From 3c1ddb8fda8c6cfd58bb111041a425eba36fa84f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E6=95=8F=E6=9D=B0?= Date: Tue, 5 Aug 2025 06:54:55 +0000 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E5=B7=AE=E5=BC=82?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 吴敏杰 --- .../samgr_proxy/libsamgr_proxy.versionscript | 1 + services/dfx/source/hisysevent_adapter.cpp | 4 ++-- services/samgr/native/BUILD.gn | 1 - .../native/include/collect/device_param_collect.h | 1 + .../native/include/system_ability_manager_stub.h | 4 +++- .../native/include/system_ability_manager_util.h | 6 ++++++ .../native/source/collect/device_param_collect.cpp | 11 ++++++++--- .../native/source/system_ability_manager_stub.cpp | 10 ++++++++++ 8 files changed, 31 insertions(+), 7 deletions(-) diff --git a/interfaces/innerkits/samgr_proxy/libsamgr_proxy.versionscript b/interfaces/innerkits/samgr_proxy/libsamgr_proxy.versionscript index 8914d9dc..22aa551d 100644 --- a/interfaces/innerkits/samgr_proxy/libsamgr_proxy.versionscript +++ b/interfaces/innerkits/samgr_proxy/libsamgr_proxy.versionscript @@ -33,6 +33,7 @@ *LocalAbilityManagerProxy*; *WriteOnDemandEventsToParcel*; *ReadOnDemandEventsFromParcel*; + *GetLocalAbilitymanagerProxy*; local: *; }; diff --git a/services/dfx/source/hisysevent_adapter.cpp b/services/dfx/source/hisysevent_adapter.cpp index 949cbcbc..72c3629a 100644 --- a/services/dfx/source/hisysevent_adapter.cpp +++ b/services/dfx/source/hisysevent_adapter.cpp @@ -61,8 +61,8 @@ constexpr int32_t CONTAINER_SA_MAX = 0x0001055f; //66911 static bool IsInCrashWhiteList(int32_t saId) { - std::vector whiteList = { 10, 1201, 1202, 1203, 1204, 1205, 1213, 1215, 5002, 5100, 5110, 9999, 65537, 65830, - 65850, 66064, 66186, 69930, 131071, 345135 }; + std::vector whiteList = { 1205, 1213, 1215, 9999, 65537, 65830, + 65850, 66064, 69930, 131071, 345135 }; for (auto sa : whiteList) { if (saId == sa) { return true; diff --git a/services/samgr/native/BUILD.gn b/services/samgr/native/BUILD.gn index d2ca25d3..01642d45 100644 --- a/services/samgr/native/BUILD.gn +++ b/services/samgr/native/BUILD.gn @@ -158,7 +158,6 @@ ohos_executable("samgr") { } if (support_penglai_mode) { - external_deps += [ "penglai_mode_service:penglai_client" ] defines += [ "SUPPORT_PENGLAI_MODE" ] } part_name = "samgr" diff --git a/services/samgr/native/include/collect/device_param_collect.h b/services/samgr/native/include/collect/device_param_collect.h index 36f306b4..3f88c2fe 100644 --- a/services/samgr/native/include/collect/device_param_collect.h +++ b/services/samgr/native/include/collect/device_param_collect.h @@ -36,6 +36,7 @@ public: int32_t OnStop() override; const std::vector& GetLowMemPrepareList() override; private: + void CheckLowMemSA(const std::string& name, int32_t saId); samgr::mutex paramLock_; std::set pendingParams_; std::set params_; diff --git a/services/samgr/native/include/system_ability_manager_stub.h b/services/samgr/native/include/system_ability_manager_stub.h index 7bd82133..92187c64 100644 --- a/services/samgr/native/include/system_ability_manager_stub.h +++ b/services/samgr/native/include/system_ability_manager_stub.h @@ -228,14 +228,16 @@ private: int32_t GetCommonEventExtraDataIdlistInner(MessageParcel& data, MessageParcel& reply); int32_t GetLocalAbilityManagerProxyInner(MessageParcel& data, MessageParcel& reply); static int32_t GetHapIdMultiuser(int32_t uid); +#ifdef SUPPORT_PENGLAT_MODE void SetPengLai(bool isPengLai); + bool isPengLai_ = false; +#endif void SetAbilityFuncMap(); void SetProcessFuncMap(); using SystemAbilityManagerStubFunc = int32_t (*)(SystemAbilityManagerStub* stub, MessageParcel& data, MessageParcel& reply); std::map memberFuncMap_; - bool isPengLai_ = false; }; } // namespace OHOS diff --git a/services/samgr/native/include/system_ability_manager_util.h