1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "uri_permission_manager_stub_impl.h"
17
18 #include "ability_manager_errors.h"
19 #include "accesstoken_kit.h"
20 #include "app_utils.h"
21 #include "hilog_tag_wrapper.h"
22 #include "hitrace_meter.h"
23 #include "if_system_ability_manager.h"
24 #include "in_process_call_wrapper.h"
25 #include "ipc_skeleton.h"
26 #include "iservice_registry.h"
27 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
28 #include "media_permission_manager.h"
29 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
30 #include "parameter.h"
31 #include "permission_constants.h"
32 #include "permission_verification.h"
33 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
34 #include "sandbox_manager_kit.h"
35 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
36 #include "system_ability_definition.h"
37 #include "tokenid_kit.h"
38 #include "uri_permission_utils.h"
39 #include "want.h"
40
41 namespace OHOS {
42 namespace AAFwk {
43 namespace {
44 constexpr int32_t ERR_OK = 0;
45 constexpr uint32_t FLAG_READ_WRITE_URI = Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION;
46 constexpr uint32_t FLAG_WRITE_URI = Want::FLAG_AUTH_WRITE_URI_PERMISSION;
47 constexpr uint32_t FLAG_READ_URI = Want::FLAG_AUTH_READ_URI_PERMISSION;
48 constexpr const char* CLOUND_DOCS_URI_MARK = "?networkid=";
49 constexpr const char* FOUNDATION_PROCESS = "foundation";
50 #ifndef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
51 constexpr int32_t CAPABILITY_NOT_SUPPORT = 801;
52 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
53 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
54 constexpr int32_t SANDBOX_MANAGER_PERMISSION_DENIED = 1;
55 #endif
56 }
57
VerifyUriPermission(const Uri & uri,uint32_t flag,uint32_t tokenId)58 bool UriPermissionManagerStubImpl::VerifyUriPermission(const Uri &uri, uint32_t flag, uint32_t tokenId)
59 {
60 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
61 // verify if tokenId have uri permission record
62 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri:%{private}s, flag:%{public}u, tokenId:%{public}u",
63 uri.ToString().c_str(), flag, tokenId);
64 if (!UPMSUtils::IsSAOrSystemAppCall()) {
65 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
66 return false;
67 }
68 if ((flag & FLAG_READ_WRITE_URI) == 0) {
69 TAG_LOGE(AAFwkTag::URIPERMMGR, "Flag invalid");
70 return false;
71 }
72 // only reserve read and write file flag
73 flag &= FLAG_READ_WRITE_URI;
74 auto uriInner = uri;
75 if (!UPMSUtils::CheckUriTypeIsValid(uriInner)) {
76 TAG_LOGE(AAFwkTag::URIPERMMGR, "type of uri is valid");
77 return false;
78 }
79 if (uriInner.GetScheme() == "file" && uriInner.GetAuthority() == "media") {
80 TAG_LOGW(AAFwkTag::URIPERMMGR, "not support media uri");
81 return false;
82 }
83 std::vector<Uri> uriVec = { uriInner };
84 auto result = VerifyUriPermissionByMap(uriVec, flag, tokenId);
85 if (!result[0]) {
86 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri permission not exists");
87 }
88 return result[0];
89 }
90
VerifyUriPermissionByMap(std::vector<Uri> & uriVec,uint32_t flag,uint32_t tokenId)91 std::vector<bool> UriPermissionManagerStubImpl::VerifyUriPermissionByMap(std::vector<Uri> &uriVec,
92 uint32_t flag, uint32_t tokenId)
93 {
94 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
95 uint32_t newFlag = FLAG_READ_URI;
96 if ((flag & FLAG_WRITE_URI) != 0) {
97 newFlag = FLAG_WRITE_URI;
98 }
99 std::vector<bool> result(uriVec.size(), false);
100 std::lock_guard<std::mutex> guard(mutex_);
101 for (size_t i = 0; i < uriVec.size(); i++) {
102 auto uriStr = uriVec[i].ToString();
103 result[i] = VerifySingleUriPermissionByMap(uriStr, newFlag, tokenId);
104 }
105 return result;
106 }
107
VerifySingleUriPermissionByMap(const std::string & uri,uint32_t flag,uint32_t tokenId)108 bool UriPermissionManagerStubImpl::VerifySingleUriPermissionByMap(const std::string &uri,
109 uint32_t flag, uint32_t tokenId)
110 {
111 auto search = uriMap_.find(uri);
112 if (search != uriMap_.end()) {
113 auto& list = search->second;
114 for (auto it = list.begin(); it != list.end(); it++) {
115 if ((it->targetTokenId == tokenId) && ((it->flag | FLAG_READ_URI) & flag) != 0) {
116 TAG_LOGD(AAFwkTag::URIPERMMGR, "have uri permission");
117 return true;
118 }
119 }
120 }
121 return VerifySubDirUriPermission(uri, flag, tokenId);
122 }
123
VerifySubDirUriPermission(const std::string & uriStr,uint32_t newFlag,uint32_t tokenId)124 bool UriPermissionManagerStubImpl::VerifySubDirUriPermission(const std::string &uriStr,
125 uint32_t newFlag, uint32_t tokenId)
