From ab358e016209816ed02b1703d87237c26be7f41e Mon Sep 17 00:00:00 2001
From: wangchen <wangchen240@huawei.com>
Date: Sat, 17 May 2025 17:45:05 +0800
Subject: [PATCH] =?UTF-8?q?[Bug]:=20=E4=BF=AE=E6=94=B9=E5=AA=92=E4=BD=93?=
 =?UTF-8?q?=E5=BA=93=E6=94=AF=E6=8C=81=E8=83=BD=E5=8A=9B=E5=88=A4=E6=96=AD?=
 =?UTF-8?q?=20close=20#IC8IDR=20Signed-off-by:=20wangchen=20<wangchen240@h?=
 =?UTF-8?q?uawei.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../native/file_share/src/file_permission.cpp | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/interfaces/innerkits/native/file_share/src/file_permission.cpp b/interfaces/innerkits/native/file_share/src/file_permission.cpp
index c21bfd3ce..feaaa7cc3 100644
--- a/interfaces/innerkits/native/file_share/src/file_permission.cpp
+++ b/interfaces/innerkits/native/file_share/src/file_permission.cpp
@@ -58,20 +58,26 @@ const std::unordered_map<std::string, std::string> permissionPathMap = {
 #ifdef SANDBOX_MANAGER
 namespace {
 
-bool CheckValidUri(const string &uriStr)
+bool CheckValidUri(const string &uriStr, const string &path, bool checkAccess)
 {
     if (uriStr.find(FILE_SCHEME_PREFIX) != 0) {
         LOGE("Incorrect URI format!");
         return false;
     }
+    if (uriStr.find(NETWORK_PARA) != string::npos) {
+        LOGE("the URI is not the current device URI");
+        return false;
+    }
+    // Only Media path can skip access check
     Uri uri(uriStr);
     std::string bundleName = uri.GetAuthority();
     if (bundleName == MEDIA_AUTHORITY) {
-        LOGE("the URI is media URI");
-        return false;
+        LOGI("media path, skip access check");
+        return true;
     }
-    if (uriStr.find(NETWORK_PARA) != string::npos) {
-        LOGE("the URI is not the current device URI");
+    // check if path can be accessed
+    if (checkAccess && (access(path.c_str(), F_OK) != 0)) {
+        LOGE("access path failed");
         return false;
     }
     return true;
@@ -181,7 +187,7 @@ vector<PolicyInfo> FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect
     for (auto uriPolicy : uriPolicies) {
         AppFileService::ModuleFileUri::FileUri fileuri(uriPolicy.uri);
         string path = fileuri.GetRealPath();
-        if (!CheckValidUri(uriPolicy.uri) || access(path.c_str(), F_OK) != 0) {
+        if (!CheckValidUri(uriPolicy.uri, path, true)) {
             LOGE("Not correct uri!");
             PolicyErrorResult result = {uriPolicy.uri, PolicyErrorCode::INVALID_PATH, INVALID_PATH_MESSAGE};
             errorResults.emplace_back(result);
@@ -200,7 +206,7 @@ vector<PolicyInfo> FilePermission::GetPathPolicyInfoFromUriPolicyInfo(const vect
     for (const auto &uriPolicy : uriPolicies) {
         AppFileService::ModuleFileUri::FileUri fileuri(uriPolicy.uri);
         string path = fileuri.GetRealPath();
-        if (!CheckValidUri(uriPolicy.uri)) {
+        if (!CheckValidUri(uriPolicy.uri, path, false)) {
             LOGE("Not correct uri!");
             errorResults.emplace_back(false);
         } else {
-- 
Gitee