From 406f21c2634844866fee8297a92a7c99c594cf88 Mon Sep 17 00:00:00 2001 From: feibuzhid Date: Sat, 24 Aug 2024 21:32:27 +0800 Subject: [PATCH 1/8] =?UTF-8?q?cherry=20pick=209dc32ce=20from=20https://gi?= =?UTF-8?q?tee.com/feibuzhid/security=5Fsecurity=5Fcomponent=5Fmanager/pul?= =?UTF-8?q?ls/179=20=E4=BF=9D=E5=AD=98=E6=8E=A7=E4=BB=B6=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E6=96=87=E6=A1=88=E6=A0=B7=E5=BC=8F=E6=9E=9A=E4=B8=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: feibuzhid --- interfaces/inner_api/security_component/include/save_button.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/interfaces/inner_api/security_component/include/save_button.h b/interfaces/inner_api/security_component/include/save_button.h index 59ead65..e0000de 100644 --- a/interfaces/inner_api/security_component/include/save_button.h +++ b/interfaces/inner_api/security_component/include/save_button.h @@ -33,6 +33,9 @@ enum class SaveDesc : int32_t { RECEIVE = 6, CONTINUE_TO_RECEIVE = 7, SAVE_TO_GALLERY = 8, + EXPORT_TO_GALLERY = 9, + QUICK_SAVE_TO_GALLERY = 10, + RESAVE_TO_GALLERY = 11, MAX_LABEL_TYPE }; -- Gitee From d805a3f82b5e942884033cf6adba717bd4cd94b5 Mon Sep 17 00:00:00 2001 From: j21p3 Date: Tue, 10 Sep 2024 19:27:13 +0800 Subject: [PATCH 2/8] DFX Enhancement Signed-off-by: j21p3 Change-Id: I855535edd8e738645b194adef6cdcaaf5793bf37 --- .../security_component/src/sec_comp_base.cpp | 2 -- .../sa/sa_main/sec_comp_info_helper.cpp | 5 +++-- .../sa/sa_main/window_info_helper.cpp | 14 +++++++++----- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/frameworks/security_component/src/sec_comp_base.cpp b/frameworks/security_component/src/sec_comp_base.cpp index 4e3cba1..84b3a78 100644 --- a/frameworks/security_component/src/sec_comp_base.cpp +++ b/frameworks/security_component/src/sec_comp_base.cpp @@ -345,7 +345,6 @@ bool SecCompBase::CompareComponentBasicInfo(SecCompBase *other, bool isRectCheck bool SecCompBase::ParseStyle(const nlohmann::json& json, const std::string& tag) { - SC_LOG_ERROR(LABEL, "1111"); if ((json.find(tag) == json.end()) || !json.at(tag).is_object()) { SC_LOG_ERROR(LABEL, "json: %{public}s tag invalid.", tag.c_str()); return false; @@ -377,7 +376,6 @@ bool SecCompBase::ParseStyle(const nlohmann::json& json, const std::string& tag) SC_LOG_ERROR(LABEL, "bg is invalid."); return false; } - SC_LOG_ERROR(LABEL, "2222"); return true; } } // namespace base diff --git a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp index 101a902..abe0318 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp @@ -249,6 +249,7 @@ int32_t SecCompInfoHelper::GrantTempPermission(AccessToken::AccessTokenID tokenI tokenId, "ohos.permission.APPROXIMATELY_LOCATION"); return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } + SC_LOG_INFO(LABEL, "Grant location permission, scid = %{public}d.", componentInfo->nodeId_); return SC_OK; } case PASTE_COMPONENT: @@ -256,14 +257,14 @@ int32_t SecCompInfoHelper::GrantTempPermission(AccessToken::AccessTokenID tokenI if (res != SC_OK) { return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } - SC_LOG_DEBUG(LABEL, "grant paste permission"); + SC_LOG_INFO(LABEL, "Grant paste permission, scid = %{public}d.", componentInfo->nodeId_); return SC_OK; case SAVE_COMPONENT: if (IsDlpSandboxCalling(tokenId)) { SC_LOG_INFO(LABEL, "Dlp sandbox app are not allowed to use save component."); return SC_SERVICE_ERROR_PERMISSION_OPER_FAIL; } - SC_LOG_DEBUG(LABEL, "grant save permission"); + SC_LOG_INFO(LABEL, "Grant save permission, scid = %{public}d.", componentInfo->nodeId_); return SecCompPermManager::GetInstance().GrantTempSavePermission(tokenId); default: SC_LOG_ERROR(LABEL, "Parse component type unknown"); diff --git a/services/security_component_service/sa/sa_main/window_info_helper.cpp b/services/security_component_service/sa/sa_main/window_info_helper.cpp index 0076626..fd4e902 100644 --- a/services/security_component_service/sa/sa_main/window_info_helper.cpp +++ b/services/security_component_service/sa/sa_main/window_info_helper.cpp @@ -39,6 +39,7 @@ float WindowInfoHelper::GetWindowScale(int32_t windowId) return windowId == info->wid_; }); if ((iter == infos.end()) || (*iter == nullptr)) { + SC_LOG_WARN(LABEL, "Cannot find AccessibilityWindowInfo, return default scale"); return scale; } scale = (*iter)->scaleVal_; @@ -73,7 +74,8 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom } int32_t compLayer = INVALID_WINDOW_LAYER; - std::vector layerList; + // {windowId, zOrder} + std::vector> layerList; for (auto& info : infos) { if (info == nullptr) { continue; @@ -88,7 +90,7 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom