1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "uri_permission_manager_stub_impl.h"
17
18 #include "ability_manager_errors.h"
19 #include "ability_manager_client.h"
20 #include "accesstoken_kit.h"
21 #include "app_utils.h"
22 #include "hilog_tag_wrapper.h"
23 #include "hitrace_meter.h"
24 #include "if_system_ability_manager.h"
25 #include "in_process_call_wrapper.h"
26 #include "ipc_skeleton.h"
27 #include "iservice_registry.h"
28 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
29 #include "media_permission_manager.h"
30 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
31 #include "parameter.h"
32 #include "permission_constants.h"
33 #include "permission_verification.h"
34 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
35 #include "sandbox_manager_kit.h"
36 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
37 #include "system_ability_definition.h"
38 #include "tokenid_kit.h"
39 #include "uri_permission_utils.h"
40 #include "upms_udmf_utils.h"
41 #include "want.h"
42
43 namespace OHOS {
44 namespace AAFwk {
45 namespace {
46 constexpr int32_t ERR_OK = 0;
47 constexpr uint32_t FLAG_READ_WRITE_URI = Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION;
48 constexpr uint32_t FLAG_WRITE_URI = Want::FLAG_AUTH_WRITE_URI_PERMISSION;
49 constexpr uint32_t FLAG_READ_URI = Want::FLAG_AUTH_READ_URI_PERMISSION;
50 constexpr const char* CLOUND_DOCS_URI_MARK = "?networkid=";
51 constexpr const char* FOUNDATION_PROCESS = "foundation";
52 constexpr const char* AUTHORITY_MEDIA = "media";
53 constexpr size_t MAX_IPC_RAW_DATA_SIZE = 128 * 1024 * 1024; // 128M
54 const int MAX_URI_COUNT = 200000;
55 #ifndef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
56 constexpr int32_t CAPABILITY_NOT_SUPPORT = 801;
57 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
58 constexpr int32_t SANDBOX_MANAGER_PERMISSION_DENIED = 1;
59 }
60
WrapErrorCode(int32_t errorCode,int32_t & funcRet)61 inline int32_t UriPermissionManagerStubImpl::WrapErrorCode(int32_t errorCode, int32_t &funcRet)
62 {
63 funcRet = errorCode;
64 return ERR_OK;
65 }
66
VerifyUriPermission(const Uri & uri,uint32_t flag,uint32_t tokenId,bool & funcResult)67 ErrCode UriPermissionManagerStubImpl::VerifyUriPermission(const Uri& uri, uint32_t flag, uint32_t tokenId,
68 bool& funcResult)
69 {
70 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
71 // verify if tokenId have uri permission record
72 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri:%{private}s, flag:%{public}u, tokenId:%{public}u",
73 uri.ToString().c_str(), flag, tokenId);
74 if (!UPMSUtils::IsSAOrSystemAppCall()) {
75 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
76 funcResult = false;
77 return ERR_OK;
78 }
79 if ((flag & FLAG_READ_WRITE_URI) == 0) {
80 TAG_LOGE(AAFwkTag::URIPERMMGR, "Flag invalid");
81 funcResult = false;
82 return ERR_OK;
83 }
84 // only reserve read and write file flag
85 flag &= FLAG_READ_WRITE_URI;
86 auto uriInner = uri;
87 if (uriInner.GetScheme() != "file") {
88 TAG_LOGE(AAFwkTag::URIPERMMGR, "type of uri is valid");
89 funcResult = false;
90 return ERR_OK;
91 }
92 if (uriInner.GetAuthority() == "media") {
93 TAG_LOGW(AAFwkTag::URIPERMMGR, "not support media uri");
94 funcResult = false;
95 return ERR_OK;
96 }
97 std::vector<Uri> uriVec = { uriInner };
98 auto result = VerifyUriPermissionByMap(uriVec, flag, tokenId);
99 if (!result[0]) {
100 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri permission not exists");
101 }
102 funcResult = result[0];
103 return ERR_OK;
104 }
105
VerifyUriPermissionByMap(std::vector<Uri> & uriVec,uint32_t flag,uint32_t tokenId)106 std::vector<bool> UriPermissionManagerStubImpl::VerifyUriPermissionByMap(std::vector<Uri> &uriVec,
107 uint32_t flag, uint32_t tokenId)
108 {
109 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
110 uint32_t newFlag = FLAG_READ_URI;
111 if ((flag & FLAG_WRITE_URI) != 0) {
112 newFlag = FLAG_WRITE_URI;
113 }
114 std::vector<bool> result(uriVec.size(), false);
115 std::lock_guard<std::mutex> guard(mutex_);
116 for (size_t i = 0; i < uriVec.size(); i++) {
117 auto uriStr = uriVec[i].ToString();
118 result[i] = VerifySingleUriPermissionByMap(uriStr, newFlag, tokenId);
119 }
120 return result;
121 }
122
VerifySingleUriPermissionByMap(const std::string & uri,uint32_t flag,uint32_t tokenId)123 bool UriPermissionManagerStubImpl::VerifySingleUriPermissionByMap(const std::string &uri,
124 uint32_t flag, uint32_t tokenId)
125 {
126 auto search = uriMap_.find(uri);
127 if (search != uriMap_.end()) {
128 auto& list = search->second;
129 for (auto it = list.begin(); it != list.end(); it++) {
130 if ((it->targetTokenId == tokenId) && ((it->flag | FLAG_READ_URI) & flag) != 0) {
131 TAG_LOGD(AAFwkTag::URIPERMMGR, "have uri permission");
132 return true;
133 }
134 }
135 }
136 return VerifySubDirUriPermission(uri, flag, tokenId);
137 }
138
VerifySubDirUriPermission(const std::string & uriStr,uint32_t newFlag,uint32_t tokenId)139 bool UriPermissionManagerStubImpl::VerifySubDirUriPermission(const std::string &uriStr,
140 uint32_t newFlag, uint32_t tokenId)
141 {
142 auto iPos = uriStr.find(CLOUND_DOCS_URI_MARK);
143 if (iPos == std::string::npos) {
144 TAG_LOGI(AAFwkTag::URIPERMMGR, "Local uri not support to verify sub directory uri permission");
145 return false;
146 }
147
148 for (auto search = uriMap_.rbegin(); search != uriMap_.rend(); ++search) {
149 if (!IsDistributedSubDirUri(uriStr, search->first)) {
150 continue;
151 }
152 auto& list = search->second;
153 for (auto it = list.begin(); it != list.end(); it++) {
154 if ((it->targetTokenId == tokenId) && ((it->flag | FLAG_READ_URI) & newFlag) != 0) {
155 TAG_LOGD(AAFwkTag::URIPERMMGR, "have uri permission");
156 return true;
157 }
158 }
159 break;
160 }
161 TAG_LOGI(AAFwkTag::URIPERMMGR, "Uri permission not exists");
162 return false;
163 }
164
IsDistributedSubDirUri(const std::string & inputUri,const std::string & cachedUri)165 bool UriPermissionManagerStubImpl::IsDistributedSubDirUri(const std::string &inputUri, const std::string &cachedUri)
166 {
167 auto iPos = inputUri.find(CLOUND_DOCS_URI_MARK);
168 auto cPos = cachedUri.find(CLOUND_DOCS_URI_MARK);
169 if ((iPos == std::string::npos) || (cPos == std::string::npos)) {
170 TAG_LOGI(AAFwkTag::URIPERMMGR, "not distributed file uri");
171 return false;
172 }
173 std::string iTempUri = inputUri.substr(0, iPos);
174 std::string cTempUri = cachedUri.substr(0, cPos);
175 std::string iTempNetworkId = inputUri.substr(iPos);
176 std::string cTempNetworkId = cachedUri.substr(cPos);
177 return (iTempUri.find(cTempUri + "/") == 0 && iTempNetworkId.compare(cTempNetworkId) == 0);
178 }
179
GrantUriPermission(const Uri & uri,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t & funcResult)180 ErrCode UriPermissionManagerStubImpl::GrantUriPermission(const Uri& uri, uint32_t flag,
181 const std::string& targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t& funcResult)
182 {
183 TAG_LOGI(AAFwkTag::URIPERMMGR, "Uri:%{private}s", uri.ToString().c_str());
184 std::vector<Uri> uriVec = { uri };
185 if (UPMSUtils::IsSystemAppCall() && uriVec[0].GetScheme() != "file") {
186 TAG_LOGE(AAFwkTag::URIPERMMGR, "Only support file uri");
187 funcResult = ERR_CODE_INVALID_URI_TYPE;
188 return ERR_OK;
189 }
190 std::vector<std::string> uriVecStr;
191 for (const Uri& uri : uriVec) {
192 uriVecStr.push_back(uri.ToString());
