From 585c2db659bf20f8edd7d34bc1aaf9b1ea6a584b Mon Sep 17 00:00:00 2001 From: chenkai008 Date: Thu, 23 Jun 2022 14:54:01 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chenkai008 --- .../file_access/include/file_ext_stub.h | 2 ++ .../file_access/src/file_ext_stub.cpp | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/frameworks/innerkits/file_access/include/file_ext_stub.h b/frameworks/innerkits/file_access/include/file_ext_stub.h index 101f7c55..663cbcc7 100644 --- a/frameworks/innerkits/file_access/include/file_ext_stub.h +++ b/frameworks/innerkits/file_access/include/file_ext_stub.h @@ -40,6 +40,8 @@ private: ErrCode CmdListFile(MessageParcel &data, MessageParcel &reply); ErrCode CmdGetRoots(MessageParcel &data, MessageParcel &reply); + bool CheckCallingPermission(const std::string &permission); + using RequestFuncType = int (FileExtStub::*)(MessageParcel &data, MessageParcel &reply); std::map stubFuncMap_; }; diff --git a/frameworks/innerkits/file_access/src/file_ext_stub.cpp b/frameworks/innerkits/file_access/src/file_ext_stub.cpp index 5a684593..72bedb05 100644 --- a/frameworks/innerkits/file_access/src/file_ext_stub.cpp +++ b/frameworks/innerkits/file_access/src/file_ext_stub.cpp @@ -15,7 +15,9 @@ #include "file_ext_stub.h" +#include "accesstoken_kit.h" #include "hilog_wrapper.h" +#include "ipc_skeleton.h" namespace OHOS { namespace FileAccessFwk { @@ -42,6 +44,12 @@ int FileExtStub::OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParc MessageOption& option) { HILOG_INFO("%{public}s Received stub message: %{public}d", __func__, code); + std::string permission = "ohos.permission.FILE_ACCESS_MANAGER"; + if(!CheckCallingPermission(permission)) { + HILOG_ERROR("FileExtStub::%{public}s permission error", __func__); + return ERR_UNKNOWN_REASON; + } + std::u16string descriptor = FileExtStub::GetDescriptor(); std::u16string remoteDescriptor = data.ReadInterfaceToken(); if (descriptor != remoteDescriptor) { @@ -312,5 +320,16 @@ ErrCode FileExtStub::CmdGetRoots(MessageParcel &data, MessageParcel &reply) HILOG_INFO("%{public}s end.", __func__); return NO_ERROR; } + +bool FileExtStub::CheckCallingPermission(const std::string &permission) +{ + Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID(); + int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission); + if (res != Security::AccessToken::PermissionState::PERMISSION_GRANTED) { + HILOG_ERROR("FileExtStub::CheckCallingPermission have no fileAccess permission"); + return false; + } + return true; +} } // namespace FileAccessFwk } // namespace OHOS -- Gitee From 568561edc395a2e5f625d8174512cc3b430d0952 Mon Sep 17 00:00:00 2001 From: chenkai008 Date: Thu, 23 Jun 2022 15:10:34 +0800 Subject: [PATCH 2/2] add space Signed-off-by: chenkai008 --- frameworks/innerkits/file_access/src/file_ext_stub.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameworks/innerkits/file_access/src/file_ext_stub.cpp b/frameworks/innerkits/file_access/src/file_ext_stub.cpp index 72bedb05..2abc075a 100644 --- a/frameworks/innerkits/file_access/src/file_ext_stub.cpp +++ b/frameworks/innerkits/file_access/src/file_ext_stub.cpp @@ -45,7 +45,7 @@ int FileExtStub::OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParc { HILOG_INFO("%{public}s Received stub message: %{public}d", __func__, code); std::string permission = "ohos.permission.FILE_ACCESS_MANAGER"; - if(!CheckCallingPermission(permission)) { + if (!CheckCallingPermission(permission)) { HILOG_ERROR("FileExtStub::%{public}s permission error", __func__); return ERR_UNKNOWN_REASON; } -- Gitee