info->windowRect_.height_ *= info->floatingScale_; } if (IsRectInWindRect(info->windowRect_, secRect)) { - layerList.emplace_back(info->zOrder_); + layerList.emplace_back(std::make_pair(info->windowId_, info->zOrder_)); } } @@ -101,11 +103,13 @@ bool WindowInfoHelper::CheckOtherWindowCoverComp(int32_t compWinId, const SecCom return true; } - auto iter = std::find_if(layerList.begin(), layerList.end(), [compLayer](const int layer) { - return layer >= compLayer; + auto iter = std::find_if(layerList.begin(), layerList.end(), + [compLayer](const std::pair layer) { + return layer.second >= compLayer; }); if (iter != layerList.end()) { - SC_LOG_ERROR(LABEL, "component window %{public}d is covered, click check failed", compWinId); + SC_LOG_ERROR(LABEL, "component window %{public}d is covered by %{public}d, click check failed", + compWinId, iter->first); return false; } return true; -- Gitee From 24b000aacbe9588d53e29f547b4822a3a65c316e Mon Sep 17 00:00:00 2001 From: j21p3 Date: Thu, 15 Aug 2024 15:26:56 +0800 Subject: [PATCH 3/8] fix uaf crash when sec_comp_service_test exit Change-Id: Idde27bc780fa280ffcd9fa84379929d7aed60974 Signed-off-by: j21p3 --- .../sa/test/BUILD.gn | 1 + .../unittest/src/first_use_dialog_test.cpp | 18 +++++ .../src/sec_comp_info_helper_test.cpp | 29 ++++++++ .../unittest/src/sec_comp_manager_test.cpp | 25 +++++++ .../unittest/src/sec_comp_stub_mock_test.cpp | 17 +++++ .../test/unittest/src/zzenv_exit_operate.cpp | 71 +++++++++++++++++++ 6 files changed, 161 insertions(+) create mode 100644 services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp diff --git a/services/security_component_service/sa/test/BUILD.gn b/services/security_component_service/sa/test/BUILD.gn index 3030383..528b6fd 100644 --- a/services/security_component_service/sa/test/BUILD.gn +++ b/services/security_component_service/sa/test/BUILD.gn @@ -57,6 +57,7 @@ ohos_unittest("sec_comp_service_test") { "unittest/src/sec_comp_stub_test.cpp", "unittest/src/service_test_common.cpp", "unittest/src/window_info_helper_test.cpp", + "unittest/src/zzenv_exit_operate.cpp", ] configs = [ "${sec_comp_root_dir}/config:coverage_flags" ] diff --git a/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp b/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp index bc89beb..fc4d4a0 100644 --- a/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/first_use_dialog_test.cpp @@ -14,6 +14,7 @@ */ #include "first_use_dialog_test.h" +#include #include "accesstoken_kit.h" #include "location_button.h" #include "save_button.h" @@ -42,6 +43,23 @@ void FirstUseDialogTest::SetUpTestCase() void FirstUseDialogTest::TearDownTestCase() { + struct stat fstatJson = {}; + if (stat(SEC_COMP_SRV_CFG_FILE.c_str(), &fstatJson) != 0) { + return; + } + // if json file is created by root, delete it + if (fstatJson.st_uid == 0) { + std::string cmdline = "rm -f " + SEC_COMP_SRV_CFG_FILE; + system(cmdline.c_str()); + } + struct stat fstatDir = {}; + if (stat(SEC_COMP_SRV_CFG_PATH.c_str(), &fstatDir) != 0) { + return; + } + if (fstatDir.st_uid == 0) { + std::string cmdline = "chown security_component:security_component " + SEC_COMP_SRV_CFG_PATH; + system(cmdline.c_str()); + } } void FirstUseDialogTest::SetUp() diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp index 8504ace..37aa150 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_info_helper_test.cpp @@ -24,6 +24,7 @@ #include "save_button.h" #include "sec_comp_log.h" #include "sec_comp_err.h" +#include "sec_comp_tool.h" #include "service_test_common.h" #include "window_manager.h" @@ -620,3 +621,31 @@ HWTEST_F(SecCompInfoHelperTest, GrantTempPermission001, TestSize.Level1) EXPECT_EQ(SC_SERVICE_ERROR_PERMISSION_OPER_FAIL, SecCompInfoHelper::GrantTempPermission(*tokenid, shared_comp)); } + +/** + * @tc.name: IsColorSimilar001 + * @tc.desc: Test IsColorSimilar + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompInfoHelperTest, IsColorSimilar001, TestSize.Level1) +{ + SecCompColor color1 = { + .argb = { + .red = 0xFF, + .green = 0xFF, + .blue = 0xFF, + .alpha = 0xFF, + } + }; + + SecCompColor color2 = { + .argb = { + .red = 0xFF, + .green = 0xFF, + .blue = 0xFF, + .alpha = 0xF0, // different alpha + } + }; + EXPECT_TRUE(IsColorSimilar(color1, color2)); +} diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp index e659faf..8845ecb 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_manager_test.cpp @@ -703,3 +703,28 @@ HWTEST_F(SecCompManagerTest, TransformCallBackResult001, TestSize.Level1) res = SC_SERVICE_ERROR_VALUE_INVALID; SecCompManager::GetInstance().SendCheckInfoEnhanceSysEvent(scId, LOCATION_COMPONENT, scene, res); } + +/** + * @tc.name: