diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn index a6db98aa71f8c4a5f9af9bf138301c4e6c0e4b7c..eea5a2d2f4847bea82189424b49cb16da3343d21 100644 --- a/services/privacymanager/BUILD.gn +++ b/services/privacymanager/BUILD.gn @@ -37,6 +37,7 @@ if (is_standard_system) { "//base/security/access_token/interfaces/innerkits/privacy/include", "//base/security/access_token/services/common/database/include", "//third_party/json/include", + "//third_party/sqlite/include/", ] sources = [ @@ -66,14 +67,12 @@ if (is_standard_system) { "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk", "//base/security/access_token/services/common/database:accesstoken_database_cxx", "//base/security/access_token/services/privacymanager:privacy.rc", - "//third_party/sqlite:sqlite", "//utils/native/base:utils", ] external_deps = [ "c_utils:utils", "hiviewdfx_hilog_native:libhilog", - "init:libbegetutil", "ipc:ipc_core", "safwk:system_ability_fwk", "samgr:samgr_proxy", diff --git a/services/privacymanager/include/record/permission_record_manager.h b/services/privacymanager/include/record/permission_record_manager.h index a4cf29f568256d4fd43c08221d0732f915a1c804..ae3c6706768fa26b4d2a7577b61ca28a88ed94a2 100644 --- a/services/privacymanager/include/record/permission_record_manager.h +++ b/services/privacymanager/include/record/permission_record_manager.h @@ -21,6 +21,7 @@ #include #include "access_token.h" +#include "active_change_response_info.h" #include "hap_token_info.h" #include "nocopyable.h" #include "on_permission_used_record_callback.h" @@ -53,13 +54,15 @@ public: std::vector& permList, const sptr& callback); int32_t UnRegisterPermActiveStatusCallback(const sptr& callback); + void CallbackExecute(AccessTokenID tokenId, const std::string& permissionName, int32_t status); + private: PermissionRecordManager(); DISALLOW_COPY_AND_MOVE(PermissionRecordManager); bool GetLocalRecordTokenIdList(std::set& tokenIdList); - int32_t AddRecord(const PermissionRecord& record); - bool GetPermissionsRecord(AccessTokenID tokenId, const std::string& permissionName, + void AddRecord(const PermissionRecord& record); + bool GetPermissionRecord(AccessTokenID tokenId, const std::string& permissionName, int32_t successCount, int32_t failCount, PermissionRecord& record); bool CreateBundleUsedRecord(const AccessTokenID tokenId, BundleUsedRecord& bundleRecord); void ExecuteDeletePermissionRecordTask(); @@ -69,11 +72,19 @@ private: BundleUsedRecord& bundleRecord, PermissionUsedResult& result); void UpdateRecords(int32_t flag, const PermissionUsedRecord& inBundleRecord, PermissionUsedRecord& outBundleRecord); + void AddRecordToStartList(const PermissionRecord& record); + bool GetRecordFromStartList(uint32_t tokenId, int32_t opCode, PermissionRecord& record); + void ResetRecord(PermissionRecord& record, int32_t status); + bool HasStarted(const PermissionRecord& record); + std::vector GetRecordsAndReset(uint32_t tokenId, int32_t status); + std::string GetDeviceId(AccessTokenID tokenId); OHOS::ThreadPool deleteTaskWorker_; bool hasInited_; OHOS::Utils::RWLock rwLock_; + OHOS::Utils::RWLock startRecordListRWLock_; + std::vector startRecordList_; }; } // namespace AccessToken } // namespace Security diff --git a/services/privacymanager/include/record/permission_used_record_cache.h b/services/privacymanager/include/record/permission_used_record_cache.h index 6f6745e607735fea9f9c94c36b8293346497c274..7cf3a0e6ccbd1bf9287cc442fa3413ce8b2f201c 100644 --- a/services/privacymanager/include/record/permission_used_record_cache.h +++ b/services/privacymanager/include/record/permission_used_record_cache.h @@ -33,7 +33,7 @@ namespace AccessToken { class PermissionUsedRecordCache { public: static PermissionUsedRecordCache& GetInstance(); - int32_t AddRecordToBuffer(PermissionRecord& record); + void AddRecordToBuffer(PermissionRecord& record); void MergeRecord(PermissionRecord& record, std::shared_ptr curFindMergePos); void AddToPersistQueue(const std::shared_ptr persistPendingBufferHead); void