From ee3cf0f5b8d5cdcb13c0db787466640bde72dad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Tue, 26 Aug 2025 11:02:33 +0000 Subject: [PATCH 1/4] =?UTF-8?q?=E6=96=B0=E5=A2=9Eani=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- frameworks/js/ani/BUILD.gn | 2 + frameworks/js/ani/src/taihe_impl.cpp | 120 ++++++++++++++++++++++++++- 2 files changed, 118 insertions(+), 4 deletions(-) diff --git a/frameworks/js/ani/BUILD.gn b/frameworks/js/ani/BUILD.gn index 8fe5478d..6271c50e 100644 --- a/frameworks/js/ani/BUILD.gn +++ b/frameworks/js/ani/BUILD.gn @@ -50,6 +50,8 @@ ani_deps = [ ani_deps +=foundations_deps ani_external_deps =[ + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", "c_utils:utils", "runtime_core:ani", "runtime_core:libarkruntime", diff --git a/frameworks/js/ani/src/taihe_impl.cpp b/frameworks/js/ani/src/taihe_impl.cpp index 8dc275fc..83342bb8 100644 --- a/frameworks/js/ani/src/taihe_impl.cpp +++ b/frameworks/js/ani/src/taihe_impl.cpp @@ -15,17 +15,22 @@ #include -#include "ohos.update.proj.hpp" -#include "ohos.update.impl.hpp" -#include "taihe/runtime.hpp" - +#include "accesstoken_kit.h" +#include "access_token.h" #include "ani_common_conveter.h" #include "ani_local_updater.h" #include "ani_restorer.h" #include "ani_updater.h" +#include "ipc_skeleton.h" +#include "ohos.update.impl.hpp" +#include "ohos.update.proj.hpp" +#include "taihe/runtime.hpp" +#include "tokenid_kit.h" using namespace OHOS::UpdateService; namespace { +constexpr const pid_t ROOT_UID = 0; +constexpr const pid_t EDM_UID = 3057; class UpdaterImpl { public: explicit UpdaterImpl(const UpgradeInfo &upgradeInfo) : upgradeInfo_(upgradeInfo) {} @@ -216,19 +221,126 @@ private: static inline std::shared_ptr localUpdater_ = nullptr; }; +bool AniIsCallerValid() +{ + OHOS::Security::AccessToken::AccessTokenID callerToken = OHOS::IPCSkeleton::GetCallingTokenID(); + auto callerTokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenType(callerToken); + switch (callerTokenType) { + case OHOS::Security::AccessToken::TypeATokenTypeEnum::TOKEN_HAP: { + uint64_t callerFullTokenID = OHOS::IPCSkeleton::GetCallingFullTokenID(); + // hap进程只允许系统应用调用 + return OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerFullTokenID); + } + case OHOS::Security::AccessToken::TypeATokenTypeEnum::TOKEN_NATIVE: { + pid_t callerUid = OHOS::IPCSkeleton::GetCallingUid(); + // native进程只允许root权限和edm调用 + return callerUid == ROOT_UID || callerUid == EDM_UID; + } + default: + // 其他情况调用予以禁止 + return false; + } +} + +bool AniIsCommonError(CallResult callResult) +{ + return callResult == CallResult::UN_SUPPORT || callResult == CallResult::NOT_SYSTEM_APP || + callResult == CallResult::APP_NOT_GRANTED || callResult == CallResult::PARAM_ERR; +} + +int32_t AniConvertToErrorCode(CallResult callResult) +{ + if (AniIsCommonError(callResult) || callResult == CallResult::SUCCESS) { + return CAST_INT(callResult); + } else { + constexpr int32_t componentErr = 11500000; + return componentErr + CAST_INT(callResult); + } +} + +std::string AniGetPermissionName() +{ + return "ohos.permission.UPDATE_SYSTEM"; +} + +BusinessError AniThrowBusinessError(const std::string &funcName, int32_t ipcRequestCode) +{ + BusinessError businessError; + std::string msg = "execute error"; + const auto ipcCallResult = static_cast(ipcRequestCode); + const std::string callResultStr = std::to_string(AniConvertToErrorCode(ipcCallResult)); + + switch (ipcRequestCode) { + case INT_NOT_SYSTEM_APP: + msg = "BusinessError " + callResultStr + NOT_SYSTEM_APP_INFO.data(); + break; + case INT_APP_NOT_GRANTED: + msg = "BusinessError " + callResultStr + ": Permission denied. An attempt was made to " + funcName + + " forbidden by permission: " + AniGetPermissionName() + "."; + break; + case INT_CALL_IPC_ERR: + msg = "BusinessError " + callResultStr + ": IPC error."; + break; + case INT_UN_SUPPORT: + msg = "BusinessError " + callResultStr + ": Capability not supported. " + "function " + funcName + + " can not work