1 /*
2 * Copyright (c) 2024-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "uri_utils.h"
17
18 #include "ability_util.h"
19 #include "ability_config.h"
20 #include "ability_record.h"
21 #include "ability_manager_errors.h"
22 #include "accesstoken_kit.h"
23 #include "app_utils.h"
24 #include "common_event_manager.h"
25 #include "event_report.h"
26 #include "extension_ability_info.h"
27 #include "element_name.h"
28 #include "global_constant.h"
29 #include "hilog_tag_wrapper.h"
30 #include "hitrace_meter.h"
31 #include "in_process_call_wrapper.h"
32 #include "ipc_skeleton.h"
33 #include "tokenid_kit.h"
34 #include "ui_extension_utils.h"
35 #ifdef SUPPORT_UPMS
36 #include "uri_permission_manager_client.h"
37 #endif // SUPPORT_UPMS
38
39 namespace OHOS {
40 namespace AAFwk {
41 namespace {
42 const std::string PARAMS_URI = "ability.verify.uri";
43 const std::string DISTRIBUTED_FILES_PATH = "/data/storage/el2/distributedfiles/";
44 const std::string HIDE_SENSITIVE_TYPE = "ohos.media.params.hideSensitiveType";
45 const std::string DMS_PROCESS_NAME = "distributedsched";
46 const std::string ERASE_URI = "eraseUri";
47 const std::string ERASE_PARAM_STREAM = "eraseParamStream";
48 const std::string SEPARATOR = "/";
49 const std::string SCHEME_SEPARATOR = "://";
50 const std::string FILE_SCHEME = "file";
51 const int32_t MAX_URI_COUNT = 500;
52 constexpr int32_t API20 = 20;
53 constexpr int32_t API_VERSION_MOD = 100;
54 constexpr uint32_t TOKEN_ID_BIT_SIZE = 32;
55 }
56
UriUtils()57 UriUtils::UriUtils() {}
58
~UriUtils()59 UriUtils::~UriUtils() {}
60
GetInstance()61 UriUtils &UriUtils::GetInstance()
62 {
63 static UriUtils utils;
64 return utils;
65 }
66
IsInAncoAppIdentifier(const std::string & bundleName)67 bool UriUtils::IsInAncoAppIdentifier(const std::string &bundleName)
68 {
69 auto identifier = AppUtils::GetInstance().GetAncoAppIdentifiers();
70 return CheckIsInAncoAppIdentifier(identifier, bundleName);
71 }
72
CheckIsInAncoAppIdentifier(const std::string & identifier,const std::string & bundleName)73 bool UriUtils::CheckIsInAncoAppIdentifier(const std::string &identifier, const std::string &bundleName)
74 {
75 if (identifier.empty() || bundleName.empty()) {
76 return false;
77 }
78 TAG_LOGI(AAFwkTag::ABILITYMGR, "identifier:%{public}s", identifier.c_str());
79 std::stringstream ss(identifier);
80 std::string item;
81 while (getline(ss, item, '|')) {
82 if (item == bundleName) {
83 return true;
84 }
85 }
86 return false;
87 }
88
GetUriListFromWantDms(Want & want)89 std::vector<Uri> UriUtils::GetUriListFromWantDms(Want &want)
90 {
91 std::vector<std::string> uriStrVec = want.GetStringArrayParam(PARAMS_URI);
92 TAG_LOGD(AAFwkTag::ABILITYMGR, "uriVec size: %{public}zu", uriStrVec.size());
93 if (uriStrVec.size() > MAX_URI_COUNT) {
94 TAG_LOGE(AAFwkTag::ABILITYMGR, "uri list size is more than %{public}u", MAX_URI_COUNT);
95 uriStrVec.resize(MAX_URI_COUNT);
96 }
97 std::vector<Uri> validUriVec;
98 for (auto &&str : uriStrVec) {
99 Uri uri(str);
100 auto &&scheme = uri.GetScheme();
101 TAG_LOGI(AAFwkTag::ABILITYMGR, "uri scheme: %{public}s", scheme.c_str());
102 // only support file scheme
103 if (scheme != "file") {
104 TAG_LOGW(AAFwkTag::ABILITYMGR, "only support file uri");
105 continue;
106 }