126 {
127 auto iPos = uriStr.find(CLOUND_DOCS_URI_MARK);
128 if (iPos == std::string::npos) {
129 TAG_LOGI(AAFwkTag::URIPERMMGR, "Local uri not support to verify sub directory uri permission");
130 return false;
131 }
132
133 for (auto search = uriMap_.rbegin(); search != uriMap_.rend(); ++search) {
134 if (!IsDistributedSubDirUri(uriStr, search->first)) {
135 continue;
136 }
137 auto& list = search->second;
138 for (auto it = list.begin(); it != list.end(); it++) {
139 if ((it->targetTokenId == tokenId) && ((it->flag | FLAG_READ_URI) & newFlag) != 0) {
140 TAG_LOGD(AAFwkTag::URIPERMMGR, "have uri permission");
141 return true;
142 }
143 }
144 break;
145 }
146 TAG_LOGI(AAFwkTag::URIPERMMGR, "Uri permission not exists");
147 return false;
148 }
149
IsDistributedSubDirUri(const std::string & inputUri,const std::string & cachedUri)150 bool UriPermissionManagerStubImpl::IsDistributedSubDirUri(const std::string &inputUri, const std::string &cachedUri)
151 {
152 auto iPos = inputUri.find(CLOUND_DOCS_URI_MARK);
153 auto cPos = cachedUri.find(CLOUND_DOCS_URI_MARK);
154 if ((iPos == std::string::npos) || (cPos == std::string::npos)) {
155 TAG_LOGI(AAFwkTag::URIPERMMGR, "not distributed file uri");
156 return false;
157 }
158 std::string iTempUri = inputUri.substr(0, iPos);
159 std::string cTempUri = cachedUri.substr(0, cPos);
160 std::string iTempNetworkId = inputUri.substr(iPos);
161 std::string cTempNetworkId = cachedUri.substr(cPos);
162 return (iTempUri.find(cTempUri + "/") == 0 && iTempNetworkId.compare(cTempNetworkId) == 0);
163 }
164
GrantUriPermission(const Uri & uri,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId)165 int UriPermissionManagerStubImpl::GrantUriPermission(const Uri &uri, unsigned int flag,
166 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId)
167 {
168 TAG_LOGI(AAFwkTag::URIPERMMGR, "Uri:%{private}s", uri.ToString().c_str());
169 std::vector<Uri> uriVec = { uri };
170 if (UPMSUtils::IsSystemAppCall() && uriVec[0].GetScheme() != "file") {
171 TAG_LOGE(AAFwkTag::URIPERMMGR, "Only support file uri");
172 return ERR_CODE_INVALID_URI_TYPE;
173 }
174 return GrantUriPermission(uriVec, flag, targetBundleName, appIndex, initiatorTokenId);
175 }
176
GrantUriPermission(const std::vector<Uri> & uriVec,unsigned int flag,const std::string targetBundleName,int32_t appIndex,uint32_t initiatorTokenId)177 int UriPermissionManagerStubImpl::GrantUriPermission(const std::vector<Uri> &uriVec, unsigned int flag,
178 const std::string targetBundleName, int32_t appIndex, uint32_t initiatorTokenId)
179 {
180 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
181 TAG_LOGI(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, appIndex:%{public}d, flag:%{public}u, uris:%{public}zu",
182 targetBundleName.c_str(), appIndex, flag, uriVec.size());
183 if (!UPMSUtils::IsSAOrSystemAppCall()) {
184 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
185 return CHECK_PERMISSION_FAILED;
186 }
187 auto checkResult = CheckCalledBySandBox();
188 if (checkResult != ERR_OK) {
189 return checkResult;
190 }
191 if ((flag & FLAG_READ_WRITE_URI) == 0) {
192 TAG_LOGE(AAFwkTag::URIPERMMGR, "invalid flag: %{public}u", flag);
193 return ERR_CODE_INVALID_URI_FLAG;
194 }
195 uint32_t targetTokenId = 0;
196 auto ret = UPMSUtils::GetTokenIdByBundleName(targetBundleName, appIndex, targetTokenId);
197 if (ret != ERR_OK) {
198 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId by bundle name failed");
199 return ret;
200 }
201 uint32_t callerTokenId = initiatorTokenId;
202 if (!UPMSUtils::IsFoundationCall()) {
203 callerTokenId = IPCSkeleton::GetCallingTokenID();
204 }
205
206 return GrantUriPermissionInner(uriVec, flag, callerTokenId, targetTokenId, targetBundleName);
207 }
208
GrantUriPermissionInner(const std::vector<Uri> & uriVec,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,const std::string & targetBundleName)209 int32_t UriPermissionManagerStubImpl::GrantUriPermissionInner(const std::vector<Uri> &uriVec, uint32_t flag,
210 uint32_t callerTokenId, uint32_t targetTokenId, const std::string &targetBundleName)
211 {
212 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
213 TokenIdPermission tokenIdPermission(callerTokenId);
214 auto checkResult = CheckUriPermission(tokenIdPermission, uriVec, flag);
215 if (checkResult.size() != uriVec.size()) {
216 TAG_LOGW(AAFwkTag::URIPERMMGR, "result size:%{public}zu", checkResult.size());
217 return INNER_ERR;
218 }
219 std::vector<std::string> permissionedMediaUris;
220 std::vector<std::string> permissionedOtherUris;
