From 8313331d010c7c81eb4063e5ea1b52b5180026dd Mon Sep 17 00:00:00 2001 From: zhouyan Date: Mon, 23 Jun 2025 15:58:19 +0800 Subject: [PATCH] =?UTF-8?q?=E9=80=82=E9=85=8Drdb=E5=8A=A8=E6=80=81?= =?UTF-8?q?=E5=8A=A0=E8=BD=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zhouyan Change-Id: I396f4a9d93cd3a998e03922b066c1f60417d86e5 --- bundle.json | 2 +- services/accesstokenmanager/BUILD.gn | 80 +++++- .../cpp/include/database/access_token_db.h | 4 +- .../include/database/access_token_db_loader.h | 68 +++++ .../include/database/access_token_db_util.h | 14 +- .../main/cpp/include/database/atm_data_type.h | 35 +++ .../cpp/include/database/dlopen_manager.h | 73 ++++++ .../permission/permission_data_brief.h | 4 +- .../include/token/accesstoken_info_manager.h | 6 +- .../src/database/access_token_db_loader.cpp | 101 ++++++++ .../main/cpp/src/database/dlopen_manager.cpp | 235 ++++++++++++++++++ .../src/permission/permission_data_brief.cpp | 6 +- .../cpp/src/permission/permission_manager.cpp | 13 +- .../service/accesstoken_manager_service.cpp | 35 ++- .../src/token/accesstoken_info_manager.cpp | 163 ++++++++---- .../cpp/src/token/hap_token_info_inner.cpp | 21 +- .../accesstokenmanager/test/coverage/BUILD.gn | 3 +- .../permission_manager_coverage_test.cpp | 22 +- .../accesstokenmanager/test/mock/BUILD.gn | 3 +- .../accesstokenmanager/test/unittest/BUILD.gn | 3 +- .../accesstoken_manager_service_test.cpp | 2 +- .../common/database/src/sqlite_helper.cpp | 4 +- .../accesstoken/access_token_service_fuzz.gni | 7 +- .../accesstoken/access_token_service_fuzz.gni | 12 +- 24 files changed, 800 insertions(+), 116 deletions(-) create mode 100644 services/accesstokenmanager/main/cpp/include/database/access_token_db_loader.h create mode 100644 services/accesstokenmanager/main/cpp/include/database/atm_data_type.h create mode 100644 services/accesstokenmanager/main/cpp/include/database/dlopen_manager.h create mode 100644 services/accesstokenmanager/main/cpp/src/database/access_token_db_loader.cpp create mode 100644 services/accesstokenmanager/main/cpp/src/database/dlopen_manager.cpp diff --git a/bundle.json b/bundle.json index 24e7d242d..c4a185444 100644 --- a/bundle.json +++ b/bundle.json @@ -78,7 +78,7 @@ ], "service_group": [ "//base/security/access_token/interfaces/innerkits/tokensync:libtokensync_sdk", - "//base/security/access_token/services/accesstokenmanager:accesstoken_manager_service", + "//base/security/access_token/services/accesstokenmanager:accesstoken_service", "//base/security/access_token/services/accesstokenmanager/main/sa_profile:accesstoken_sa_profile_standard", "//base/security/access_token/services/el5filekeymanager:el5filekeymanager", "//base/security/access_token/services/tokensyncmanager:tokensyncmanager", diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn index 7c610f064..c17fed94e 100644 --- a/services/accesstokenmanager/BUILD.gn +++ b/services/accesstokenmanager/BUILD.gn @@ -62,11 +62,11 @@ if (is_standard_system) { "main/cpp/include/callback", "main/cpp/include/database", "main/cpp/include/dfx", + "main/cpp/include/form_manager", + "main/cpp/include/permission", "main/cpp/include/seccomp", "main/cpp/include/service", - "main/cpp/include/form_manager", "main/cpp/include/token", - "main/cpp/include/permission", ] include_dirs += access_token_impl_include_dirs @@ -75,12 +75,9 @@ if (is_standard_system) { "main/cpp/src/callback/accesstoken_callback_proxys.cpp", "main/cpp/src/callback/callback_death_recipients.cpp", "main/cpp/src/callback/callback_manager.cpp", - "main/cpp/src/database/access_token_db.cpp", - "main/cpp/src/database/access_token_db_util.cpp", - "main/cpp/src/database/access_token_open_callback.cpp", + "main/cpp/src/dfx/hisysevent_adapter.cpp", "main/cpp/src/database/data_translator.cpp", "main/cpp/src/database/token_field_const.cpp", - "main/cpp/src/dfx/hisysevent_adapter.cpp", "main/cpp/src/form_manager/form_instance.cpp", "main/cpp/src/form_manager/form_manager_access_client.cpp", "main/cpp/src/form_manager/form_manager_access_proxy.cpp", @@ -196,8 +193,77 @@ if (is_standard_system) { cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] sources += [ "main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] } - if ("${target_platform}" == "watch" || "${target_platform}" == "wearable") { + if ("${target_platform}" == "phone" || "${target_platform}" == "wearable") { + sources += [ "main/cpp/src/database/dlopen_manager.cpp" ] cflags_cc += [ "-DDYNAMIC_CLOSE_LIBS" ] + } else { + sources += [ + "main/cpp/src/database/access_token_db.cpp", + "main/cpp/src/database/access_token_db_util.cpp", + "main/cpp/src/database/access_token_open_callback.cpp", + ] + external_deps += [ "relational_store:native_rdb" ] + } + } +} + +if (is_standard_system) { + config("accesstoken_rdb_config") { + visibility = [ ":*" ] + include_dirs = [ "include" ] + } + + ohos_shared_library("accesstoken_db_loader") { + subsystem_name = "security" + part_name = "access_token" + sanitize = { + cfi = true + cfi_cross_dso = true + debug = false } + branch_protector_ret = "pac_ret" + + configs = [ + "${access_token_path}/config:access_token_compile_flags", + "${access_token_path}/config:coverage_flags", + ] + public_configs = [ ":accesstoken_rdb_config" ] + + include_dirs = [ + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/services/common/database/include", + "main/cpp/include/database", + ] + + sources = [ + "${access_token_path}/services/common/database/src/generic_values.cpp", + "${access_token_path}/services/common/database/src/variant_value.cpp", + "main/cpp/src/database/access_token_db_loader.cpp", + "main/cpp/src/database/access_token_db_util.cpp", + "main/cpp/src/database/access_token_db.cpp", + "main/cpp/src/database/access_token_open_callback.cpp", + "main/cpp/src/database/token_field_const.cpp", + ] + + cflags_cc = [ + "-DHILOG_ENABLE", + "-DDYNAMIC_CLOSE_LIBS" + ] + + deps = [ "${access_token_path}/frameworks/common:accesstoken_common_cxx" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "relational_store:native_rdb", + ] } } + +group("accesstoken_service") { + deps = [ + ":accesstoken_manager_service", + ":accesstoken_db_loader", + ] +} diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h index 58ee06f4b..25ac28819 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -30,8 +30,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -static constexpr const char* PERM_DEF_VERSION = "permission_definition_version"; - class AccessTokenDb final { public: static AccessTokenDb& GetInstance(); diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db_loader.