107 std::string srcPath = uri.GetPath();
108 if (std::filesystem::exists(srcPath) && std::filesystem::is_symlink(srcPath)) {
109 TAG_LOGE(AAFwkTag::ABILITYMGR, "soft links not allowed");
110 continue;
111 }
112 std::string absolutePath;
113 if (uri.IsRelative()) {
114 char path[PATH_MAX] = {0};
115 if (realpath(srcPath.c_str(), path) == nullptr) {
116 TAG_LOGE(AAFwkTag::ABILITYMGR, "fail, errno :%{public}d", errno);
117 continue;
118 }
119 absolutePath = path;
120 } else {
121 absolutePath = srcPath;
122 }
123 if (absolutePath.compare(0, DISTRIBUTED_FILES_PATH.size(), DISTRIBUTED_FILES_PATH) != 0) {
124 TAG_LOGE(AAFwkTag::ABILITYMGR, "uri not distributed path");
125 continue;
126 }
127 validUriVec.emplace_back(uri);
128 }
129 uriStrVec.clear();
130 want.SetParam(PARAMS_URI, uriStrVec);
131 TAG_LOGD(AAFwkTag::ABILITYMGR, "size of vaid uri is %{public}zu", validUriVec.size());
132 return validUriVec;
133 }
134
ProcessWantUri(bool checkResult,int32_t apiVersion,Want & want,std::vector<Uri> & permissionedUris)135 bool UriUtils::ProcessWantUri(bool checkResult, int32_t apiVersion, Want &want, std::vector<Uri> &permissionedUris)
136 {
137 if (want.GetUriString().empty()) {
138 return true;
139 }
140 if (checkResult) {
141 permissionedUris.emplace_back(want.GetUri());
142 return true;
143 }
144 auto scheme = want.GetUri().GetScheme();
145 if (scheme == FILE_SCHEME || (scheme.empty() && apiVersion >= API20)) {
146 want.SetUri("");
147 TAG_LOGI(AAFwkTag::ABILITYMGR, "erase uri param.");
148 }
149 return false;
150 }
151
GetCallerNameAndApiVersion(uint32_t tokenId,std::string & callerName,int32_t & apiVersion)152 bool UriUtils::GetCallerNameAndApiVersion(uint32_t tokenId, std::string &callerName, int32_t &apiVersion)
153 {
154 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
155 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE) {
156 // for SA, caller name is process name
157 Security::AccessToken::NativeTokenInfo nativeInfo;
158 auto result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(tokenId, nativeInfo);
159 if (result != ERR_OK) {
160 TAG_LOGE(AAFwkTag::URIPERMMGR, "GetNativeTokenInfo failed, ret:%{public}d.", result);
161 return false;
162 }
163 callerName = nativeInfo.processName;
164 return true;
165 }
166 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
167 // for application, caller name is bundle name
168 Security::AccessToken::HapTokenInfo hapInfo;
169 auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo);
170 if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
171 TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret is %{public}d", ret);
172 return false;
173 }
174 apiVersion = hapInfo.apiVersion % API_VERSION_MOD;
175 callerName = hapInfo.bundleName;
176 return true;
177 }
178 TAG_LOGE(AAFwkTag::URIPERMMGR, "invalid tokenType: %{public}d", static_cast<int32_t>(tokenType));
179 return false;
180 }
181
GetPermissionedUriList(const std::vector<std::string> & uriVec,const std::vector<bool> & checkResults,uint32_t callerTokenId,const std::string & targetBundleName,Want & want)182 std::vector<Uri> UriUtils::GetPermissionedUriList(const std::vector<std::string> &uriVec,
183 const std::vector<bool> &checkResults, uint32_t callerTokenId, const std::string &targetBundleName, Want &want)
