From 2f0f7dffb6f873e98f2feda68c7a80cb4fed0dad Mon Sep 17 00:00:00 2001 From: yds Date: Mon, 23 Jun 2025 17:13:09 +0800 Subject: [PATCH 1/3] add native mic permission Signed-off-by:liuyan --- frameworks/common/include/data_validator.h | 1 + frameworks/common/src/data_validator.cpp | 11 ++++++++ .../innerkits/privacy/src/privacy_kit.cpp | 10 ++++---- .../src/record/permission_record_manager.cpp | 25 +++++++++++++++++++ 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/frameworks/common/include/data_validator.h b/frameworks/common/include/data_validator.h index 5fd826d6e..90fd0eaae 100644 --- a/frameworks/common/include/data_validator.h +++ b/frameworks/common/include/data_validator.h @@ -57,6 +57,7 @@ public: static bool IsPolicyTypeValid(uint32_t type); static bool IsCallerTypeValid(uint32_t type); static bool IsHapCaller(AccessTokenID id); + static bool IsNativeCaller(AccessTokenID id); static bool IsAclExtendedMapSizeValid(const std::map& aclExtendedMap); static bool IsAclExtendedMapContentValid(const std::string& permissionName, const std::string& value); diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp index 329636c47..9b8c6a793 100644 --- a/frameworks/common/src/data_validator.cpp +++ b/frameworks/common/src/data_validator.cpp @@ -213,6 +213,17 @@ bool DataValidator::IsHapCaller(AccessTokenID id) } return true; } + +bool DataValidator::IsNativeCaller(AccessTokenID id) +{ + AccessTokenIDInner *idInner = reinterpret_cast(&id); + ATokenTypeEnum type = static_cast(idInner->type); + if (type != TOKEN_NATIVE) { + LOGE(ATM_DOMAIN, ATM_TAG, "Not Native(%{public}d).", id); + return false; + } + return true; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/privacy/src/privacy_kit.cpp b/interfaces/innerkits/privacy/src/privacy_kit.cpp index 786a9812b..73fe5ac8b 100644 --- a/interfaces/innerkits/privacy/src/privacy_kit.cpp +++ b/interfaces/innerkits/privacy/src/privacy_kit.cpp @@ -86,7 +86,7 @@ int32_t PrivacyKit::AddPermissionUsedRecord(const AddPermParamInfo& info, bool a (!DataValidator::IsPermissionUsedTypeValid(info.type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(info.tokenId)) { + if (!DataValidator::IsHapCaller(info.tokenId) && !DataValidator::IsNativeCaller(info.tokenId)) { return PrivacyError::ERR_PARAM_INVALID; } @@ -128,7 +128,7 @@ int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::strin (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, type); @@ -142,7 +142,7 @@ int32_t PrivacyKit::StartUsingPermission(AccessTokenID tokenID, const std::strin (!DataValidator::IsPermissionUsedTypeValid(type))) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StartUsingPermission(tokenID, pid, permissionName, callback, type); @@ -153,7 +153,7 @@ int32_t PrivacyKit::StopUsingPermission(AccessTokenID tokenID, const std::string if (!DataValidator::IsTokenIDValid(tokenID) || !DataValidator::IsPermissionNameValid(permissionName)) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().StopUsingPermission(tokenID, pid, permissionName); @@ -164,7 +164,7 @@ int32_t PrivacyKit::RemovePermissionUsedRecords(AccessTokenID tokenID) if (!DataValidator::IsTokenIDValid(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } - if (!DataValidator::IsHapCaller(tokenID)) { + if (!DataValidator::IsHapCaller(tokenID) && !DataValidator::IsNativeCaller(tokenID)) { return PrivacyError::ERR_PARAM_INVALID; } return PrivacyManagerClient::GetInstance().RemovePermissionUsedRecords(tokenID); diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 35c820307..37a879db5 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -417,6 +417,12 @@ bool PermissionRecordManager::CheckPermissionUsedRecordToggleStatus(int32_t user int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& info) { + //TODO 确认是否依赖这两个权限 + if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(info.tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d isGranted(%{public}d).", info.tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } HapTokenInfo tokenInfo; if (AccessTokenKit::GetHapTokenInfo(info.tokenId, tokenInfo) != Constant::SUCCESS) { LOGE(PRI_DOMAIN, PRI_TAG, "Invalid tokenId(%{public}d).", info.tokenId); @@ -1295,6 +1301,13 