correctly due to limited device capabilities."; + break; + case INT_PARAM_ERR: + msg = "param error"; + break; + case INT_CALL_FAIL: + msg = "BusinessError " + callResultStr + ": Execute fail."; + break; + case INT_FORBIDDEN: + msg = "BusinessError " + callResultStr + ": Forbidden execution."; + break; + case INT_DEV_UPG_INFO_ERR: + msg = "BusinessError " + callResultStr + ": Device info error."; + break; + case INT_TIME_OUT: + msg = "BusinessError " + callResultStr + ": Execute timeout."; + break; + case INT_DB_ERROR: + msg = "BusinessError " + callResultStr + ": DB error."; + break; + case INT_IO_ERROR: + msg = "BusinessError " + callResultStr + ": IO error."; + break; + case INT_NET_ERROR: + msg = "BusinessError " + callResultStr + ": Network error."; + break; + default: + break; + } + businessError.Build(static_cast(ipcRequestCode), msg); + return businessError; +} + ohos::update::Updater GetOnlineUpdater(const ohos::update::UpgradeInfo &upgradeInfo) { + if (!AniIsCallerValid()) { + const BusinessError errInfo = AniThrowBusinessError("GetOnlineUpdater", CAST_INT(CallResult::NOT_SYSTEM_APP)); + taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); + } const auto &info = AniCommonConverter::Converter(upgradeInfo); return taihe::make_holder(info); } ohos::update::Restorer GetRestorer() { + if (!AniIsCallerValid()) { + const BusinessError errInfo = AniThrowBusinessError("GetRestorer", CAST_INT(CallResult::NOT_SYSTEM_APP)); + taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); + } return taihe::make_holder(); } ohos::update::LocalUpdater GetLocalUpdater() { + if (!AniIsCallerValid()) { + const BusinessError errInfo = AniThrowBusinessError("GetLocalUpdater", CAST_INT(CallResult::NOT_SYSTEM_APP)); + taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); + } return taihe::make_holder(); } } // namespace -- Gitee From 778f3d639f410ba2dc4f8e2d144a843f383027f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Wed, 27 Aug 2025 03:32:54 +0000 Subject: [PATCH 2/4] suggestion change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- frameworks/js/ani/src/taihe_impl.cpp | 58 ++++------------------------ 1 file changed, 7 insertions(+), 51 deletions(-) diff --git a/frameworks/js/ani/src/taihe_impl.cpp b/frameworks/js/ani/src/taihe_impl.cpp index 83342bb8..7764c8f8 100644 --- a/frameworks/js/ani/src/taihe_impl.cpp +++ b/frameworks/js/ani/src/taihe_impl.cpp @@ -263,63 +263,19 @@ std::string AniGetPermissionName() return "ohos.permission.UPDATE_SYSTEM"; } -BusinessError AniThrowBusinessError(const std::string &funcName, int32_t ipcRequestCode) +BusinessError AniThrowNotSysAppError() { BusinessError businessError; - std::string msg = "execute error"; - const auto ipcCallResult = static_cast(ipcRequestCode); - const std::string callResultStr = std::to_string(AniConvertToErrorCode(ipcCallResult)); - - switch (ipcRequestCode) { - case INT_NOT_SYSTEM_APP: - msg = "BusinessError " + callResultStr + NOT_SYSTEM_APP_INFO.data(); - break; - case INT_APP_NOT_GRANTED: - msg = "BusinessError " + callResultStr + ": Permission denied. An attempt was made to " + funcName + - " forbidden by permission: " + AniGetPermissionName() + "."; - break; - case INT_CALL_IPC_ERR: - msg = "BusinessError " + callResultStr + ": IPC error."; - break; - case INT_UN_SUPPORT: - msg = "BusinessError " + callResultStr + ": Capability not supported. " + "function " + funcName + - " can not work correctly due to limited device capabilities."; - break; - case INT_PARAM_ERR: - msg = "param error"; - break; - case INT_CALL_FAIL: - msg = "BusinessError " + callResultStr + ": Execute fail."; - break; - case INT_FORBIDDEN: - msg = "BusinessError " + callResultStr + ": Forbidden execution."; - break; - case INT_DEV_UPG_INFO_ERR: - msg = "BusinessError " + callResultStr + ": Device info error."; - break; - case INT_TIME_OUT: - msg = "BusinessError " + callResultStr + ": Execute timeout."; - break; - case INT_DB_ERROR: - msg = "BusinessError " + callResultStr + ": DB error."; - break; - case INT_IO_ERROR: - msg = "BusinessError " + callResultStr + ": IO error."; - break; - case INT_NET_ERROR: - msg = "BusinessError " + callResultStr + ": Network error."; - break; - default: - break; - } - businessError.Build(static_cast(ipcRequestCode), msg); + std::string msg = "BusinessError " + std::to_string(AniConvertToErrorCode(CAST_INT(CallResult::NOT_SYSTEM_APP))) + + NOT_SYSTEM_APP_INFO.data(); + businessError.Build(CallResult::NOT_SYSTEM_APP, msg); return businessError; } ohos::update::Updater GetOnlineUpdater(const ohos::update::UpgradeInfo &upgradeInfo) { if (!AniIsCallerValid()) { - const BusinessError errInfo = AniThrowBusinessError("GetOnlineUpdater", CAST_INT(CallResult::NOT_SYSTEM_APP)); + const BusinessError errInfo = AniThrowNotSysAppError(); taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); } const auto &info = AniCommonConverter::Converter(upgradeInfo); @@ -329,7 +285,7 @@ ohos::update::Updater GetOnlineUpdater(const ohos::update::UpgradeInfo &upgradeI ohos::update::Restorer GetRestorer() { if (!AniIsCallerValid()) { - const BusinessError errInfo = AniThrowBusinessError("GetRestorer", CAST_INT(CallResult::NOT_SYSTEM_APP)); + const BusinessError errInfo = AniThrowNotSysAppError(); taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); } return taihe::make_holder(); @@ -338,7 +294,7 @@ ohos::update::Restorer GetRestorer() ohos::update::LocalUpdater GetLocalUpdater() { if (!AniIsCallerValid()) { - const BusinessError errInfo = AniThrowBusinessError("GetLocalUpdater", CAST_INT(CallResult::NOT_SYSTEM_APP)); + const BusinessError errInfo = AniThrowNotSysAppError(); taihe::set_business_error(AniConvertToErrorCode(errInfo.errorNum), errInfo.message); } return taihe::make_holder(); -- Gitee From 86b874ed9990e510ad272b4a703bc98867732bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Wed, 27 Aug 2025 04:01:02 +0000 Subject: [PATCH 3/4] compile err repair MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- frameworks/js/ani/src/taihe_impl.cpp | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/frameworks/js/ani/src/taihe_impl.cpp b/frameworks/js/ani/src/taihe_impl.cpp index 7764c8f8..6eb82149 100644 --- a/frameworks/js/ani/src/taihe_impl.cpp +++ b/frameworks/js/ani/src/taihe_impl.cpp @@ -258,15 +258,10 @@ int32_t AniConvertToErrorCode(CallResult callResult) } } -std::string AniGetPermissionName() -{ - return "ohos.permission.UPDATE_SYSTEM"; -} - BusinessError AniThrowNotSysAppError() { BusinessError businessError; - std::string msg = "BusinessError " + std::to_string(AniConvertToErrorCode(CAST_INT(CallResult::NOT_SYSTEM_APP))) + + std::string msg = "BusinessError " + std::to_string(AniConvertToErrorCode(CallResult::NOT_SYSTEM_APP)) + NOT_SYSTEM_APP_INFO.data(); businessError.Build(CallResult::NOT_SYSTEM_APP, msg); return businessError; -- Gitee From 64f76fe8330b1f556ad61cc799fcd1bc7d09c1ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E5=8F=8B=E6=9D=BE?= Date: Thu, 28 Aug 2025 07:22:36 +0000 Subject: [PATCH 4/4] =?UTF-8?q?=E7=A9=BA=E6=A0=BC=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 邹友松 --- services/firmware/utils/src/firmware_check_analyze_utils.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/firmware/utils/src/firmware_check_analyze_utils.cpp b/services/firmware/utils/src/firmware_check_analyze_utils.cpp index 67f61121..045dcbce 100644 --- a/services/firmware/utils/src/firmware_check_analyze_utils.cpp +++ b/services/firmware/utils/src/firmware_check_analyze_utils.cpp @@ -127,7 +127,7 @@ int32_t FirmwareCheckAnalyzeUtils::AnalyzeComponents(cJSON *root) // 检查 "descriptInfo" 是否存在 cJSON *itemDescriptInfo = cJSON_GetObjectItemCaseSensitive(root, "descriptInfo"); if (itemDescriptInfo == nullptr) { - FIRMWARE_LOGE("FirmwareCheckAnalyzeUtils::AnalyzeComponents no key descriptInfo"); + FIRMWARE_LOGE("FirmwareCheckAnalyzeUtils::AnalyzeComponents no key descriptInfo"); return CAST_INT(JsonParseError::MISSING_PROP); } -- Gitee