221 size_t permissionedUriCount = 0;
222 for (size_t i = 0; i < checkResult.size(); i++) {
223 if (!checkResult[i]) {
224 TAG_LOGW(AAFwkTag::URIPERMMGR, "No permission, uri:%{private}s", uriVec[i].ToString().c_str());
225 continue;
226 }
227 permissionedUriCount++;
228 auto uriInner = uriVec[i];
229 if (uriInner.GetScheme() == "media") {
230 permissionedMediaUris.emplace_back(uriVec[i].ToString());
231 } else {
232 permissionedOtherUris.emplace_back(uriVec[i].ToString());
233 }
234 }
235 // some uri is no permission
236 if (permissionedUriCount != uriVec.size()) {
237 UPMSUtils::SendShareUnPrivilegeUriEvent(callerTokenId, targetTokenId);
238 }
239 if (permissionedUriCount == 0) {
240 TAG_LOGE(AAFwkTag::URIPERMMGR, "all uri invalid or no permission");
241 return CHECK_PERMISSION_FAILED;
242 }
243 uint32_t grantRet = INNER_ERR;
244 if (GrantBatchUriPermissionImpl(permissionedOtherUris, flag, callerTokenId, targetTokenId) == ERR_OK) {
245 grantRet = ERR_OK;
246 }
247 // for media uri
248 if (GrantBatchMediaUriPermissionImpl(permissionedMediaUris, flag, callerTokenId, targetTokenId, 0) == ERR_OK) {
249 grantRet = ERR_OK;
250 }
251 UPMSUtils::SendSystemAppGrantUriPermissionEvent(callerTokenId, targetTokenId, uriVec, checkResult);
252 return grantRet;
253 }
254
GrantBatchMediaUriPermissionImpl(const std::vector<std::string> & mediaUris,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,int32_t hideSensitiveType)255 int32_t UriPermissionManagerStubImpl::GrantBatchMediaUriPermissionImpl(const std::vector<std::string> &mediaUris,
256 uint32_t flag, uint32_t callerTokenId, uint32_t targetTokenId, int32_t hideSensitiveType)
257 {
258 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
259 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
260 if (mediaUris.empty()) {
261 return INNER_ERR;
262 }
263 auto ret = MediaPermissionManager::GetInstance().GrantUriPermission(mediaUris, flag, callerTokenId, targetTokenId,
264 hideSensitiveType);
265 if (ret != ERR_OK) {
266 TAG_LOGW(AAFwkTag::URIPERMMGR, "Grant media uri permission failed, ret:%{public}d", ret);
267 return ret;
268 }
269 TAG_LOGD(AAFwkTag::URIPERMMGR, "Grant media uri permission success");
270 return ERR_OK;
271 #else
272 return CAPABILITY_NOT_SUPPORT;
273 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
274 }
275
GrantBatchUriPermissionImpl(const std::vector<std::string> & uriVec,uint32_t flag,TokenId callerTokenId,TokenId targetTokenId)276 int32_t UriPermissionManagerStubImpl::GrantBatchUriPermissionImpl(const std::vector<std::string> &uriVec,
277 uint32_t flag, TokenId callerTokenId, TokenId targetTokenId)
278 {
279 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
280 TAG_LOGI(AAFwkTag::URIPERMMGR, "privileged uris: %{public}zu", uriVec.size());
281 if (uriVec.empty()) {
282 return INNER_ERR;
283 }
284 // only reserve read and write file flag
285 flag &= FLAG_READ_WRITE_URI;
286 ConnectManager(storageManager_, STORAGE_MANAGER_MANAGER_ID);
287 if (storageManager_ == nullptr) {
288 TAG_LOGE(AAFwkTag::URIPERMMGR, "null ConnectManager");
289 return INNER_ERR;
290 }
291 auto resVec = storageManager_->CreateShareFile(uriVec, targetTokenId, flag);
292 if (resVec.size() == 0) {
293 TAG_LOGE(AAFwkTag::URIPERMMGR, "CreateShareFile failed, storageManager resVec empty");
294 return INNER_ERR;
295 }
296 if (resVec.size() != uriVec.size()) {
297 TAG_LOGE(AAFwkTag::URIPERMMGR, "failed, ret:%{public}u", resVec[0]);
298 return resVec[0];
299 }
300 int successCount = 0;
301 for (size_t i = 0; i < uriVec.size(); i++) {
302 auto ret = resVec[i];
303 if (ret != 0 && ret != -EEXIST) {
304 TAG_LOGE(AAFwkTag::URIPERMMGR, "CreateShareFile failed");
305 continue;
306 }
307 AddTempUriPermission(uriVec[i], flag, callerTokenId, targetTokenId);
308 successCount++;
309 }
310 TAG_LOGI(AAFwkTag::URIPERMMGR, "total %{public}d uri permissions added", successCount);
311 if (successCount == 0) {
312 return INNER_ERR;
313 }
314 // index that targetTokenId is granted
315 std::lock_guard<std::mutex> lock(ptMapMutex_);
316 permissionTokenMap_.insert(targetTokenId);
317 return ERR_OK;
318 }
319
AddTempUriPermission(const std::string & uri,uint32_t flag,TokenId fromTokenId,TokenId targetTokenId)320 int32_t UriPermissionManagerStubImpl::AddTempUriPermission(const std::string &uri, uint32_t flag,
321 TokenId fromTokenId, TokenId targetTokenId)
322 {
323 std::lock_guard<std::mutex> guard(mutex_);
324 auto search = uriMap_.find(uri);
325 GrantInfo info = { flag, fromTokenId, targetTokenId };
326 if (search == uriMap_.end()) {
327 TAG_LOGI(AAFwkTag::URIPERMMGR, "Insert an uri r/w permission");