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db_loader.h new file mode 100644 index 000000000..2d04f82a9 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db_loader.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_TOKEN_DB_LOADER_H +#define ACCESS_TOKEN_DB_LOADER_H + +#include "atm_data_type.h" +#include "generic_values.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +class AccessTokenDbLoaderInterface { +public: + AccessTokenDbLoaderInterface() {} + virtual ~AccessTokenDbLoaderInterface() {} + + virtual void InitRdbHelper(); + virtual int32_t Modify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue); + virtual int32_t Find(AtmDataType type, const GenericValues& conditionValue, + std::vector& results); + virtual int32_t DeleteAndInsertValues(const std::vector& delDataTypes, + const std::vector& delValues, const std::vector& addDataTypes, + const std::vector>& addValues); + virtual bool DestroyRdbHelper(); +}; + +class AccessTokenDbLoader final: public AccessTokenDbLoaderInterface { +public: + AccessTokenDbLoader(); + virtual ~AccessTokenDbLoader(); + + void InitRdbHelper() override; + int32_t Modify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue) override; + int32_t Find(AtmDataType type, const GenericValues& conditionValue, + std::vector& results) override; + int32_t DeleteAndInsertValues(const std::vector& delDataTypes, + const std::vector& delValues, const std::vector& addDataTypes, + const std::vector>& addValues) override; + bool DestroyRdbHelper() override; +}; + +#ifdef __cplusplus +extern "C" { +#endif + void* Create(); + void Destroy(void* loaderPtr); +#ifdef __cplusplus +} +#endif +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_TOKEN_DB_LOADER_H diff --git a/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h index 09a470476..7523f114d 100644 --- a/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h +++ b/services/accesstokenmanager/main/cpp/include/database/access_token_db_util.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -20,6 +20,7 @@ #include #include "access_token.h" +#include "atm_data_type.h" #include "generic_values.h" #include "rdb_predicates.h" #include "result_set.h" @@ -28,17 +29,6 @@ namespace OHOS { namespace Security { namespace AccessToken { -enum AtmDataType { - ACCESSTOKEN_HAP_INFO, - ACCESSTOKEN_NATIVE_INFO, - ACCESSTOKEN_PERMISSION_DEF, - ACCESSTOKEN_PERMISSION_STATE, - ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, - ACCESSTOKEN_PERMISSION_EXTEND_VALUE, - ACCESSTOKEN_HAP_UNDEFINE_INFO, - ACCESSTOKEN_SYSTEM_CONFIG, -}; - class AccessTokenDbUtil final { public: static void GetTableNameByType(const AtmDataType type, std::string& tableName); diff --git a/services/accesstokenmanager/main/cpp/include/database/atm_data_type.h b/services/accesstokenmanager/main/cpp/include/database/atm_data_type.h new file mode 100644 index 000000000..cbcb90226 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/database/atm_data_type.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_TOKEN_ATM_DATA_TYPE_H +#define ACCESS_TOKEN_ATM_DATA_TYPE_H + +namespace OHOS { +namespace Security { +namespace AccessToken { +enum AtmDataType { + ACCESSTOKEN_HAP_INFO, + ACCESSTOKEN_NATIVE_INFO, + ACCESSTOKEN_PERMISSION_DEF, + ACCESSTOKEN_PERMISSION_STATE, + ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, + ACCESSTOKEN_PERMISSION_EXTEND_VALUE, + ACCESSTOKEN_HAP_UNDEFINE_INFO, + ACCESSTOKEN_SYSTEM_CONFIG, +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_TOKEN_ATM_DATA_TYPE_H diff --git a/services/accesstokenmanager/main/cpp/include/database/dlopen_manager.h b/services/accesstokenmanager/main/cpp/include/database/dlopen_manager.h new file mode 100644 index 000000000..c2012ae28 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/include/database/dlopen_manager.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESS_TOKEN_RDB_DLOPEN_UTIL_H +#define ACCESS_TOKEN_RDB_DLOPEN_UTIL_H + +#include +#include + +#ifdef EVENTHANDLER_ENABLE +#include "access_event_handler.h" +#endif +#include "access_token_db_loader.h" +#include "atm_data_type.h" +#include "generic_values.h" +#include "nocopyable.h" +#include "refbase.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { + +class DlopenManager final { +public: + static DlopenManager& GetInstance(); + + int32_t DynamicCallModify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue); + int32_t DynamicCallFind(AtmDataType type, const GenericValues& conditionValue, std::vector& results); + int32_t DynamicCallDeleteAndInsert(const std::vector& delDataTypes, + const std::vector& delValues, const std::vector& addDataTypes, + const std::vector>& addValues); + +private: + DlopenManager(); + ~DlopenManager(); + DISALLOW_COPY_AND_MOVE(DlopenManager); + +#ifdef EVENTHANDLER_ENABLE + void InitEventHandler(); + std::shared_ptr GetEventHandler(); + + std::shared_ptr eventHandler_ = nullptr; + std::mutex eventHandlerLock_; +#endif + + AccessTokenDbLoaderInterface* GetDbInstance(); + void Init(); + void Create(void* handle); + void Destroy(void* handle); + bool CleanUp(); + void DelayDlcloseHandle(); + + std::mutex handleMutex_; + void* handle_ = nullptr; + AccessTokenDbLoaderInterface* instance_ = nullptr; +}; +} // namespace AccessToken +} // namespace Security +} // namespace OHOS +#endif // ACCESS_TOKEN_RDB_DLOPEN_UTIL_H diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h index 45a5d82ff..416629300 100644 --- a/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h +++ b/services/accesstokenmanager/main/cpp/include/permission/permission_data_brief.h @@ -85,7 +85,7 @@ public: int32_t GetKernelPermissions(AccessTokenID tokenId, std::vector& kernelPermList); int32_t GetReqPermissionByName( AccessTokenID tokenId, const std::string& permissionName, std::string& value, bool tokenIdCheck); - void GetExetendedValueList(AccessTokenID tokenId, std::vector& extendedPermList); + void GetExtendedValueList(AccessTokenID tokenId, std::vector& extendedPermList); private: bool GetPermissionBriefData(AccessTokenID tokenID, const PermissionStatus &permState, const std::map& aclExtendedMap, BriefPermData& briefPermData); @@ -106,7 +106,7 @@ private: int32_t GetBriefPermDataByTokenIdInner(AccessTokenID tokenID, std::vector& list); int32_t TranslationIntoAclExtendedMap(AccessTokenID tokenId, const std::vector& extendedPermRes, std::map& aclExtendedMap); - void GetExetendedValueListInner(AccessTokenID tokenId, std::vector& extendedPermList); + void GetExtendedValueListInner(AccessTokenID tokenId, std::vector& extendedPermList); void DeleteExtendedValue(AccessTokenID tokenID); PermissionDataBrief() = default; DISALLOW_COPY_AND_MOVE(PermissionDataBrief); diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h index d067a5347..0cab5c321 100644 --- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h +++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -115,6 +115,8 @@ private: std::string GetHapUniqueStr(const std::shared_ptr& info) const; std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const; int32_t RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId); + void GetDataFromCache(const std::shared_ptr& hapInfo, AccessTokenID tokenID, + std::vector& permStateValues, std::vector& permExtendValues); void FillDelValues(AccessTokenID tokenID, bool isSystemRes, const std::vector& permExtendValues, const std::vector& undefValues, std::vector& deleteValues); void AddTokenIdToUndefValues(AccessTokenID tokenId, std::vector& undefValues); @@ -149,6 +151,8 @@ private: void NativeTokenToString(AccessTokenID tokenID, std::string& info); int32_t CheckHapInfoParam(const HapInfoParams& info, const HapPolicy& policy); void UpdateHapToKernel(AccessTokenID tokenID, int32_t userId); + int32_t GetDataFromDb(AccessTokenID tokenId, std::vector& hapTokenResults, + std::vector& permStateRes, std::vector& extendedPermRes); std::shared_ptr GetHapTokenInfoInnerFromDb(AccessTokenID id); bool hasInited_; std::atomic_int32_t dumpTaskNum_; diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db_loader.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db_loader.cpp new file mode 100644 index 000000000..c4339b84c --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db_loader.cpp @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "access_token_db_loader.h" + +#include "accesstoken_common_log.h" +#include "access_token_db.h" +#include "rdb_helper.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +static constexpr int32_t DESTROY_REPEAT_TIMES = 10; +static constexpr int32_t DESTROY_WAIT_TIME_MILLISECONDS = 100; // 0.1s +} + +AccessTokenDbLoader::AccessTokenDbLoader() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "AccessTokenDbLoader"); +} + +AccessTokenDbLoader::~AccessTokenDbLoader() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "~AccessTokenDbLoader"); +} + +void AccessTokenDbLoader::InitRdbHelper() +{ + (void)NativeRdb::RdbHelper::Init(); +} + +int32_t AccessTokenDbLoader::Modify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue) +{ + return AccessTokenDb::GetInstance().Modify(type, modifyValue, conditionValue); +} + +int32_t AccessTokenDbLoader::Find(AtmDataType type, const GenericValues& conditionValue, + std::vector& results) +{ + return AccessTokenDb::GetInstance().Find(type, conditionValue, results); +} + +int32_t AccessTokenDbLoader::DeleteAndInsertValues(const std::vector& delDataTypes, + const std::vector& delValues, const std::vector& addDataTypes, + const std::vector>& addValues) +{ + return AccessTokenDb::GetInstance().DeleteAndInsertValues(delDataTypes, delValues, + addDataTypes, addValues); +} + +bool AccessTokenDbLoader::DestroyRdbHelper() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Clean up rdb resource."); + + // rdb release ipc resource may delay in watch, repeat ten times and wait 0.1s after each attempt + auto sleepTime = std::chrono::milliseconds(DESTROY_WAIT_TIME_MILLISECONDS); + bool isDestroy = false; + for (int32_t i = 0; i < DESTROY_REPEAT_TIMES; ++i) { + isDestroy = NativeRdb::RdbHelper::Destroy(); + if (isDestroy) { + LOGI(ATM_DOMAIN, ATM_TAG, "Rdb resource clean up success!"); + break; + } else { + std::this_thread::sleep_for(sleepTime); + } + } + + return isDestroy; +} + +extern "C" { +void* Create() +{ + return reinterpret_cast(new AccessTokenDbLoader); +} + +void Destroy(void* loaderPtr) +{ + AccessTokenDbLoaderInterface* loader = reinterpret_cast(loaderPtr); + if (loader != nullptr) { + delete loader; + } +} +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/database/dlopen_manager.cpp b/services/accesstokenmanager/main/cpp/src/database/dlopen_manager.cpp new file mode 100644 index 000000000..e4c5e78f9 --- /dev/null +++ b/services/accesstokenmanager/main/cpp/src/database/dlopen_manager.cpp @@ -0,0 +1,235 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dlopen_manager.h" + +#include +#include + +#include "access_token_error.h" +#include "accesstoken_common_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +namespace { +std::recursive_mutex g_instanceMutex; +constexpr const char* RDB_ADAPTER_LIBPATH = "libaccesstoken_db_loader.z.so"; +constexpr const char* RDB_SYMBOL_CREATE = "Create"; +constexpr const char* RDB_SYMBOL_DESTROY = "Destroy"; +constexpr const char* DELAY_DLCLOSE_TASK_NAME = "DelayDlclose"; +constexpr int32_t DELAY_DLCLOSE_TIME_MILLISECONDS = 6 * 1000; +typedef void* (*FUNC_CREATE) (void); +typedef void (*FUNC_DESTROY) (void*); +} + +DlopenManager::DlopenManager() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "DlopenManager"); +} + +DlopenManager::~DlopenManager() +{ + LOGI(ATM_DOMAIN, ATM_TAG, "~DlopenManager"); + + std::lock_guard lock(handleMutex_); + if (handle_ != nullptr) { + if (!CleanUp()) { + return; + } + + Destroy(handle_); + dlclose(handle_); + handle_ = nullptr; + } +} + +DlopenManager& DlopenManager::GetInstance() +{ + static DlopenManager* instance = nullptr; + if (instance == nullptr) { + std::lock_guard lock(g_instanceMutex); + if (instance == nullptr) { + DlopenManager* tmp = new DlopenManager(); + instance = std::move(tmp); + } + } + return *instance; +} + +#ifdef EVENTHANDLER_ENABLE +void DlopenManager::InitEventHandler() +{ + auto eventRunner = AppExecFwk::EventRunner::Create(true, AppExecFwk::ThreadMode::FFRT); + if (!eventRunner) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to create a recvRunner."); + return; + } + eventHandler_ = std::make_shared(eventRunner); +} + +std::shared_ptr DlopenManager::GetEventHandler() +{ + std::lock_guard lock(eventHandlerLock_); + if (eventHandler_ == nullptr) { + InitEventHandler(); + } + return eventHandler_; +} +#endif + +void DlopenManager::Init() +{ + if (instance_ != nullptr) { + instance_->InitRdbHelper(); + } +} + +void DlopenManager::Create(void* handle) +{ + if (handle == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dynamic open handle is nullpre."); + return; + } + + void* (*create)(void) = reinterpret_cast(dlsym(handle, RDB_SYMBOL_CREATE)); + if (create == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Find symbol %{public}s from %{public}s failed, errno is %{public}d, errMsg is %{public}s.", + RDB_SYMBOL_CREATE, RDB_ADAPTER_LIBPATH, errno, dlerror()); + return; + } + instance_ = reinterpret_cast(create()); + + Init(); +} + +void DlopenManager::Destroy(void* handle) +{ + if (handle == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dynamic open handle is nullpre."); + return; + } + + void (*destroy)(void*) = reinterpret_cast(dlsym(handle, RDB_SYMBOL_DESTROY)); + if (destroy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, + "Find symbol %{public}s from %{public}s failed, errno is %{public}d, errMsg is %{public}s.", + RDB_SYMBOL_DESTROY, RDB_ADAPTER_LIBPATH, errno, dlerror()); + return; + } + + if (instance_ != nullptr) { + destroy(instance_); + instance_ = nullptr; + } +} + +bool DlopenManager::CleanUp() +{ + // if DestroyRdbHelper return false after 10 attempts, don't dlclose otherwise this may cause cppcrash + return (instance_ != nullptr) ? instance_->DestroyRdbHelper() : false; +} + +void DlopenManager::DelayDlcloseHandle() +{ +#ifdef EVENTHANDLER_ENABLE + auto eventHandler = GetEventHandler(); + if (eventHandler == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Fail to get EventHandler."); + return; + } + + eventHandler->ProxyRemoveTask(std::string(DELAY_DLCLOSE_TASK_NAME)); + + std::function delayed = ([this]() { + LOGI(ATM_DOMAIN, ATM_TAG, "Delay dlclose rdb handle."); + std::lock_guard lock(handleMutex_); + if (handle_ != nullptr) { + if (!CleanUp()) { + return; + } + + Destroy(handle_); + dlclose(handle_); + handle_ = nullptr; + } + }); + eventHandler->ProxyPostTask(delayed, std::string(DELAY_DLCLOSE_TASK_NAME), DELAY_DLCLOSE_TIME_MILLISECONDS); + LOGI(ATM_DOMAIN, ATM_TAG, "Refresh delay dlclose rdb time."); +#else + LOGW(ATM_DOMAIN, ATM_TAG, "Eventhandler is not support!"); +#endif +} + +AccessTokenDbLoaderInterface* DlopenManager::GetDbInstance() +{ + { + std::lock_guard lock(handleMutex_); + if (handle_ == nullptr) { + handle_ = dlopen(RDB_ADAPTER_LIBPATH, RTLD_LAZY); + if (handle_ == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Dlopen %{public}s failed, errno is %{public}d.", RDB_ADAPTER_LIBPATH, errno); + } + } + + if (instance_ == nullptr) { + Create(handle_); + } + } + + DelayDlcloseHandle(); + return instance_; +} + +int32_t DlopenManager::DynamicCallModify(const AtmDataType type, const GenericValues& modifyValue, + const GenericValues& conditionValue) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); + auto instance = GetDbInstance(); + if (instance == nullptr) { + return AccessTokenError::ERR_LOAD_SO_FAILED; + } + + return instance->Modify(type, modifyValue, conditionValue); +} + +int32_t DlopenManager::DynamicCallFind(AtmDataType type, const GenericValues& conditionValue, + std::vector& results) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); + auto instance = GetDbInstance(); + if (instance == nullptr) { + return AccessTokenError::ERR_LOAD_SO_FAILED; + } + + return instance->Find(type, conditionValue, results); +} + +int32_t DlopenManager::DynamicCallDeleteAndInsert(const std::vector& delDataTypes, + const std::vector& delValues, const std::vector& addDataTypes, + const std::vector>& addValues) +{ + LOGI(ATM_DOMAIN, ATM_TAG, "Called!"); + auto instance = GetDbInstance(); + if (instance == nullptr) { + return AccessTokenError::ERR_LOAD_SO_FAILED; + } + + return instance->DeleteAndInsertValues(delDataTypes, delValues, addDataTypes, addValues); +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp index d1986c22a..349eda517 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp @@ -93,14 +93,14 @@ bool PermissionDataBrief::GetPermissionBriefData( return false; } -void PermissionDataBrief::GetExetendedValueList( +void PermissionDataBrief::GetExtendedValueList( AccessTokenID tokenId, std::vector& extendedPermList) { Utils::UniqueReadGuard infoGuard(this->permissionStateDataLock_); - return GetExetendedValueListInner(tokenId, extendedPermList); + return GetExtendedValueListInner(tokenId, extendedPermList); } -void PermissionDataBrief::GetExetendedValueListInner( +void PermissionDataBrief::GetExtendedValueListInner( AccessTokenID