AddSecurityComponentProcess001 + * @tc.desc: Test AddSecurityComponentProcess + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompManagerTest, AddSecurityComponentProcess001, TestSize.Level1) +{ + bool isSaExit = SecCompManager::GetInstance().isSaExit_; + SecCompManager::GetInstance().isSaExit_ = true; + SecCompCallerInfo info = { + .pid = 0, + .tokenId = 0, + .uid = 0, + }; + EXPECT_EQ(SC_SERVICE_ERROR_SERVICE_NOT_EXIST, + SecCompManager::GetInstance().AddSecurityComponentProcess(info)); + auto oldmap = SecCompManager::GetInstance().componentMap_; + SecCompManager::GetInstance().componentMap_.clear(); + SecCompManager::GetInstance().isSaExit_ = false; + EXPECT_EQ(SC_OK, SecCompManager::GetInstance().AddSecurityComponentProcess(info)); + SecCompManager::GetInstance().componentMap_ = oldmap; + SecCompManager::GetInstance().isSaExit_ = isSaExit; +} \ No newline at end of file diff --git a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp index 6491b68..87d02ef 100644 --- a/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp +++ b/services/security_component_service/sa/test/unittest/src/sec_comp_stub_mock_test.cpp @@ -15,6 +15,7 @@ #include "sec_comp_stub_mock_test.h" +#include "sec_comp_dialog_callback.h" #include "sec_comp_log.h" #include "sec_comp_err.h" #include "sec_comp_click_event_parcel.h" @@ -249,3 +250,19 @@ HWTEST_F(SecCompStubMockTest, UnmarshallingMock001, TestSize.Level1) in.WriteBuffer(data, 32); EXPECT_NE(nullptr, clickParcel->Unmarshalling(in)); } + +/** + * @tc.name: PreRegisterSecCompProcessMock001 + * @tc.desc: Test PreRegisterSecCompProcessInner + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SecCompStubMockTest, PreRegisterSecCompProcessMock001, TestSize.Level1) +{ + MessageParcel data; + MessageParcel reply; + data.FlushBuffer(); + reply.FlushBuffer(); + data.WriteInt32(1); + ASSERT_EQ(SC_OK, stub_->PreRegisterSecCompProcessInner(data, reply)); +} \ No newline at end of file diff --git a/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp b/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp new file mode 100644 index 0000000..55fc51e --- /dev/null +++ b/services/security_component_service/sa/test/unittest/src/zzenv_exit_operate.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#define private public +#include "event_handler.h" +#include "event_runner.h" +#include "sec_comp_manager.h" +#undef private + +using namespace testing::ext; + +namespace OHOS { +namespace Security { +namespace SecurityComponent { +/** + * @brief This test class is used to release resources before process end to avoid crash + */ +class ZZEnvExitOperate : public testing::Test { +public: + static void SetUpTestCase(); + static void TearDownTestCase(); + void SetUp(); + void TearDown(); +}; + +void ZZEnvExitOperate::SetUpTestCase() +{} + +void ZZEnvExitOperate::TearDownTestCase() +{} + +void ZZEnvExitOperate::SetUp() +{} + +void ZZEnvExitOperate::TearDown() +{} + +/** + * @tc.name: ZExitOperateTest001 + * @tc.desc: remove ffrt handler to avoid uaf crash + * @tc.type: FUNC + * @tc.require: None + */ +HWTEST_F(ZZEnvExitOperate, ZExitOperateTest001, TestSize.Level1) +{ + if (SecCompManager::GetInstance().secRunner_ != nullptr) { + SecCompManager::GetInstance().secRunner_->queue_.reset(); + SecCompManager::GetInstance().secRunner_ = nullptr; + } + if (SecCompManager::GetInstance().secHandler_ != nullptr) { + SecCompManager::GetInstance().secHandler_->eventRunner_.reset(); + SecCompManager::GetInstance().secHandler_ = nullptr; + } + sleep(5); +} +} +} +} \ No newline at end of file -- Gitee From 696f9a5c7617f30db8b6c44ef97c53a4d3b8deaf Mon Sep 17 00:00:00 2001 From: baoyang Date: Mon, 19 Aug 2024 02:57:08 +0000 Subject: [PATCH 4/8] remove serialize and deserialize for VerifySavePermission Signed-off-by: baoyang Change-Id: I5fd74ed7aec4cae1ba3243e1021360144df63940 --- .../security_component/src/sec_comp_proxy.cpp | 19 ++----------------- .../sa/sa_main/sec_comp_stub.cpp | 15 ++------------- 2 files changed, 4 insertions(+), 30 deletions(-) diff --git a/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp b/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp index 85e4819..f8eb802 100644 --- a/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp +++ b/interfaces/inner_api/security_component/src/sec_comp_proxy.cpp @@ -283,25 +283,17 @@ int32_t SecCompProxy::ReportSecurityComponentClickEvent(int32_t scId, bool SecCompProxy::VerifySavePermission(AccessToken::AccessTokenID tokenId) { std::lock_guard lock(useIPCMutex_); - MessageParcel rawData; MessageParcel data; if (!data.WriteInterfaceToken(SecCompProxy::GetDescriptor())) { SC_LOG_ERROR(LABEL, "Verify