193 }
194 GrantUriPermission(uriVecStr, flag, targetBundleName, appIndex, initiatorTokenId, funcResult);
195 return ERR_OK;
196 }
197
GrantUriPermission(const std::vector<std::string> & uriVec,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t & funcResult)198 ErrCode UriPermissionManagerStubImpl::GrantUriPermission(const std::vector<std::string>& uriVec, uint32_t flag,
199 const std::string& targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t& funcResult)
200 {
201 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
202 TAG_LOGI(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, appIndex:%{public}d, flag:%{public}u, uris:%{public}zu",
203 targetBundleName.c_str(), appIndex, flag, uriVec.size());
204 if (!UPMSUtils::IsSAOrSystemAppCall()) {
205 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
206 funcResult = CHECK_PERMISSION_FAILED;
207 return ERR_OK;
208 }
209 auto checkResult = CheckCalledBySandBox();
210 if (checkResult != ERR_OK) {
211 funcResult = checkResult;
212 return ERR_OK;
213 }
214 if (uriVec.empty() || uriVec.size() > MAX_URI_COUNT) {
215 TAG_LOGE(AAFwkTag::URIPERMMGR, "out of range: %{public}zu", uriVec.size());
216 funcResult = ERR_URI_LIST_OUT_OF_RANGE;
217 return ERR_OK;
218 }
219 if ((flag & FLAG_READ_WRITE_URI) == 0) {
220 TAG_LOGE(AAFwkTag::URIPERMMGR, "invalid flag: %{public}u", flag);
221 funcResult = ERR_CODE_INVALID_URI_FLAG;
222 return ERR_OK;
223 }
224 uint32_t targetTokenId = 0;
225 auto ret = UPMSUtils::GetTokenIdByBundleName(targetBundleName, appIndex, targetTokenId);
226 if (ret != ERR_OK) {
227 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId by bundle name failed");
228 funcResult = ret;
229 return ERR_OK;
230 }
231 uint32_t callerTokenId = initiatorTokenId;
232 if (!UPMSUtils::IsFoundationCall()) {
233 callerTokenId = IPCSkeleton::GetCallingTokenID();
234 }
235 funcResult = GrantUriPermissionInner(uriVec, flag, callerTokenId, targetTokenId, targetBundleName);
236 return ERR_OK;
237 }
238
GrantUriPermission(const UriPermissionRawData & rawData,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t & funcResult)239 ErrCode UriPermissionManagerStubImpl::GrantUriPermission(const UriPermissionRawData& rawData, uint32_t flag,
240 const std::string& targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t& funcResult)
241 {
242 std::vector<std::string> uriVec;
243 auto res = RawDataToStringVec(rawData, uriVec);
244 if (res != ERR_OK) {
245 TAG_LOGE(AAFwkTag::URIPERMMGR, "raw data to vec failed");
246 funcResult = res;
247 return res;
248 }
249 auto errCode = GrantUriPermission(uriVec, flag, targetBundleName, appIndex, initiatorTokenId, funcResult);
250 if (errCode != ERR_OK) {
251 TAG_LOGE(AAFwkTag::URIPERMMGR, "GrantUriPermission failed, errCode:%{public}d", errCode);
252 return errCode;
253 }
254 TAG_LOGI(AAFwkTag::URIPERMMGR, "GrantUriPermission finished.");
255 return ERR_OK;
256 }
257
GrantUriPermissionInner(const std::vector<std::string> & uriVec,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,const std::string & targetBundleName)258 int32_t UriPermissionManagerStubImpl::GrantUriPermissionInner(const std::vector<std::string> &uriVec, uint32_t flag,
259 uint32_t callerTokenId, uint32_t targetTokenId, const std::string &targetBundleName)
260 {
261 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
262 TokenIdPermission tokenIdPermission(callerTokenId);
263 auto checkResult = CheckUriPermission(tokenIdPermission, uriVec, flag);
264 if (checkResult.size() != uriVec.size()) {
265 TAG_LOGW(AAFwkTag::URIPERMMGR, "result size:%{public}zu", checkResult.size());
266 return INNER_ERR;
267 }
268 std::vector<std::string> permissionedMediaUris;
269 std::vector<std::string> permissionedOtherUris;
270 size_t permissionedUriCount = 0;
271 for (size_t i = 0; i < checkResult.size(); i++) {
272 if (!checkResult[i]) {
273 TAG_LOGW(AAFwkTag::URIPERMMGR, "No permission, uri:%{private}s", uriVec[i].c_str());
274 continue;
275 }
276 permissionedUriCount++;
277 auto uriInner = Uri(uriVec[i]);
278 if (uriInner.GetScheme() == "media") {
279 permissionedMediaUris.emplace_back(uriVec[i]);
280 } else {
281 permissionedOtherUris.emplace_back(uriVec[i]);
282 }
283 }
284 // some uri is no permission
285 if (permissionedUriCount != uriVec.size()) {
286 UPMSUtils::SendShareUnPrivilegeUriEvent(callerTokenId, targetTokenId);
287 }
288 if (permissionedUriCount == 0) {
289 TAG_LOGE(AAFwkTag::URIPERMMGR, "all uri invalid or no permission");
290 return CHECK_PERMISSION_FAILED;
291 }
292 uint32_t grantRet = INNER_ERR;
293 if (GrantBatchUriPermissionImpl(permissionedOtherUris, flag, callerTokenId, targetTokenId) == ERR_OK) {
294 grantRet = ERR_OK;
295 }
296 // for media uri
297 if (GrantBatchMediaUriPermissionImpl(permissionedMediaUris, flag, callerTokenId, targetTokenId, 0) == ERR_OK) {
298 grantRet = ERR_OK;
299 }
300 UPMSUtils::SendSystemAppGrantUriPermissionEvent(callerTokenId, targetTokenId, uriVec, checkResult);
301 return grantRet;
302 }
303
GrantBatchMediaUriPermissionImpl(const std::vector<std::string> & mediaUris,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,int32_t hideSensitiveType)304 int32_t UriPermissionManagerStubImpl::GrantBatchMediaUriPermissionImpl(const std::vector<std::string> &mediaUris,
305 uint32_t flag, uint32_t callerTokenId, uint32_t targetTokenId, int32_t hideSensitiveType)
306 {
307 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
308 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
309 if (mediaUris.empty()) {
310 return INNER_ERR;
311 }
312 auto ret = MediaPermissionManager::GetInstance().GrantUriPermission(mediaUris, flag, callerTokenId, targetTokenId,
313 hideSensitiveType);
314 if (ret != ERR_OK) {
315 TAG_LOGW(AAFwkTag::URIPERMMGR, "Grant media uri permission failed, ret:%{public}d", ret);
316 return ret;
317 }
318 TAG_LOGD(AAFwkTag::URIPERMMGR, "Grant media uri permission success");
319 return ERR_OK;
320 #else
321 return CAPABILITY_NOT_SUPPORT;
322 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
323 }
324
GrantBatchContentUriPermissionImpl(const std::vector<std::string> & contentUris,uint32_t flag,uint32_t targetTokenId,const std::string & targetBundleName)325 int32_t UriPermissionManagerStubImpl::GrantBatchContentUriPermissionImpl(const std::vector<std::string> &contentUris,
326 uint32_t flag, uint32_t targetTokenId, const std::string &targetBundleName)
327 {
328 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
329 if (contentUris.empty()) {
330 return INNER_ERR;
331 }
332 auto abilityClient = AAFwk::AbilityManagerClient::GetInstance();
333 if (abilityClient == nullptr) {
334 TAG_LOGE(AAFwkTag::URIPERMMGR, "abilityClient null");
335 return INNER_ERR;
336 }
337 auto collaborator = IN_PROCESS_CALL(abilityClient->GetAbilityManagerCollaborator());
338 if (collaborator == nullptr) {
339 TAG_LOGE(AAFwkTag::URIPERMMGR, "collaborator null");
340 return INNER_ERR;
341 }
342 auto ret = collaborator->GrantUriPermission(contentUris, flag, targetTokenId, targetBundleName);
343 if (ret != ERR_OK) {
344 TAG_LOGE(AAFwkTag::URIPERMMGR, "GrantUriPermission failed:%{public}d", ret);
345 return ret;
346 }
347 AddContentTokenIdRecord(targetTokenId);
348 return ERR_OK;
349 }
350
RevokeContentUriPermission(uint32_t tokenId)351 int32_t UriPermissionManagerStubImpl::RevokeContentUriPermission(uint32_t tokenId)
352 {
353 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