tokenId, std::vector& extendedPermList) { for (const auto& item : extendedValue_) { diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 949652a13..2cb3b0805 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -25,10 +25,14 @@ #include "accesstoken_id_manager.h" #include "accesstoken_info_manager.h" #include "accesstoken_common_log.h" -#include "access_token_db.h" #include "app_manager_access_client.h" #include "callback_manager.h" #include "constant_common.h" +#ifdef DYNAMIC_CLOSE_LIBS +#include "dlopen_manager.h" +#else +#include "access_token_db.h" +#endif #ifdef SUPPORT_SANDBOX_APP #include "dlp_permission_set_manager.h" #endif @@ -903,8 +907,13 @@ void PermissionManager::GetMasterAppUndValues(AccessTokenID tokenId, std::vector GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); std::vector results; +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, + conditionValue, results); +#else int32_t res = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results); // get master app hap undefined data +#endif if (res != 0) { return; } diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index b4a333560..d77d4c123 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -18,7 +18,6 @@ #include #include "access_token.h" -#include "access_token_db.h" #include "access_token_error.h" #include "accesstoken_common_log.h" #include "accesstoken_dfx_define.h" @@ -28,6 +27,11 @@ #include "constant_common.h" #include "data_usage_dfx.h" #include "data_validator.h" +#ifdef DYNAMIC_CLOSE_LIBS +#include "dlopen_manager.h" +#else +#include "access_token_db.h" +#endif #include "hap_token_info.h" #include "hap_token_info_inner.h" #include "hisysevent_adapter.h" @@ -95,6 +99,8 @@ constexpr uint32_t BITMAP_INDEX_3 = 3; constexpr uint32_t BITMAP_INDEX_4 = 4; constexpr uint32_t BITMAP_INDEX_5 = 5; constexpr uint32_t BITMAP_INDEX_6 = 6; + +constexpr const char* PERM_DEF_VERSION = "permission_definition_version"; } const bool REGISTER_RESULT = @@ -230,7 +236,13 @@ int AccessTokenManagerService::GetDefPermission( conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); std::vector results; + +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, + results); +#else int32_t res = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_DEF, conditionValue, results); +#endif if (res != 0) { return res; } @@ -1415,7 +1427,12 @@ int32_t AccessTokenManagerService::UpdatePermDefVersion(const std::string& permD std::vector> addValues; addValues.emplace_back(values); +#ifdef DYNAMIC_CLOSE_LIBS + return DlopenManager::GetInstance().DynamicCallDeleteAndInsert(deleteDataTypes, deleteValues, addDataTypes, + addValues); +#else return AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); +#endif } int32_t AccessTokenManagerService::UpdateUndefinedToDb(const std::vector& stateValues, @@ -1436,7 +1453,12 @@ int32_t AccessTokenManagerService::UpdateUndefinedToDb(const std::vector& validValueList) @@ -1520,8 +1542,14 @@ void AccessTokenManagerService::HandleHapUndefinedInfo(std::map results; + +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, + conditionValue, results); +#else int32_t res = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO, conditionValue, results); // get all hap undefined data +#endif if (res != 0) { return; } @@ -1575,7 +1603,12 @@ void AccessTokenManagerService::HandlePermDefUpdate(std::map& GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); std::vector results; +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, + results); +#else int32_t res = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, results); +#endif if (res != 0) { return; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 3cb800860..54c172920 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2024 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -22,7 +22,6 @@ #include #include #include "access_token.h" -#include "access_token_db.h" #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_common_log.h" @@ -33,6 +32,11 @@ #include "constant_common.h" #include "data_translator.h" #include "data_validator.h" +#ifdef DYNAMIC_CLOSE_LIBS +#include "dlopen_manager.h" +#else +#include "access_token_db.h" +#endif #ifdef SUPPORT_SANDBOX_APP #include "dlp_permission_set_manager.h" #endif @@ -213,16 +217,31 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize, std::map hapTokenRes; std::vector permStateRes; std::vector extendedPermRes; +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, + hapTokenRes); +#else int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenRes); +#endif if (ret != RET_SUCCESS || hapTokenRes.empty()) { ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load hap from db fail.", ret); } +#ifdef DYNAMIC_CLOSE_LIBS + ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, + permStateRes); +#else ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); +#endif if (ret != RET_SUCCESS || permStateRes.empty()) { ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load perm state from db fail.", ret); } +#ifdef DYNAMIC_CLOSE_LIBS + ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, + conditionValue, extendedPermRes); +#else ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes); +#endif if (ret != RET_SUCCESS) { // extendedPermRes may be empty ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load exetended value from db fail.", ret); } @@ -297,32 +316,62 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInnerFromDb(AccessTokenID id) +int32_t AccessTokenInfoManager::GetDataFromDb(AccessTokenID tokenId, std::vector& hapTokenResults, + std::vector& permStateRes, std::vector& extendedPermRes) { - Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(id)); - std::vector hapTokenResults; + conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenId)); + +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, + hapTokenResults); +#else int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); +#endif if (ret != RET_SUCCESS || hapTokenResults.empty()) { - LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, " - "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); - return nullptr; + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, hapSize: " + "%{public}zu, mapSize: %{public}zu.", tokenId, ret, hapTokenResults.size(), hapTokenInfoMap_.size()); + return RET_FAILED; } - std::vector permStateRes; + +#ifdef DYNAMIC_CLOSE_LIBS + ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, + permStateRes); +#else ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes); +#endif if (ret != RET_SUCCESS) { LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, " - "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); - return nullptr; + "mapSize: %{public}zu.", tokenId, ret, hapTokenInfoMap_.size()); + return RET_FAILED; } - std::vector extendedPermRes; +#ifdef DYNAMIC_CLOSE_LIBS + ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, + extendedPermRes); +#else ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes); +#endif if (ret != RET_SUCCESS) { // extendedPermRes may be empty LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, " - "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size()); + "mapSize: %{public}zu.", tokenId, ret, hapTokenInfoMap_.size()); + return RET_FAILED; + } + + return RET_SUCCESS; +} + +std::shared_ptr AccessTokenInfoManager::GetHapTokenInfoInnerFromDb(AccessTokenID id) +{ + Utils::UniqueWriteGuard infoGuard(this->hapTokenInfoLock_); + std::vector hapTokenResults; + std::vector permStateRes; + std::vector extendedPermRes; + int32_t ret = GetDataFromDb(id, hapTokenResults, permStateRes, extendedPermRes); + if (ret != RET_SUCCESS) { + LOGC(ATM_DOMAIN, ATM_TAG, "Failed to get data from db, tokenID is %{public}u, errCode is %{public}d.", + id, ret); return nullptr; } @@ -388,8 +437,14 @@ int32_t AccessTokenInfoManager::GetTokenIDByUserID(int32_t userID, std::unordere GenericValues conditionValue; std::vector tokenIDResults; conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); + +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, + tokenIDResults); +#else int32_t ret = AccessTokenDb::GetInstance().Find( AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, tokenIDResults); +#endif if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "UserID(%{public}d) find tokenID failed, ret: %{public}d.", userID, ret); return ret; @@ -1049,6 +1104,16 @@ static void GetUserGrantPermFromDef(const std::vector& permList, } } +void AccessTokenInfoManager::GetDataFromCache(const std::shared_ptr& hapInfo, + AccessTokenID tokenID, std::vector& permStateValues, std::vector& permExtendValues) +{ + hapInfo->StorePermissionPolicy(permStateValues); // get new permission status from cache if exist + + std::vector extendedPermList; + PermissionDataBrief::GetInstance().GetExtendedValueList(tokenID, extendedPermList); + GeneratePermExtendValues(tokenID, extendedPermList, permExtendValues); // get new extend permission value +} + void AccessTokenInfoManager::FillDelValues(AccessTokenID tokenID, bool isSystemRes, const std::vector& permExtendValues, const std::vector& undefValues, std::vector& deleteValues) @@ -1057,18 +1122,13 @@ void AccessTokenInfoManager::FillDelValues(AccessTokenID tokenID, bool isSystemR conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); deleteValues.emplace_back(conditionValue); // hap_token_info_table deleteValues.emplace_back(conditionValue); // permission_state_table + deleteValues.emplace_back(conditionValue); // permission_extend_value_table + deleteValues.emplace_back(conditionValue); // hap_undefine_info_table if (isSystemRes) { deleteValues.emplace_back(conditionValue); // permission_definition_table } - if (!permExtendValues.empty()) { - deleteValues.emplace_back(conditionValue); // permission_extend_value_table - } - - if (!undefValues.empty()) { - deleteValues.emplace_back(conditionValue); // hap_undefine_info_table - } return; } @@ -1086,25 +1146,24 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptrGetTokenID(); bool isSystemRes = IsSystemResource(hapInfo->GetBundleName()); - std::vector hapInfoValues; // get new hap token info from cache - hapInfo->StoreHapInfo(hapInfoValues, appId, policy.apl); - - std::vector permStateValues; // get new permission status from cache if exist - hapInfo->StorePermissionPolicy(permStateValues); - - std::vector permExtendValues; // get new extend permission value - std::vector extendedPermList; - PermissionDataBrief::GetInstance().GetExetendedValueList(tokenID, extendedPermList); - - GeneratePermExtendValues(tokenID, extendedPermList, permExtendValues); + std::vector hapInfoValues; + hapInfo->StoreHapInfo(hapInfoValues, appId, policy.apl); // get new hap token info from cache + std::vector permStateValues; + std::vector permExtendValues; + GetDataFromCache(hapInfo, tokenID, permStateValues, permExtendValues); + std::vector addDataTypes; addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_INFO); addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_STATE); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE); + addDataTypes.emplace_back(AtmDataType::ACCESSTOKEN_HAP_UNDEFINE_INFO); std::vector> addValues; addValues.emplace_back(hapInfoValues); addValues.emplace_back(permStateValues); + addValues.emplace_back(permExtendValues); + addValues.emplace_back(undefValues); if (isSystemRes) { std::vector permDefValues; @@ -1113,25 +1172,18 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr delDataTypes; std::vector deleteValues; - if (isUpdate) { // udapte: delete and add; otherwise add only delDataTypes.assign(addDataTypes.begin(), addDataTypes.end()); FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, deleteValues); } +#ifdef DYNAMIC_CLOSE_LIBS + return DlopenManager::GetInstance().DynamicCallDeleteAndInsert(delDataTypes, deleteValues, addDataTypes, addValues); +#else return AccessTokenDb::GetInstance().DeleteAndInsertValues(delDataTypes, deleteValues, addDataTypes, addValues); +#endif } int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr& info) @@ -1159,8 +1211,13 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr addDataTypes; std::vector> addValues; +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallDeleteAndInsert(deleteDataTypes, deleteValues, addDataTypes, + addValues); +#else int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes, addValues); +#endif if (ret != RET_SUCCESS) { LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret); return ret; @@ -1197,7 +1254,12 @@ int32_t AccessTokenInfoManager::GetHapAppIdByTokenId(AccessTokenID tokenID, std: GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); std::vector hapTokenResults; +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, + hapTokenResults); +#else int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults); +#endif if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d.", tokenID, ret); @@ -1680,7 +1742,12 @@ bool AccessTokenInfoManager::UpdateCapStateToDatabase(AccessTokenID tokenID, boo GenericValues conditionValue; conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallModify(AtmDataType::ACCESSTOKEN_HAP_INFO, modifyValue, + conditionValue); +#else int32_t res = AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_HAP_INFO, modifyValue, conditionValue); +#endif if (res != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Update tokenID %{public}u permissionDialogForbidden %{public}d to database failed", tokenID, enable); @@ -1765,7 +1832,12 @@ int32_t AccessTokenInfoManager::AddPermRequestToggleStatusToDb( condition.Put(TokenFiledConst::FIELD_REQUEST_TOGGLE_STATUS, status); value.emplace_back(condition); addValues.emplace_back(value); +#ifdef DYNAMIC_CLOSE_LIBS + int32_t ret = DlopenManager::GetInstance().DynamicCallDeleteAndInsert(dataTypes, deleteValues, dataTypes, + addValues); +#else int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(dataTypes, deleteValues, dataTypes, addValues); +#endif if (ret != RET_SUCCESS) { LOGE(ATM_DOMAIN, ATM_TAG, "DeleteAndInsertHap failed, ret %{public}d.", ret); return ret; @@ -1818,8 +1890,13 @@ int32_t AccessTokenInfoManager::FindPermRequestToggleStatusFromDb(int32_t userID conditionValue.Put(TokenFiledConst::FIELD_USER_ID, userID); conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); +#ifdef DYNAMIC_CLOSE_LIBS + DlopenManager::GetInstance().DynamicCallFind(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, + conditionValue, result); +#else AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_REQUEST_TOGGLE_STATUS, conditionValue, result); +#endif if (result.empty()) { // never set, return default status: CLOSED if APP_TRACKING_CONSENT return (permissionName == "ohos.permission.APP_TRACKING_CONSENT") ? diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp index 82b304acb..e5a6f10f0 100644 --- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,10 +18,14 @@ #include "accesstoken_dfx_define.h" #include "accesstoken_id_manager.h" #include "accesstoken_common_log.h" -#include "access_token_db.h" #include "access_token_error.h" #include "data_translator.h" #include "data_validator.h" +#ifdef DYNAMIC_CLOSE_LIBS +#include "dlopen_manager.h" +#else +#include "access_token_db.h" +#endif #include "hisysevent_adapter.h" #include "short_grant_manager.h" #include "token_field_const.h" @@ -317,8 +321,13 @@ int32_t HapTokenInfoInner::UpdatePermissionStatus( GenericValues conditions; conditions.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenInfoBasic_.tokenID)); conditions.Put(TokenFiledConst::FIELD_PERMISSION_NAME, permissionName); +#ifdef DYNAMIC_CLOSE_LIBS + DlopenManager::GetInstance().DynamicCallModify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], + conditions); +#else AccessTokenDb::GetInstance().Modify( AtmDataType::ACCESSTOKEN_PERMISSION_STATE, permStateValues[i], conditions); +#endif } return RET_SUCCESS; } @@ -351,9 +360,13 @@ bool HapTokenInfoInner::UpdateStatesToDB(AccessTokenID tokenID, std::vector(tokenID)); conditionValue.Put(TokenFiledConst::FIELD_PERMISSION_NAME, state.permissionName); - +#ifdef DYNAMIC_CLOSE_LIBS + int32_t res = DlopenManager::GetInstance().DynamicCallModify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, + modifyValue, conditionValue); +#else int32_t res = AccessTokenDb::GetInstance().Modify(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, modifyValue, conditionValue); +#endif if (res != 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Update tokenID %{public}u permission %{public}s to database failed, err %{public}d ", @@ -386,7 +399,7 @@ int32_t HapTokenInfoInner::ResetUserGrantPermissionStatus(void) // update permission status with dlp permission rule. DlpPermissionSetManager::GetInstance().UpdatePermStateWithDlpInfo(tokenInfoBasic_.dlpType, permListOfHap); std::vector extendedPermList; - PermissionDataBrief::GetInstance().GetExetendedValueList(tokenInfoBasic_.tokenID, extendedPermList); + PermissionDataBrief::GetInstance().GetExtendedValueList(tokenInfoBasic_.tokenID, extendedPermList); std::map aclExtendedMap; for (const auto& extendedperm : extendedPermList) { aclExtendedMap[extendedperm.permissionName] = extendedperm.value; diff --git a/services/accesstokenmanager/test/coverage/BUILD.gn b/services/accesstokenmanager/test/coverage/BUILD.gn index 5b44be534..ba4912c78 100644 --- a/services/accesstokenmanager/test/coverage/BUILD.gn +++ b/services/accesstokenmanager/test/coverage/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -71,7 +71,6 @@ ohos_unittest("libaccesstoken_manager_service_coverage_test") { "${access_token_path}/services/common/utils/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp index 4de0d9c27..b31657e10 100644 --- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp +++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -343,27 +343,13 @@ HWTEST_F(PermissionManagerCoverageTest, FillDelValues001, TestSize.Level4) std::vector