ExecuteReadRecordBufferTask(); diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index ca2b7e5608e7b262fdeb29cd20d372a1e49ed137..658613dd35ba704870fd46d5ab26106d583d99cf 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -17,13 +17,13 @@ #include "accesstoken_kit.h" #include "accesstoken_log.h" +#include "active_status_callback_manager.h" #include "constant.h" #include "constant_common.h" #include "data_translator.h" #include "field_const.h" #include "permission_record_repository.h" #include "permission_used_record_cache.h" -#include "active_status_callback_manager.h" #include "time_util.h" #include "to_string.h" @@ -53,13 +53,13 @@ PermissionRecordManager::~PermissionRecordManager() hasInited_ = false; } -int32_t PermissionRecordManager::AddRecord(const PermissionRecord& record) +void PermissionRecordManager::AddRecord(const PermissionRecord& record) { Utils::UniqueWriteGuard lk(this->rwLock_); - return PermissionUsedRecordCache::GetInstance().AddRecordToBuffer(const_cast(record)); + PermissionUsedRecordCache::GetInstance().AddRecordToBuffer(const_cast(record)); } -bool PermissionRecordManager::GetPermissionsRecord(AccessTokenID tokenId, const std::string& permissionName, +bool PermissionRecordManager::GetPermissionRecord(AccessTokenID tokenId, const std::string& permissionName, int32_t successCount, int32_t failCount, PermissionRecord& record) { HapTokenInfo tokenInfo; @@ -73,16 +73,17 @@ bool PermissionRecordManager::GetPermissionsRecord(AccessTokenID tokenId, const return false; } if (successCount == 0 && failCount == 0) { - ACCESSTOKEN_LOG_ERROR(LABEL, "successCount and failCount are both zero"); - return false; + record.status = PERM_INACTIVE; + } else { + record.status = PERM_ACTIVE_IN_FOREGROUND; } record.tokenId = tokenId; record.accessCount = successCount; record.rejectCount = failCount; record.opCode = opCode; - record.status = 0; record.timestamp = TimeUtil::GetCurrentTimestamp(); record.accessDuration = 0; + ACCESSTOKEN_LOG_DEBUG(LABEL, "record status: %{public}d", record.status); return true; } @@ -92,11 +93,16 @@ int32_t PermissionRecordManager::AddPermissionUsedRecord(AccessTokenID tokenId, ExecuteDeletePermissionRecordTask(); PermissionRecord record; - if (!GetPermissionsRecord(tokenId, permissionName, successCount, failCount, record)) { + if (!GetPermissionRecord(tokenId, permissionName, successCount, failCount, record)) { return Constant::FAILURE; } - return AddRecord(record); + if (record.status == PERM_INACTIVE) { + return Constant::FAILURE; + } + + AddRecord(record); + return Constant::SUCCESS; } void PermissionRecordManager::RemovePermissionUsedRecords(AccessTokenID tokenId, const std::string& deviceID) @@ -214,7 +220,7 @@ bool PermissionRecordManager::CreateBundleUsedRecord(const AccessTokenID tokenId } bundleRecord.tokenId = tokenId; bundleRecord.isRemote = false; - bundleRecord.deviceId = ConstantCommon::GetLocalDeviceId(); + bundleRecord.deviceId = GetDeviceId(tokenId); bundleRecord.bundleName = tokenInfo.bundleName; return true; } @@ -337,17 +343,115 @@ std::string PermissionRecordManager::DumpRecordInfo(AccessTokenID tokenId, const return dumpInfo; } -int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +bool PermissionRecordManager::HasStarted(const PermissionRecord& record) +{ + Utils::UniqueWriteGuard lk(this->startRecordListRWLock_); + for (const auto& rec : startRecordList_) { + if ((rec.opCode == record.opCode) && (rec.tokenId == record.tokenId)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId(%{public}d), opCode(%{public}d) has been started.", + record.tokenId, record.opCode); + return true; + } + } + return false; +} + +void PermissionRecordManager::AddRecordToStartList(const PermissionRecord& record) +{ + Utils::UniqueWriteGuard lk(this->startRecordListRWLock_); + startRecordList_.emplace_back(record); +} + +bool PermissionRecordManager::GetRecordFromStartList(uint32_t tokenId, int32_t opCode, PermissionRecord& record) +{ + Utils::UniqueWriteGuard