354 TAG_LOGD(AAFwkTag::URIPERMMGR, "RevokeContentUriPermission null");
355 if (!IsContentUriGranted(tokenId)) {
356 return ERR_OK;
357 }
358 auto abilityClient = AAFwk::AbilityManagerClient::GetInstance();
359 if (abilityClient == nullptr) {
360 TAG_LOGI(AAFwkTag::URIPERMMGR, "abilityClient null");
361 return INNER_ERR;
362 }
363 auto collaborator = IN_PROCESS_CALL(abilityClient->GetAbilityManagerCollaborator());
364 if (collaborator == nullptr) {
365 TAG_LOGI(AAFwkTag::URIPERMMGR, "collaborator null");
366 return INNER_ERR;
367 }
368 auto ret = collaborator->RevokeUriPermission(tokenId);
369 if (ret != ERR_OK) {
370 TAG_LOGW(AAFwkTag::URIPERMMGR, "RevokeUriPermission failed:%{public}d", ret);
371 }
372 RemoveContentTokenIdRecord(tokenId);
373 return ret;
374 }
375
IsContentUriGranted(uint32_t tokenId)376 bool UriPermissionManagerStubImpl::IsContentUriGranted(uint32_t tokenId)
377 {
378 std::lock_guard<std::mutex> lock(contentTokenIdSetMutex_);
379 return contentTokenIdSet_.find(tokenId) != contentTokenIdSet_.end();
380 }
381
AddContentTokenIdRecord(uint32_t tokenId)382 void UriPermissionManagerStubImpl::AddContentTokenIdRecord(uint32_t tokenId)
383 {
384 std::lock_guard<std::mutex> lock(contentTokenIdSetMutex_);
385 contentTokenIdSet_.insert(tokenId);
386 }
387
RemoveContentTokenIdRecord(uint32_t tokenId)388 void UriPermissionManagerStubImpl::RemoveContentTokenIdRecord(uint32_t tokenId)
389 {
390 std::lock_guard<std::mutex> lock(contentTokenIdSetMutex_);
391 contentTokenIdSet_.erase(tokenId);
392 }
393
StringVecToRawData(const std::vector<std::string> & stringVec,StorageFileRawData & rawData)394 void UriPermissionManagerStubImpl::StringVecToRawData(const std::vector<std::string> &stringVec,
395 StorageFileRawData &rawData)
396 {
397 std::stringstream ss;
398 uint32_t stringCount = stringVec.size();
399 ss.write(reinterpret_cast<const char*>(&stringCount), sizeof(stringCount));
400
401 for (uint32_t i = 0; i < stringCount; ++i) {
402 uint32_t strLen = stringVec[i].length();
403 ss.write(reinterpret_cast<const char*>(&strLen), sizeof(strLen));
404 ss.write(stringVec[i].c_str(), strLen);
405 }
406 std::string result = ss.str();
407 rawData.ownedData = std::move(result);
408 rawData.data = rawData.ownedData.data();
409 rawData.size = rawData.ownedData.size();
410 }
411
GrantBatchUriPermissionImpl(const std::vector<std::string> & uriVec,uint32_t flag,TokenId callerTokenId,TokenId targetTokenId)412 int32_t UriPermissionManagerStubImpl::GrantBatchUriPermissionImpl(const std::vector<std::string> &uriVec,
413 uint32_t flag, TokenId callerTokenId, TokenId targetTokenId)
414 {
415 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
416 TAG_LOGI(AAFwkTag::URIPERMMGR, "privileged uris: %{public}zu", uriVec.size());
417 if (uriVec.empty()) {
418 return INNER_ERR;
419 }
420 // only reserve read and write file flag
421 flag &= FLAG_READ_WRITE_URI;
422 ConnectManager(storageManager_, STORAGE_MANAGER_MANAGER_ID);
423 if (storageManager_ == nullptr) {
424 TAG_LOGE(AAFwkTag::URIPERMMGR, "null ConnectManager");
425 return INNER_ERR;
426 }
427 std::vector<int32_t> resVec;
428 StorageFileRawData uriRawData;
429 StringVecToRawData(uriVec, uriRawData);
430 storageManager_->CreateShareFile(uriRawData, targetTokenId, flag, resVec);
431 if (resVec.size() == 0) {
432 TAG_LOGE(AAFwkTag::URIPERMMGR, "CreateShareFile failed, storageManager resVec empty");
433 return INNER_ERR;
434 }
435 if (resVec.size() != uriVec.size()) {
436 TAG_LOGE(AAFwkTag::URIPERMMGR, "failed, ret:%{public}u", resVec[0]);
437 return resVec[0];
438 }
439 int successCount = 0;
440 for (size_t i = 0; i < uriVec.size(); i++) {
441 auto ret = resVec[i];
442 if (ret != 0 && ret != -EEXIST) {
443 TAG_LOGE(AAFwkTag::URIPERMMGR, "CreateShareFile failed");
444 continue;
445 }
446 AddTempUriPermission(uriVec[i], flag, callerTokenId, targetTokenId);
447 successCount++;
448 }
449 TAG_LOGI(AAFwkTag::URIPERMMGR, "total %{public}d uri permissions added", successCount);
450 if (successCount == 0) {
451 return INNER_ERR;
452 }
453 // index that targetTokenId is granted
454 std::lock_guard<std::mutex> lock(ptMapMutex_);
455 permissionTokenMap_.insert(targetTokenId);
456 return ERR_OK;
457 }
458
AddTempUriPermission(const std::string & uri,uint32_t flag,TokenId fromTokenId,TokenId targetTokenId)459 int32_t UriPermissionManagerStubImpl::AddTempUriPermission(const std::string &uri, uint32_t flag,
460 TokenId fromTokenId, TokenId targetTokenId)
461 {
462 std::lock_guard<std::mutex> guard(mutex_);
463 auto search = uriMap_.find(uri);
464 GrantInfo info = { flag, fromTokenId, targetTokenId };
465 if (search == uriMap_.end()) {
466 std::list<GrantInfo> infoList = { info };
467 uriMap_.emplace(uri, infoList);
468 return ERR_OK;
469 }
470 auto& infoList = search->second;
471 for (auto& item : infoList) {
472 if (item.fromTokenId == fromTokenId && item.targetTokenId == targetTokenId) {
473 TAG_LOGI(AAFwkTag::URIPERMMGR, "Item: flag:%{public}u", item.flag);
474 if ((item.flag & flag) != flag) {
475 item.flag |= flag;
476 return ERR_OK;
477 }
478 return ERR_OK;
479 }
480 }
481 infoList.emplace_back(info);
482 return ERR_OK;
483 }
484
CheckGrantUriPermissionPrivileged(uint32_t callerTokenId,uint32_t flag,int32_t & funcResult)485 ErrCode UriPermissionManagerStubImpl::CheckGrantUriPermissionPrivileged(uint32_t callerTokenId, uint32_t flag,
486 int32_t& funcResult)
487 {
488 auto permissionName = PermissionConstants::PERMISSION_GRANT_URI_PERMISSION_PRIVILEGED;
489 if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(callerTokenId, permissionName)) {
490 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
491 funcResult = CHECK_PERMISSION_FAILED;
492 return CHECK_PERMISSION_FAILED;
493 }
494 if ((flag & FLAG_READ_WRITE_URI) == 0) {
495 TAG_LOGE(AAFwkTag::URIPERMMGR, "invalid flag:%{public}u", flag);
496 funcResult = ERR_CODE_INVALID_URI_FLAG;
497 return ERR_CODE_INVALID_URI_FLAG;
498 }
499 return ERR_OK;
500 }
501
GrantUriPermissionPrivileged(const std::vector<std::string> & uriVec,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t hideSensitiveType,int32_t & funcResult)502 ErrCode UriPermissionManagerStubImpl::GrantUriPermissionPrivileged(const std::vector<std::string>& uriVec,
503 uint32_t flag, const std::string& targetBundleName, int32_t appIndex, uint32_t initiatorTokenId,
504 int32_t hideSensitiveType, int32_t& funcResult)
505 {
506 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
507 if (uriVec.size() == 0 || uriVec.size() > MAX_URI_COUNT) {
508 TAG_LOGE(AAFwkTag::URIPERMMGR, "out of range: %{public}zu", uriVec.size());
509 funcResult = ERR_URI_LIST_OUT_OF_RANGE;
510 return ERR_URI_LIST_OUT_OF_RANGE;
511 }
512 TAG_LOGI(AAFwkTag::URIPERMMGR, "BundleName:%{public}s, appIndex:%{public}d, flag:%{public}u, uris:%{public}zu",
513 targetBundleName.c_str(), appIndex, flag, uriVec.size());
514 uint32_t callerTokenId = IPCSkeleton::GetCallingTokenID();
515 auto checkRes = CheckGrantUriPermissionPrivileged(callerTokenId, flag, funcResult);
516 if (checkRes != ERR_OK) {
517 return ERR_OK;
518 }
519 uint32_t targetTokenId = 0;
520 auto ret = UPMSUtils::GetTokenIdByBundleName(targetBundleName, appIndex, targetTokenId);
521 if (ret != ERR_OK) {
522 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId failed, bundleName:%{public}s", targetBundleName.c_str());
523 funcResult = ret;
524 return ERR_OK;