184 {
185 std::vector<Uri> permissionedUris;
186 if (uriVec.size() != checkResults.size()) {
187 TAG_LOGE(AAFwkTag::ABILITYMGR, "Invalid param: %{public}zu : %{public}zu",
188 uriVec.size(), checkResults.size());
189 return permissionedUris;
190 }
191 std::string callerBundleName;
192 int32_t apiVersion = 0;
193 GetCallerNameAndApiVersion(callerTokenId, callerBundleName, apiVersion);
194 // process uri
195 size_t startIndex = want.GetUriString().empty() ? 0 : 1;
196 if (!ProcessWantUri(checkResults[0], apiVersion, want, permissionedUris)) {
197 SendGrantUriPermissionEvent(callerBundleName, targetBundleName, uriVec[0], apiVersion, ERASE_URI);
198 }
199 // process param stream
200 bool eraseParamStreamEventSent = false;
201 std::vector<std::string> paramStreamUris;
202 for (size_t index = startIndex; index < checkResults.size(); index++) {
203 // only reserve privileged file uri
204 auto uri = Uri(uriVec[index]);
205 if (checkResults[index]) {
206 permissionedUris.emplace_back(uri);
207 paramStreamUris.emplace_back(uriVec[index]);
208 continue;
209 }
210 if (uri.GetScheme() != FILE_SCHEME && apiVersion < API20) {
211 paramStreamUris.emplace_back(uriVec[index]);
212 }
213 if (eraseParamStreamEventSent) {
214 continue;
215 }
216 eraseParamStreamEventSent = true;
217 SendGrantUriPermissionEvent(callerBundleName, targetBundleName, uriVec[index], apiVersion, ERASE_PARAM_STREAM);
218 }
219 if (paramStreamUris.size() != (checkResults.size() - startIndex)) {
220 // erase old param stream and set new param stream
221 want.RemoveParam(AbilityConfig::PARAMS_STREAM);
222 want.SetParam(AbilityConfig::PARAMS_STREAM, paramStreamUris);
223 TAG_LOGI(AAFwkTag::ABILITYMGR, "startIndex: %{public}zu, uriVec: %{public}zu, paramStreamUris: %{public}zu",
224 startIndex, uriVec.size(), paramStreamUris.size());
225 }
226 return permissionedUris;
227 }
228
GetUriListFromWant(Want & want,std::vector<std::string> & uriVec)229 bool UriUtils::GetUriListFromWant(Want &want, std::vector<std::string> &uriVec)
230 {
231 // remove uris out of 500
232 auto uriStr = want.GetUri().ToString();
233 uriVec = want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM);
234 if (uriVec.empty() && uriStr.empty()) {
235 TAG_LOGW(AAFwkTag::ABILITYMGR, "uriVec empty.");
236 return false;
237 }
238 // process param stream
239 auto paramStreamUriCount = uriVec.size();
240 if (uriStr.empty() && paramStreamUriCount > MAX_URI_COUNT) {
241 TAG_LOGW(AAFwkTag::ABILITYMGR, "uri empty, paream stream counts: %{public}zu", paramStreamUriCount);
242 uriVec.resize(MAX_URI_COUNT);
243 want.RemoveParam(AbilityConfig::PARAMS_STREAM);
244 want.SetParam(AbilityConfig::PARAMS_STREAM, uriVec);
245 }
246 if (!uriStr.empty() && paramStreamUriCount > MAX_URI_COUNT - 1) {
247 TAG_LOGW(AAFwkTag::ABILITYMGR, "paream stream counts: %{public}zu", paramStreamUriCount);
248 uriVec.resize(MAX_URI_COUNT - 1);
249 want.RemoveParam(AbilityConfig::PARAMS_STREAM);
250 want.SetParam(AbilityConfig::PARAMS_STREAM, uriVec);
251 }
252 // process uri
253 if (!uriStr.empty()) {
254 uriVec.insert(uriVec.begin(), uriStr);
255 }
256 return true;
257 }
258
259 #ifdef SUPPORT_UPMS
IsGrantUriPermissionFlag(const Want & want)260 bool UriUtils::IsGrantUriPermissionFlag(const Want &want)