write descriptor failed."); return false; } - - if (!rawData.WriteUint32(tokenId)) { + if (!data.WriteUint32(tokenId)) { SC_LOG_ERROR(LABEL, "Verify write tokenId failed."); return false; } - if (!SecCompEnhanceAdapter::EnhanceClientSerialize(rawData, data)) { - SC_LOG_ERROR(LABEL, "Verify serialize session info failed."); - return false; - } - MessageParcel reply; - MessageParcel deserializedReply; MessageOption option(MessageOption::TF_SYNC); sptr remote = Remote(); if (remote == nullptr) { @@ -311,19 +303,12 @@ bool SecCompProxy::VerifySavePermission(AccessToken::AccessTokenID tokenId) int32_t requestResult = remote->SendRequest( static_cast(SecurityComponentServiceInterfaceCode::VERIFY_TEMP_SAVE_PERMISSION), data, reply, option); - - if (!SecCompEnhanceAdapter::EnhanceClientDeserialize(reply, deserializedReply)) { - SC_LOG_ERROR(LABEL, "Verify deserialize session info failed."); - return false; - } - if (requestResult != SC_OK) { SC_LOG_ERROR(LABEL, "Verify request failed, result: %{public}d.", requestResult); return false; } - bool res; - if (!deserializedReply.ReadBool(res)) { + if (!reply.ReadBool(res)) { SC_LOG_ERROR(LABEL, "Verify read res failed."); return false; } diff --git a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp b/services/security_component_service/sa/sa_main/sec_comp_stub.cpp index b9aaabc..b50d932 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_stub.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_stub.cpp @@ -232,13 +232,8 @@ int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParce SC_LOG_ERROR(LABEL, "Not medialibrary called"); return SC_SERVICE_ERROR_CALLER_INVALID; } - MessageParcel deserializedData; - if (!SecCompEnhanceAdapter::EnhanceSrvDeserialize(data, deserializedData, reply)) { - SC_LOG_ERROR(LABEL, "Verify deserialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } uint32_t tokenId; - if (!deserializedData.ReadUint32(tokenId)) { + if (!data.ReadUint32(tokenId)) { SC_LOG_ERROR(LABEL, "Verify read component id failed"); return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; } @@ -249,17 +244,11 @@ int32_t SecCompStub::VerifySavePermissionInner(MessageParcel& data, MessageParce } bool res = this->VerifySavePermission(tokenId); - MessageParcel rawReply; - if (!rawReply.WriteBool(res)) { + if (!reply.WriteBool(res)) { SC_LOG_ERROR(LABEL, "Verify temp save permission result failed"); return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; } - if (!SecCompEnhanceAdapter::EnhanceSrvSerialize(rawReply, reply)) { - SC_LOG_ERROR(LABEL, "Verify serialize session info failed"); - return SC_SERVICE_ERROR_PARCEL_OPERATE_FAIL; - } - return SC_OK; } -- Gitee From 60d10904041560e483fbc7c39683380d6beb2b52 Mon Sep 17 00:00:00 2001 From: zhenghui Date: Fri, 6 Sep 2024 17:32:31 +0800 Subject: [PATCH 5/8] support pac Signed-off-by: zhenghui --- frameworks/BUILD.gn | 2 ++ interfaces/inner_api/enhance_kits/BUILD.gn | 1 + interfaces/inner_api/security_component/BUILD.gn | 1 + 3 files changed, 4 insertions(+) diff --git a/frameworks/BUILD.gn b/frameworks/BUILD.gn index 07ba260..a287271 100644 --- a/frameworks/BUILD.gn +++ b/frameworks/BUILD.gn @@ -106,6 +106,7 @@ ohos_source_set("security_component_enhance_adapter_src_set") { } ohos_source_set("security_component_no_cfi_framework_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" include_dirs = [ @@ -141,6 +142,7 @@ ohos_source_set("security_component_no_cfi_framework_src_set") { } ohos_source_set("security_component_no_cfi_enhance_adapter_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" include_dirs = [ diff --git a/interfaces/inner_api/enhance_kits/BUILD.gn b/interfaces/inner_api/enhance_kits/BUILD.gn index d7d812a..49f1699 100644 --- a/interfaces/inner_api/enhance_kits/BUILD.gn +++ b/interfaces/inner_api/enhance_kits/BUILD.gn @@ -60,6 +60,7 @@ ohos_source_set("security_component_enhance_sdk_src_set") { } ohos_source_set("security_component_no_cfi_enhance_sdk_src_set") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" public_configs = [ ":sec_comp_enhance_config" ] diff --git a/interfaces/inner_api/security_component/BUILD.gn b/interfaces/inner_api/security_component/BUILD.gn index 902358e..891157d 100644 --- a/interfaces/inner_api/security_component/BUILD.gn +++ b/interfaces/inner_api/security_component/BUILD.gn @@ -26,6 +26,7 @@ config("sec_comp_config") { } ohos_shared_library("libsecurity_component_sdk") { + branch_protector_ret = "pac_ret" subsystem_name = "security" part_name = "security_component_manager" output_name = "libsecurity_component_sdk" -- Gitee From 6909f10146832b147ed62cbc2d73771eb4436f6d