deleteValues; AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, deleteValues); - ASSERT_EQ(2, deleteValues.size()); + ASSERT_EQ(4, deleteValues.size()); isSystemRes = true; std::vector deleteValues2; AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, deleteValues2); - ASSERT_EQ(3, deleteValues2.size()); - - GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_TOKEN_ID, static_cast(tokenID)); - permExtendValues.emplace_back(conditionValue); - std::vector deleteValues3; - AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, - deleteValues3); - ASSERT_EQ(4, deleteValues3.size()); - - undefValues.emplace_back(conditionValue); - std::vector deleteValues4; - AccessTokenInfoManager::GetInstance().FillDelValues(tokenID, isSystemRes, permExtendValues, undefValues, - deleteValues4); - ASSERT_EQ(5, deleteValues4.size()); + ASSERT_EQ(5, deleteValues2.size()); } /** @@ -544,7 +530,7 @@ HWTEST_F(PermissionManagerCoverageTest, HandlePermDefUpdate002, TestSize.Level4) GenericValues value; GenericValues addValue; - addValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + addValue.Put(TokenFiledConst::FIELD_NAME, "permission_definition_version"); addValue.Put(TokenFiledConst::FIELD_VALUE, "sfdsfdsfsf"); // random input std::vector values; values.emplace_back(addValue); diff --git a/services/accesstokenmanager/test/mock/BUILD.gn b/services/accesstokenmanager/test/mock/BUILD.gn index ddff767fb..a2c396f5e 100644 --- a/services/accesstokenmanager/test/mock/BUILD.gn +++ b/services/accesstokenmanager/test/mock/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -71,7 +71,6 @@ ohos_unittest("libpermission_manager_mock_test") { "${access_token_path}/services/common/utils/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", diff --git a/services/accesstokenmanager/test/unittest/BUILD.gn b/services/accesstokenmanager/test/unittest/BUILD.gn index 8dd44e836..f0c36e80a 100644 --- a/services/accesstokenmanager/test/unittest/BUILD.gn +++ b/services/accesstokenmanager/test/unittest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2021-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -71,7 +71,6 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") { "${access_token_path}/services/common/utils/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/device", "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", diff --git a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp index a60d0dd3f..502be9648 100644 --- a/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp +++ b/services/accesstokenmanager/test/unittest/accesstoken_manager_service_test.cpp @@ -171,7 +171,7 @@ void AccessTokenManagerServiceTest::CreateHapToken(const HapInfoParcel& infoParC HWTEST_F(AccessTokenManagerServiceTest, SystemConfigTest001, TestSize.Level0) { GenericValues conditionValue; - conditionValue.Put(TokenFiledConst::FIELD_NAME, PERM_DEF_VERSION); + conditionValue.Put(TokenFiledConst::FIELD_NAME, "permission_definition_version"); std::vector results; ASSERT_EQ(0, AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_SYSTEM_CONFIG, conditionValue, results)); ASSERT_EQ(false, results.empty()); diff --git a/services/common/database/src/sqlite_helper.cpp b/services/common/database/src/sqlite_helper.cpp index 27c7d1513..80eab819f 100644 --- a/services/common/database/src/sqlite_helper.cpp +++ b/services/common/database/src/sqlite_helper.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -165,7 +165,7 @@ void SqliteHelper::SetWal() const return; } auto statement = Prepare(PRAGMA_WAL_COMMAND); - if (statement.Step() != Statement::State::DONE) { + if (statement.Step() != Statement::State::ROW) { LOGE(ATM_DOMAIN, ATM_TAG, "Set wal mode failed, errorMsg: %{public}s", SpitError().c_str()); } else { LOGI(ATM_DOMAIN, ATM_TAG, "Set wal mode success!"); diff --git a/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni index 1fcbd5d35..144ac4fce 100644 --- a/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni @@ -15,15 +15,14 @@ import("//build/config/features.gni") import("../../../../access_token.gni") access_token_include_dirs = [ - "${access_token_path}/services/accesstokenmanager/main/cpp/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", "${access_token_path}/services/accesstokenmanager/main/cpp/include/seccomp", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/tokensyncmanager/include/service", "${access_token_path}/services/tokensyncmanager/include/remote", "${access_token_path}/services/tokensyncmanager/include/command", diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni index 97dd8f273..e05219f8b 100644 --- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni +++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni @@ -17,21 +17,21 @@ import("../../../../access_token.gni") access_token_include_dirs = [ "${access_token_path}/services/accesstokenmanager/main/cpp/include", "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", "${access_token_path}/services/accesstokenmanager/main/cpp/include/seccomp", "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", - "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", - "${access_token_path}/services/tokensyncmanager/include/service", - "${access_token_path}/services/tokensyncmanager/include/remote", "${access_token_path}/services/tokensyncmanager/include/command", "${access_token_path}/services/tokensyncmanager/include/common", "${access_token_path}/services/tokensyncmanager/include/device", "${access_token_path}/services/tokensyncmanager/include/protocol", - "${access_token_path}/frameworks/common/include", + "${access_token_path}/services/tokensyncmanager/include/remote", + "${access_token_path}/services/tokensyncmanager/include/service", "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/frameworks/common/include", "${access_token_path}/frameworks/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/include", "${access_token_path}/interfaces/innerkits/privacy/src", -- Gitee