328 std::list<GrantInfo> infoList = { info };
329 uriMap_.emplace(uri, infoList);
330 return ERR_OK;
331 }
332 auto& infoList = search->second;
333 for (auto& item : infoList) {
334 if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) {
335 TAG_LOGI(AAFwkTag::URIPERMMGR, "Item: flag:%{public}u", item.flag);
336 if ((item.flag & flag) != flag) {
337 item.flag |= flag;
338 TAG_LOGI(AAFwkTag::URIPERMMGR, "Update uri r/w permission");
339 return ERR_OK;
340 }
341 TAG_LOGD(AAFwkTag::URIPERMMGR, "Uri has been granted");
342 return ERR_OK;
343 }
344 }
345 TAG_LOGI(AAFwkTag::URIPERMMGR, "insert new uri permission record");
346 infoList.emplace_back(info);
347 return ERR_OK;
348 }
349
GrantUriPermissionPrivileged(const std::vector<Uri> & uriVec,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t hideSensitiveType)350 int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivileged(const std::vector<Uri> &uriVec, uint32_t flag,
351 const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t hideSensitiveType)
352 {
353 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
354 TAG_LOGI(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, appIndex:%{public}d, flag:%{public}u, uris:%{public}zu",
355 targetBundleName.c_str(), appIndex, flag, uriVec.size());
356
357 uint32_t callerTokenId = IPCSkeleton::GetCallingTokenID();
358 auto permissionName = PermissionConstants::PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED;
359 if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(callerTokenId, permissionName)) {
360 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
361 return CHECK_PERMISSION_FAILED;
362 }
363
364 if ((flag & FLAG_READ_WRITE_URI) == 0) {
365 TAG_LOGE(AAFwkTag::URIPERMMGR, "invalid flag:%{public}u", flag);
366 return ERR_CODE_INVALID_URI_FLAG;
367 }
368 uint32_t targetTokenId = 0;
369 auto ret = UPMSUtils::GetTokenIdByBundleName(targetBundleName, appIndex, targetTokenId);
370 if (ret != ERR_OK) {
371 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId failed, bundleName:%{public}s", targetBundleName.c_str());
372 return ret;
373 }
374 if (UPMSUtils::IsFoundationCall()) {
375 callerTokenId = initiatorTokenId;
376 } else {
377 // hideSensitiveType is only support for foundation
378 hideSensitiveType = 0;
379 }
380 std::string targetAlterBundleName = "";
381 UPMSUtils::GetDirByBundleNameAndAppIndex(targetBundleName, appIndex, targetAlterBundleName);
382 ret = GrantUriPermissionPrivilegedInner(uriVec, flag, callerTokenId, targetTokenId, targetAlterBundleName,
383 hideSensitiveType);
384 TAG_LOGI(AAFwkTag::URIPERMMGR, "GrantUriPermissionPrivileged finished.");
385 return ret;
386 }
387
GrantUriPermissionPrivilegedInner(const std::vector<Uri> & uriVec,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,const std::string & targetAlterBundleName,int32_t hideSensitiveType)388 int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivilegedInner(const std::vector<Uri> &uriVec, uint32_t flag,
389 uint32_t callerTokenId, uint32_t targetTokenId, const std::string &targetAlterBundleName,
390 int32_t hideSensitiveType)
391 {
392 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
393 TAG_LOGI(AAFwkTag::URIPERMMGR, "callerTokenId:%{public}u, targetTokenId:%{public}u", callerTokenId, targetTokenId);
394 std::vector<std::string> uriStrVec;
395 std::vector<std::string> mediaUriVec;
396 int32_t validUriCount = 0;
397 int32_t grantRet = INNER_ERR;
398 for (auto &uri : uriVec) {
399 auto uriInner = uri;
400 if (!UPMSUtils::CheckUriTypeIsValid(uriInner)) {
401 continue;
402 }
403 validUriCount++;
404 // content and distributed docs uri
405 if (uriInner.GetScheme() == "content" || UPMSUtils::IsDocsCloudUri(uriInner)) {
406 uriStrVec.emplace_back(uriInner.ToString());
407 continue;
408 }
409 if (uriInner.GetAuthority() == targetAlterBundleName) {
410 grantRet = ERR_OK;
411 continue;
412 }
413 // media
414 if (uriInner.GetAuthority() == "media") {
415 mediaUriVec.emplace_back(uriInner.ToString());
416 continue;
417 }
418 // docs and bundle
419 uriStrVec.emplace_back(uri.ToString());
420 }
421 TAG_LOGI(AAFwkTag::URIPERMMGR, "valid uris: %{public}d", validUriCount);
422 if (validUriCount == 0) {
423 return ERR_CODE_INVALID_URI_TYPE;
424 }
425 if (GrantBatchUriPermissionImpl(uriStrVec, flag, callerTokenId, targetTokenId) == ERR_OK) {
426 grantRet = ERR_OK;
427 }
428 if (GrantBatchMediaUriPermissionImpl(mediaUriVec, flag, callerTokenId, targetTokenId,
429 hideSensitiveType) == ERR_OK) {
430 grantRet = ERR_OK;
431 }
432 return grantRet;
433 }
