From 9db85d9ae09beea9e5b6ef70df2e6ad748cad181 Mon Sep 17 00:00:00 2001 From: lsq Date: Mon, 11 Jul 2022 21:12:27 +0800 Subject: [PATCH 1/3] =?UTF-8?q?shell=E8=BF=9B=E7=A8=8B=E4=BB=8Enative?= =?UTF-8?q?=E8=BF=9B=E7=A8=8B=E4=B8=AD=E5=88=86=E7=A6=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lsq Change-Id: I237f43c239e12f52d07c084c4e89a95a071ae354 --- .../accesstoken/include/access_token.h | 1 + .../nativetoken/include/nativetoken.h | 1 + .../innerkits/nativetoken/src/nativetoken.c | 12 ++++++++--- .../cpp/src/permission/permission_manager.cpp | 2 +- .../src/token/accesstoken_info_manager.cpp | 21 +++++++++++-------- .../accesstoken_remote_token_manager.cpp | 2 +- .../cpp/src/token/native_token_info_inner.cpp | 6 ++++++ .../cpp/src/token/native_token_receptor.cpp | 7 +++++-- 8 files changed, 36 insertions(+), 16 deletions(-) diff --git a/interfaces/innerkits/accesstoken/include/access_token.h b/interfaces/innerkits/accesstoken/include/access_token.h index ef3aab948..a56b4c16f 100644 --- a/interfaces/innerkits/accesstoken/include/access_token.h +++ b/interfaces/innerkits/accesstoken/include/access_token.h @@ -43,6 +43,7 @@ typedef enum TypeATokenTypeEnum { TOKEN_INVALID = -1, TOKEN_HAP = 0, TOKEN_NATIVE, + TOKEN_SHELL, } ATokenTypeEnum; typedef enum TypeATokenAplEnum { diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index dc71d3888..576ebfefe 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -36,6 +36,7 @@ extern "C" { #define TOKEN_ID_CFG_FILE_PATH "/data/service/el0/access_token/nativetoken.json" #define TOKEN_ID_CFG_DIR_PATH "/data/service/el0/access_token" #define TOKEN_NATIVE_TYPE 1 +#define TOKEN_SHELL_TYPE 2 #define DEFAULT_AT_VERSION 1 #define TRANSFER_KEY_WORDS "NativeTokenInfo" #define MAX_JSON_FILE_LEN 102400 diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index 89c507868..6f64edb30 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -267,7 +267,7 @@ static int32_t IsTokenUniqueIdExist(uint32_t tokenUniqueId) return 0; } -static NativeAtId CreateNativeTokenId(void) +static NativeAtId CreateNativeTokenId(const char *processName) { uint32_t rand; NativeAtId tokenId; @@ -292,8 +292,14 @@ static NativeAtId CreateNativeTokenId(void) innerId->reserved = 0; innerId->tokenUniqueId = rand & (TOKEN_RANDOM_MASK); - innerId->type = TOKEN_NATIVE_TYPE; innerId->version = 1; + + if (processName == "hdcd") { + innerId->type = TOKEN_SHELL_TYPE; + } else { + innerId->type = TOKEN_NATIVE_TYPE; + } + return tokenId; } @@ -455,7 +461,7 @@ static uint32_t AddNewTokenToListAndFile(const NativeTokenInfoParams *tokenInfo, NativeTokenList *tokenNode; NativeAtId id; - id = CreateNativeTokenId(); + id = CreateNativeTokenId(tokenInfo->processName); if (id == INVALID_TOKEN_ID) { return ATRET_FAILED; } diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index 595f386a0..c290a510c 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -149,7 +149,7 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin } ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); - if (tokenType == TOKEN_NATIVE) { + if (tokenType == TOKEN_NATIVE || tokenType == TOKEN_SHELL) { return VerifyNativeAccessToken(tokenID, permissionName); } if (tokenType == TOKEN_HAP) { diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index a4cabdbea..5b4700644 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -123,7 +123,8 @@ void AccessTokenInfoManager::InitNativeTokenInfos() DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE); + ATokenTypeEnum type = (static_cast(&tokenId))->type; + int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); continue; @@ -341,7 +342,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); - if (type != TOKEN_NATIVE) { + if ((type != TOKEN_NATIVE) || (type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR( LABEL, "token %{public}u is not hap.", id); return RET_FAILED; @@ -527,7 +528,8 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( "token %{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); - int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE); + ATokenTypeEnum type = infoPtr->GetTokenType(); + int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "token Id register fail"); continue; @@ -729,13 +731,13 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID } for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) { + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.baseInfo.tokenID); if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) || nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || nativeToken.baseInfo.dcap.size() <= 