b/services/samgr/native/include/system_ability_manager_util.h index 854ee488..938b7ac0 100644 --- a/services/samgr/native/include/system_ability_manager_util.h +++ b/services/samgr/native/include/system_ability_manager_util.h @@ -48,10 +48,16 @@ public: static void InvalidateSACache(); static void FilterCommonSaProfile(const SaProfile& oldProfile, CommonSaProfile& newProfile); static bool CheckPengLai(); +#ifdef SUPPORT_PENGLAT_MODE static bool CheckPengLaiPermission(int32_t systemAbilityId); +#endif static void GetFilesByPriority(const std::string& path, std::vector& files); static void GetFilesFromPath(const std::string& path, std::map& fileNamesMap); private: +#ifdef SUPPORT_PENGLAT_MODE + static void* InitPenglaiFunc(); + static void* penglaiFunc_; +#endif static std::shared_ptr setParmHandler_; }; } // namespace OHOS diff --git a/services/samgr/native/source/collect/device_param_collect.cpp b/services/samgr/native/source/collect/device_param_collect.cpp index 36411862..9519114e 100644 --- a/services/samgr/native/source/collect/device_param_collect.cpp +++ b/services/samgr/native/source/collect/device_param_collect.cpp @@ -62,15 +62,20 @@ void DeviceParamCollect::Init(const std::list& saProfiles) } for (auto onDemandEvent : saProfile.stopOnDemand.onDemandEvents) { if (onDemandEvent.eventId == PARAM) { - if (onDemandEvent.name == PARAM_LOW_MEM_PREPARE_NAME) { - lowMemPrepareList_.push_back(saProfile.saId); - } + CheckLowMemSA(onDemandEvent.name, saProfile.saId); pendingParams_.insert(onDemandEvent.name); } } } } +void DeviceParamCollect::CheckLowMemSA(const std::string& name, int32_t saId) +{ + if (name == PARAM_LOW_MEM_PREPARE_NAME) { + lowMemPrepareList_.push_back(saId); + } +} + int32_t DeviceParamCollect::OnStart() { HILOGI("DeviceParamCollect OnStart called"); diff --git a/services/samgr/native/source/system_ability_manager_stub.cpp b/services/samgr/native/source/system_ability_manager_stub.cpp index b9a52150..46611c65 100644 --- a/services/samgr/native/source/system_ability_manager_stub.cpp +++ b/services/samgr/native/source/system_ability_manager_stub.cpp @@ -124,11 +124,13 @@ const std::string EXT_TRANSACTION_PERMISSION = "ohos.permission.ACCESS_EXT_SYSTE const std::string PERMISSION_SVC = "ohos.permission.CONTROL_SVC_CMD"; } +#ifdef SUPPORT_PENGLAT_MODE void SystemAbilityManagerStub::SetPengLai(bool isPengLai) { isPengLai_ = isPengLai; HILOGI("SAMStub: SetPengLai isPengLai_ = %{public}d", isPengLai_); } +#endif void SystemAbilityManagerStub::SetAbilityFuncMap() { @@ -178,7 +180,9 @@ void SystemAbilityManagerStub::SetProcessFuncMap() SystemAbilityManagerStub::SystemAbilityManagerStub() { +#ifdef SUPPORT_PENGLAT_MODE SetPengLai(SamgrUtil::CheckPengLai()); +#endif SetAbilityFuncMap(); SetProcessFuncMap(); memberFuncMap_[static_cast(SamgrInterfaceCode::GET_ONDEMAND_REASON_EXTRA_DATA_TRANSACTION)] = @@ -433,11 +437,13 @@ int32_t SystemAbilityManagerStub::CheckSystemAbilityImmeInner(MessageParcel& dat return ERR_NULL_OBJECT; } +#ifdef SUPPORT_PENGLAT_MODE if (isPengLai_ && !SamgrUtil::CheckPengLaiPermission(systemAbilityId)) { HILOGW("CheckSAImme CheckPengLaiPermission denied! SA:%{public}d,callUid:%{public}d", systemAbilityId, OHOS::IPCSkeleton::GetCallingUid()); return ERR_PERMISSION_DENIED; } +#endif if (!CheckGetSAPermission(systemAbilityId)) { HILOGD("CheckSystemAbilityImmeInner selinux permission denied! SA:%{public}d,callSid:%{public}s", @@ -556,11 +562,13 @@ int32_t SystemAbilityManagerStub::GetSystemAbilityInner(MessageParcel& data, Mes return ERR_NULL_OBJECT; } +#ifdef SUPPORT_PENGLAT_MODE if (isPengLai_ && !SamgrUtil::CheckPengLaiPermission(systemAbilityId)) { HILOGW("GetSA CheckPengLaiPermission denied! SA:%{public}d,callUid:%{public}d", systemAbilityId, OHOS::IPCSkeleton::GetCallingUid()); return ERR_PERMISSION_DENIED; } +#endif if (!CheckGetSAPermission(systemAbilityId)) { HILOGE("GetSystemAbilityInner