Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
communication_ipc
提交
f71f0ae4
C
communication_ipc
项目概览
OpenHarmony
/
communication_ipc
大约 1 年 前同步成功
通知
20
Star
3
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
communication_ipc
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f71f0ae4
编写于
7月 13, 2022
作者:
L
lutao
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add dump permission verification
Signed-off-by:
N
lutao
<
lutao31@huawei.com
>
上级
e2355a83
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
30 addition
and
3 deletion
+30
-3
ipc/native/src/core/source/ipc_object_stub.cpp
ipc/native/src/core/source/ipc_object_stub.cpp
+30
-3
未找到文件。
ipc/native/src/core/source/ipc_object_stub.cpp
浏览文件 @
f71f0ae4
...
...
@@ -42,11 +42,11 @@ static constexpr HiLogLabel LABEL = { LOG_CORE, LOG_ID_IPC, "IPCObjectStub" };
using
namespace
OHOS
::
Security
;
// Authentication information can be added only for processes with system permission.
static
constexpr
pid_t
ALLOWED_UID
=
10000
;
static
constexpr
pid_t
SHELL_UID
=
2000
;
static
constexpr
int
APL_BASIC
=
2
;
// Only the samgr can obtain the UID and PID.
static
const
std
::
string
SAMGR_PROCESS_NAME
=
"samgr"
;
#endif
static
constexpr
pid_t
HIDUMPER_SERVICE_UID
=
1212
;
static
constexpr
pid_t
SHELL_UID
=
2000
;
IPCObjectStub
::
IPCObjectStub
(
std
::
u16string
descriptor
)
:
IRemoteObject
(
descriptor
)
{
...
...
@@ -163,15 +163,19 @@ int IPCObjectStub::SendRequest(uint32_t code, MessageParcel &data, MessageParcel
reply
.
WriteInt32
(
refCount
);
break
;
}
#ifndef CONFIG_IPC_SINGLE
case
DUMP_TRANSACTION
:
{
pid_t
uid
=
IPCSkeleton
::
GetCallingUid
();
if
(
!
IPCSkeleton
::
IsLocalCalling
()
||
(
uid
!=
0
&&
uid
!=
SHELL_UID
&&
uid
!=
HIDUMPER_SERVICE_UID
))
{
uint32_t
calllingTokenID
=
IPCSkeleton
::
GetFirstTokenID
();
calllingTokenID
=
calllingTokenID
==
0
?
IPCSkeleton
::
GetCallingTokenID
()
:
calllingTokenID
;
if
(
!
IPCSkeleton
::
IsLocalCalling
()
||
(
uid
!=
0
&&
uid
!=
SHELL_UID
&&
!
HasDumpPermission
(
calllingTokenID
)))
{
ZLOGE
(
LABEL
,
"do not allow dump"
);
break
;
}
result
=
OnRemoteDump
(
code
,
data
,
reply
,
option
);
break
;
}
#endif
case
GET_PROTO_INFO
:
{
result
=
ProcessProto
(
code
,
data
,
reply
,
option
);
break
;
...
...
@@ -597,5 +601,28 @@ bool IPCObjectStub::IsSamgrCall(uint32_t accessToken)
ZLOGE
(
LABEL
,
"not samgr called, processName:%{private}s"
,
nativeTokenInfo
.
processName
.
c_str
());
return
false
;
}
bool
IPCObjectStub
::
HasDumpPermission
(
uint32_t
accessToken
)
const
{
int
res
=
AccessToken
::
AccessTokenKit
::
VerifyAccessToken
(
accessToken
,
"ohos.permission.DUMP"
);
if
(
res
==
AccessToken
::
PermissionState
::
PERMISSION_GRANTED
)
{
return
true
;
}
bool
ret
=
false
;
auto
tokenType
=
AccessToken
::
AccessTokenKit
::
GetTokenTypeFlag
(
accessToken
);
if
(
tokenType
==
AccessToken
::
ATokenTypeEnum
::
TOKEN_NATIVE
)
{
AccessToken
::
NativeTokenInfo
nativeTokenInfo
;
int32_t
result
=
AccessToken
::
AccessTokenKit
::
GetNativeTokenInfo
(
accessToken
,
nativeTokenInfo
);
ret
=
(
result
==
ERR_NONE
&&
nativeTokenInfo
.
apl
>=
APL_BASIC
);
}
else
if
(
tokenType
==
AccessToken
::
ATokenTypeEnum
::
TOKEN_HAP
)
{
AccessToken
::
HapTokenInfo
hapTokenInfo
;
int32_t
result
=
AccessToken
::
AccessTokenKit
::
GetHapTokenInfo
(
accessToken
,
hapTokenInfo
);
ret
=
(
result
==
ERR_NONE
&&
hapTokenInfo
.
apl
>=
APL_BASIC
);
}
if
(
!
ret
)
{
ZLOGI
(
LABEL
,
"No dump permission, please check!"
);
}
return
ret
;
}
#endif
}
// namespace OHOS
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录