From fcffa4fb3b09224be79296be707ac591a5a26da9 Mon Sep 17 00:00:00 2001 From: Haryslee Date: Sat, 28 Jun 2025 08:46:15 +0800 Subject: [PATCH] fix: delete HasCustom interface from security component Signed-off-by: Haryslee --- .../accesstoken/include/accesstoken_kit.h | 6 ++++++ .../accesstoken/libaccesstoken_sdk.map | 1 + .../accesstoken/src/accesstoken_kit.cpp | 5 +++++ .../src/accesstoken_manager_client.cpp | 18 ++++++++++++++++++ .../src/accesstoken_manager_client.h | 1 + .../security_component_grant_test.cpp | 11 +++++++++++ .../idl/IAccessTokenManager.idl | 1 + .../service/accesstoken_manager_service.h | 1 + .../service/accesstoken_manager_service.cpp | 13 +++++++++++++ 9 files changed, 57 insertions(+) diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h index 1e9ceb137..0cac3cef5 100644 --- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h +++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h @@ -559,6 +559,12 @@ public: * @return bool */ static bool IsToastShownNeeded(int32_t pid); + + /** + * @brief whether the process has the custom permission of save button + * @return bool + */ + static bool HasCustomPermissionForSecComp(); }; } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map index 6ff38a5da..a836cfdf8 100644 --- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map +++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map @@ -86,6 +86,7 @@ "OHOS::Security::AccessToken::AccessTokenKit::UpdateSecCompEnhance(int, unsigned int)"; "OHOS::Security::AccessToken::AccessTokenKit::GetSecCompEnhance(int, OHOS::Security::AccessToken::SecCompEnhanceData&)"; "OHOS::Security::AccessToken::AccessTokenKit::IsToastShownNeeded(int)"; + "OHOS::Security::AccessToken::AccessTokenKit::HasCustomPermissionForSecComp()"; "OHOS::Security::AccessToken::AccessTokenKit::GetKernelPermissions(unsigned int, std::__h::vector>&)"; "OHOS::Security::AccessToken::AccessTokenKit::GetSelfPermissionStatus(std::__h::basic_string, std::__h::allocator> const&, OHOS::Security::AccessToken::TypePermissionOper&)"; OHOS::Security::AccessToken::AccessTokenKit::IsSystemAppByFullTokenID*; diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp index 9e64a8b7a..c2f219a12 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp @@ -862,6 +862,11 @@ bool AccessTokenKit::IsToastShownNeeded(int32_t pid) { return AccessTokenManagerClient::GetInstance().IsToastShownNeeded(pid); } + +bool AccessTokenKit::HasCustomPermissionForSecComp() +{ + return AccessTokenManagerClient::GetInstance().HasCustomPermissionForSecComp(); +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp index 1f35651ae..b828b7110 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp @@ -1264,6 +1264,24 @@ bool AccessTokenManagerClient::IsToastShownNeeded(int32_t pid) return needToShow; } + +bool AccessTokenManagerClient::HasCustomPermissionForSecComp() +{ + auto proxy = GetProxy(); + if (proxy == nullptr) { + LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null."); + return false; + } + + bool hasCustomPermission; + int32_t errCode = proxy->HasCustomPermissionForSecComp(hasCustomPermission); + if (errCode != RET_SUCCESS) { + LOGE(ATM_DOMAIN, ATM_TAG, "Request fail, result: %{public}d", errCode); + return false; + } + + return hasCustomPermission; +} } // namespace AccessToken } // namespace Security } // namespace OHOS diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h index 64ddbd8c6..d22599d29 100644 --- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h +++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h @@ -119,6 +119,7 @@ public: int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceData& enhance); #endif // SECURITY_COMPONENT_ENHANCE_ENABLE bool IsToastShownNeeded(int32_t pid); + bool HasCustomPermissionForSecComp(); private: AccessTokenManagerClient(); diff --git