525 }
526 if (UPMSUtils::IsFoundationCall()) {
527 callerTokenId = initiatorTokenId;
528 } else {
529 // hideSensitiveType is only support for foundation
530 hideSensitiveType = 0;
531 }
532 std::string targetAlterBundleName = "";
533 UPMSUtils::GetDirByBundleNameAndAppIndex(targetBundleName, appIndex, targetAlterBundleName);
534 std::vector<Uri> uriVecInner;
535 for (auto& uri : uriVec) {
536 uriVecInner.emplace_back(uri);
537 }
538 UPMSAppInfo targetAppInfo = { targetTokenId, targetBundleName, targetAlterBundleName };
539 ret = GrantUriPermissionPrivilegedInner(uriVecInner, flag, callerTokenId, targetAppInfo, hideSensitiveType);
540 TAG_LOGI(AAFwkTag::URIPERMMGR, "GrantUriPermissionPrivileged finished.");
541 funcResult = ret;
542 return ERR_OK;
543 }
544
GrantUriPermissionPrivileged(const UriPermissionRawData & rawData,uint32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId,int32_t hideSensitiveType,int32_t & funcResult)545 ErrCode UriPermissionManagerStubImpl::GrantUriPermissionPrivileged(const UriPermissionRawData& rawData, uint32_t flag,
546 const std::string& targetBundleName, int32_t appIndex, uint32_t initiatorTokenId, int32_t hideSensitiveType,
547 int32_t& funcResult)
548 {
549 std::vector<std::string> uriStrVec;
550 auto res = RawDataToStringVec(rawData, uriStrVec);
551 if (res != ERR_OK) {
552 TAG_LOGE(AAFwkTag::URIPERMMGR, "raw data to vec failed");
553 funcResult = res;
554 return res;
555 }
556 auto errCode = GrantUriPermissionPrivileged(uriStrVec, flag, targetBundleName, appIndex, initiatorTokenId,
557 hideSensitiveType, funcResult);
558 if (errCode != ERR_OK) {
559 TAG_LOGE(AAFwkTag::URIPERMMGR, "GrantUriPermissionPrivileged failed, errCode:%{public}d", errCode);
560 return errCode;
561 }
562 TAG_LOGI(AAFwkTag::URIPERMMGR, "GrantUriPermissionPrivileged finished.");
563 return ERR_OK;
564 }
565
GrantUriPermissionPrivilegedInner(const std::vector<Uri> & uriVec,uint32_t flag,uint32_t callerTokenId,UPMSAppInfo & targetAppInfo,int32_t hideSensitiveType)566 int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivilegedInner(const std::vector<Uri> &uriVec, uint32_t flag,
567 uint32_t callerTokenId, UPMSAppInfo &targetAppInfo, int32_t hideSensitiveType)
568 {
569 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
570 TAG_LOGI(AAFwkTag::URIPERMMGR, "callerTokenId:%{public}u, targetTokenId:%{public}u", callerTokenId,
571 targetAppInfo.tokenId);
572 BatchStringUri batchUris;
573 int32_t validUriCount = 0;
574 int32_t grantRet = INNER_ERR;
575 for (auto &uri : uriVec) {
576 auto uriInner = uri;
577 if (!UPMSUtils::CheckUriTypeIsValid(uriInner)) {
578 continue;
579 }
580 validUriCount++;
581 // content and distributed docs uri
582 if (uriInner.GetScheme() == "content") {
583 batchUris.contentUris.emplace_back(uriInner.ToString());
584 continue;
585 }
586 if (UPMSUtils::IsDocsCloudUri(uriInner)) {
587 batchUris.uriStrVec.emplace_back(uriInner.ToString());
588 continue;
589 }
590 if (uriInner.GetAuthority() == targetAppInfo.alterBundleName) {
591 grantRet = ERR_OK;
592 continue;
593 }
594 // media
595 if (uriInner.GetAuthority() == "media") {
596 batchUris.mediaUriVec.emplace_back(uriInner.ToString());
597 continue;
598 }
599 // docs and bundle
600 batchUris.uriStrVec.emplace_back(uri.ToString());
601 }
602 TAG_LOGI(AAFwkTag::URIPERMMGR, "valid uris: %{public}d", validUriCount);
603 if (validUriCount == 0) {
604 return ERR_CODE_INVALID_URI_TYPE;
605 }
606 if (GrantUriPermissionPrivilegedImpl(batchUris, flag, callerTokenId, targetAppInfo,
607 hideSensitiveType) == ERR_OK) {
608 return ERR_OK;
609 }
610 return grantRet;
611 }
612
GrantUriPermissionPrivilegedImpl(BatchStringUri & batchUris,uint32_t flag,uint32_t callerTokenId,UPMSAppInfo & targetAppInfo,int32_t hideSensitiveType)613 int32_t UriPermissionManagerStubImpl::GrantUriPermissionPrivilegedImpl(BatchStringUri &batchUris, uint32_t flag,
614 uint32_t callerTokenId, UPMSAppInfo &targetAppInfo, int32_t hideSensitiveType)
615 {
616 int32_t result = INNER_ERR;
617 if (GrantBatchUriPermissionImpl(batchUris.uriStrVec, flag, callerTokenId, targetAppInfo.tokenId) == ERR_OK) {
618 result = ERR_OK;
619 }
620 if (GrantBatchMediaUriPermissionImpl(batchUris.mediaUriVec, flag, callerTokenId, targetAppInfo.tokenId,
621 hideSensitiveType) == ERR_OK) {
622 result = ERR_OK;
623 }
624 if (GrantBatchContentUriPermissionImpl(batchUris.contentUris, flag, targetAppInfo.tokenId,
625 targetAppInfo.bundleName) == ERR_OK) {
626 result = ERR_OK;
627 }
628 return result;
629 }
630
GrantUriPermissionByKeyAsCaller(const std::string & key,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId,int32_t & funcResult)631 ErrCode UriPermissionManagerStubImpl::GrantUriPermissionByKeyAsCaller(const std::string &key, uint32_t flag,
632 uint32_t callerTokenId, uint32_t targetTokenId, int32_t &funcResult)
633 {
634 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
635 auto ret = CheckGrantUriPermissionByKeyAsCaller();
636 if (ret != ERR_OK) {
637 TAG_LOGE(AAFwkTag::URIPERMMGR, "check fail:%{public}d", ret);
638 return WrapErrorCode(ret, funcResult);
639 }
640
641 ret = GrantUriPermissionByKeyInner(key, flag, callerTokenId, targetTokenId);
642 return WrapErrorCode(ret, funcResult);
643 }
644
GrantUriPermissionByKey(const std::string & key,uint32_t flag,uint32_t targetTokenId,int32_t & funcResult)645 ErrCode UriPermissionManagerStubImpl::GrantUriPermissionByKey(const std::string &key, uint32_t flag,
646 uint32_t targetTokenId, int32_t &funcResult)
647 {
648 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
649 auto ret = CheckGrantUriPermissionByKey();
650 if (ret != ERR_OK) {
651 return WrapErrorCode(ret, funcResult);
652 }
653 uint32_t callerTokenId = IPCSkeleton::GetCallingTokenID();
654 ret = GrantUriPermissionByKeyInner(key, flag, callerTokenId, targetTokenId);
655 if (ret == ERR_UPMS_INVALID_CALLER_TOKENID) {
656 return WrapErrorCode(INNER_ERR, funcResult);
657 }
658 return WrapErrorCode(ret, funcResult);
659 }
660
GrantUriPermissionByKeyInner(const std::string & key,uint32_t flag,uint32_t callerTokenId,uint32_t targetTokenId)661 int32_t UriPermissionManagerStubImpl::GrantUriPermissionByKeyInner(const std::string &key, uint32_t flag,
662 uint32_t callerTokenId, uint32_t targetTokenId)
663 {
664 TAG_LOGE(AAFwkTag::URIPERMMGR, "key:%{public}s, flag:%{public}u, caller:%{public}u, target:%{public}u",
665 key.c_str(), flag, callerTokenId, targetTokenId);
666 UPMSAppInfo callerAppInfo = { .tokenId = callerTokenId };
667 UPMSAppInfo targetAppInfo = { .tokenId = targetTokenId };
668 std::vector<std::string> uris;
669 auto ret = CheckGrantUriPermissionByKeyParams(key, flag, callerAppInfo, targetAppInfo, uris);
670 if (ret != ERR_OK) {
671 return ret;
672 }
673 // check uri permission
674 TokenIdPermission tokenIdPermission(callerTokenId);
675 auto checkResult = CheckUriPermission(tokenIdPermission, uris, flag);
676 // grant uri permission
677 std::vector<std::string> permissionedMediaUris;
678 std::vector<std::string> permissionedOtherUris;
679 for (size_t i = 0; i < checkResult.size(); i++) {
680 if (!checkResult[i]) {
681 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission, uri:%{private}s", uris[i].c_str());
682 return ERR_UPMS_NO_PERMISSION_GRANT_URI;
683 }
684 auto uriInner = Uri(uris[i]);
685 if (uriInner.GetAuthority() == AUTHORITY_MEDIA) {
686 permissionedMediaUris.emplace_back(uris[i]);
