diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h index 5fd826d6e03dd4b79ecfd57b105b119c336aa71c..90fd0eaaec759d850eae60bf3c398df8d522741b 100644 --- a/frameworks/common/include/data_validator.h +++ b/frameworks/common/include/data_validator.h @@ -57,6 +57,7 @@ public: static bool IsPolicyTypeValid(uint32_t type); static bool IsCallerTypeValid(uint32_t type); static bool IsHapCaller(AccessTokenID id); + static bool IsNativeCaller(AccessTokenID id); static bool IsAclExtendedMapSizeValid(const std::map& aclExtendedMap); static bool IsAclExtendedMapContentValid(const std::string& permissionName, const std::string& value); diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 329636c472a986101af356759f6725f14b71f15c..9b8c6a793e8b275f214e913abcc92fd6f27ba662 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -213,6 +213,17 @@ bool DataValidator::IsHapCaller(AccessTokenID id) } return true; } + +bool DataValidator::IsNativeCaller(AccessTokenID id) +{ + AccessTokenIDInner *idInner = reinterpret_cast(&id); + ATokenTypeEnum type = static_cast(idInner->type); + if (type != TOKEN_NATIVE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Not Native(%{public}d).", id); + return false; + } + return true; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index 786a9812b765726bbd9be60b55dc75241f31fcda..73fe5ac8bc363440be39f12e42d755aa93219430 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -86,7 +86,7 @@ int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool a (!DataValidator::IsPermissionUsedTypeValid(info.type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(info.tokenId)) { + if (!DataValidator::IsHapCaller(info.tokenId) && !DataValidator::IsNativeCaller(info.tokenId)) { return PrivacyError::ERR_PARAM_INVALID; } @@ -128,7 +128,7 @@ int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::strin (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, type); @@ -142,7 +142,7 @@ int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::strin (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback, type); @@ -153,7 +153,7 @@ int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName); @@ -164,7 +164,7 @@ int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID) if (!DataValidator::IsTokenIDValid(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID); diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 35c8203079e250998402e10d681ec94234656977..c4b876e752883b32d9dd594c8be8be878525dd27 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -417,6 +417,13 @@ bool PermissionRecordManager::CheckPermissionUsedRecordToggleStatus(int32_t user int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& info) { + //TODO 确认是否依赖这两个权限 + if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(info.tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED) && + (AccessTokenKit::VerifyAccessToken(info.tokenId, "ohos.permission.CAMERA_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d isGranted(%{public}d).", info.tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } HapTokenInfo tokenInfo; if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != Constant::SUCCESS) { LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", info.tokenId); @@ -1295,6 +1302,14 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn LOGI(PRI_DOMAIN, PRI_TAG, "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.", tokenId, info.pid, permissionName.c_str(), info.type, callerPid); + + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED) && + (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; @@ -1368,6 +1383,13 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn int32_t PermissionRecordManager::StopUsingPermission( AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid) { + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED) && + (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; @@ -1451,6 +1473,13 @@ bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId, in bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid) { + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED) && + (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.CAMERA_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Id(%{public}d) is not hap.", tokenId); return false;