434
CheckUriAuthorization(const std::vector<std::string> & uriStrVec,uint32_t flag,uint32_t tokenId)435 std::vector<bool> UriPermissionManagerStubImpl::CheckUriAuthorization(const std::vector<std::string> &uriStrVec,
436 uint32_t flag, uint32_t tokenId)
437 {
438 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
439 TAG_LOGI(AAFwkTag::URIPERMMGR, "tokenId:%{private}u, flag:%{public}u, uris:%{public}zu",
440 tokenId, flag, uriStrVec.size());
441 if (!UPMSUtils::IsSAOrSystemAppCall()) {
442 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
443 std::vector<bool> result(uriStrVec.size(), false);
444 return result;
445 }
446 if ((flag & FLAG_READ_WRITE_URI) == 0) {
447 TAG_LOGE(AAFwkTag::URIPERMMGR, "Flag invalid");
448 std::vector<bool> result(uriStrVec.size(), false);
449 return result;
450 }
451 std::vector<Uri> uriVec;
452 for (auto &uriStr: uriStrVec) {
453 uriVec.emplace_back(uriStr);
454 }
455 TokenIdPermission tokenIdPermission(tokenId);
456 return CheckUriPermission(tokenIdPermission, uriVec, flag);
457 }
458
CheckUriPermission(TokenIdPermission & tokenIdPermission,const std::vector<Uri> & uriVec,uint32_t flag)459 std::vector<bool> UriPermissionManagerStubImpl::CheckUriPermission(TokenIdPermission &tokenIdPermission,
460 const std::vector<Uri> &uriVec, uint32_t flag)
461 {
462 // only reserve read and write file flag
463 flag &= FLAG_READ_WRITE_URI;
464 auto tokenId = tokenIdPermission.GetTokenId();
465 std::vector<bool> result(uriVec.size(), false);
466 std::vector<Uri> mediaUris;
467 std::vector<int32_t> mediaUriIndexs;
468 std::string callerAlterableBundleName;
469 UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAlterableBundleName);
470 for (size_t i = 0; i < uriVec.size(); i++) {
471 auto uri = uriVec[i];
472 auto &&scheme = uri.GetScheme();
473 // checkUriPermission not support content uri
474 if (scheme != "file") {
475 TAG_LOGW(AAFwkTag::URIPERMMGR, "invalid uri:%{private}s", uri.ToString().c_str());
476 result[i] = false;
477 continue;
478 }
479 auto &&authority = uri.GetAuthority();
480 TAG_LOGD(AAFwkTag::URIPERMMGR, "UriAuth:%{public}s", authority.c_str());
481 if (authority == "docs" && tokenIdPermission.VerifyFileAccessManagerPermission()) {
482 result[i] = true;
483 continue;
484 }
485 if (authority == "media") {
486 mediaUris.emplace_back(uri);
487 mediaUriIndexs.emplace_back(i);
488 continue;
489 }
490 // bundle uri
491 result[i] = (authority == callerAlterableBundleName);
492 }
493 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
494 if (!mediaUris.empty()) {
495 auto mediaUriResult = MediaPermissionManager::GetInstance().CheckUriPermission(mediaUris, tokenId, flag);
496 for (size_t i = 0; i < mediaUriResult.size(); i++) {
497 result[mediaUriIndexs[i]] = mediaUriResult[i];
498 }
499 }
500 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
501 CheckProxyUriPermission(tokenIdPermission, uriVec, flag, result);
502 return result;
503 }
504
CheckProxyUriPermission(TokenIdPermission & tokenIdPermission,const std::vector<Uri> & uriVec,uint32_t flag,std::vector<bool> & result)505 void UriPermissionManagerStubImpl::CheckProxyUriPermission(TokenIdPermission &tokenIdPermission,
506 const std::vector<Uri> &uriVec, uint32_t flag, std::vector<bool> &result)
507 {
508 TAG_LOGI(AAFwkTag::URIPERMMGR, "Call");
509 if (uriVec.size() != result.size()) {
510 TAG_LOGW(AAFwkTag::URIPERMMGR, "param size not equal");
511 return;
512 }
513 if (!tokenIdPermission.VerifyProxyAuthorizationUriPermission()) {
514 TAG_LOGW(AAFwkTag::URIPERMMGR, "no proxy permission");
515 return;
516 }
517 auto tokenId = tokenIdPermission.GetTokenId();
518 for (size_t i = 0; i < uriVec.size(); i++) {
519 if (result[i]) {
520 continue;
521 }
522 // media no need to check proxy permission, has checked by medialibrary
523 auto uriInner = uriVec[i];
524 if (uriInner.GetAuthority() != "media") {
525 result[i] = VerifyUriPermission(uriInner, flag, tokenId);
526 }
527 }
528 }
529
RevokeMapUriPermission(uint32_t tokenId)530 void UriPermissionManagerStubImpl::RevokeMapUriPermission(uint32_t tokenId)
531 {
532 // revoke uri permission record cache of tokenId when application exit
533 TAG_LOGD(AAFwkTag::URIPERMMGR, "RevokeMapUriPermission call");
534 std::lock_guard<std::mutex> guard(mutex_);
535 std::vector<std::string> uriList;
536 for (auto iter = uriMap_.begin(); iter != uriMap_.end();) {
537 auto& list = iter->second;
538 bool findUriRecord = false;
539 for (auto it = list.begin(); it != list.end();) {
540 if (it->targetTokenId == tokenId) {
541 TAG_LOGI(AAFwkTag::URIPERMMGR, "Erase an info form list");