Mon Sep 17 00:00:00 2001 From: baoyang Date: Mon, 12 Aug 2024 09:30:16 +0000 Subject: [PATCH 6/8] add DFX Signed-off-by: baoyang Change-Id: I0216448fbc89d6ccea2f582ffe820e7610793404 --- hisysevent.yaml | 10 ++++ .../inner_api/security_component/BUILD.gn | 1 + .../security_component/src/sec_comp_kit.cpp | 19 ++++++- .../security_component/test/BUILD.gn | 2 + .../sa/sa_main/first_use_dialog.cpp | 6 +- .../sa/sa_main/sec_comp_entity.cpp | 7 ++- .../sa/sa_main/sec_comp_manager.cpp | 56 +++++++++++++++---- 7 files changed, 84 insertions(+), 17 deletions(-) diff --git a/hisysevent.yaml b/hisysevent.yaml index 8a49236..2766531 100644 --- a/hisysevent.yaml +++ b/hisysevent.yaml @@ -17,6 +17,7 @@ CALLBACK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to execute the callback} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} REASON: {type: STRING, desc: callback execution failure cause} SC_ID: {type: INT32, desc: security component id} @@ -26,12 +27,14 @@ CALLER_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Illegal invocation} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} CHALLENGE_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Challenge value verification failed} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -40,6 +43,7 @@ CLICK_INFO_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to verify the click event} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -47,6 +51,7 @@ COMPONENT_INFO_CHECK_FAILED: __BASE: {type: SECURITY, level: CRITICAL, desc: Failed to verify the component information} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CALL_SCENE: {type: STRING, desc: call scene} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -55,6 +60,7 @@ INIT_FAILED: __BASE: {type: FAULT, level: CRITICAL, desc: Failed to initialize the security component environment} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} REASON: {type: STRING, desc: callback execution failure cause} REGISTER_SUCCESS: @@ -79,6 +85,7 @@ TEMP_GRANT_FAILED: __BASE: {type: FAULT, level: CRITICAL, desc: Security component authorization failed} CALLER_PID: {type: INT32, desc: caller pid} CALLER_UID: {type: INT32, desc: caller uid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} SC_ID: {type: INT32, desc: security component id} SC_TYPE: {type: STRING, desc: security component type} @@ -98,6 +105,7 @@ UNREGISTER_SUCCESS: SESSION_INFO_CHECK_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} SERVICE_SESSION_ID: {type: INT32, desc: session id stored in server} @@ -106,6 +114,7 @@ SESSION_INFO_CHECK_FAILED: CALLBACK_INFO_CHECK_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} SERVICE_SESSION_ID: {type: INT32, desc: session id stored in server} @@ -115,5 +124,6 @@ PREPROCESS_MESSAGE_FAILED: __BASE: {type: BEHAVIOR, level: MINOR, desc: Failed to verify session information} PREPROCESS_TYPE: {type: INT32, desc: preprocess type} CALLER_PID: {type: INT32, desc: caller pid} + CALLER_BUNDLE_NAME: {type: STRING, desc: caller bundle name} CLIENT_SESSION_ID: {type: INT32, desc: session id stored in client} CLIENT_SEQ_NUM: {type: INT32, desc: sequence number stored in client} diff --git a/interfaces/inner_api/security_component/BUILD.gn b/interfaces/inner_api/security_component/BUILD.gn index 891157d..29068dd 100644 --- a/interfaces/inner_api/security_component/BUILD.gn +++ b/interfaces/inner_api/security_component/BUILD.gn @@ -63,6 +63,7 @@ ohos_shared_library("libsecurity_component_sdk") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", diff --git a/interfaces/inner_api/security_component/src/sec_comp_kit.cpp b/interfaces/inner_api/security_component/src/sec_comp_kit.cpp index c7a9e94..6df28a1 100644 --- a/interfaces/inner_api/security_component/src/sec_comp_kit.cpp +++ b/interfaces/inner_api/security_component/src/sec_comp_kit.cpp @@ -14,6 +14,7 @@ */ #include "sec_comp_kit.h" +#include "bundle_mgr_client.h" #include "hisysevent.h" #include "ipc_skeleton.h" #include "sec_comp_caller_authorization.h" @@ -35,8 +36,12 @@ int32_t SecCompKit::RegisterSecurityComponent(SecCompType type, if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "register security component fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "REGITSTER"); return SC_SERVICE_ERROR_CALLER_INVALID; } @@ -60,8 +65,12 @@ int32_t SecCompKit::UpdateSecurityComponent(int32_t scId, std::string& component if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "update security component fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "UPDATE"); return SC_SERVICE_ERROR_CALLER_INVALID; } @@ -99,8 +108,12 @@ int32_t SecCompKit::ReportSecurityComponentClickEvent(int32_t scId, if (!SecCompCallerAuthorization::GetInstance().IsKitCaller( reinterpret_cast(__builtin_return_address(0)))) { SC_LOG_ERROR(LABEL, "report click event fail, caller invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLER_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingRealPid(), "CALL_SCENE", "CLICK"); return SC_SERVICE_ERROR_CALLER_INVALID; } diff --git a/interfaces/inner_api/security_component/test/BUILD.gn b/interfaces/inner_api/security_component/test/BUILD.gn index cf8b6c8..2b59ae1 100644 --- a/interfaces/inner_api/security_component/test/BUILD.gn +++ b/interfaces/inner_api/security_component/test/BUILD.gn @@ -58,6 +58,7 @@ ohos_unittest("sec_comp_sdk_test") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", @@ -96,6 +97,7 @@ ohos_unittest("sec_comp_register_callback_test") { external_deps = [ "access_token:libaccesstoken_sdk", "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", "hisysevent:libhisysevent", diff --git a/services/security_component_service/sa/sa_main/first_use_dialog.cpp b/services/security_component_service/sa/sa_main/first_use_dialog.cpp index fef0069..8fd4cd1 100644 --- a/services/security_component_service/sa/sa_main/first_use_dialog.cpp +++ b/services/security_component_service/sa/sa_main/first_use_dialog.cpp @@ -21,6 +21,7 @@ #include #include "ability_manager_client.h" #include "accesstoken_kit.h" +#include "bundle_mgr_client.h" #include "hisysevent.h" #include "sec_comp_dialog_callback_proxy.h" #include "sec_comp_err.h" @@ -270,8 +271,11 @@ int32_t FirstUseDialog::GrantDialogWaitEntity(int32_t scId) } int32_t res = sc->GrantTempPermission(); if (res != SC_OK) { + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(sc->uid_, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_FAILED", - HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", sc->uid_, + HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", sc->uid_, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", sc->pid_, "SC_ID", scId, "SC_TYPE", sc->GetType()); } else { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_SUCCESS", diff --git a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp index b366ac3..1894daa 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_entity.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_entity.cpp @@ -15,6 +15,7 @@ #include "sec_comp_entity.h" #include +#include "bundle_mgr_client.h" #include "datashare_helper.h" #include "hisysevent.h" #include "ipc_skeleton.h" @@ -122,8 +123,12 @@ int32_t SecCompEntity::CheckClickInfo(const SecCompClickEvent& clickInfo) const if ((res != SC_OK) && (res != SC_ENHANCE_ERROR_NOT_EXIST_ENHANCE)) { SC_LOG_ERROR(LABEL, "HMAC checkout failed"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CLICK_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId_, "SC_TYPE", componentInfo_->type_); return SC_ENHANCE_ERROR_CLICK_EXTRA_CHECK_FAIL; } diff --git a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp index 4255269..cd388f3 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_manager.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_manager.cpp @@ -14,6 +14,7 @@ */ #include "sec_comp_manager.h" +#include "bundle_mgr_client.h" #include "delay_exit_task.h" #include "hisysevent.h" #include "i_sec_comp_service.h" @@ -21,6 +22,7 @@ #include "iservice_registry.h" #include "sec_comp_enhance_adapter.h" #include "sec_comp_err.h" +#include "sec_comp_info.h" #include "sec_comp_info_helper.h" #include "sec_comp_log.h" @@ -296,14 +298,18 @@ void SecCompManager::ExitWhenAppMgrDied() void SecCompManager::SendCheckInfoEnhanceSysEvent(int32_t scId, SecCompType type, const std::string& scene, int32_t res) { + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); if (res == SC_ENHANCE_ERROR_CHALLENGE_CHECK_FAIL) { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CHALLENGE_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", type, "CALL_SCENE", scene); } else { HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CALLBACK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_TYPE", type, "CALL_SCENE", scene, "REASON", TransformCallBackResult(static_cast(res))); } @@ -345,8 +351,12 @@ int32_t SecCompManager::RegisterSecurityComponent(SecCompType type, std::shared_ptr component(componentPtr); if (component == nullptr) { SC_LOG_ERROR(LABEL, "Parse component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "REGITSTER", "SC_TYPE", type); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; } @@ -392,8 +402,12 @@ int32_t SecCompManager::UpdateSecurityComponent(int32_t scId, const nlohmann::js std::shared_ptr reportComponentInfo(report); if (reportComponentInfo == nullptr) { SC_LOG_ERROR(LABEL, "Update component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "UPDATE", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; @@ -430,16 +444,24 @@ int32_t SecCompManager::CheckClickSecurityComponentInfo(std::shared_ptr reportComponentInfo(report); if ((reportComponentInfo == nullptr) || (!reportComponentInfo->GetValid())) { SC_LOG_ERROR(LABEL, "report component info invalid"); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "CLICK", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; } if ((!SecCompInfoHelper::CheckRectValid(reportComponentInfo->rect_, reportComponentInfo->windowRect_))) { SC_LOG_ERROR(LABEL, "compare component info failed."); + int32_t uid = IPCSkeleton::GetCallingUid(); + OHOS::AppExecFwk::BundleMgrClient bmsClient; + std::string bundleName = ""; + bmsClient.GetNameForUid(uid, bundleName); HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "COMPONENT_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), + HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", uid, "CALLER_BUNDLE_NAME", bundleName, "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "CALL_SCENE", "CLICK", "SC_TYPE", sc->GetType()); return SC_SERVICE_ERROR_COMPONENT_INFO_INVALID; @@ -457,6 +479,18 @@ int32_t SecCompManager::CheckClickSecurityComponentInfo(std::shared_ptr>& remote) @@ -486,9 +520,8 @@ int32_t SecCompManager::ReportSecurityComponentClickEvent(int32_t scId, res = sc->CheckClickInfo(clickInfo); if (res != SC_OK) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "CLICK_INFO_CHECK_FAILED", - HiviewDFX::HiSysEvent::EventType::SECURITY, "CALLER_UID", IPCSkeleton::GetCallingUid(), - "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", sc->GetType()); + ReportEvent("CLICK_INFO_CHECK_FAILED", HiviewDFX::HiSysEvent::EventType::SECURITY, + scId, sc->GetType()); if (res == SC_ENHANCE_ERROR_CLICK_EXTRA_CHECK_FAIL) { malicious_.AddAppToMaliciousAppList(caller.pid); } @@ -504,9 +537,8 @@ int32_t SecCompManager::ReportSecurityComponentClickEvent(int32_t scId, res = sc->GrantTempPermission(); if (res != SC_OK) { - HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_FAILED", - HiviewDFX::HiSysEvent::EventType::FAULT, "CALLER_UID", IPCSkeleton::GetCallingUid(), - "CALLER_PID", IPCSkeleton::GetCallingPid(), "SC_ID", scId, "SC_TYPE", sc->GetType()); + ReportEvent("TEMP_GRANT_FAILED", HiviewDFX::HiSysEvent::EventType::FAULT, + scId, sc->GetType()); return res; } HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::SEC_COMPONENT, "TEMP_GRANT_SUCCESS", -- Gitee From 0e3749c9c053ad3945175569aaa323663843614a Mon Sep 17 00:00:00 2001 From: j21p3 Date: Wed, 7 Aug 2024 11:02:04 +0800 Subject: [PATCH 7/8] dlopen dynamic search Change-Id: If1c88f54e3767c57231a3c50b51ab15eec9ab93a Signed-off-by: j21p3 --- .../src/sec_comp_enhance_adapter.cpp | 14 +++---------- .../unittest/src/sec_comp_enhance_test.cpp | 20 +++++++++---------- 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp index f0ee25b..633389b 100644 --- a/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp +++ b/frameworks/enhance_adapter/src/sec_comp_enhance_adapter.cpp @@ -30,17 +30,9 @@ namespace { static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompEnhanceAdapter"}; -#if defined(__LP64__) -static const std::string LIB_PATH = "/system/lib64/"; -#else -static const std::string LIB_PATH = "/system/lib/"; -#endif -static const std::string INNER_PATH = "platformsdk/"; -static const std::string ENHANCE_INPUT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; -static const std::string ENHANCE_SRV_INTERFACE_LIB = LIB_PATH + "libsecurity_component_service_enhance.z.so"; -static const std::string ENHANCE_CLIENT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_INPUT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_SRV_INTERFACE_LIB = "libsecurity_component_service_enhance.z.so"; +static const std::string ENHANCE_CLIENT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; } SecCompInputEnhanceInterface* SecCompEnhanceAdapter::inputHandler = nullptr; diff --git a/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp b/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp index b2987ce..b0d70fc 100644 --- a/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp +++ b/interfaces/inner_api/enhance_kits/test/unittest/src/sec_comp_enhance_test.