, type=%{public}d!", static_cast(type)); return AccessTokenError::ERR_PARAM_INVALID; } @@ -249,6 +250,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket); if (bucket.IsEmpty()) { + LOGC(ATM_DOMAIN, ATM_TAG, "To rdb value bucket failed!"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -260,7 +262,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -270,6 +272,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif tableName.c_str(), res); int32_t result = RestoreAndUpdateIfCorrupt(res, changedRows, bucket, predicates, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and update, result is %{public}d.", result); return result; } } @@ -296,19 +299,19 @@ int32_t AccessTokenDb::RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates& LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try query again!"); queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.", predicates.GetTableName().c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to get result count."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } } @@ -335,19 +338,20 @@ int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValu OHOS::Utils::UniqueReadGuard lock(this->rwLock_); auto db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } auto queryResultSet = db->Query(predicates, columns); if (queryResultSet == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.", tableName.c_str()); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } int32_t res = RestoreAndQueryIfCorrupt(predicates, columns, queryResultSet, db); if (res != 0) { + LOGC(ATM_DOMAIN, ATM_TAG, "Restore and query failed!"); return res; } @@ -380,14 +384,14 @@ int32_t AccessTokenDb::RestoreAndCommitIfCorrupt(const int32_t resultCode, LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!"); int32_t res = db->Restore(""); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res); return res; } LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try commit again!"); res = db->Commit(); if (res != NativeRdb::E_OK) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res); return res; } @@ -404,7 +408,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( OHOS::Utils::UniqueWriteGuard lock(this->rwLock_); std::shared_ptr db = GetRdb(); if (db == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr."); + LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr."); return AccessTokenError::ERR_DATABASE_OPERATE_FAILED; } @@ -416,6 +420,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = RemoveValues(delDataTypes[i], delValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Remove values failed, res is %{public}d.", res); return res; } } @@ -425,6 +430,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( res = AddValues(addDataTypes[i], addValues[i]); if (res != 0) { db->RollBack(); + LOGC(ATM_DOMAIN, ATM_TAG, "Add values failed, res is %{public}d.", res); return res; } } @@ -434,6 +440,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues( LOGE(ATM_DOMAIN, ATM_TAG, "Failed to commit, res is %{public}d.", res); int32_t result = RestoreAndCommitIfCorrupt(res, db); if (result != NativeRdb::E_OK) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and commit, result is %{public}d.", result); return result; } } diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp index 18558ee01..4511527a9 100644 --- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp +++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp @@ -57,6 +57,20 @@ void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); } } + +void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode) +{ + if (GetThreadErrorMsgLen() == 0) { + return; + } + int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_EXCEPTION", + HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", ipcCode, "ERROR_CODE", errCode, + "ERROR_MSG", GetThreadErrorMsg()); + if (ret != 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret); + } + ClearThreadErrorMsg(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index 845a52f24..fbcdb9645 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -409,7 +409,7 @@ int32_t PermissionDataBrief::UpdatePermStateList( { auto iterPermData = requestedPermData_.find(tokenId); if (iterPermData == requestedPermData_.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); + LOGC(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId); return ERR_TOKEN_INVALID; } std::vector& permBriefDatalist = requestedPermData_[tokenId]; @@ -418,12 +418,12 @@ int32_t PermissionDataBrief::UpdatePermStateList( return opCode == permData.permCode; }); if (iter == permBriefDatalist.end()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission not request!"); return AccessTokenError::ERR_PARAM_INVALID; } if ((static_cast(iter->flag) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!"); return AccessTokenError::ERR_PARAM_INVALID; } iter->status = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED; @@ -448,7 +448,7 @@ int32_t PermissionDataBrief::UpdateSecCompGrantedPermList(AccessTokenID tokenId, if (status == PERMISSION_GRANTED) { return RET_SUCCESS; } else { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user."); return ERR_PERMISSION_DENIED; } } else { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 74d793401..817da8dd5 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -25,6 +25,7 @@ #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_common_log.h" +#include "accesstoken_service_ipc_interface_code.h" #include "access_token_db.h" #include "app_manager_access_client.h" #include "callback_manager.h" @@ -345,7 +346,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( { std::shared_ptr infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); + LOGC(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } @@ -359,6 +360,7 @@ int32_t PermissionManager::UpdateTokenPermissionState( bool statusChanged = false; ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update info perm status failed, ret is %{public}d", ret); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", UPDATE_PERMISSION_STATUS_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", ret, @@ -389,12 +391,12 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag) { if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote token can not update"); return AccessTokenError::ERR_IDENTITY_CHECK_FAILED; } if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) { if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str()); return ERR_IDENTITY_CHECK_FAILED; } } @@ -404,7 +406,7 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr if (hapDlpType != DLP_COMMON) { int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission); if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) { - LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR", HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", DLP_CHECK_FAILED, "TOKENID", id, "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", hapDlpType, "INT_VAL2", permDlpMode); @@ -420,6 +422,8 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st { int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Update permission %{public}u %{public}s failed, ret is %{public}d", tokenID, + permissionName.c_str(), ret); return ret; } @@ -432,10 +436,6 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st } #endif - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", - HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME", - permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); return RET_SUCCESS; } @@ -443,15 +443,15 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const bool isGranted, uint32_t flag) { if (!PermissionValidator::IsPermissionNameValid(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str()); return AccessTokenError::ERR_PARAM_INVALID; } if (!IsDefinedPermission(permissionName)) { - LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str()); return AccessTokenError::ERR_PERMISSION_NOT_EXIST; } if (!PermissionValidator::IsPermissionFlagValid(flag)) { - LOGE(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); + LOGC(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag); return AccessTokenError::ERR_PARAM_INVALID; } bool needKill = false; @@ -465,18 +465,45 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill); } +int32_t PermissionManager::CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName, + bool isGranted, uint32_t flag) +{ + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted); + + int32_t ret = CheckAndUpdatePermission(tokenID, permissionName, isGranted, flag); + + uint32_t newFlag = flag; + if (ret == RET_SUCCESS && GetPermissionFlag(tokenID, permissionName, flag) == RET_SUCCESS) { + flag = newFlag; + } + + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION", + HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH, + "TOKENID", tokenID, "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted, + "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(isGranted ? AccessTokenInterfaceCode::GRANT_PERMISSION : + AccessTokenInterfaceCode::REVOKE_PERMISSION), ret); + return ret; +} + int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", tokenID, permissionName.c_str(), flag); - return CheckAndUpdatePermission(tokenID, permissionName, true, flag); + return CheckAndUpdatePermissionInner(tokenID, permissionName, true, flag); } int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d", tokenID, permissionName.c_str(), flag); - return CheckAndUpdatePermission(tokenID, permissionName, false, flag); + return CheckAndUpdatePermissionInner(tokenID, permissionName, false, flag); } int32_t PermissionManager::GrantPermissionForSpecifiedTime( @@ -803,7 +830,7 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy) if (policy.apl < briefDef.availableLevel) { if (!briefDef.provisionEnable) { - LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", briefDef.permissionName); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", briefDef.permissionName); return false; } bool isAclExist = false; @@ -820,7 +847,7 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy) } if (!isAclExist) { - LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", briefDef.permissionName); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", briefDef.permissionName); return false; } } @@ -892,7 +919,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp if (!IsAclSatisfied(briefDef, policy)) { result.permCheckResult.permissionName = state.permissionName; result.permCheckResult.rule = PERMISSION_ACL_RULE; - LOGE(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); + LOGC(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName); return false; } @@ -900,7 +927,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) { result.permCheckResult.permissionName = state.permissionName; result.permCheckResult.rule = PERMISSION_EDM_RULE; - LOGE(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); + LOGC(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName); return false; } state.grantFlag = PERMISSION_DEFAULT_FLAG; diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp index ccb878ac6..d965600c0 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp @@ -425,12 +425,12 @@ bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, c { HapTokenInfo tokenInfo; if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID); return false; } auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName); if (iterator == g_tempPermission.end()) { - LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str()); return false; } return CheckPermissionState(tokenID, permissionName, tokenInfo.bundleName); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index f25826362..a2474cb5f 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -23,6 +23,7 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" +#include "accesstoken_service_ipc_interface_code.h" #include "accesstoken_common_log.h" #include "constant_common.h" #include "data_validator.h" @@ -45,7 +46,9 @@ #include "short_grant_manager.h" #include "string_ex.h" #include "system_ability_definition.h" +#include "time_util.h" #include "token_field_const.h" +#include "time_util.h" #ifdef TOKEN_SYNC_ENABLE #include "token_modify_notifier.h" #endif // TOKEN_SYNC_ENABLE @@ -425,8 +428,24 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID) { LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID); + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo); + ClearThreadErrorMsg(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START, + "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex); + // only support hap token deletion - return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH, + "TOKENID", tokenID, "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(AccessTokenInterfaceCode::TOKEN_DELETE), ret); + return ret; } int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID) @@ -452,19 +471,69 @@ AccessTokenID AccessTokenManagerService::AllocLocalTokenID( return tokenID; } -int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, +int32_t AccessTokenManagerService::UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) { - LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID); std::vector InitializedList; if (!PermissionManager::GetInstance().InitPermissionList( info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) { + LOGC(ATM_DOMAIN, ATM_TAG, "InitPermissionList failed, tokenId=%{public}u.", tokenIdEx.tokenIdExStruct.tokenID); return ERR_PERM_REQUEST_CFG_FAILED; } + int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info, InitializedList, policyParcel.hapPolicy); return ret; } + +static void DumpEventInfo(const HapPolicy& policy, AccessTokenDfxInfo& dfxInfo) +{ + dfxInfo.permInfo = std::to_string(policy.permStateList.size()) + " : ["; + for (const auto& permState : policy.permStateList) { + dfxInfo.permInfo.append(permState.permissionName + ", "); + } + dfxInfo.permInfo.append("]"); + + dfxInfo.aclInfo = std::to_string(policy.aclRequestedList.size()) + " : ["; + for (const auto& perm : policy.aclRequestedList) { + dfxInfo.aclInfo.append(perm + ", "); + } + dfxInfo.aclInfo.append("]"); + + dfxInfo.preauthInfo = std::to_string(policy.preAuthorizationInfo.size()) + " : ["; + for (const auto& preAuthInfo : policy.preAuthorizationInfo) { + dfxInfo.preauthInfo.append(preAuthInfo.permissionName + ", "); + } + dfxInfo.preauthInfo.append("]"); +} + +int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info, + const HapPolicyParcel& policyParcel, HapInfoCheckResult& result) +{ + int64_t beginTime = TimeUtil::GetCurrentTimestamp(); + HapTokenInfo hapInfo; + AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo); + ClearThreadErrorMsg(); + + AccessTokenDfxInfo dfxInfo; + DumpEventInfo(policyParcel.hapPolicy, dfxInfo); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex, + "PERM_INFO", dfxInfo.permInfo, "ACL_INFO", dfxInfo.aclInfo, "PREAUTH_INFO", dfxInfo.preauthInfo, + "EXTEND_INFO", dfxInfo.extendInfo); + + int32_t ret = UpdateHapTokenCore(tokenIdEx, info, policyParcel, result); + + int64_t endTime = TimeUtil::GetCurrentTimestamp(); + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", + HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH, + "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx, + "DURATION", endTime - beginTime, "ERROR_CODE", ret); + ReportSysCommonEventError(static_cast(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN), ret); + return ret; +} int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set& tokenIdList) { LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index c1341cd00..13c8b5d1b 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -23,6 +23,7 @@ #include "memory_guard.h" #include "string_ex.h" #include "tokenid_kit.h" +#include "hisysevent_adapter.h" #ifdef HICOLLIE_ENABLE #include "xcollie/xcollie.h" #endif // HICOLLIE_ENABLE @@ -51,6 +52,7 @@ int32_t AccessTokenManagerStub::OnRemoteRequest( { MemoryGuard guard; + ClearThreadErrorMsg(); uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID(); LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID); std::u16string descriptor = data.ReadInterfaceToken(); @@ -74,7 +76,7 @@ int32_t AccessTokenManagerStub::OnRemoteRequest( #ifdef HICOLLIE_ENABLE HiviewDFX::XCollie::GetInstance().CancelTimer(timerId); #endif // HICOLLIE_ENABLE - + ClearThreadErrorMsg(); return NO_ERROR; } } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 49d0e91b8..73ac976ab 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -227,7 +227,7 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr infoGuard(this->hapTokenInfoLock_); if (hapTokenInfoMap_.count(id) > 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u info has exist.