lk(this->startRecordListRWLock_); + for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { + if ((it->opCode == opCode) && (tokenId == (it->tokenId))) { + record = *it; + record.accessDuration = TimeUtil::GetCurrentTimestamp() - record.timestamp; + startRecordList_.erase(it); + return true; + } + } + return false; +} + +void PermissionRecordManager::ResetRecord(PermissionRecord& record, int32_t status) +{ + record.status = status; + record.accessDuration = 0; + record.timestamp = TimeUtil::GetCurrentTimestamp(); +} + +std::vector PermissionRecordManager::GetRecordsAndReset(uint32_t tokenId, int32_t status) +{ + std::vector recordList; + Utils::UniqueWriteGuard lk(this->startRecordListRWLock_); + for (auto it = startRecordList_.begin(); it != startRecordList_.end(); ++it) { + if ((it->tokenId == tokenId) && status != (it->status)) { + PermissionRecord record = *it; + record.accessDuration = TimeUtil::GetCurrentTimestamp() - record.timestamp; + recordList.emplace_back(record); + ResetRecord(*it, status); + } + } + return recordList; +} + +void PermissionRecordManager::CallbackExecute( + AccessTokenID tokenId, const std::string& permissionName, int32_t status) { ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync( - tokenId, permissionName, ConstantCommon::GetLocalDeviceId(), PERM_ACTIVE_IN_FOREGROUND); + tokenId, permissionName, GetDeviceId(tokenId), (ActiveChangeType)status); +} + +int32_t PermissionRecordManager::StartUsingPermission(AccessTokenID tokenId, const std::string& permissionName) +{ + int32_t accessCount = 1; + int32_t failCount = 0; + + PermissionRecord record = { 0 }; + if (!GetPermissionRecord(tokenId, permissionName, accessCount, failCount, record)) { + return Constant::FAILURE; + } + + if (HasStarted(record)) { + return Constant::FAILURE; + } + + AddRecordToStartList(record); + if (record.status != PERM_INACTIVE) { + CallbackExecute(tokenId, permissionName, record.status); + } return Constant::SUCCESS; } int32_t PermissionRecordManager::StopUsingPermission(AccessTokenID tokenId, const std::string& permissionName) { - ActiveStatusCallbackManager::GetInstance().ExecuteCallbackAsync( - tokenId, permissionName, ConstantCommon::GetLocalDeviceId(), PERM_INACTIVE); + ExecuteDeletePermissionRecordTask(); + + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid tokenId(%{public}d)", tokenId); + return Constant::FAILURE; + } + + int32_t opCode; + if (!Constant::TransferPermissionToOpcode(permissionName, opCode)) { + ACCESSTOKEN_LOG_ERROR(LABEL, "invalid permission(%{public}s)", permissionName.c_str()); + return Constant::FAILURE; + } + + PermissionRecord record; + if (!GetRecordFromStartList(tokenId, opCode, record)) { + return Constant::FAILURE; + } + + if (record.status != PERM_INACTIVE) { + ACCESSTOKEN_LOG_INFO(LABEL, "AddRecord(tokenId: %{public}d, opCode: %{public}d, status: %{public}d)", + record.tokenId, record.opCode, record.status); + AddRecord(record); + CallbackExecute(tokenId, permissionName, PERM_INACTIVE); + } return Constant::SUCCESS; } diff --git a/services/privacymanager/src/record/permission_used_record_cache.cpp b/services/privacymanager/src/record/permission_used_record_cache.cpp index 8df9c8e0128660e8e249d4e1aa6d67ef4b00ae2f..738a366202ad053d578af3abe1d08daf348b21be 100644 --- a/services/privacymanager/src/record/permission_used_record_cache.cpp +++ b/services/privacymanager/src/record/permission_used_record_cache.cpp @@ -41,7 +41,7 @@ PermissionUsedRecordCache& PermissionUsedRecordCache::GetInstance() return instance; } -int32_t PermissionUsedRecordCache::AddRecordToBuffer(PermissionRecord& record) +void PermissionUsedRecordCache::AddRecordToBuffer(PermissionRecord& record) { if (nextPersistTimestamp_ == 0) { nextPersistTimestamp_ = record.timestamp + INTERVAL; @@ -87,7 +87,6 @@ int32_t PermissionUsedRecordCache::AddRecordToBuffer(PermissionRecord& record) if (persistPendingBufferEnd != nullptr) { AddToPersistQueue(persistPendingBufferHead); } - return Constant::SUCCESS; } void PermissionUsedRecordCache::MergeRecord(PermissionRecord& record,