542 it = list.erase(it);
543 findUriRecord = true;
544 continue;
545 }
546 it++;
547 }
548 if (findUriRecord) {
549 uriList.emplace_back(iter->first);
550 }
551 if (list.empty()) {
552 iter = uriMap_.erase(iter);
553 continue;
554 }
555 ++iter;
556 }
557 if (!uriList.empty()) {
558 DeleteShareFile(tokenId, uriList);
559 }
560 TAG_LOGD(AAFwkTag::URIPERMMGR, "end");
561 }
562
RevokeAllUriPermissions(uint32_t tokenId)563 int UriPermissionManagerStubImpl::RevokeAllUriPermissions(uint32_t tokenId)
564 {
565 TAG_LOGI(AAFwkTag::URIPERMMGR, "RevokeAllUriPermissions, tokenId:%{public}u", tokenId);
566 if (!UPMSUtils::IsFoundationCall()) {
567 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to revoke all uri permission");
568 return CHECK_PERMISSION_FAILED;
569 }
570 RevokeAllMapUriPermissions(tokenId);
571 return ERR_OK;
572 }
573
RevokeAllMapUriPermissions(uint32_t tokenId)574 int32_t UriPermissionManagerStubImpl::RevokeAllMapUriPermissions(uint32_t tokenId)
575 {
576 std::string callerAuthority = "";
577 UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAuthority);
578 std::map<uint32_t, std::vector<std::string>> uriLists;
579 {
580 std::lock_guard<std::mutex> guard(mutex_);
581 for (auto iter = uriMap_.begin(); iter != uriMap_.end();) {
582 auto uriAuthority = Uri(iter->first).GetAuthority();
583 // uri belong to target tokenId.
584 if (callerAuthority == uriAuthority) {
585 for (const auto &record : iter->second) {
586 uriLists[record.targetTokenId].emplace_back(iter->first);
587 }
588 iter = uriMap_.erase(iter);
589 continue;
590 }
591 auto& list = iter->second;
592 for (auto it = list.begin(); it != list.end();) {
593 if (it->targetTokenId == tokenId || it->fromTokenId == tokenId) {
594 TAG_LOGI(AAFwkTag::URIPERMMGR, "Erase an uri permission record");
595 uriLists[it->targetTokenId].emplace_back(iter->first);
596 it = list.erase(it);
597 continue;
598 }
599 it++;
600 }
601 if (list.empty()) {
602 iter = uriMap_.erase(iter);
603 continue;
604 }
605 iter++;
606 }
607 }
608
609 for (auto iter = uriLists.begin(); iter != uriLists.end(); iter++) {
610 if (DeleteShareFile(iter->first, iter->second) != ERR_OK) {
611 return INNER_ERR;
612 }
613 }
614 return ERR_OK;
615 }
616
RevokeUriPermissionManually(const Uri & uri,const std::string bundleName,int32_t appIndex)617 int UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri &uri, const std::string bundleName,
618 int32_t appIndex)
619 {
620 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
621 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri:%{private}s, bundleName:%{public}s, appIndex:%{public}d",
622 uri.ToString().c_str(), bundleName.c_str(), appIndex);
623 if (!UPMSUtils::IsSAOrSystemAppCall()) {
624 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
625 return CHECK_PERMISSION_FAILED;
626 }
627 auto uriInner = uri;
628 if (!UPMSUtils::CheckUriTypeIsValid(uriInner)) {
629 TAG_LOGE(AAFwkTag::URIPERMMGR, "CheckUriType failed, uri:%{private}s", uri.ToString().c_str());
630 return ERR_CODE_INVALID_URI_TYPE;
631 }
632 uint32_t targetTokenId = 0;
633 auto ret = UPMSUtils::GetTokenIdByBundleName(bundleName, appIndex, targetTokenId);
634 if (ret != ERR_OK) {
635 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId by bundleName fail");
636 return ret;
637 }
638 return RevokeUriPermissionManuallyInner(uriInner, targetTokenId);
639 }
640
RevokeUriPermissionManuallyInner(Uri & uri,uint32_t targetTokenId)641 int32_t UriPermissionManagerStubImpl::RevokeUriPermissionManuallyInner(Uri &uri, uint32_t targetTokenId)
642 {
643 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
644 auto callerTokenId = IPCSkeleton::GetCallingTokenID();
645 TAG_LOGI(AAFwkTag::URIPERMMGR, "callerTokenId: %{public}u, targetTokenId:%{public}u",
646 callerTokenId, targetTokenId);
647
648 if (uri.GetScheme() == "content" || UPMSUtils::IsDocsCloudUri(uri)) {
649 return RevokeMapUriPermissionManually(callerTokenId, targetTokenId, uri);
650 }
651 if (uri.GetAuthority() == "media") {
652 return RevokeMediaUriPermissionManually(callerTokenId, targetTokenId, uri);
653 }
654 // docs and bundle uri
655 return RevokeMapUriPermissionManually(callerTokenId, targetTokenId, uri);
656 }
657
RevokeMapUriPermissionManually(uint32_t callerTokenId,uint32_t targetTokenId,Uri & uri)658 int32_t UriPermissionManagerStubImpl::RevokeMapUriPermissionManually(uint32_t callerTokenId,
659 uint32_t targetTokenId, Uri &uri)
660 {
661 auto uriStr = uri.ToString();
662 auto uriAuthority = uri.GetAuthority();
663 // uri belong to caller or caller is target.