261 {
262 return ((want.GetFlags() & (Want::FLAG_AUTH_READ_URI_PERMISSION | Want::FLAG_AUTH_WRITE_URI_PERMISSION)) != 0);
263 }
264 #endif // SUPPORT_UPMS
265
IsServiceExtensionType(AppExecFwk::ExtensionAbilityType extensionAbilityType)266 bool UriUtils::IsServiceExtensionType(AppExecFwk::ExtensionAbilityType extensionAbilityType)
267 {
268 return extensionAbilityType == AppExecFwk::ExtensionAbilityType::SERVICE ||
269 extensionAbilityType == AppExecFwk::ExtensionAbilityType::UI_SERVICE;
270 }
271
IsDmsCall(uint32_t fromTokenId)272 bool UriUtils::IsDmsCall(uint32_t fromTokenId)
273 {
274 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(fromTokenId);
275 bool isNativeCall = tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE;
276 if (!isNativeCall) {
277 TAG_LOGI(AAFwkTag::ABILITYMGR, "not native call");
278 return false;
279 }
280 Security::AccessToken::NativeTokenInfo nativeTokenInfo;
281 int32_t result = Security::AccessToken::AccessTokenKit::GetNativeTokenInfo(fromTokenId, nativeTokenInfo);
282 if (result == ERR_OK && nativeTokenInfo.processName == DMS_PROCESS_NAME) {
283 TAG_LOGI(AAFwkTag::ABILITYMGR, "dms ability call");
284 return true;
285 }
286 return false;
287 }
288
289 #ifdef SUPPORT_UPMS
GrantDmsUriPermission(Want & want,uint32_t callerTokenId,std::string targetBundleName,int32_t appIndex)290 void UriUtils::GrantDmsUriPermission(Want &want, uint32_t callerTokenId,
291 std::string targetBundleName, int32_t appIndex)
292 {
293 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
294 auto validUriVec = GetUriListFromWantDms(want);
295 auto hideSensitiveType = want.GetIntParam(HIDE_SENSITIVE_TYPE, 0);
296 auto ret = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().GrantUriPermissionPrivileged(validUriVec,
297 want.GetFlags(), targetBundleName, appIndex, callerTokenId, hideSensitiveType));
298 if (ret != ERR_OK) {
299 TAG_LOGD(AAFwkTag::ABILITYMGR, "ret is %{public}d.", ret);
300 return;
301 }
302 }
303
GrantShellUriPermission(const std::vector<std::string> & strUriVec,uint32_t flag,const std::string & targetPkg,int32_t appIndex)304 bool UriUtils::GrantShellUriPermission(const std::vector<std::string> &strUriVec, uint32_t flag,
305 const std::string &targetPkg, int32_t appIndex)
306 {
307 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
308 TAG_LOGD(AAFwkTag::ABILITYMGR, "Grant uri permission to shell.");
309 std::vector<Uri> uriVec;
310 for (auto&& str : strUriVec) {
311 Uri uri(str);
312 auto&& scheme = uri.GetScheme();
313 if (scheme != "content") {
314 return false;
315 }
316 uriVec.emplace_back(uri);
317 }
318 uint32_t callerTokendId = IPCSkeleton::GetCallingTokenID();
319 auto ret = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().GrantUriPermissionPrivileged(
320 uriVec, flag, targetPkg, appIndex, callerTokendId));
321 if (ret != ERR_OK) {
322 TAG_LOGW(AAFwkTag::ABILITYMGR, "grant uri to shell failed: %{public}d", ret);
323 }
324 return true;
325 }
326
CheckUriPermission(uint32_t callerTokenId,Want & want)327 void UriUtils::CheckUriPermission(uint32_t callerTokenId, Want &want)
328 {
329 // Check and clear no-permission uris in want, not support content uri
330 uint32_t flag = want.GetFlags();
331 if (!IsGrantUriPermissionFlag(want)) {