a/interfaces/innerkits/accesstoken/test/unittest/SecurityComponentTest/security_component_grant_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/SecurityComponentTest/security_component_grant_test.cpp index 6cb648279..19859ad77 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/SecurityComponentTest/security_component_grant_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/SecurityComponentTest/security_component_grant_test.cpp @@ -583,6 +583,17 @@ HWTEST_F(SecurityComponentGrantTest, IsToastShownNeededTest001, TestSize.Level0) EXPECT_EQ(false, AccessTokenKit::IsToastShownNeeded(pid)); } +/** + * @tc.name: HasCustomPermissionForSecCompTest001 + * @tc.desc: test whether the app has the custom permission of save button. + * @tc.type: FUNC + * @tc.require:Issue Number + */ +HWTEST_F(SecurityComponentGrantTest, HasCustomPermissionForSecCompTest001, TestSize.Level0) +{ + EXPECT_EQ(false, AccessTokenKit::HasCustomPermissionForSecComp()); +} + #ifdef SECURITY_COMPONENT_ENHANCE_ENABLE /** * @tc.name: RegisterSecCompEnhance001 diff --git a/services/accesstokenmanager/idl/IAccessTokenManager.idl b/services/accesstokenmanager/idl/IAccessTokenManager.idl index d2e29972a..82b8ce9a8 100644 --- a/services/accesstokenmanager/idl/IAccessTokenManager.idl +++ b/services/accesstokenmanager/idl/IAccessTokenManager.idl @@ -92,4 +92,5 @@ interface OHOS.Security.AccessToken.IAccessTokenManager{ [ipccode 102, macrodef SECURITY_COMPONENT_ENHANCE_ENABLE] void UpdateSecCompEnhance([in] int pid, [in] unsigned int seqNum); [ipccode 103, macrodef SECURITY_COMPONENT_ENHANCE_ENABLE] void GetSecCompEnhance([in] int pid, [out] SecCompEnhanceDataParcel enhanceParcel); [ipccode 104] void IsToastShownNeeded([in] int pid, [out] boolean needToShow); + [ipccode 105] void HasCustomPermissionForSecComp([out] boolean hasCustomPermission); } diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h index 8d70754ed..1441db5dd 100644 --- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h +++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h @@ -106,6 +106,7 @@ public: int32_t GetSecCompEnhance(int32_t pid, SecCompEnhanceDataParcel& enhanceParcel) override; #endif int32_t IsToastShownNeeded(int32_t pid, bool& needToShow) override; + int32_t HasCustomPermissionForSecComp(bool& hasCustomPermission) override; #ifdef TOKEN_SYNC_ENABLE int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override; diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp index b4a333560..cab61a5cf 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp @@ -81,6 +81,7 @@ const std::string REVOKE_SENSITIVE_PERMISSIONS = "ohos.permission.REVOKE_SENSITI const std::string GET_SENSITIVE_PERMISSIONS = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; const std::string DISABLE_PERMISSION_DIALOG = "ohos.permission.DISABLE_PERMISSION_DIALOG"; const std::string GRANT_SHORT_TERM_WRITE_MEDIAVIDEO = "ohos.permission.GRANT_SHORT_TERM_WRITE_MEDIAVIDEO"; +const std::string CUSTOMIZE_SAVE_BUTTON = "ohos.permission.CUSTOMIZE_SAVE_BUTTON"; static constexpr int32_t SA_ID_ACCESSTOKEN_MANAGER_SERVICE = 3503; @@ -1741,6 +1742,18 @@ int32_t AccessTokenManagerService::IsToastShownNeeded(int32_t pid, bool& needToS needToShow = SecCompMonitor::GetInstance().IsToastShownNeeded(pid); return RET_SUCCESS; } + +int32_t AccessTokenManagerService::HasCustomPermissionForSecComp(bool& hasCustomPermission) +{ + AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID(); + int32_t res = AccessTokenInfoManager::GetInstance().VerifyAccessToken(callingTokenID, CUSTOMIZE_SAVE_BUTTON); + hasCustomPermission = (res == PERMISSION_GRANTED) ? true : false; + + LOGD(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, permission: %{public}s, res %{public}d", + callingTokenID, CUSTOMIZE_SAVE_BUTTON.c_str(), res); + + return RET_SUCCESS; +} } // namespace AccessToken } // namespace Security } // namespace OHOS -- Gitee