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u info has exist.", id); return AccessTokenError::ERR_TOKENID_HAS_EXISTED; } @@ -281,14 +281,14 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( std::vector hapTokenResults; int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); if (ret != RET_SUCCESS || hapTokenResults.empty()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); return nullptr; } std::vector permStateRes; ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -297,7 +297,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes); if (ret != RET_SUCCESS) { // extendedPermRes may be empty - LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -305,7 +305,7 @@ std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInner( std::shared_ptr hap = std::make_shared(); ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes, extendedPermRes); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", + LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); return nullptr; } @@ -398,7 +398,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); if (type != TOKEN_HAP) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id); return ERR_PARAM_INVALID; } std::shared_ptr info; @@ -409,17 +409,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) AccessTokenIDManager::GetInstance().ReleaseTokenId(id); if (hapTokenInfoMap_.count(id) == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id); return ERR_TOKENID_NOT_EXIST; } info = hapTokenInfoMap_[id]; if (info == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id); return ERR_TOKEN_INVALID; } if (info->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id); return ERR_IDENTITY_CHECK_FAILED; } std::string HapUniqueKey = GetHapUniqueStr(info); @@ -429,7 +429,10 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) } hapTokenInfoMap_.erase(id); } - RemoveHapTokenInfoFromDb(info); + int32_t ret = RemoveHapTokenInfoFromDb(info); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Remove info from db failed, ret is %{public}d", ret); + } LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id); PermissionStateNotify(info, id); @@ -437,10 +440,6 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) TokenModifyNotifier::GetInstance().NotifyTokenDelete(id); #endif - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC, - "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(), - "INSTINDEX", info->GetInstIndex()); - return RET_SUCCESS; } @@ -475,7 +474,7 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con (!DataValidator::IsAppIDDescValid(info.appIDDesc)) || (!DataValidator::IsDomainValid(policy.domain)) || (!DataValidator::IsDlpTypeValid(info.dlpType)) || (info.isRestore && info.tokenID == INVALID_TOKENID) || !DataValidator::IsAclExtendedMapSizeValid(policy.aclExtendedMap)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param failed"); + LOGC(ATM_DOMAIN, ATM_TAG, "Hap token param failed"); return AccessTokenError::ERR_PARAM_INVALID; } @@ -484,7 +483,7 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con continue; } if (!DataValidator::IsAclExtendedMapContentValid(extendValue.first, extendValue.second)) { - LOGE(ATM_DOMAIN, ATM_TAG, "acl extended content is unvalid."); + LOGC(ATM_DOMAIN, ATM_TAG, "acl extended content is unvalid."); return AccessTokenError::ERR_PARAM_INVALID; } } @@ -502,7 +501,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( LOGI(ATM_DOMAIN, ATM_TAG, "isRestore is true, tokenId is %{public}u", tokenId); int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP); if (res != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token Id register failed, res is %{public}d", res); + LOGC(ATM_DOMAIN, ATM_TAG, "Token Id register failed, res is %{public}d", res); return res; } } else { @@ -510,7 +509,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0; tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, dlpFlag, cloneFlag); if (tokenId == 0) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token Id create failed"); + LOGC(ATM_DOMAIN, ATM_TAG, "Token Id create failed"); return ERR_TOKENID_CREATE_FAILED; } } @@ -528,7 +527,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo( AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false); int ret = AddHapTokenInfo(tokenInfo); if (ret != RET_SUCCESS) { - LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); + LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str()); AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId); RemoveHapTokenInfoFromDb(tokenInfo); return ret; @@ -624,17 +623,17 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const { AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID; if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID); return AccessTokenError::ERR_PARAM_INVALID; } std::shared_ptr infoPtr = GetHapTokenInfoInner(tokenID); if (infoPtr == nullptr) { - LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } if (infoPtr->IsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); + LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID); return ERR_IDENTITY_CHECK_FAILED; } if (info.isSystemApp) { @@ -649,15 +648,12 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true); if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Add hap info %{public}u to db failed!", tokenID); return ret; } LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u bundle name %{public}s user %{public}d \ inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr); - // DFX - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP", - HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", tokenID, "USERID", - infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex()); #ifdef TOKEN_SYNC_ENABLE TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID); @@ -955,11 +951,11 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrIsRemote()) { - LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); + LOGC(ATM_DOMAIN, ATM_TAG, "It is a remote hap!"); return AccessTokenError::ERR_TOKENID_NOT_EXIST; } AccessTokenID tokenID = hapInfo->GetTokenID(); @@ -1038,7 +1034,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr