From 730804bf0bf7b4f0e410867c95f8bad17c6db38f Mon Sep 17 00:00:00 2001 From: bigtea Date: Sat, 28 Jun 2025 16:13:34 +0800 Subject: [PATCH] Use random int by dev Signed-off-by: bigtea --- .../cpp/src/token/accesstoken_id_manager.cpp | 4 +- services/common/BUILD.gn | 1 + services/common/random/include/random.h | 5 +- .../common/random/src/random_dev_urandom.cpp | 48 +++++++++++++++++++ 4 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 services/common/random/src/random_dev_urandom.cpp diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp index fb784db9a..bec5c98d1 100644 --- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp +++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -78,7 +78,7 @@ int AccessTokenIDManager::RegisterTokenId(AccessTokenID id, ATokenTypeEnum type) AccessTokenID AccessTokenIDManager::CreateTokenId(ATokenTypeEnum type, int32_t dlpFlag, int32_t cloneFlag) const { - unsigned int rand = GetRandomUint32(); + uint32_t rand = GetRandomUint32FromUrandom(); if (rand == 0) { LOGE(ATM_DOMAIN, ATM_TAG, "Get random failed"); return 0; diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn index 6fffa17a6..08003e2a9 100644 --- a/services/common/BUILD.gn +++ b/services/common/BUILD.gn @@ -56,6 +56,7 @@ ohos_static_library("accesstoken_service_common") { "database/src/variant_value.cpp", "dfx/src/data_usage_dfx.cpp", "libraryloader/src/libraryloader.cpp", + "random/src/random_dev_urandom.cpp", "random/src/random_openssl.cpp", ] diff --git a/services/common/random/include/random.h b/services/common/random/include/random.h index 29d2e637f..277ca78dc 100644 --- a/services/common/random/include/random.h +++ b/services/common/random/include/random.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021-2022 Huawei Device Co., Ltd. + * Copyright (c) 2021-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,6 +16,8 @@ #ifndef ACCESSTOKEN_RANDOM_H #define ACCESSTOKEN_RANDOM_H +#include + #ifdef __cplusplus #if __cplusplus extern "C" { @@ -23,6 +25,7 @@ extern "C" { #endif unsigned int GetRandomUint32(void); +uint32_t GetRandomUint32FromUrandom(void); #ifdef __cplusplus #if __cplusplus diff --git a/services/common/random/src/random_dev_urandom.cpp b/services/common/random/src/random_dev_urandom.cpp new file mode 100644 index 000000000..fbb411820 --- /dev/null +++ b/services/common/random/src/random_dev_urandom.cpp @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "random.h" + +#include +#include +#include +#include +#include "accesstoken_common_log.h" + +namespace OHOS { +namespace Security { +namespace AccessToken { +extern "C" uint32_t GetRandomUint32FromUrandom(void) +{ + uint64_t accessTokenFdTag = 0xD005A01; + uint32_t random; + int32_t fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to open urandom, errno=%{public}d.", errno); + return 0; + } + fdsan_exchange_owner_tag(fd, 0, accessTokenFdTag); + ssize_t len = read(fd, &random, sizeof(random)); + (void)fdsan_close_with_tag(fd, accessTokenFdTag); + + if (len != sizeof(random)) { + LOGE(ATM_DOMAIN, ATM_TAG, "Failed to read from urandom, errno=%{public}d.", errno); + return 0; + } + return random; +} +} // namespace AccessToken +} // namespace Security +} // namespace OHOS -- Gitee