332 TAG_LOGD(AAFwkTag::ABILITYMGR, "No grant uri flag: %{public}u.", flag);
333 return;
334 }
335 std::vector<std::string> uriVec;
336 if (!UriUtils::GetUriListFromWant(want, uriVec)) {
337 TAG_LOGD(AAFwkTag::ABILITYMGR, "No file uri neet grant.");
338 return;
339 }
340 auto checkResults = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().CheckUriAuthorization(
341 uriVec, flag, callerTokenId));
342 auto permissionUris = GetPermissionedUriList(uriVec, checkResults, callerTokenId, "", want);
343 if (permissionUris.empty()) {
344 TAG_LOGE(AAFwkTag::ABILITYMGR, "all uris not permissioned.");
345 return;
346 }
347 }
348
GrantUriPermission(const std::vector<std::string> & uriVec,int32_t flag,const std::string & targetBundleName,int32_t appIndex,uint32_t initiatorTokenId)349 void UriUtils::GrantUriPermission(const std::vector<std::string> &uriVec, int32_t flag,
350 const std::string &targetBundleName, int32_t appIndex, uint32_t initiatorTokenId)
351 {
352 std::vector<Uri> permissionUris;
353 for (auto &uriStr: uriVec) {
354 Uri uri(uriStr);
355 permissionUris.emplace_back(uri);
356 }
357 if (permissionUris.empty()) {
358 return;
359 }
360 auto ret = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().GrantUriPermission(permissionUris,
361 flag, targetBundleName, appIndex, initiatorTokenId));
362 if (ret != ERR_OK) {
363 TAG_LOGE(AAFwkTag::ABILITYMGR, "failed, err:%{public}d", ret);
364 }
365
366 return;
367 }
368 #endif // SUPPORT_UPMS
369
IsSandboxApp(uint32_t tokenId)370 bool UriUtils::IsSandboxApp(uint32_t tokenId)
371 {
372 auto tokenType = Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(tokenId);
373 if (tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_HAP) {
374 Security::AccessToken::HapTokenInfo hapInfo;
375 auto ret = Security::AccessToken::AccessTokenKit::GetHapTokenInfo(tokenId, hapInfo);
376 if (ret != Security::AccessToken::AccessTokenKitRet::RET_SUCCESS) {
377 TAG_LOGE(AAFwkTag::URIPERMMGR, "GetHapTokenInfo failed, ret:%{public}d", ret);
378 return false;
379 }
380 return hapInfo.instIndex > AbilityRuntime::GlobalConstant::MAX_APP_CLONE_INDEX;
381 }
382 return false;
383 }
384
385 #ifdef SUPPORT_UPMS
GrantUriPermission(Want & want,std::string targetBundleName,int32_t appIndex,bool isSandboxApp,uint32_t callerTokenId,int32_t collaboratorType)386 void UriUtils::GrantUriPermission(Want &want, std::string targetBundleName, int32_t appIndex,
387 bool isSandboxApp, uint32_t callerTokenId, int32_t collaboratorType)
388 {
389 uint32_t flag = want.GetFlags();
390 if (!IsGrantUriPermissionFlag(want)) {
391 TAG_LOGD(AAFwkTag::ABILITYMGR, "No grant uri flag: %{public}u.", flag);
392 return;
393 }
394
395 if (targetBundleName == AppUtils::GetInstance().GetBrokerDelegateBundleName() &&
396 collaboratorType == CollaboratorType::OTHERS_TYPE) {
397 TAG_LOGD(AAFwkTag::ABILITYMGR, "reject shell application to grant uri permission");
398 return;
399 }
400 if (callerTokenId == 0) {
401 TAG_LOGE(AAFwkTag::ABILITYMGR, "callerTokenId is invalid.");
402 return;
403 }
404 if (isSandboxApp || IsSandboxApp(callerTokenId)) {
405 TAG_LOGE(AAFwkTag::ABILITYMGR, "sandbox can not grant UriPermission");
406 return;
407 }
408 ProcessUDMFKey(want);
409
410 if (IsDmsCall(callerTokenId)) {