664 std::string callerAuthority = "";
665 UPMSUtils::GetAlterableBundleNameByTokenId(callerTokenId, callerAuthority);
666 bool isRevokeSelfUri = (callerTokenId == targetTokenId || callerAuthority == uriAuthority);
667 std::vector<std::string> uriList;
668 {
669 std::lock_guard<std::mutex> guard(mutex_);
670 auto search = uriMap_.find(uriStr);
671 if (search == uriMap_.end()) {
672 TAG_LOGI(AAFwkTag::URIPERMMGR, "URI not exist on uri map");
673 return ERR_OK;
674 }
675 auto& list = search->second;
676 for (auto it = list.begin(); it != list.end(); it++) {
677 if (it->targetTokenId == targetTokenId && (callerTokenId == it->fromTokenId || isRevokeSelfUri)) {
678 uriList.emplace_back(search->first);
679 TAG_LOGI(AAFwkTag::URIPERMMGR, "revoke uri permission record");
680 list.erase(it);
681 break;
682 }
683 }
684 if (list.empty()) {
685 uriMap_.erase(search);
686 }
687 }
688 return DeleteShareFile(targetTokenId, uriList);
689 }
690
DeleteShareFile(uint32_t targetTokenId,const std::vector<std::string> & uriVec)691 int32_t UriPermissionManagerStubImpl::DeleteShareFile(uint32_t targetTokenId, const std::vector<std::string> &uriVec)
692 {
693 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
694 ConnectManager(storageManager_, STORAGE_MANAGER_MANAGER_ID);
695 if (storageManager_ == nullptr) {
696 TAG_LOGE(AAFwkTag::URIPERMMGR, "null StorageManager");
697 return INNER_ERR;
698 }
699 auto ret = storageManager_->DeleteShareFile(targetTokenId, uriVec);
700 if (ret != ERR_OK) {
701 TAG_LOGE(AAFwkTag::URIPERMMGR, "DeleteShareFile failed:%{public}d", ret);
702 }
703 return ret;
704 }
705
RevokeMediaUriPermissionManually(uint32_t callerTokenId,uint32_t targetTokenId,Uri & uri)706 int32_t UriPermissionManagerStubImpl::RevokeMediaUriPermissionManually(uint32_t callerTokenId, uint32_t targetTokenId,
707 Uri &uri)
708 {
709 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
710 std::string uriStr = uri.ToString();
711 return MediaPermissionManager::GetInstance().RevokeUriPermission(callerTokenId, targetTokenId, uriStr);
712 #else
713 return CAPABILITY_NOT_SUPPORT;
714 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
715 }
716
717 template<typename T>
ConnectManager(sptr<T> & mgr,int32_t serviceId)718 void UriPermissionManagerStubImpl::ConnectManager(sptr<T> &mgr, int32_t serviceId)
719 {
720 TAG_LOGD(AAFwkTag::URIPERMMGR, "Call");
721 std::lock_guard<std::mutex> lock(mgrMutex_);
722 if (mgr == nullptr) {
723 TAG_LOGE(AAFwkTag::URIPERMMGR, "mgr null");
724 auto systemAbilityMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
725 if (systemAbilityMgr == nullptr) {
726 TAG_LOGE(AAFwkTag::URIPERMMGR, "null systemAbilityMgr");
727 return;
728 }
729
730 auto remoteObj = systemAbilityMgr->GetSystemAbility(serviceId);
731 if (remoteObj == nullptr) {
732 TAG_LOGE(AAFwkTag::URIPERMMGR, "null Obj");
733 return;
734 }
735 TAG_LOGE(AAFwkTag::URIPERMMGR, "to cast");
736 mgr = iface_cast<T>(remoteObj);
737 if (mgr == nullptr || mgr->AsObject() == nullptr) {
738 TAG_LOGE(AAFwkTag::URIPERMMGR, "null mgr");
739 return;
740 }
741 wptr<T> manager = mgr;
742 auto self = weak_from_this();
743 auto onClearProxyCallback = [manager, self](const auto& remote) {
744 auto mgrSptr = manager.promote();
745 auto impl = self.lock();
746 if (impl && mgrSptr && mgrSptr->AsObject() == remote.promote()) {
747 std::lock_guard<std::mutex> lock(impl->mgrMutex_);
748 mgrSptr.clear();
749 }
750 };
751 sptr<ProxyDeathRecipient> recipient(new ProxyDeathRecipient(std::move(onClearProxyCallback)));
752 if (!mgr->AsObject()->AddDeathRecipient(recipient)) {
753 TAG_LOGE(AAFwkTag::URIPERMMGR, "AddDeathRecipient failed");
754 }
755 }
756 }
757
OnRemoteDied(const wptr<IRemoteObject> & remote)758 void UriPermissionManagerStubImpl::ProxyDeathRecipient::OnRemoteDied([[maybe_unused]]
759 const wptr<IRemoteObject>& remote)