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn LOGI(PRI_DOMAIN, PRI_TAG, "Id: %{public}u, pid: %{public}d, perm: %{public}s, type: %{public}d, callerPid: %{public}d.", tokenId, info.pid, permissionName.c_str(), info.type, callerPid); + + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; @@ -1368,6 +1381,12 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn int32_t PermissionRecordManager::StopUsingPermission( AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid) { + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Not hap(%{public}d).", tokenId); return PrivacyError::ERR_PARAM_INVALID; @@ -1451,6 +1470,12 @@ bool PermissionRecordManager::IsAllowedUsingMicrophone(AccessTokenID tokenId, in bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, const std::string& permissionName, int32_t pid) { + if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); + return isGranted; + } + if (AccessTokenKit::GetTokenTypeFlag(tokenId) != TOKEN_HAP) { LOGD(PRI_DOMAIN, PRI_TAG, "Id(%{public}d) is not hap.", tokenId); return false; -- Gitee From 7c9659d9e3917731af5b5c2e7d8aea9f62a22abb Mon Sep 17 00:00:00 2001 From: yds Date: Mon, 23 Jun 2025 20:58:29 +0800 Subject: [PATCH 2/3] add native mic permission signed-off-by:ly --- .../privacymanager/src/record/permission_record_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 37a879db5..9d62e4b46 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -1303,7 +1303,7 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn tokenId, info.pid, permissionName.c_str(), info.type, callerPid); if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { - bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; } @@ -1382,7 +1382,7 @@ int32_t PermissionRecordManager::StopUsingPermission( AccessTokenID tokenId, int32_t pid, const std::string& permissionName, int32_t callerPid) { if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { - bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED); LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; } -- Gitee From 4f6ed6f4dc89ff3b751b1776f14ba2ac95410468 Mon Sep 17 00:00:00 2001 From: yds Date: Mon, 23 Jun 2025 21:30:21 +0800 Subject: [PATCH 3/3] add native mic permission signed-off-by:ly --- .../privacymanager/src/record/permission_record_manager.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/services/privacymanager/src/record/permission_record_manager.cpp b/services/privacymanager/src/record/permission_record_manager.cpp index 9d62e4b46..d2333cd4b 100644 --- a/services/privacymanager/src/record/permission_record_manager.cpp +++ b/services/privacymanager/src/record/permission_record_manager.cpp @@ -419,7 +419,7 @@ int32_t PermissionRecordManager::AddPermissionUsedRecord(const AddPermParamInfo& { //TODO 确认是否依赖这两个权限 if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) == TOKEN_NATIVE) { - bool isGranted = (AccessTokenKit::VerifyAccessToken(info.tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + bool isGranted = (AccessTokenKit::VerifyAccessToken(info.tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED); LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d isGranted(%{public}d).", info.tokenId, isGranted); return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; } @@ -1303,7 +1303,7 @@ int32_t PermissionRecordManager::StartUsingPermission(const PermissionUsedTypeIn tokenId, info.pid, permissionName.c_str(), info.type, callerPid); if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { - bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED); LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); return isGranted ? Constant::SUCCESS : PrivacyError::ERR_PARAM_INVALID; } @@ -1471,7 +1471,7 @@ bool PermissionRecordManager::IsAllowedUsingPermission(AccessTokenID tokenId, co int32_t pid) { if (AccessTokenKit::GetTokenTypeFlag(tokenId) == TOKEN_NATIVE) { - bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGRUND") == PERMISSION_GRANTED); + bool isGranted = (AccessTokenKit::VerifyAccessToken(tokenId, "ohos.permission.MICROPHONE_BACKGROUND") == PERMISSION_GRANTED); LOGI(PRI_DOMAIN, PRI_TAG, "native tokenId(%{public}d) isGranted(%{public}d).", tokenId, isGranted); return isGranted; } -- Gitee