687 } else {
688 permissionedOtherUris.emplace_back(uris[i]);
689 }
690 }
691 if (!permissionedOtherUris.empty() &&
692 GrantBatchUriPermissionImpl(permissionedOtherUris, flag, callerTokenId, targetTokenId) != ERR_OK) {
693 TAG_LOGE(AAFwkTag::URIPERMMGR, "grant batch uri permission failed");
694 return ERR_UPMS_GRANT_URI_PERMISSION_FAILED;
695 }
696 if (!permissionedMediaUris.empty() &&
697 GrantBatchMediaUriPermissionImpl(permissionedMediaUris, flag, callerTokenId, targetTokenId, 0) != ERR_OK) {
698 TAG_LOGE(AAFwkTag::URIPERMMGR, "grant media uri permission failed");
699 return ERR_UPMS_GRANT_URI_PERMISSION_FAILED;
700 }
701 return ERR_OK;
702 }
703
CheckGrantUriPermissionByKeyAsCaller()704 int32_t UriPermissionManagerStubImpl::CheckGrantUriPermissionByKeyAsCaller()
705 {
706 if (!AppUtils::GetInstance().IsSupportGrantUriPermission()) {
707 TAG_LOGE(AAFwkTag::URIPERMMGR, "not support grant uri permission");
708 return ERR_CAPABILITY_NOT_SUPPORT;
709 }
710 if (!UPMSUtils::IsSystemAppCall()) {
711 TAG_LOGE(AAFwkTag::URIPERMMGR, "caller not system");
712 return ERR_NOT_SYSTEM_APP;
713 }
714 uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID();
715 auto permissionName = PermissionConstants::PERMISSION_GRANT_URI_PERMISSION_AS_CALLER;
716 if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(callingTokenId, permissionName)) {
717 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
718 return CHECK_PERMISSION_FAILED;
719 }
720 auto ret = CheckCalledBySandBox();
721 if (ret != ERR_OK) {
722 TAG_LOGE(AAFwkTag::URIPERMMGR, "sandbox not support grant uripermission");
723 return ret;
724 }
725 return ERR_OK;
726 }
727
CheckGrantUriPermissionByKey()728 int32_t UriPermissionManagerStubImpl::CheckGrantUriPermissionByKey()
729 {
730 if (!AppUtils::GetInstance().IsSupportGrantUriPermission()) {
731 TAG_LOGE(AAFwkTag::URIPERMMGR, "not support grant uri permission");
732 return ERR_CAPABILITY_NOT_SUPPORT;
733 }
734 if (!UPMSUtils::IsSystemAppCall()) {
735 TAG_LOGE(AAFwkTag::URIPERMMGR, "caller not system");
736 return ERR_NOT_SYSTEM_APP;
737 }
738 auto ret = CheckCalledBySandBox();
739 if (ret != ERR_OK) {
740 TAG_LOGE(AAFwkTag::URIPERMMGR, "sandbox not support grant uripermission");
741 return ret;
742 }
743 return ERR_OK;
744 }
745
CheckGrantUriPermissionByKeyParams(const std::string & key,uint32_t flag,UPMSAppInfo & callerAppInfo,UPMSAppInfo & targetAppInfo,std::vector<std::string> & uris)746 int32_t UriPermissionManagerStubImpl::CheckGrantUriPermissionByKeyParams(const std::string &key, uint32_t flag,
747 UPMSAppInfo &callerAppInfo, UPMSAppInfo &targetAppInfo, std::vector<std::string> &uris)
748 {
749 if ((flag & FLAG_READ_WRITE_URI) == 0) {
750 TAG_LOGE(AAFwkTag::URIPERMMGR, "Flag invalid");
751 return ERR_CODE_INVALID_URI_FLAG;
752 }
753 if (callerAppInfo.tokenId == targetAppInfo.tokenId) {
754 TAG_LOGE(AAFwkTag::URIPERMMGR, "caller equal to target");
755 return ERR_UPMS_INVALID_TARGET_TOKENID;
756 }
757 if (!UPMSUtils::GetAlterableBundleNameByTokenId(callerAppInfo.tokenId, callerAppInfo.alterBundleName)) {
758 TAG_LOGE(AAFwkTag::URIPERMMGR, "callerTokenId invalid");
759 return ERR_UPMS_INVALID_CALLER_TOKENID;
760 }
761 if (!UPMSUtils::GetAlterableBundleNameByTokenId(targetAppInfo.tokenId, targetAppInfo.alterBundleName)) {
762 TAG_LOGE(AAFwkTag::URIPERMMGR, "targetTokenId invalid");
763 return ERR_UPMS_INVALID_TARGET_TOKENID;
764 }
765 auto ret = UDMFUtils::ProcessUdmfKey(key, callerAppInfo.tokenId, targetAppInfo.tokenId, uris);
766 if (ret != ERR_OK) {
767 TAG_LOGE(AAFwkTag::URIPERMMGR, "ProcessUdmfKey failed:%{public}d", ret);
768 return ERR_UPMS_GET_FILE_URIS_BY_KEY_FAILED;
769 }
770 return ERR_OK;
771 }
772
CheckUriAuthorization(const std::vector<std::string> & uriStrVec,uint32_t flag,uint32_t tokenId,std::vector<bool> & funcResult)773 ErrCode UriPermissionManagerStubImpl::CheckUriAuthorization(const std::vector<std::string>& uriStrVec,
774 uint32_t flag, uint32_t tokenId, std::vector<bool>& funcResult)
775 {
776 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
777 TAG_LOGI(AAFwkTag::URIPERMMGR, "tokenId:%{private}u, flag:%{public}u, uris:%{public}zu",
778 tokenId, flag, uriStrVec.size());
779 funcResult = std::vector<bool>(uriStrVec.size(), false);
780 if (uriStrVec.size() == 0 || uriStrVec.size() > MAX_URI_COUNT) {
781 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec empty or exceed maxSize %{public}d uriStrVec size: %{public}zu",
782 MAX_URI_COUNT, uriStrVec.size());
783 return ERR_URI_LIST_OUT_OF_RANGE;
784 }
785 if (!UPMSUtils::IsSAOrSystemAppCall()) {
786 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
787 return ERR_OK;
788 }
789 if ((flag & FLAG_READ_WRITE_URI) == 0) {
790 TAG_LOGE(AAFwkTag::URIPERMMGR, "Flag invalid");
791 return ERR_OK;
792 }
793 TokenIdPermission tokenIdPermission(tokenId);
794 funcResult = CheckUriPermission(tokenIdPermission, uriStrVec, flag);
795 return ERR_OK;
796 }
797
CheckUriAuthorization(const UriPermissionRawData & rawData,uint32_t flag,uint32_t tokenId,UriPermissionRawData & funcResult)798 ErrCode UriPermissionManagerStubImpl::CheckUriAuthorization(const UriPermissionRawData& rawData, uint32_t flag,
799 uint32_t tokenId, UriPermissionRawData& funcResult)
800 {
801 std::vector<std::string> uriStringVec;
802 std::vector<char> resultCharVec;
803 auto res = RawDataToStringVec(rawData, uriStringVec);
804 if (res != ERR_OK) {
805 TAG_LOGE(AAFwkTag::URIPERMMGR, "raw data to vec failed");
806 std::vector<bool> defaultFalseResult(1, false);
807 BoolVecToRawData(defaultFalseResult, funcResult, resultCharVec);
808 return res;
809 }
810 std::vector<bool> resultBoolVec(uriStringVec.size(), false);
811 auto errCode = CheckUriAuthorization(uriStringVec, flag, tokenId, resultBoolVec);
812 if (errCode != ERR_OK) {
813 TAG_LOGE(AAFwkTag::URIPERMMGR, "CheckUriAuthorization failed, errCode:%{public}d", errCode);
814 return errCode;
815 }
816 BoolVecToRawData(resultBoolVec, funcResult, resultCharVec);
817 if (funcResult.size > MAX_IPC_RAW_DATA_SIZE) {
818 TAG_LOGE(AAFwkTag::URIPERMMGR, "funcResultSize is too large");
819 std::vector<bool> defaultFalseResult(1, false);
820 BoolVecToRawData(defaultFalseResult, funcResult, resultCharVec);
821 return ERR_DEAD_OBJECT;
822 }
823 return ERR_OK;
824 }
825
CheckUriPermission(TokenIdPermission & tokenIdPermission,const std::vector<std::string> & uriVec,uint32_t flag)826 std::vector<bool> UriPermissionManagerStubImpl::CheckUriPermission(TokenIdPermission& tokenIdPermission,
827 const std::vector<std::string>& uriVec, uint32_t flag)
828 {
829 // only reserve read and write file flag
830 flag &= FLAG_READ_WRITE_URI;
831 auto tokenId = tokenIdPermission.GetTokenId();
832 std::vector<bool> result(uriVec.size(), false);
833 std::vector<std::string> mediaUris;
834 std::vector<int32_t> mediaUriIndexs;
835 std::string callerAlterableBundleName;
836 UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAlterableBundleName);
837 for (size_t i = 0; i < uriVec.size(); i++) {
838 auto uri = Uri(uriVec[i]);
839 auto &&scheme = uri.GetScheme();
840 // checkUriPermission not support content uri
841 if (scheme != "file") {
842 TAG_LOGW(AAFwkTag::URIPERMMGR, "invalid uri:%{private}s", uri.ToString().c_str());
843 result[i] = false;
844 continue;
845 }
846 auto &&authority = uri.GetAuthority();
847 TAG_LOGD(AAFwkTag::URIPERMMGR, "UriAuth:%{public}s", authority.c_str());
848 if (authority == "docs" && tokenIdPermission.VerifyFileAccessManagerPermission()) {
849 result[i] = true;
850 continue;
851 }
852 if (authority == "media") {
853 mediaUris.emplace_back(uriVec[i]);
854 mediaUriIndexs.emplace_back(i);
855 continue;
856 }
857 // bundle uri
858 result[i] = (authority == callerAlterableBundleName);
859 }
860 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
861 if (!mediaUris.empty()) {
862 auto mediaUriResult = MediaPermissionManager::GetInstance().CheckUriPermission(mediaUris, tokenId, flag);
863 for (size_t i = 0; i < mediaUriResult.size(); i++) {
864 result[mediaUriIndexs[i]] = mediaUriResult[i];
865 }
866 }
867 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
868 CheckProxyUriPermission(tokenIdPermission, uriVec, flag, result);
869 return result;
870 }
871
CheckProxyUriPermission(TokenIdPermission & tokenIdPermission,const std::vector<std::string> & uriVec,uint32_t flag,std::vector<bool> & result)872 void UriPermissionManagerStubImpl::CheckProxyUriPermission(TokenIdPermission &tokenIdPermission,
873 const std::vector<std::string> &uriVec, uint32_t flag, std::vector<bool> &result)
874 {
875 TAG_LOGI(AAFwkTag::URIPERMMGR, "Call");
876 if (uriVec.size() != result.size()) {
877 TAG_LOGW(AAFwkTag::URIPERMMGR, "param size not equal");
878 return;
879 }
880 if (!tokenIdPermission.VerifyProxyAuthorizationUriPermission()) {
881 TAG_LOGW(AAFwkTag::URIPERMMGR, "no proxy permission");
882 return;
883 }
884 auto tokenId = tokenIdPermission.GetTokenId();
885 for (size_t i = 0; i < uriVec.size(); i++) {
886 if (result[i]) {
887 continue;
888 }
889 // media no need to check proxy permission, has checked by medialibrary
890 auto uriInner = Uri(uriVec[i]);
891 if (uriInner.GetAuthority() != "media") {
892 bool funcResult = false;
893 VerifyUriPermission(uriInner, flag, tokenId, funcResult);
894 result[i] = funcResult;
895 }
896 }
897 }
898
RevokeMapUriPermission(uint32_t tokenId)899 void UriPermissionManagerStubImpl::RevokeMapUriPermission(uint32_t tokenId)
900 {
901 // revoke uri permission record cache of tokenId when application exit
902 TAG_LOGD(AAFwkTag::URIPERMMGR, "RevokeMapUriPermission call");
903 std::lock_guard<std::mutex> guard(mutex_);
904 std::vector<std::string> uriList;
905 int32_t deleteCount = 0;
906 for (auto iter = uriMap_.begin(); iter != uriMap_.end();) {
907 auto& list = iter->second;
908 bool findUriRecord = false;
909 for (auto it = list.begin(); it != list.end();) {
910 if (it->targetTokenId == tokenId) {
911 deleteCount++;
912 it = list.erase(it);
913 findUriRecord = true;
914 continue;
915 }
916 it++;
917 }
918 if (findUriRecord) {
919 uriList.emplace_back(iter->first);
920 }
921 if (list.empty()) {
922 iter = uriMap_.erase(iter);
923 continue;
924 }
925 ++iter;
926 }
927 if (!uriList.empty()) {
928 DeleteShareFile(tokenId, uriList);
929 }
930 TAG_LOGI(AAFwkTag::URIPERMMGR, "revoke map: %{public}d", deleteCount);
931 }
932
RevokeAllUriPermissions(uint32_t tokenId,int32_t & funcResult)933 ErrCode UriPermissionManagerStubImpl::RevokeAllUriPermissions(uint32_t tokenId, int32_t& funcResult)
934 {
935 TAG_LOGI(AAFwkTag::URIPERMMGR, "RevokeAllUriPermissions, tokenId:%{public}u", tokenId);
936 if (!UPMSUtils::IsFoundationCall()) {
937 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to revoke all uri permission");
938 funcResult = CHECK_PERMISSION_FAILED;
939 return ERR_OK;
940 }
941 RevokeAllMapUriPermissions(tokenId);
942 RevokeContentUriPermission(tokenId);
943 funcResult = ERR_OK;
944 return ERR_OK;
945 }
946
RevokeAllMapUriPermissions(uint32_t tokenId)947 int32_t UriPermissionManagerStubImpl::RevokeAllMapUriPermissions(uint32_t tokenId)
948 {
949 std::string callerAuthority = "";
950 UPMSUtils::GetAlterableBundleNameByTokenId(tokenId, callerAuthority);
951 std::map<uint32_t, std::vector<std::string>> uriLists;
952 {
953 std::lock_guard<std::mutex> guard(mutex_);
954 for (auto iter = uriMap_.begin(); iter != uriMap_.end();) {
955 auto uriAuthority = Uri(iter->first).GetAuthority();
956 // uri belong to target tokenId.
957 if (callerAuthority == uriAuthority) {
958 for (const auto &record : iter->second) {
959 uriLists[record.targetTokenId].emplace_back(iter->first);
960 }
961 iter = uriMap_.erase(iter);
962 continue;
963 }
964 auto& list = iter->second;
965 for (auto it = list.begin(); it != list.end();) {
966 if (it->targetTokenId == tokenId || it->fromTokenId == tokenId) {
967 TAG_LOGI(AAFwkTag::URIPERMMGR, "Erase an uri permission record");
968 uriLists[it->targetTokenId].emplace_back(iter->first);
969 it = list.erase(it);
970 continue;
971 }
972 it++;
973 }
974 if (list.empty()) {
975 iter = uriMap_.erase(iter);
976 continue;
977 }
978 iter++;
979 }
980 }
981
982 for (auto iter = uriLists.begin(); iter != uriLists.end(); iter++) {
983 if (DeleteShareFile(iter->first, iter->second) != ERR_OK) {
984 return INNER_ERR;
985 }
986 }
987 return ERR_OK;
988 }
989
RevokeUriPermissionManually(const Uri & uri,const std::string & bundleName,int32_t appIndex,int32_t & funcResult)990 ErrCode UriPermissionManagerStubImpl::RevokeUriPermissionManually(const Uri& uri, const std::string& bundleName,
991 int32_t appIndex, int32_t& funcResult)
992 {
993 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
994 TAG_LOGI(AAFwkTag::URIPERMMGR, "uri:%{private}s, bundleName:%{public}s, appIndex:%{public}d",
995 uri.ToString().c_str(), bundleName.c_str(), appIndex);
996 if (!UPMSUtils::IsSAOrSystemAppCall()) {
997 TAG_LOGE(AAFwkTag::URIPERMMGR, "not SA/SystemApp");
998 funcResult = CHECK_PERMISSION_FAILED;
999 return ERR_OK;
1000 }
1001 auto uriInner = uri;
1002 if (!UPMSUtils::CheckUriTypeIsValid(uriInner)) {
1003 TAG_LOGE(AAFwkTag::URIPERMMGR, "CheckUriType failed, uri:%{private}s", uri.ToString().c_str());
1004 funcResult = ERR_CODE_INVALID_URI_TYPE;
1005 return ERR_OK;
1006 }
1007 uint32_t targetTokenId = 0;
1008 auto ret = UPMSUtils::GetTokenIdByBundleName(bundleName, appIndex, targetTokenId);
1009 if (ret != ERR_OK) {
1010 TAG_LOGE(AAFwkTag::URIPERMMGR, "get tokenId by bundleName fail");
1011 funcResult = ret;
1012 return ERR_OK;
1013 }
1014 funcResult = RevokeUriPermissionManuallyInner(uriInner, targetTokenId);
1015 return ERR_OK;
1016 }
1017
RevokeUriPermissionManuallyInner(Uri & uri,uint32_t targetTokenId)1018 int32_t UriPermissionManagerStubImpl::RevokeUriPermissionManuallyInner(Uri &uri, uint32_t targetTokenId)
1019 {
1020 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
1021 auto callerTokenId = IPCSkeleton::GetCallingTokenID();
1022 TAG_LOGI(AAFwkTag::URIPERMMGR, "callerTokenId: %{public}u, targetTokenId:%{public}u",
1023 callerTokenId, targetTokenId);
1024
1025 if (UPMSUtils::IsDocsCloudUri(uri)) {
1026 return RevokeMapUriPermissionManually(callerTokenId, targetTokenId, uri);
1027 }
1028 if (uri.GetAuthority() == "media") {
1029 return RevokeMediaUriPermissionManually(callerTokenId, targetTokenId, uri);
1030 }
1031 // docs and bundle uri
1032 return RevokeMapUriPermissionManually(callerTokenId, targetTokenId, uri);
1033 }
1034
RevokeMapUriPermissionManually(uint32_t callerTokenId,uint32_t targetTokenId,Uri & uri)1035 int32_t UriPermissionManagerStubImpl::RevokeMapUriPermissionManually(uint32_t callerTokenId,
1036 uint32_t targetTokenId, Uri &uri)
1037 {
1038 auto uriStr = uri.ToString();
1039 auto uriAuthority = uri.GetAuthority();
1040 // uri belong to caller or caller is target.