760 {
761 if (proxy_) {
762 TAG_LOGD(AAFwkTag::URIPERMMGR, "mgr stub died");
763 proxy_(remote);
764 }
765 }
766
CheckCalledBySandBox()767 int32_t UriPermissionManagerStubImpl::CheckCalledBySandBox()
768 {
769 // reject sandbox to grant uri permission
770 ConnectManager(appMgr_, APP_MGR_SERVICE_ID);
771 if (appMgr_ == nullptr) {
772 TAG_LOGE(AAFwkTag::URIPERMMGR, "appMgr null");
773 return INNER_ERR;
774 }
775 auto callerPid = IPCSkeleton::GetCallingPid();
776 bool isSandbox = false;
777 if (IN_PROCESS_CALL(appMgr_->JudgeSandboxByPid(callerPid, isSandbox)) != ERR_OK) {
778 TAG_LOGE(AAFwkTag::URIPERMMGR, "JudgeSandboxByPid failed");
779 return INNER_ERR;
780 }
781 if (isSandbox) {
782 TAG_LOGE(AAFwkTag::URIPERMMGR, "sandbox app not grant URI permission");
783 return ERR_CODE_GRANT_URI_PERMISSION;
784 }
785 return ERR_OK;
786 }
787
ClearPermissionTokenByMap(const uint32_t tokenId)788 int32_t UriPermissionManagerStubImpl::ClearPermissionTokenByMap(const uint32_t tokenId)
789 {
790 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
791 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
792 bool isCallingPermission =
793 AAFwk::PermissionVerification::GetInstance()->CheckSpecificSystemAbilityAccessPermission(FOUNDATION_PROCESS);
794 if (!isCallingPermission) {
795 TAG_LOGE(AAFwkTag::APPMGR, "verification failed");
796 return ERR_PERMISSION_DENIED;
797 }
798 std::lock_guard<std::mutex> lock(ptMapMutex_);
799 if (permissionTokenMap_.find(tokenId) == permissionTokenMap_.end()) {
800 TAG_LOGD(AAFwkTag::URIPERMMGR, "permissionTokenMap_ empty");
801 return ERR_OK;
802 }
803 RevokeMapUriPermission(tokenId);
804 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
805 uint64_t timeNow = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::nanoseconds>(
806 std::chrono::high_resolution_clock::now().time_since_epoch()).count());
807 TAG_LOGD(AAFwkTag::URIPERMMGR, "clear %{private}d permission", tokenId);
808 auto ret = SandboxManagerKit::UnSetAllPolicyByToken(tokenId, timeNow);
809 TAG_LOGI(AAFwkTag::URIPERMMGR, "clear permission end");
810 if (ret != ERR_OK) {
811 TAG_LOGE(AAFwkTag::URIPERMMGR, "ClearPermission failed, ret is %{public}d", ret);
812 return ret;
813 }
814 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
815 permissionTokenMap_.erase(tokenId);
816 return ERR_OK;
817 }
818
819 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
Active(const std::vector<PolicyInfo> & policy,std::vector<uint32_t> & result)820 int32_t UriPermissionManagerStubImpl::Active(const std::vector<PolicyInfo> &policy, std::vector<uint32_t> &result)
821 {
822 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
823 auto tokenId = IPCSkeleton::GetCallingTokenID();
824 TAG_LOGD(AAFwkTag::URIPERMMGR, "active %{private}d permission", tokenId);
825 auto permissionName = PermissionConstants::PERMISSION_FILE_ACCESS_PERSIST;
826 if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(tokenId, permissionName)) {
827 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
828 return SANDBOX_MANAGER_PERMISSION_DENIED;
829 }
830 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
831 uint64_t timeNow = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::nanoseconds>(
832 std::chrono::high_resolution_clock::now().time_since_epoch()).count());
833 auto ret = SandboxManagerKit::StartAccessingPolicy(policy, result, false, tokenId, timeNow);
834 TAG_LOGI(AAFwkTag::URIPERMMGR, "active permission end");
835 if (ret != ERR_OK) {
836 TAG_LOGE(AAFwkTag::URIPERMMGR, "StartAccessingPolicy failed, ret is %{public}d", ret);
837 return ret;
838 }
839 std::lock_guard<std::mutex> lock(ptMapMutex_);
840 permissionTokenMap_.insert(tokenId);
841 return ERR_OK;
842 }
843 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
844 } // namespace AAFwk
845 } // namespace OHOS
846