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ #include "sec_comp_enhance_test.h" +#include #include #include "sec_comp_err.h" #include "sec_comp_log.h" @@ -27,27 +28,24 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { static bool g_inputEnhanceExist = false; static bool g_srvEnhanceExist = false; static constexpr uint32_t SEC_COMP_ENHANCE_CFG_SIZE = 76; -#if defined(__LP64__) -static const std::string LIB_PATH = "/system/lib64/"; -#else -static const std::string LIB_PATH = "/system/lib/"; -#endif -static const std::string INNER_PATH = "platformsdk/"; -static const std::string ENHANCE_INPUT_INTERFACE_LIB = - LIB_PATH + INNER_PATH + "libsecurity_component_client_enhance.z.so"; -static const std::string ENHANCE_SRV_INTERFACE_LIB = LIB_PATH + "libsecurity_component_service_enhance.z.so"; +static const std::string ENHANCE_INPUT_INTERFACE_LIB = "libsecurity_component_client_enhance.z.so"; +static const std::string ENHANCE_SRV_INTERFACE_LIB = "libsecurity_component_service_enhance.z.so"; static constexpr uint32_t MAX_HMAC_SIZE = 64; } // namespace void SecCompEnhanceTest::SetUpTestCase() { - if (access(ENHANCE_INPUT_INTERFACE_LIB.c_str(), F_OK) == 0) { + void *handle = dlopen(ENHANCE_INPUT_INTERFACE_LIB.c_str(), RTLD_LAZY); + if (handle != nullptr) { g_inputEnhanceExist = true; } + dlclose(handle); - if (access(ENHANCE_SRV_INTERFACE_LIB.c_str(), F_OK) == 0) { + handle = dlopen(ENHANCE_SRV_INTERFACE_LIB.c_str(), RTLD_LAZY); + if (handle != nullptr) { g_srvEnhanceExist = true; } + dlclose(handle); system("kill -9 `pidof security_component_service`"); SC_LOG_INFO(LABEL, "SetUpTestCase."); } -- Gitee From 5211f3a64b5def06f893b5bcb65ae57e413b135a Mon Sep 17 00:00:00 2001 From: baoyang Date: Wed, 4 Sep 2024 03:03:50 +0000 Subject: [PATCH 8/8] fix alerts Signed-off-by: baoyang Change-Id: I47c7f84f36c725e9fa4e9ec4bcf9f10097ebd455 --- frameworks/common/src/sec_comp_tool.cpp | 6 +++--- interfaces/inner_api/security_component/BUILD.gn | 1 + interfaces/inner_api/security_component/test/BUILD.gn | 2 ++ .../sa/sa_main/sec_comp_info_helper.cpp | 3 +-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/frameworks/common/src/sec_comp_tool.cpp b/frameworks/common/src/sec_comp_tool.cpp index 824ac4d..8868d48 100644 --- a/frameworks/common/src/sec_comp_tool.cpp +++ b/frameworks/common/src/sec_comp_tool.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -35,7 +35,7 @@ static constexpr double TWO_HUNDREDS_FORTY_ANGLE = 240.0; static constexpr double THREE_HUNDREDS_SIXTY_ANGLE = 360.0; static constexpr double DEFAULT_R = 100.0; static const uint8_t MAX_ALPHA = 0xFF; -static const double MIN_CONTRACST_ALPHA = 0.5; +static const double MIN_CONTRAST_ALPHA = 0.5; constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompTool"}; } @@ -129,7 +129,7 @@ static bool IsColorAplhaSimilar(const SecCompColor& fgColor, const SecCompColor& double bgAlpha = static_cast(bgColor.argb.alpha) / MAX_ALPHA; double mixAlpha = fgAlpha + bgAlpha - fgAlpha * bgAlpha; - if (GreatNotEqual(bgAlpha / mixAlpha, MIN_CONTRACST_ALPHA)) { + if (GreatNotEqual(bgAlpha / mixAlpha, MIN_CONTRAST_ALPHA)) { SC_LOG_ERROR(LABEL, "FgAlpha=%{public}x BgAlpha=%{public}x is similar, check failed", fgColor.argb.alpha, bgColor.argb.alpha); return true; diff --git a/interfaces/inner_api/security_component/BUILD.gn b/interfaces/inner_api/security_component/BUILD.gn index 29068dd..89faa97 100644 --- a/interfaces/inner_api/security_component/BUILD.gn +++ b/interfaces/inner_api/security_component/BUILD.gn @@ -63,6 +63,7 @@ ohos_shared_library("libsecurity_component_sdk") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", diff --git a/interfaces/inner_api/security_component/test/BUILD.gn b/interfaces/inner_api/security_component/test/BUILD.gn index 2b59ae1..a9a039b 100644 --- a/interfaces/inner_api/security_component/test/BUILD.gn +++ b/interfaces/inner_api/security_component/test/BUILD.gn @@ -58,6 +58,7 @@ ohos_unittest("sec_comp_sdk_test") { external_deps = [ "access_token:libaccesstoken_sdk", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", @@ -97,6 +98,7 @@ ohos_unittest("sec_comp_register_callback_test") { external_deps = [ "access_token:libaccesstoken_sdk", "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "c_utils:utils", "hilog:libhilog", diff --git a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp index abe0318..bdd3a3b 100644 --- a/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp +++ b/services/security_component_service/sa/sa_main/sec_comp_info_helper.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2024 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -34,7 +34,6 @@ namespace { constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_SECURITY_COMPONENT, "SecCompInfoHelper"}; static constexpr double MAX_RECT_PERCENT = 0.1F; // 10% static constexpr double ZERO_OFFSET = 0.0F; -static std::mutex g_renderLock; } void SecCompInfoHelper::AdjustSecCompRect(SecCompBase* comp, float scale) -- Gitee