1041 std::string callerAuthority = "";
1042 UPMSUtils::GetAlterableBundleNameByTokenId(callerTokenId, callerAuthority);
1043 bool isRevokeSelfUri = (callerTokenId == targetTokenId || callerAuthority == uriAuthority);
1044 std::vector<std::string> uriList;
1045 {
1046 std::lock_guard<std::mutex> guard(mutex_);
1047 auto search = uriMap_.find(uriStr);
1048 if (search == uriMap_.end()) {
1049 TAG_LOGI(AAFwkTag::URIPERMMGR, "URI not exist on uri map");
1050 return ERR_OK;
1051 }
1052 auto& list = search->second;
1053 for (auto it = list.begin(); it != list.end(); it++) {
1054 if (it->targetTokenId == targetTokenId && (callerTokenId == it->fromTokenId || isRevokeSelfUri)) {
1055 uriList.emplace_back(search->first);
1056 TAG_LOGD(AAFwkTag::URIPERMMGR, "revoke uri permission record");
1057 list.erase(it);
1058 break;
1059 }
1060 }
1061 if (list.empty()) {
1062 uriMap_.erase(search);
1063 }
1064 }
1065 return DeleteShareFile(targetTokenId, uriList);
1066 }
1067
DeleteShareFile(uint32_t targetTokenId,const std::vector<std::string> & uriVec)1068 int32_t UriPermissionManagerStubImpl::DeleteShareFile(uint32_t targetTokenId, const std::vector<std::string> &uriVec)
1069 {
1070 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
1071 ConnectManager(storageManager_, STORAGE_MANAGER_MANAGER_ID);
1072 if (storageManager_ == nullptr) {
1073 TAG_LOGE(AAFwkTag::URIPERMMGR, "null StorageManager");
1074 return INNER_ERR;
1075 }
1076 StorageFileRawData uriRawData;
1077 StringVecToRawData(uriVec, uriRawData);
1078 auto ret = storageManager_->DeleteShareFile(targetTokenId, uriRawData);
1079 if (ret != ERR_OK) {
1080 TAG_LOGE(AAFwkTag::URIPERMMGR, "DeleteShareFile failed:%{public}d", ret);
1081 }
1082 return ret;
1083 }
1084
RevokeMediaUriPermissionManually(uint32_t callerTokenId,uint32_t targetTokenId,Uri & uri)1085 int32_t UriPermissionManagerStubImpl::RevokeMediaUriPermissionManually(uint32_t callerTokenId, uint32_t targetTokenId,
1086 Uri &uri)
1087 {
1088 #ifdef ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
1089 std::string uriStr = uri.ToString();
1090 return MediaPermissionManager::GetInstance().RevokeUriPermission(callerTokenId, targetTokenId, uriStr);
1091 #else
1092 return CAPABILITY_NOT_SUPPORT;
1093 #endif // ABILITY_RUNTIME_MEDIA_LIBRARY_ENABLE
1094 }
1095
1096 template<typename T>
ConnectManager(sptr<T> & mgr,int32_t serviceId)1097 void UriPermissionManagerStubImpl::ConnectManager(sptr<T> &mgr, int32_t serviceId)
1098 {
1099 TAG_LOGD(AAFwkTag::URIPERMMGR, "Call");
1100 std::lock_guard<std::mutex> lock(mgrMutex_);
1101 if (mgr == nullptr) {
1102 TAG_LOGE(AAFwkTag::URIPERMMGR, "mgr null");
1103 auto systemAbilityMgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1104 if (systemAbilityMgr == nullptr) {
1105 TAG_LOGE(AAFwkTag::URIPERMMGR, "null systemAbilityMgr");
1106 return;
1107 }
1108
1109 auto remoteObj = systemAbilityMgr->GetSystemAbility(serviceId);
1110 if (remoteObj == nullptr) {
1111 TAG_LOGE(AAFwkTag::URIPERMMGR, "null Obj");
1112 return;
1113 }
1114 TAG_LOGE(AAFwkTag::URIPERMMGR, "to cast");
1115 mgr = iface_cast<T>(remoteObj);
1116 if (mgr == nullptr || mgr->AsObject() == nullptr) {
1117 TAG_LOGE(AAFwkTag::URIPERMMGR, "null mgr");
1118 return;
1119 }
1120 wptr<T> manager = mgr;
1121 auto self = weak_from_this();
1122 auto onClearProxyCallback = [manager, self](const auto& remote) {
1123 auto mgrSptr = manager.promote();
1124 auto impl = self.lock();
1125 if (impl && mgrSptr && mgrSptr->AsObject() == remote.promote()) {
1126 std::lock_guard<std::mutex> lock(impl->mgrMutex_);
1127 mgrSptr.clear();
1128 }
1129 };
1130 sptr<ProxyDeathRecipient> recipient(new ProxyDeathRecipient(std::move(onClearProxyCallback)));
1131 if (!mgr->AsObject()->AddDeathRecipient(recipient)) {
1132 TAG_LOGE(AAFwkTag::URIPERMMGR, "AddDeathRecipient failed");
1133 }
1134 }
1135 }
1136
OnRemoteDied(const wptr<IRemoteObject> & remote)1137 void UriPermissionManagerStubImpl::ProxyDeathRecipient::OnRemoteDied([[maybe_unused]]
1138 const wptr<IRemoteObject>& remote)
1139 {
1140 if (proxy_) {
1141 TAG_LOGD(AAFwkTag::URIPERMMGR, "mgr stub died");
1142 proxy_(remote);
1143 }
1144 }
1145
CheckCalledBySandBox()1146 int32_t UriPermissionManagerStubImpl::CheckCalledBySandBox()
1147 {
1148 // reject sandbox to grant uri permission
1149 ConnectManager(appMgr_, APP_MGR_SERVICE_ID);
1150 if (appMgr_ == nullptr) {
1151 TAG_LOGE(AAFwkTag::URIPERMMGR, "appMgr null");
1152 return INNER_ERR;
1153 }
1154 auto callerPid = IPCSkeleton::GetCallingPid();
1155 bool isSandbox = false;
1156 if (IN_PROCESS_CALL(appMgr_->JudgeSandboxByPid(callerPid, isSandbox)) != ERR_OK) {
1157 TAG_LOGE(AAFwkTag::URIPERMMGR, "JudgeSandboxByPid failed");
1158 return INNER_ERR;
1159 }
1160 if (isSandbox) {
1161 TAG_LOGE(AAFwkTag::URIPERMMGR, "sandbox app not grant URI permission");
1162 return ERR_CODE_GRANT_URI_PERMISSION;
1163 }
1164 return ERR_OK;
1165 }
1166
ClearPermissionTokenByMap(const uint32_t tokenId,int32_t & funcResult)1167 ErrCode UriPermissionManagerStubImpl::ClearPermissionTokenByMap(const uint32_t tokenId, int32_t& funcResult)
1168 {
1169 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
1170 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
1171 bool isCallingPermission =
1172 AAFwk::PermissionVerification::GetInstance()->CheckSpecificSystemAbilityAccessPermission(FOUNDATION_PROCESS);
1173 if (!isCallingPermission) {
1174 TAG_LOGE(AAFwkTag::APPMGR, "verification failed");
1175 funcResult = ERR_PERMISSION_DENIED;
1176 return ERR_OK;
1177 }
1178 RevokeContentUriPermission(tokenId);
1179 std::lock_guard<std::mutex> lock(ptMapMutex_);
1180 if (permissionTokenMap_.find(tokenId) == permissionTokenMap_.end()) {
1181 TAG_LOGD(AAFwkTag::URIPERMMGR, "permissionTokenMap_ empty");
1182 funcResult = ERR_OK;
1183 return ERR_OK;
1184 }
1185 RevokeMapUriPermission(tokenId);
1186 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
1187 uint64_t timeNow = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::nanoseconds>(
1188 std::chrono::high_resolution_clock::now().time_since_epoch()).count());
1189 TAG_LOGD(AAFwkTag::URIPERMMGR, "clear %{private}d permission", tokenId);
1190 auto ret = SandboxManagerKit::UnSetAllPolicyByToken(tokenId, timeNow);
1191 TAG_LOGI(AAFwkTag::URIPERMMGR, "clear permission end");
1192 if (ret != ERR_OK) {
1193 TAG_LOGE(AAFwkTag::URIPERMMGR, "ClearPermission failed, ret is %{public}d", ret);