411 GrantDmsUriPermission(want, callerTokenId, targetBundleName, appIndex);
412 return;
413 }
414
415 std::vector<std::string> uriVec;
416 if (!UriUtils::GetUriListFromWant(want, uriVec)) {
417 TAG_LOGW(AAFwkTag::ABILITYMGR, "No file uri neet grant.");
418 return;
419 }
420
421 auto callerPkg = want.GetStringParam(Want::PARAM_RESV_CALLER_BUNDLE_NAME);
422 bool isBrokerCall = (IsInAncoAppIdentifier(callerPkg) ||
423 IPCSkeleton::GetCallingUid() == AppUtils::GetInstance().GetCollaboratorBrokerUID());
424 if (isBrokerCall && GrantShellUriPermission(uriVec, flag, targetBundleName, appIndex)) {
425 TAG_LOGI(AAFwkTag::ABILITYMGR, "permission to shell");
426 return;
427 }
428 if (!GrantUriPermissionInner(uriVec, callerTokenId, targetBundleName, appIndex, want)) {
429 return;
430 }
431 // report open file event
432 PublishFileOpenEvent(want);
433 }
434
ProcessUDMFKey(Want & want)435 void UriUtils::ProcessUDMFKey(Want &want)
436 {
437 // PARAMS_STREAM and UDMF_DATA_KEY is conflict
438 if (!want.GetStringArrayParam(AbilityConfig::PARAMS_STREAM).empty()) {
439 want.RemoveParam(Want::PARAM_ABILITY_UNIFIED_DATA_KEY);
440 }
441 }
442
GrantUriPermissionInner(std::vector<std::string> uriVec,uint32_t callerTokenId,const std::string & targetBundleName,int32_t appIndex,Want & want)443 bool UriUtils::GrantUriPermissionInner(std::vector<std::string> uriVec, uint32_t callerTokenId,
444 const std::string &targetBundleName, int32_t appIndex, Want &want)
445 {
446 HITRACE_METER_NAME(HITRACE_TAG_ABILITY_MANAGER, __PRETTY_FUNCTION__);
447 uint32_t flag = want.GetFlags();
448 auto checkResults = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().CheckUriAuthorization(
449 uriVec, flag, callerTokenId));
450 auto permissionUris = GetPermissionedUriList(uriVec, checkResults, callerTokenId, targetBundleName, want);
451 if (permissionUris.empty()) {
452 TAG_LOGE(AAFwkTag::ABILITYMGR, "uris not permissioned.");
453 return false;
454 }
455
456 auto hideSensitiveType = want.GetIntParam(HIDE_SENSITIVE_TYPE, 0);
457 auto ret = IN_PROCESS_CALL(UriPermissionManagerClient::GetInstance().GrantUriPermissionPrivileged(permissionUris,
458 flag, targetBundleName, appIndex, callerTokenId, hideSensitiveType));
459 if (ret != ERR_OK) {
460 TAG_LOGE(AAFwkTag::ABILITYMGR, "failed, err:%{public}d", ret);
461 return false;
462 }
463 return true;
464 }
465 #endif // SUPPORT_UPMS
466
PublishFileOpenEvent(const Want & want)467 void UriUtils::PublishFileOpenEvent(const Want &want)
468 {
469 auto wangUri = want.GetUri();
470 std::string uriStr = wangUri.ToString();
471 if (!uriStr.empty() && wangUri.GetScheme() == "file") {
472 int32_t userId = want.GetIntParam(Want::PARAM_RESV_CALLER_UID, 0) / AppExecFwk::Constants::BASE_USER_RANGE;
473 OHOS::AppExecFwk::ElementName element = want.GetElement();
474 TAG_LOGI(AAFwkTag::ABILITYMGR, "ability record:%{private}s,ability:%{public}s_%{public}s,userId:%{public}d",
475 uriStr.c_str(), element.GetBundleName().c_str(), element.GetAbilityName().c_str(), userId);
476 Want msgWant;
477 msgWant.SetAction("file.event.OPEN_TIME");
478 msgWant.SetParam("uri", uriStr);
479 msgWant.SetParam("bundleName", element.GetBundleName());
480 msgWant.SetParam("abilityName", element.GetAbilityName());