selinux permission denied! SA:%{public}d,callSid:%{public}s", @@ -592,11 +600,13 @@ int32_t SystemAbilityManagerStub::CheckSystemAbilityInner(MessageParcel& data, M return ERR_NULL_OBJECT; } +#ifdef SUPPORT_PENGLAT_MODE if (isPengLai_ && !SamgrUtil::CheckPengLaiPermission(systemAbilityId)) { HILOGW("CheckSA CheckPengLaiPermission denied! SA:%{public}d,callUid:%{public}d", systemAbilityId, OHOS::IPCSkeleton::GetCallingUid()); return ERR_PERMISSION_DENIED; } +#endif if (!CheckGetSAPermission(systemAbilityId)) { HILOGD("CheckSystemAbilityInner selinux permission denied! SA:%{public}d,callSid:%{public}s", -- Gitee From 2bc68ce2d1e6684c7a4ae47c4515182b19ce0755 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E6=95=8F=E6=9D=B0?= Date: Tue, 5 Aug 2025 08:40:42 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E5=B7=AE=E5=BC=82?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 吴敏杰 --- .../source/system_ability_manager_util.cpp | 49 +++++++++++++------ 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/services/samgr/native/source/system_ability_manager_util.cpp b/services/samgr/native/source/system_ability_manager_util.cpp index 5c38bb28..1f0ad3ba 100644 --- a/services/samgr/native/source/system_ability_manager_util.cpp +++ b/services/samgr/native/source/system_ability_manager_util.cpp @@ -23,13 +23,16 @@ #include "string_ex.h" #include "tools.h" #include "sam_log.h" -#ifdef SUPPORT_PENGLAI_MODE -#include "penglai_service_client.h" -#endif namespace OHOS { namespace fs = std::filesystem; using namespace std; +#ifdef SUPPORT_PENGLAI_MODE +using PenglaiFunc = bool (*) (const int32_t, const int32_t); +constexpr const char* PENGLAI_SO_PATH = "libpenglai_client.z.so"; +constexpr const char* PENGLAT_SYM = "IsLaunchAllowedByUid"; +void* SamgrUtil::penglaiFunc_ = InitPenglaiFunc(); +#endif constexpr int32_t MAX_NAME_SIZE = 200; constexpr int32_t SPLIT_NAME_VECTOR_SIZE = 2; constexpr int32_t UID_ROOT = 0; @@ -246,27 +249,44 @@ bool SamgrUtil::CheckPengLai() return paramValue == PENG_LAI; } +#ifdef SUPPORT_PENGLAI_MODE +void* SamgrUtil::InitPenglaiFunc() +{ + if (!CheckPengLai()) { + HILOGI("InitPenglaiFunc not penglai"); + return nullptr; + } + DlHandle handle = dlopen(PENGLAI_SO_PATH, RTLD_NOW); + if (handle == nullptr) { + HILOGE("InitPenglaiFunc dlopen %{public}s so failed.", PENGLAI_SO_PATH); + return nullptr; + } + void* func = dlsym(handle, PENGLAT_SYM); + if (func == nullptr) { + HILOGE("InitPenglaiFunc dlsym %{public}s symbol failed.", PENGLAT_SYM); + dlclose(handle); + return nullptr; + } + HILOGI("InitPenglaiFunc success"); + return func; +} + bool SamgrUtil::CheckPengLaiPermission(int32_t systemAbilityId) { -#ifdef SUPPORT_PENGLAI_MODE auto callingUid = IPCSkeleton::GetCallingUid(); - auto penglaiMgr = Penglai::PenglaiServiceClient::GetInstance(); - if (penglaiMgr == nullptr) { - HILOGE("PengLaiServiceClient GetInstance failed."); + if (penglaiFunc_ == nullptr) { return true; } - - bool isAllow = penglaiMgr->IsLaunchAllowedByUid(callingUid, systemAbilityId); + PenglaiFunc IsLaunchAllowedByUid = (PenglaiFunc)PenglaiFunc_; + bool isAllow = IsLaunchAllowedByUid(callingUid, systemAbilityId); if (!isAllow) { HILOGE("IsLaunchAllowedByUid failed. callingUid:%{public}d, SA:%{public}d", callingUid, systemAbilityId); return false; } HILOGD("CheckPengLaiPerm suc. cUid:%{public}d,SA:%{public}d", callingUid, systemAbilityId); return isAllow; -#else - return true; -#endif } +#endif void SamgrUtil::GetFilesFromPath(const std::string& path, std::map& fileNamesMap) { @@ -283,16 +303,15 @@ void SamgrUtil::GetFilesFromPath(const std::string& path, std::map& fileNames) { std::map fileNamesMap; + GetFilesFromPath(path, fileNamesMap); - + if (SamgrUtil::CheckPengLai()) { HILOGI("GetFilesByPriority penglai!"); GetFilesFromPath(PENGLAI_PATH, fileNamesMap); -- Gitee