1194 funcResult = ret;
1195 return ERR_OK;
1196 }
1197 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
1198 permissionTokenMap_.erase(tokenId);
1199 funcResult = ERR_OK;
1200 return ERR_OK;
1201 }
1202
BoolVecToCharVec(const std::vector<bool> & boolVector,std::vector<char> & charVector)1203 void UriPermissionManagerStubImpl::BoolVecToCharVec(const std::vector<bool>& boolVector, std::vector<char>& charVector)
1204 {
1205 charVector.clear();
1206 if (boolVector.empty()) {
1207 return;
1208 }
1209 for (bool b : boolVector) {
1210 char value = b ? static_cast<char>(1) : static_cast<char>(0);
1211 charVector.push_back(value);
1212 }
1213 }
1214
BoolVecToRawData(const std::vector<bool> & boolVector,UriPermissionRawData & rawData,std::vector<char> & charVector)1215 void UriPermissionManagerStubImpl::BoolVecToRawData(const std::vector<bool> &boolVector, UriPermissionRawData &rawData,
1216 std::vector<char> &charVector)
1217 {
1218 BoolVecToCharVec(boolVector, charVector);
1219 std::stringstream ss;
1220 uint32_t boolCount = boolVector.size();
1221 ss.write(reinterpret_cast<const char *>(&boolCount), sizeof(boolCount));
1222 for (uint32_t i = 0; i < boolCount; ++i) {
1223 ss.write(reinterpret_cast<const char *>(&charVector[i]), sizeof(charVector[i]));
1224 }
1225 std::string result = ss.str();
1226 rawData.ownedData = std::move(result);
1227 rawData.data = rawData.ownedData.data();
1228 rawData.size = rawData.ownedData.size();
1229 }
1230
RawDataToStringVec(const UriPermissionRawData & rawData,std::vector<std::string> & stringVec)1231 ErrCode UriPermissionManagerStubImpl::RawDataToStringVec(const UriPermissionRawData &rawData,
1232 std::vector<std::string> &stringVec)
1233 {
1234 if (rawData.data == nullptr) {
1235 TAG_LOGE(AAFwkTag::URIPERMMGR, "null data");
1236 return ERR_DEAD_OBJECT;
1237 }
1238 if (rawData.size == 0 || rawData.size > MAX_IPC_RAW_DATA_SIZE) {
1239 TAG_LOGE(AAFwkTag::URIPERMMGR, "size invalid: %{public}u", rawData.size);
1240 return ERR_DEAD_OBJECT;
1241 }
1242 std::stringstream ss;
1243 ss.write(reinterpret_cast<const char *>(rawData.data), rawData.size);
1244 uint32_t stringVecSize = 0;
1245 ss.read(reinterpret_cast<char *>(&stringVecSize), sizeof(stringVecSize));
1246 if (stringVecSize == 0 || stringVecSize > MAX_URI_COUNT) {
1247 TAG_LOGE(AAFwkTag::URIPERMMGR, "uriVec empty or exceed maxSize %{public}d, stringVecSize: %{public}d",
1248 MAX_URI_COUNT, stringVecSize);
1249 return ERR_URI_LIST_OUT_OF_RANGE;
1250 }
1251 uint32_t ssLength = static_cast<uint32_t>(ss.str().length());
1252 for (uint32_t i = 0; i < stringVecSize; ++i) {
1253 uint32_t strLen = 0;
1254 ss.read(reinterpret_cast<char *>(&strLen), sizeof(strLen));
1255 if (strLen > ssLength - static_cast<uint32_t>(ss.tellg())) {
1256 TAG_LOGE(AAFwkTag::URIPERMMGR, "string length:%{public}u is invalid", strLen);
1257 return ERR_DEAD_OBJECT;
1258 }
1259 std::string str;
1260 str.resize(strLen);
1261 ss.read(&str[0], strLen);
1262 stringVec.emplace_back(str);
1263 }
1264 return ERR_OK;
1265 }
1266
1267 #ifdef ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
Active(const UriPermissionRawData & policyRawData,std::vector<uint32_t> & res,int32_t & funcResult)1268 ErrCode UriPermissionManagerStubImpl::Active(const UriPermissionRawData& policyRawData, std::vector<uint32_t>& res,
1269 int32_t& funcResult)
1270 {
1271 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
1272 auto tokenId = IPCSkeleton::GetCallingTokenID();
1273 TAG_LOGD(AAFwkTag::URIPERMMGR, "active %{private}d permission", tokenId);
1274 auto permissionName = PermissionConstants::PERMISSION_FILE_ACCESS_PERSIST;
1275 if (!PermissionVerification::GetInstance()->VerifyPermissionByTokenId(tokenId, permissionName)) {
1276 TAG_LOGE(AAFwkTag::URIPERMMGR, "No permission to call");
1277 funcResult = SANDBOX_MANAGER_PERMISSION_DENIED;
1278 return ERR_OK;
1279 }
1280 TAG_LOGD(AAFwkTag::URIPERMMGR, "call");
1281 std::vector<PolicyInfo> policy;
1282 auto result = RawDataToPolicyInfo(policyRawData, policy);
1283 if (result != ERR_OK) {
1284 TAG_LOGE(AAFwkTag::URIPERMMGR, "RawDataToPolicyInfo failed");
1285 funcResult = result;
1286 return funcResult;
1287 }
1288 uint64_t timeNow = static_cast<uint64_t>(std::chrono::duration_cast<std::chrono::nanoseconds>(
1289 std::chrono::high_resolution_clock::now().time_since_epoch()).count());
1290 auto ret = SandboxManagerKit::StartAccessingPolicy(policy, res, false, tokenId, timeNow);
1291 TAG_LOGI(AAFwkTag::URIPERMMGR, "active permission end");
1292 if (ret != ERR_OK) {
1293 TAG_LOGE(AAFwkTag::URIPERMMGR, "StartAccessingPolicy failed, ret is %{public}d", ret);
1294 funcResult = ret;
1295 return ERR_OK;
1296 }
1297 std::lock_guard<std::mutex> lock(ptMapMutex_);
1298 permissionTokenMap_.insert(tokenId);
1299 funcResult = ERR_OK;
1300 return ERR_OK;
1301 }
1302
RawDataToPolicyInfo(const UriPermissionRawData & policyRawData,std::vector<PolicyInfo> & policy)1303 ErrCode UriPermissionManagerStubImpl::RawDataToPolicyInfo(const UriPermissionRawData& policyRawData,
1304 std::vector<PolicyInfo>& policy)
1305 {
1306 std::stringstream ss;
1307 ss.write(reinterpret_cast<const char *>(policyRawData.data), policyRawData.size);
1308 ss.seekg(0, std::ios::beg);
1309 uint32_t ssLength = static_cast<uint32_t>(ss.str().length());
1310 uint32_t policyInfoSize = 0;
1311 ss.read(reinterpret_cast<char *>(&policyInfoSize), sizeof(policyInfoSize));
1312 if (policyInfoSize == 0 || policyInfoSize > MAX_URI_COUNT) {
1313 TAG_LOGE(AAFwkTag::URIPERMMGR, "policy empty or exceed maxSize %{public}d, policyInfoSize: %{public}d",
1314 MAX_URI_COUNT, policyInfoSize);
1315 return ERR_URI_LIST_OUT_OF_RANGE;
1316 }
1317 for (uint32_t i = 0; i < policyInfoSize; ++i) {
1318 uint32_t pathLen = 0;
1319 ss.read(reinterpret_cast<char *>(&pathLen), sizeof(pathLen));
1320 if (pathLen > ssLength - static_cast<uint32_t>(ss.tellg())) {
1321 TAG_LOGE(AAFwkTag::URIPERMMGR, "path eln:%{public}u is invalid", pathLen);
1322 return INVALID_PARAMETERS_ERR;
1323 }
1324 PolicyInfo info;
1325 info.path.resize(pathLen);
1326 ss.read(info.path.data(), pathLen);
1327 ss.read(reinterpret_cast<char *>(&info.mode), sizeof(info.mode));
1328 policy.emplace_back(info);
1329 }
1330 return ERR_OK;
1331 }
1332 #endif // ABILITY_RUNTIME_FEATURE_SANDBOXMANAGER
1333 } // namespace AAFwk
1334 } // namespace OHOS
1335