0 || - AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.baseInfo.tokenID) != TOKEN_NATIVE) { - ACCESSTOKEN_LOG_ERROR( - LABEL, "device %{public}s token %{public}u is invalid.", + type != TOKEN_NATIVE || type != TOKEN_SHELL) { + ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}u is invalid.", ConstantCommon::EncryptDevId(deviceID).c_str(), nativeToken.baseInfo.tokenID); continue; } @@ -805,7 +807,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces return RET_FAILED; } hapTokenInfoMap_.erase(mapID); - } else if (type == TOKEN_NATIVE) { + } else if ((type == TOKEN_NATIVE) || (type == TOKEN_SHELL)) { Utils::UniqueWriteGuard infoGuard(this->nativeTokenInfoLock_); if (nativeTokenInfoMap_.count(mapID) == 0) { ACCESSTOKEN_LOG_ERROR( @@ -822,8 +824,9 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces AccessTokenID AccessTokenInfoManager::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) { - if (!DataValidator::IsDeviceIdValid(deviceID) - || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_NATIVE) { + if ((!DataValidator::IsDeviceIdValid(deviceID)) || (tokenID == 0) + || ((AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_NATIVE) + && (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_SHELL))) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); return 0; } diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp index d2240dfe5..19bf0a493 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp @@ -48,7 +48,7 @@ AccessTokenID AccessTokenRemoteTokenManager::MapRemoteDeviceTokenToLocal(const s return 0; } ATokenTypeEnum tokeType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(remoteID); - if (tokeType != TOKEN_HAP && tokeType != TOKEN_NATIVE) { + if ((tokeType < TOKEN_HAP) || (tokeType > TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR( LABEL, "token %{public}x type is invalid.", remoteID); return 0; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index 00c656f84..cb21b32b4 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -182,6 +182,12 @@ AccessTokenID NativeTokenInfoInner::GetTokenID() const return tokenInfoBasic_.tokenID; } +ATokenTypeEnum NativeTokenInfoInner::GetTokenType() const +{ + AccessTokenIDInner *idInner = static_cast(&(tokenInfoBasic_.tokenID)); + return (ATokenTypeEnum)idInner->type; +} + std::vector NativeTokenInfoInner::GetDcap() const { return tokenInfoBasic_.dcap; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 37cd2eee0..471040756 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -95,8 +95,11 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p if (j.find(JSON_TOKEN_ID) != j.end()) { native.tokenID = j.at(JSON_TOKEN_ID).get(); - if (native.tokenID == 0 || - AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID) != TOKEN_NATIVE) { + if (native.tokenID == 0) { + return; + } + ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID); + if (type != TOKEN_NATIVE && type != TOKEN_SHELL) { return; } } else { -- Gitee From 63a24052024b633f9a22407d49d9837b9565f80e Mon Sep 17 00:00:00 2001 From: lsq Date: Mon, 11 Jul 2022 21:47:16 +0800 Subject: [PATCH 2/3] Signed-off-by: lsq Change-Id: Ifaed375f77616472c185bd62467fef9b257fbc1a Change-Id: I40afe6390855da7870012c6510f29a4455156bff --- .../nativetoken/include/nativetoken.h | 1 + .../innerkits/nativetoken/src/nativetoken.c | 2 +- .../service/accesstoken_manager_stub.h | 1 + .../cpp/src/permission/permission_manager.cpp | 2 +- .../src/service/accesstoken_manager_stub.cpp | 28 +++++++++++-------- .../src/token/accesstoken_info_manager.cpp | 14 +++++----- .../cpp/src/token/native_token_info_inner.cpp | 6 ---- .../cpp/src/token/native_token_receptor.cpp | 2 +- .../src/service/token_sync_manager_stub.cpp | 9 ++++-- 9 files changed, 34 insertions(+), 31 deletions(-) diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index 576ebfefe..0b663f5bf 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -61,6 +61,7 @@ extern "C" { #define APL_KEY_NAME "APL" #define VERSION_KEY_NAME "version" #define PROCESS_KEY_NAME "processName" +#define HDC_PROCESS_NAME "hdcd" #define SYSTEM_CORE 3 #define SYSTEM_BASIC 2 diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index 6f64edb30..f9a38dd92 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -294,7 +294,7 @@ static NativeAtId CreateNativeTokenId(const char *processName) innerId->tokenUniqueId = rand & (TOKEN_RANDOM_MASK); innerId->version = 1; - if (processName == "hdcd") { + if (strcmp(processName, HDC_PROCESS_NAME) == 0) { innerId->type = TOKEN_SHELL_TYPE; } else { innerId->type = TOKEN_NATIVE_TYPE; diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h index 6bd9a3ec2..b8203a1fa 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h @@ -70,6 +70,7 @@ private: bool IsAuthorizedCalling() const; bool IsAccessTokenCalling() const; + bool IsNativeProcessCalling(); static const int32_t SYSTEM_UID = 1000; static const int32_t ROOT_UID = 0; static const int32_t ACCESSTOKEN_UID = 3020; diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp index c290a510c..ee4d85897 100644 --- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp @@ -149,7 +149,7 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin } ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID); - if (tokenType == TOKEN_NATIVE || tokenType == TOKEN_SHELL) { + if ((tokenType == TOKEN_NATIVE) || (tokenType == TOKEN_SHELL)) { return VerifyNativeAccessToken(tokenID, permissionName); } if (tokenType == TOKEN_HAP) { diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index 8d621da61..646072a08 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -230,8 +230,7 @@ void AccessTokenManagerStub::GetTokenTypeInner(MessageParcel& data, MessageParce void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(tokenCaller) != TOKEN_NATIVE) { + if (!IsNativeProcessCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -244,8 +243,7 @@ void AccessTokenManagerStub::CheckNativeDCapInner(MessageParcel& data, MessagePa void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(tokenCaller) != TOKEN_NATIVE) { + if (!IsNativeProcessCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -259,8 +257,7 @@ void AccessTokenManagerStub::GetHapTokenIDInner(MessageParcel& data, MessageParc void AccessTokenManagerStub::AllocLocalTokenIDInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if ((!IsAuthorizedCalling()) && (this->GetTokenType(tokenCaller) != TOKEN_NATIVE)) { + if ((!IsAuthorizedCalling()) && (!IsNativeProcessCalling())) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -292,8 +289,7 @@ void AccessTokenManagerStub::UpdateHapTokenInner(MessageParcel& data, MessagePar void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if ((this->GetTokenType(tokenCaller) != TOKEN_NATIVE)) { + if (!IsNativeProcessCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -307,8 +303,7 @@ void AccessTokenManagerStub::GetHapTokenInfoInner(MessageParcel& data, MessagePa void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(tokenCaller) != TOKEN_NATIVE) { + if (!IsNativeProcessCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -444,8 +439,7 @@ void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, void AccessTokenManagerStub::DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply) { - AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if (this->GetTokenType(tokenCaller) != TOKEN_NATIVE) { + if (!IsNativeProcessCalling()) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -468,6 +462,16 @@ bool AccessTokenManagerStub::IsAccessTokenCalling() const return callingUid == ACCESSTOKEN_UID; } +bool AccessTokenManagerStub::IsNativeProcessCalling() +{ + AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + int32_t type = this->GetTokenType(tokenCaller); + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { + return false; + } + return true; +} + AccessTokenManagerStub::AccessTokenManagerStub() { requestFuncMap_[static_cast(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN)] = diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 5b4700644..8dccc403a 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -123,7 +123,7 @@ void AccessTokenInfoManager::InitNativeTokenInfos() DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); - ATokenTypeEnum type = (static_cast(&tokenId))->type; + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); @@ -342,7 +342,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id) int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id) { ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); - if ((type != TOKEN_NATIVE) || (type != TOKEN_SHELL)) { + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR( LABEL, "token %{public}u is not hap.", id); return RET_FAILED; @@ -528,7 +528,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( "token %{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); - ATokenTypeEnum type = infoPtr->GetTokenType(); + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "token Id register fail"); @@ -736,7 +736,7 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION || !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) || nativeToken.baseInfo.dcap.size() <= 0 || - type != TOKEN_NATIVE || type != TOKEN_SHELL) { + (type != TOKEN_NATIVE && type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}u is invalid.", ConstantCommon::EncryptDevId(deviceID).c_str(), nativeToken.baseInfo.tokenID); continue; @@ -824,9 +824,9 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces AccessTokenID AccessTokenInfoManager::GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) { - if ((!DataValidator::IsDeviceIdValid(deviceID)) || (tokenID == 0) - || ((AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_NATIVE) - && (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_SHELL))) { + if ((!DataValidator::IsDeviceIdValid(deviceID)) || (tokenID == 0) || + ((AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_NATIVE) && + (AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID) != TOKEN_SHELL))) { ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", ConstantCommon::EncryptDevId(deviceID).c_str()); return 0; } diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp index cb21b32b4..00c656f84 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp @@ -182,12 +182,6 @@ AccessTokenID NativeTokenInfoInner::GetTokenID() const return tokenInfoBasic_.tokenID; } -ATokenTypeEnum NativeTokenInfoInner::GetTokenType() const -{ - AccessTokenIDInner *idInner = static_cast(&(tokenInfoBasic_.tokenID)); - return (ATokenTypeEnum)idInner->type; -} - std::vector NativeTokenInfoInner::GetDcap() const { return tokenInfoBasic_.dcap; diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp index 471040756..aaa452736 100644 --- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp @@ -99,7 +99,7 @@ void from_json(const nlohmann::json& j, std::shared_ptr& p return; } ATokenTypeEnum type = AccessTokenIDManager::GetTokenIdTypeEnum(native.tokenID); - if (type != TOKEN_NATIVE && type != TOKEN_SHELL) { + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { return; } } else { diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp index 727b2f6c2..85ca0d399 100644 --- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp +++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp @@ -56,7 +56,8 @@ int32_t TokenSyncManagerStub::OnRemoteRequest( void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if ((reinterpret_cast(&tokenCaller))->type != TOKEN_NATIVE) { + int type = (reinterpret_cast(&tokenCaller))->type; + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -72,7 +73,8 @@ void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, Messa void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if ((reinterpret_cast(&tokenCaller))->type != TOKEN_NATIVE) { + int type = (reinterpret_cast(&tokenCaller))->type; + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; @@ -86,7 +88,8 @@ void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, Me void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply) { AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); - if ((reinterpret_cast(&tokenCaller))->type != TOKEN_NATIVE) { + int type = (reinterpret_cast(&tokenCaller))->type; + if ((type != TOKEN_NATIVE) && (type != TOKEN_SHELL)) { ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__); reply.WriteInt32(RET_FAILED); return; -- Gitee From f7307a014a308e5a4656530a6993ffe163a64f13 Mon Sep 17 00:00:00 2001 From: shuqinglin Date: Tue, 16 Aug 2022 11:15:11 +0000 Subject: [PATCH 3/3] update services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp. Signed-off-by: shuqinglin --- .../main/cpp/src/token/accesstoken_info_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp index 8dccc403a..dba39aaff 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp @@ -123,7 +123,7 @@ void AccessTokenInfoManager::InitNativeTokenInfos() DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes); for (GenericValues nativeTokenValue : nativeTokenResults) { AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(tokenId); + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenId); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId); @@ -528,7 +528,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos( "token %{public}u process name %{public}s is new, add to manager!", infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str()); AccessTokenID id = infoPtr->GetTokenID(); - ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id); + ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(id); int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, type); if (ret != RET_SUCCESS) { ACCESSTOKEN_LOG_ERROR(LABEL, "token Id register fail"); -- Gitee