diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h index 71c34e2c263d141b367f75750f31d7b4fe3cf74d..7d07e2be6ee23747d44be9aaf89363408dd86136 100644 --- a/interfaces/innerkits/nativetoken/include/nativetoken.h +++ b/interfaces/innerkits/nativetoken/include/nativetoken.h @@ -44,6 +44,7 @@ extern "C" { #define MAX_PARAMTER_LEN 128 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup" #define PATH_MAX_LEN 4096 +#define INVALID_NATIVE_TOKENID 0 #define ATRET_FAILED 1 #define ATRET_SUCCESS 0 diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index b890f10026fb736332da4b28849280847b371962..c3ec046bc040d5b79d2bb11f7826d7dfdd939e3d 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -38,12 +38,12 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_FAILED; } - if ((fileStat.st_size < 0) || (fileStat.st_size > MAX_JSON_FILE_LEN)) { + if (fileStat.st_size > MAX_JSON_FILE_LEN) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file size is invalid.", __func__); return ATRET_FAILED; } - int32_t fileSize = (int32_t)fileStat.st_size; + size_t fileSize = fileStat.st_size; FILE *cfgFd = fopen(filePath, "r"); if (cfgFd == NULL) { @@ -51,7 +51,7 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_FAILED; } - char *buff = (char *)malloc((size_t)(fileSize + 1)); + char *buff = (char *)malloc(fileSize + 1); if (buff == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__); fclose(cfgFd); @@ -71,7 +71,7 @@ int32_t GetFileBuff(const char *cfg, char **retBuff) return ATRET_SUCCESS; } -void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num) +static void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num) { for (int32_t i = 0; i <= num; i++) { if (dcaps[i] != NULL) { @@ -81,7 +81,7 @@ void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num) } } -uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME); if (cJSON_IsString(processNameJson) == 0 || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) { @@ -96,18 +96,25 @@ uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetTokenIdFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *tokenIdJson = cJSON_GetObjectItem(cjsonItem, TOKENID_KEY_NAME); if ((cJSON_IsNumber(tokenIdJson) == 0) || (cJSON_GetNumberValue(tokenIdJson) <= 0)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenIdJson is invalid.", __func__); return ATRET_FAILED; } + + AtInnerInfo *atIdInfo = &(tokenIdJson->valueint); + if (atIdInfo->type != TOKEN_NATIVE_TYPE) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenId type is invalid.", __func__); + return ATRET_FAILED; + } + tokenNode->tokenId = (NativeAtId)tokenIdJson->valueint; return ATRET_SUCCESS; } -uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *aplJson = cJSON_GetObjectItem(cjsonItem, APL_KEY_NAME); if (cJSON_IsNumber(aplJson) == 0) { @@ -123,20 +130,24 @@ uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) +static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) { cJSON *dcapsJson = cJSON_GetObjectItem(cjsonItem, DCAPS_KEY_NAME); int32_t dcapSize = cJSON_GetArraySize(dcapsJson); tokenNode->dcapsNum = dcapSize; + if (dcapSize > MAX_DCAPS_NUM) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapSize = %d is invalid.", __func__, dcapSize); + return ATRET_FAILED; + } for (int32_t i = 0; i < dcapSize; i++) { cJSON *dcapItem = cJSON_GetArrayItem(dcapsJson, i); - if (dcapItem == NULL) { + if (dcapItem == NULL || cJSON_IsString(dcapItem) == 0 || dcapItem->valuestring == NULL) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__); return ATRET_FAILED; } size_t length = strlen(dcapItem->valuestring); - if (cJSON_IsString(dcapItem) == 0 || (length > MAX_DCAP_LEN)) { + if (length > MAX_DCAP_LEN) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapItem is invalid.", __func__); return ATRET_FAILED; } @@ -155,7 +166,7 @@ uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode) return ATRET_SUCCESS; } -int32_t GetTokenList(const cJSON *object) +static int32_t GetTokenList(const cJSON *object) { int32_t arraySize; int32_t i; @@ -194,16 +205,13 @@ int32_t GetTokenList(const cJSON *object) return ATRET_SUCCESS; } -int32_t ParseTokenInfo(const char *filename) +static int32_t ParseTokenInfo(void) { char *fileBuff = NULL; cJSON *record = NULL; int32_t ret; - if (filename == NULL || filename[0] == '\0') { - return ATRET_FAILED; - } - ret = GetFileBuff(filename, &fileBuff); + ret = GetFileBuff(TOKEN_ID_CFG_FILE_PATH, &fileBuff); if (ret != ATRET_SUCCESS) { return ret; } @@ -220,7 +228,30 @@ int32_t ParseTokenInfo(const char *filename) return ret; } -int32_t AtlibInit(void) +static int32_t CreateCfgFile(void) +{ + int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP); + if (fd < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); + return ATRET_FAILED; + } + close(fd); + + struct stat buf; + if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat folder path is invalid %d.", + __func__, errno); + return ATRET_FAILED; + } + if (chown(TOKEN_ID_CFG_FILE_PATH, buf.st_uid, buf.st_gid) != 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); + return ATRET_FAILED; + } + + return ATRET_SUCCESS; +} + +static int32_t AtlibInit(void) { g_tokenListHead = (NativeTokenList *)malloc(sizeof(NativeTokenList)); if (g_tokenListHead == NULL) { @@ -229,18 +260,22 @@ int32_t AtlibInit(void) } g_tokenListHead->next = NULL; - int32_t ret = ParseTokenInfo(TOKEN_ID_CFG_FILE_PATH); + int32_t ret = ParseTokenInfo(); if (ret != ATRET_SUCCESS) { free(g_tokenListHead); g_tokenListHead = NULL; return ret; } + + if (g_tokenListHead->next == NULL && CreateCfgFile() != ATRET_SUCCESS) { + return ATRET_FAILED; + } g_isNativeTokenInited = 1; return ATRET_SUCCESS; } -int GetRandomTokenId(uint32_t *randNum) +static int GetRandomTokenId(uint32_t *randNum) { uint32_t random; int len; @@ -258,7 +293,7 @@ int GetRandomTokenId(uint32_t *randNum) return ATRET_SUCCESS; } -NativeAtId CreateNativeTokenId(void) +static NativeAtId CreateNativeTokenId(void) { uint32_t rand; NativeAtId tokenId; @@ -276,7 +311,7 @@ NativeAtId CreateNativeTokenId(void) return tokenId; } -int32_t GetAplLevel(const char *aplStr) +static int32_t GetAplLevel(const char *aplStr) { if (aplStr == NULL) { return 0; @@ -293,31 +328,8 @@ int32_t GetAplLevel(const char *aplStr) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:aplStr is invalid.", __func__); return 0; } -int32_t NeedSetUidGid(int16_t *uid, int16_t *gid, int *needSet) -{ - struct stat buf; - if (stat(TOKEN_ID_CFG_FILE_PATH, &buf) == 0) { - *needSet = 0; - return ATRET_SUCCESS; - } - if (errno != ENOENT) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat file path is invalid %d.", - __func__, errno); - return ATRET_FAILED; - } - if (stat(TOKEN_ID_CFG_DIR_PATH, &buf) != 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:stat folder path is invalid %d.", - __func__, errno); - return ATRET_FAILED; - } - *uid = buf.st_uid; - *gid = buf.st_gid; - *needSet = 1; - ACCESSTOKEN_LOG_INFO("[ATLIB-%s]:needSet is true.", __func__); - return ATRET_SUCCESS; -} -void WriteToFile(const cJSON *root) +static void WriteToFile(const cJSON *root) { int32_t strLen; int32_t writtenLen; @@ -330,12 +342,6 @@ void WriteToFile(const cJSON *root) } do { - int16_t uid; - int16_t gid; - int needSet = 0; - if (NeedSetUidGid(&uid, &gid, &needSet) != ATRET_SUCCESS) { - break; - } int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP); if (fd < 0) { @@ -349,17 +355,13 @@ void WriteToFile(const cJSON *root) ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:write failed, writtenLen is %d.", __func__, writtenLen); break; } - if ((needSet == 1) && chown(TOKEN_ID_CFG_FILE_PATH, uid, gid) != 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:chown failed, errno is %d.", __func__, errno); - break; - } } while (0); cJSON_free(jsonStr); return; } -int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr) +static int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr) { cJSON *dcapsArr = cJSON_CreateArray(); if (dcapsArr == NULL) { @@ -436,7 +438,7 @@ static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr) return object; } -void SaveTokenIdToCfg(const NativeTokenList *curr) +static void SaveTokenIdToCfg(const NativeTokenList *curr) { char *fileBuff = NULL; cJSON *record = NULL; @@ -473,8 +475,8 @@ void SaveTokenIdToCfg(const NativeTokenList *curr) return; } -uint32_t CheckProcessInfo(const char *processname, const char **dcaps, - int32_t dacpNum, const char *aplStr, int32_t *aplRet) +static uint32_t CheckProcessInfo(const char *processname, const char **dcaps, + int32_t dcapNum, const char *aplStr, int32_t *aplRet) { if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN || strlen(processname) == 0) { @@ -482,12 +484,12 @@ uint32_t CheckProcessInfo(const char *processname, const char **dcaps, return ATRET_FAILED; } - if (((dcaps == NULL) && (dacpNum != 0)) || dacpNum > MAX_DCAPS_NUM || dacpNum < 0) { - ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dacpNum is invalid.", __func__); + if (((dcaps == NULL) && (dcapNum != 0)) || dcapNum > MAX_DCAPS_NUM || dcapNum < 0) { + ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dcapNum is invalid.", __func__); return ATRET_FAILED; } - for (int32_t i = 0; i < dacpNum; i++) { - if (strlen(dcaps[i]) > MAX_DCAP_LEN) { + for (int32_t i = 0; i < dcapNum; i++) { + if ((dcaps[i] == NULL) || (strlen(dcaps[i]) > MAX_DCAP_LEN)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__); return ATRET_FAILED; } @@ -501,7 +503,7 @@ uint32_t CheckProcessInfo(const char *processname, const char **dcaps, return ATRET_SUCCESS; } -int32_t NativeTokenIdCheck(NativeAtId tokenId) +static int32_t NativeTokenIdCheck(NativeAtId tokenId) { NativeTokenList *tokenNode = g_tokenListHead; while (tokenNode != NULL) { @@ -514,7 +516,7 @@ int32_t NativeTokenIdCheck(NativeAtId tokenId) } static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char **dcapsIn, - int32_t dacpNumIn, int32_t aplIn, NativeAtId *tokenId) + int32_t dcapNumIn, int32_t aplIn, NativeAtId *tokenId) { NativeTokenList *tokenNode; NativeAtId id; @@ -537,11 +539,11 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char free(tokenNode); return ATRET_FAILED; } - tokenNode->dcapsNum = dacpNumIn; + tokenNode->dcapsNum = dcapNumIn; - for (int32_t i = 0; i < dacpNumIn; i++) { + for (int32_t i = 0; i < dcapNumIn; i++) { tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (strlen(dcapsIn[i]) + 1)); - if (tokenNode->dcaps[i] != NULL && + if (tokenNode->dcaps[i] == NULL || (strcpy_s(tokenNode->dcaps[i], strlen(dcapsIn[i]) + 1, dcapsIn[i]) != EOK)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); FreeDcaps(tokenNode->dcaps, i); @@ -558,15 +560,15 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char return ATRET_SUCCESS; } -int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dacpNumIn, int32_t aplIn) +static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) { if (tokenNode->apl != aplIn) { return 1; } - if (tokenNode->dcapsNum != dacpNumIn) { + if (tokenNode->dcapsNum != dcapNumIn) { return 1; } - for (int32_t i = 0; i < dacpNumIn; i++) { + for (int32_t i = 0; i < dcapNumIn; i++) { if (strcmp(tokenNode->dcaps[i], dcapsIn[i]) != 0) { return 1; } @@ -574,7 +576,7 @@ int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int return 0; } -uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dacpNumIn, int32_t aplIn) +static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn) { tokenNode->apl = aplIn; @@ -583,11 +585,11 @@ uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, const char **dcapsIn, tokenNode->dcaps[i] = NULL; } - tokenNode->dcapsNum = dacpNumIn; - for (int32_t i = 0; i < dacpNumIn; i++) { + tokenNode->dcapsNum = dcapNumIn; + for (int32_t i = 0; i < dcapNumIn; i++) { int32_t len = strlen(dcapsIn[i]) + 1; tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * len); - if (tokenNode->dcaps[i] != NULL && (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) { + if (tokenNode->dcaps[i] == NULL || (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) { ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i); FreeDcaps(tokenNode->dcaps, i); return ATRET_FAILED; @@ -596,7 +598,7 @@ uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, const char **dcapsIn, return ATRET_SUCCESS; } -uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) +static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) { cJSON *itemApl = cJSON_CreateNumber(tokenNode->apl); if (itemApl == NULL) { @@ -633,7 +635,7 @@ uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record) return ATRET_SUCCESS; } -uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record) +static uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *record) { int32_t arraySize = cJSON_GetArraySize(record); for (int32_t i = 0; i < arraySize; i++) { @@ -655,7 +657,7 @@ uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON *recor return ATRET_FAILED; } -uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) +static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) { cJSON *record = NULL; char *fileBuff = NULL; @@ -690,7 +692,7 @@ uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode) return ATRET_SUCCESS; } -uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dacpNum, const char *aplStr) +static uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dcapNum, const char *aplStr) { NativeAtId tokenId = 0; uint64_t result = 0; @@ -698,15 +700,15 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d NativeAtIdEx *atPoint = (NativeAtIdEx *)(&result); if ((g_isNativeTokenInited == 0) && (AtlibInit() != ATRET_SUCCESS)) { - return 0; + return INVALID_NATIVE_TOKENID; } - uint32_t ret = CheckProcessInfo(processname, dcaps, dacpNum, aplStr, &apl); + uint32_t ret = CheckProcessInfo(processname, dcaps, dcapNum, aplStr, &apl); if (ret != ATRET_SUCCESS) { - return 0; + return INVALID_NATIVE_TOKENID; } - NativeTokenList *tokenNode = g_tokenListHead; + NativeTokenList *tokenNode = g_tokenListHead->next; while (tokenNode != NULL) { if (strcmp(tokenNode->processName, processname) == 0) { tokenId = tokenNode->tokenId; @@ -716,16 +718,16 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d } if (tokenNode == NULL) { - ret = AddNewTokenToListAndCfgFile(processname, dcaps, dacpNum, apl, &tokenId); + ret = AddNewTokenToListAndCfgFile(processname, dcaps, dcapNum, apl, &tokenId); } else { - int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dacpNum, apl); + int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dcapNum, apl); if (needUpdate != 0) { - ret = UpdateTokenInfoInList(tokenNode, dcaps, dacpNum, apl); + ret = UpdateTokenInfoInList(tokenNode, dcaps, dcapNum, apl); ret |= UpdateTokenInfoInCfgFile(tokenNode); } } if (ret != ATRET_SUCCESS) { - return 0; + return INVALID_NATIVE_TOKENID; } atPoint->tokenId = tokenId;