481 auto timeNow = std::chrono::duration_cast<std::chrono::milliseconds>(
482 std::chrono::system_clock::now().time_since_epoch()).count();
483 std::string currentTime = std::to_string(timeNow);
484 msgWant.SetParam("viewTime", currentTime);
485 EventFwk::CommonEventData commonData{msgWant};
486 EventFwk::CommonEventPublishInfo commonEventPublishInfo;
487 std::vector<std::string> subscriberPermissions = {"ohos.permission.MANAGE_LOCAL_ACCOUNTS"};
488 commonEventPublishInfo.SetSubscriberPermissions(subscriberPermissions);
489 IN_PROCESS_CALL(EventFwk::CommonEventManager::PublishCommonEventAsUser(commonData, commonEventPublishInfo,
490 userId));
491 }
492 }
493
494 #ifdef SUPPORT_UPMS
GrantUriPermissionForServiceExtension(const AbilityRequest & abilityRequest)495 bool UriUtils::GrantUriPermissionForServiceExtension(const AbilityRequest &abilityRequest)
496 {
497 if (IsServiceExtensionType(abilityRequest.abilityInfo.extensionAbilityType)) {
498 auto &abilityInfo = abilityRequest.abilityInfo;
499 auto &want = const_cast<Want &>(abilityRequest.want);
500 auto callerTokenId = abilityRequest.specifyTokenId > 0 ? abilityRequest.specifyTokenId :
501 static_cast<uint32_t>(want.GetIntParam(Want::PARAM_RESV_CALLER_TOKEN, 0));
502 GrantUriPermission(want, abilityInfo.bundleName, abilityInfo.applicationInfo.appIndex, false, callerTokenId,
503 abilityRequest.collaboratorType);
504 return true;
505 }
506 return false;
507 }
508
GrantUriPermissionForUIOrServiceExtension(const AbilityRequest & abilityRequest)509 bool UriUtils::GrantUriPermissionForUIOrServiceExtension(const AbilityRequest &abilityRequest)
510 {
511 auto extensionType = abilityRequest.abilityInfo.extensionAbilityType;
512 if (UIExtensionUtils::IsUIExtension(extensionType) || IsServiceExtensionType(extensionType)) {
513 auto &abilityInfo = abilityRequest.abilityInfo;
514 auto &want = const_cast<Want &>(abilityRequest.want);
515 auto callerTokenId = abilityRequest.specifyTokenId > 0 ? abilityRequest.specifyTokenId :
516 static_cast<uint32_t>(want.GetIntParam(Want::PARAM_RESV_CALLER_TOKEN, 0));
517 GrantUriPermission(want, abilityInfo.bundleName, abilityInfo.applicationInfo.appIndex, false, callerTokenId,
518 abilityRequest.collaboratorType);
519 return true;
520 }
521 return false;
522 }
523 #endif // SUPPORT_UPMS
524
SendGrantUriPermissionEvent(const std::string & callerBundleName,const std::string & targetBundleName,const std::string & oriUri,int32_t apiVersion,const std::string & eventType)525 bool UriUtils::SendGrantUriPermissionEvent(const std::string &callerBundleName, const std::string &targetBundleName,
526 const std::string &oriUri, int32_t apiVersion, const std::string &eventType)
527 {
528 EventInfo eventInfo;
529 eventInfo.callerBundleName = callerBundleName;
530 eventInfo.bundleName = targetBundleName;
531 Uri uri = Uri(oriUri);
532 auto scheme = uri.GetScheme();
533 auto authority = uri.GetAuthority();
534 eventInfo.uri = eventType + SCHEME_SEPARATOR + scheme + SEPARATOR + authority +
535 SEPARATOR + std::to_string(apiVersion);
536 TAG_LOGI(AAFwkTag::URIPERMMGR, "event: %{public}s", eventInfo.uri.c_str());
537 EventReport::SendGrantUriPermissionEvent(EventName::GRANT_URI_PERMISSION, eventInfo);
538 return true;
539 }
540 } // AAFwk
541 } // OHOS
542