From c852b29e2509e95cb03befba48975d1706dfb216 Mon Sep 17 00:00:00 2001 From: GengYinzong Date: Fri, 20 Jun 2025 20:33:33 -0700 Subject: [PATCH] fix Signed-off-by: GengYinzong --- .../idl/ohos.fileshare.fileShare.taihe | 19 +++++ .../taihe/fileshare/include/fileshare_taihe.h | 11 +++ .../taihe/fileshare/src/fileshare_taihe.cpp | 84 +++++++++++++++++++ 3 files changed, 114 insertions(+) diff --git a/interfaces/kits/taihe/fileshare/idl/ohos.fileshare.fileShare.taihe b/interfaces/kits/taihe/fileshare/idl/ohos.fileshare.fileShare.taihe index 3d8d7a4b4..0ad3bdf30 100644 --- a/interfaces/kits/taihe/fileshare/idl/ohos.fileshare.fileShare.taihe +++ b/interfaces/kits/taihe/fileshare/idl/ohos.fileshare.fileShare.taihe @@ -29,8 +29,20 @@ struct PolicyInfo { operationMode: i32; } +struct PathPolicyInfo { + path: String; + operationMode: OperationMode; +} + +enum PolicyType: i32 { + TEMPORARY_TYPE = 0, + PERSISTENT_TYPE = 1, +} + function MakePolicyInfo(uri: String, operationMode: i32): PolicyInfo; +function MakePathPolicyInfo(path: String, operationMode: OperationMode): PathPolicyInfo; + @gen_promise("activatePermission") function ActivatePermissionSync( policies: Array @@ -48,3 +60,10 @@ function GrantUriPermissionSync( bundleName:String, flag: @sts_type("wantConstant.Flags") Opaque, ): void; + +@gen_promise("checkPathPermission") +function CheckPathPermissionSync( + tokenID: i32, + policies: Array, + policyType: PolicyType, +): Array; diff --git a/interfaces/kits/taihe/fileshare/include/fileshare_taihe.h b/interfaces/kits/taihe/fileshare/include/fileshare_taihe.h index 532480067..f586db5e1 100644 --- a/interfaces/kits/taihe/fileshare/include/fileshare_taihe.h +++ b/interfaces/kits/taihe/fileshare/include/fileshare_taihe.h @@ -25,9 +25,14 @@ namespace ANI::FileShare { ohos::fileshare::fileShare::PolicyInfo MakePolicyInfo(taihe::string_view uri, int32_t operationMode); + ohos::fileshare::fileShare::PathPolicyInfo MakePathPolicyInfo(taihe::string_view path, + ohos::fileshare::fileShare::OperationMode operationMode); void ActivatePermissionSync(taihe::array_view policies); void DeactivatePermissionSync(taihe::array_view policies); void GrantUriPermissionSync(taihe::string_view uri, taihe::string_view bundleName, uintptr_t flag); + taihe::array CheckPathPermissionSync(int32_t tokenID, + taihe::array_view policies, + ohos::fileshare::fileShare::PolicyType policyType); struct PolicyErrorArgs { std::deque errorResults; @@ -35,6 +40,12 @@ namespace ANI::FileShare { ~PolicyErrorArgs() = default; }; + struct PolicyInfoResultArgs { + std::vector resultData; + int32_t errNo = 0; + ~PolicyInfoResultArgs() = default; + }; + struct UriPermissionInfo { unsigned int flag; std::string mode; diff --git a/interfaces/kits/taihe/fileshare/src/fileshare_taihe.cpp b/interfaces/kits/taihe/fileshare/src/fileshare_taihe.cpp index 9460fc89b..0c9303929 100644 --- a/interfaces/kits/taihe/fileshare/src/fileshare_taihe.cpp +++ b/interfaces/kits/taihe/fileshare/src/fileshare_taihe.cpp @@ -16,6 +16,7 @@ #include "fileshare_taihe.h" #include #include "ability.h" +#include "accesstoken_kit.h" #include "ani.h" #include "datashare_helper.h" #include "datashare_values_bucket.h" @@ -56,6 +57,12 @@ ohos::fileshare::fileShare::PolicyInfo MakePolicyInfo(taihe::string_view uri, in return {uri, operationMode}; } +ohos::fileshare::fileShare::PathPolicyInfo MakePathPolicyInfo(taihe::string_view path, + ohos::fileshare::fileShare::OperationMode operationMode) +{ + return {path, operationMode}; +} + static int32_t GetUriPoliciesArg(taihe::array_view policies, std::vector &uriPolicies) { @@ -82,6 +89,32 @@ static int32_t GetUriPoliciesArg(taihe::array_view policies, + std::vector &pathPolicies) +{ + uint32_t count = policies.size(); + if (count > OHOS::AppFileService::MAX_ARRAY_SIZE) { + LOGE("The length of the array is extra-long"); + return E_PARAMS; + } + for (uint32_t i = 0; i < count; i++) { + OHOS::AppFileService::PathPolicyInfo pathPolicie; + pathPolicie.path = policies[i].path; + pathPolicie.mode = policies[i].operationMode; + if (pathPolicie.path == FILE_NOPS) { + LOGE("path is empty"); + return E_PARAMS; + } + if (pathPolicie.mode != READ_MODE && pathPolicie.mode != WRITE_MODE && + pathPolicie.mode != (READ_MODE | WRITE_MODE)) { + LOGE("Invalid operation mode"); + return E_PARAMS; + } + pathPolicies.emplace_back(pathPolicie); + } + return E_NO_ERROR; +} + void ActivatePermissionSync(taihe::array_view policies) { std::vector uriPolicies; @@ -135,6 +168,12 @@ static bool IsSystemApp() return OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId); } +static bool CheckTokenIdPermission(uint32_t tokenCaller, const std::string &permission) +{ + return OHOS::Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission) == + OHOS::Security::AccessToken::PermissionState::PERMISSION_GRANTED; +} + static int32_t GetIdFromUri(std::string uri) { std::replace(uri.begin(), uri.end(), '/', ' '); @@ -294,11 +333,56 @@ void GrantUriPermissionSync(taihe::string_view uri, taihe::string_view bundleNam taihe::set_business_error(-ret, "fileShare::GrantUriPermission failed"); } } + +taihe::array CheckPathPermissionSync(int32_t tokenID, + taihe::array_view policies, + ohos::fileshare::fileShare::PolicyType policyType) +{ + if (!IsSystemApp()) { + LOGE("fileShare::CheckPathPermissionSync is not System App!"); + taihe::set_business_error(E_PERMISSION_SYS, "fileShare::CheckPathPermissionSync is not System App!"); + return taihe::array::make(0); + } + + int32_t callerTokenId = static_cast(OHOS::IPCSkeleton::GetCallingTokenID()); + if (tokenID != callerTokenId) { + if (!CheckTokenIdPermission(callerTokenId, "ohos.permission.CHECK_SANDBOX_POLICY")) { + taihe::set_business_error(E_PERMISSION, "fileShare::CheckPathPermissionSync checkPermission failed!"); + return taihe::array::make(0); + } + } + + std::vector pathPolicies; + if (GetPathPoliciesArg(policies, pathPolicies)) { + LOGE("Failed to get pathPolicies."); + taihe::set_business_error(E_PARAMS, "Failed to get pathPolicies."); + return taihe::array::make(0); + } + + std::shared_ptr arg = std::make_shared(); + if (arg == nullptr) { + LOGE("PolicyInfoResultArgs make make_shared failed."); + taihe::set_business_error(E_UNKNOWN_ERROR, "PolicyInfoResultArgs make make_shared failed."); + return taihe::array::make(0); + } + + arg->errNo = OHOS::AppFileService::FilePermission::CheckPathPermission(tokenID, + pathPolicies, policyType, arg->resultData); + if (arg->errNo) { + LOGE("Activation failed."); + taihe::set_business_error(arg->errNo, "Activation failed."); + return taihe::array::make(0); + } + taihe::array result(taihe::copy_data_t{}, arg->resultData.begin(), arg->resultData.size()); + return result; +} } // namespace // NOLINTBEGIN TH_EXPORT_CPP_API_MakePolicyInfo(ANI::FileShare::MakePolicyInfo); +TH_EXPORT_CPP_API_MakePathPolicyInfo(ANI::FileShare::MakePathPolicyInfo); TH_EXPORT_CPP_API_ActivatePermissionSync(ANI::FileShare::ActivatePermissionSync); TH_EXPORT_CPP_API_DeactivatePermissionSync(ANI::FileShare::DeactivatePermissionSync); TH_EXPORT_CPP_API_GrantUriPermissionSync(ANI::FileShare::GrantUriPermissionSync); +TH_EXPORT_CPP_API_CheckPathPermissionSync(ANI::FileShare::CheckPathPermissionSync); // NOLINTEND -- Gitee