From fedabffc834df168f551c4b35ee1f7c68c08b80d Mon Sep 17 00:00:00 2001 From: chen Date: Sat, 7 May 2022 17:46:44 +0800 Subject: [PATCH] fix code review Signed-off-by: chen Change-Id: I690fdd9b93629525da0817130e9f3fd153188698 --- .../source/system_ability_manager_stub.cpp | 116 ++++++++++-------- 1 file changed, 65 insertions(+), 51 deletions(-) diff --git a/services/samgr/native/source/system_ability_manager_stub.cpp b/services/samgr/native/source/system_ability_manager_stub.cpp index cefdf5f8..1572fd24 100644 --- a/services/samgr/native/source/system_ability_manager_stub.cpp +++ b/services/samgr/native/source/system_ability_manager_stub.cpp @@ -26,30 +26,53 @@ #ifdef WITH_SELINUX #include "service_checker.h" +#endif + namespace { +#ifdef WITH_SELINUX std::unique_ptr selinuxChecker_ = std::make_unique(false); +#endif - bool CheckGetSAPermission(const pid_t callingPid, const int32_t said) + bool CheckGetSAPermission(const int32_t said) { - return selinuxChecker_->GetServiceCheck(callingPid, std::to_string(said)) == 0; +#ifdef WITH_SELINUX + auto callingPid = OHOS::IPCSkeleton::GetCallingPid(); + return selinuxChecker_->GetServiceCheck(callingPid, std::to_string(said)) == 0;; +#else + return true; // if not support selinux, not check selinux permission +#endif } - bool CheckAddOrRemovePermission(const pid_t callingPid, const int32_t said) + bool CheckAddOrRemovePermission(const int32_t said) { +#ifdef WITH_SELINUX + auto callingPid = OHOS::IPCSkeleton::GetCallingPid(); return selinuxChecker_->AddServiceCheck(callingPid, std::to_string(said)) == 0; +#else + return true; // if not support selinux, not check selinux permission +#endif } - bool CheckGetRemoteSAPermission(const pid_t callingPid, const int32_t said) + bool CheckGetRemoteSAPermission(const int32_t said) { +#ifdef WITH_SELINUX + auto callingPid = OHOS::IPCSkeleton::GetCallingPid(); return selinuxChecker_->GetRemoteServiceCheck(callingPid, std::to_string(said)) == 0; +#else + return true; // if not support selinux, not check selinux permission +#endif } - bool CheckListSAPermission(const pid_t callingPid) + bool CheckListSAPermission() { +#ifdef WITH_SELINUX + auto callingPid = OHOS::IPCSkeleton::GetCallingPid(); return selinuxChecker_->ListServiceCheck(callingPid) == 0; +#else + return true; // if not support selinux, not check selinux permission +#endif } } -#endif using namespace OHOS::Security; namespace OHOS { @@ -113,13 +136,12 @@ int32_t SystemAbilityManagerStub::ListSystemAbilityInner(MessageParcel& data, Me HILOGE("ListSystemAbilityInner PERMISSION DENIED!"); return ERR_PERMISSION_DENIED; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckListSAPermission(callingPid)) { - HILOGE("ListSystemAbilityInner selinx permission denied!"); + + if (!CheckListSAPermission()) { + HILOGE("ListSystemAbilityInner selinux permission denied!"); return ERR_PERMISSION_DENIED; } -#endif + int32_t dumpFlag = 0; bool ret = data.ReadInt32(dumpFlag); if (!ret) { @@ -222,13 +244,12 @@ int32_t SystemAbilityManagerStub::CheckRemtSystemAbilityInner(MessageParcel& dat HILOGW("SystemAbilityManagerStub::CheckRemtSystemAbilityInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckGetRemoteSAPermission(callingPid, systemAbilityId)) { - HILOGE("CheckRemtSystemAbilityInner selinx permission denied!, SA : %{public}d", systemAbilityId); + + if (!CheckGetRemoteSAPermission(systemAbilityId)) { + HILOGE("CheckRemtSystemAbilityInner selinux permission denied!, SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + std::string deviceId; bool ret = data.ReadString(deviceId); if (!ret) { @@ -252,13 +273,12 @@ int32_t SystemAbilityManagerStub::AddOndemandSystemAbilityInner(MessageParcel& d return ERR_PERMISSION_DENIED; } int32_t systemAbilityId = data.ReadInt32(); -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckAddOrRemovePermission(callingPid, systemAbilityId)) { - HILOGE("AddOndemandSystemAbilityInner selinx permission denied! SA : %{public}d", systemAbilityId); + + if (!CheckAddOrRemovePermission(systemAbilityId)) { + HILOGE("AddOndemandSystemAbilityInner selinux permission denied! SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + if (!CheckInputSysAbilityId(systemAbilityId)) { HILOGW("SystemAbilityManagerStub::AddOndemandSystemAbilityInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; @@ -287,13 +307,12 @@ int32_t SystemAbilityManagerStub::CheckSystemAbilityImmeInner(MessageParcel& dat HILOGW("SystemAbilityManagerStub::CheckSystemAbilityImmeInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckGetSAPermission(callingPid, systemAbilityId)) { - HILOGE("CheckSystemAbilityImmeInner selinx permission denied! SA : %{public}d", systemAbilityId); + + if (!CheckGetSAPermission(systemAbilityId)) { + HILOGE("CheckSystemAbilityImmeInner selinux permission denied! SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + bool isExist = false; bool ret = data.ReadBool(isExist); if (!ret) { @@ -349,13 +368,12 @@ int32_t SystemAbilityManagerStub::AddSystemAbilityInner(MessageParcel& data, Mes HILOGW("SystemAbilityManagerStub::AddSystemAbilityExtraInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckAddOrRemovePermission(callingPid, systemAbilityId)) { - HILOGE("AddSystemAbilityInner selinx permission denied! SA : %{public}d", systemAbilityId); + + if (!CheckAddOrRemovePermission(systemAbilityId)) { + HILOGE("AddSystemAbilityInner selinux permission denied! SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + auto object = data.ReadRemoteObject(); if (object == nullptr) { HILOGW("SystemAbilityManagerStub::AddSystemAbilityExtraInner readParcelable failed!"); @@ -384,13 +402,12 @@ int32_t SystemAbilityManagerStub::GetSystemAbilityInner(MessageParcel& data, Mes HILOGW("SystemAbilityManagerStub::GetSystemAbilityInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckGetSAPermission(callingPid, systemAbilityId)) { - HILOGE("GetSystemAbilityInner selinx permission denied! SA : %{public}d", systemAbilityId); + + if (!CheckGetSAPermission(systemAbilityId)) { + HILOGE("GetSystemAbilityInner selinux permission denied! SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + bool ret = reply.WriteRemoteObject(GetSystemAbility(systemAbilityId)); if (!ret) { HILOGW("SystemAbilityManagerStub:GetSystemAbilityInner write reply failed."); @@ -406,13 +423,12 @@ int32_t SystemAbilityManagerStub::CheckSystemAbilityInner(MessageParcel& data, M HILOGW("SystemAbilityManagerStub::CheckSystemAbilityInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckGetSAPermission(callingPid, systemAbilityId)) { - HILOGE("CheckSystemAbilityInner selinx permission denied! SA : %{public}d", systemAbilityId); + + if (!CheckGetSAPermission(systemAbilityId)) { + HILOGE("CheckSystemAbilityInner selinux permission denied! SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + bool ret = reply.WriteRemoteObject(CheckSystemAbility(systemAbilityId)); if (!ret) { return ERR_FLATTEN_OBJECT; @@ -431,13 +447,12 @@ int32_t SystemAbilityManagerStub::RemoveSystemAbilityInner(MessageParcel& data, HILOGW("SystemAbilityManagerStub::RemoveSystemAbilityInner read systemAbilityId failed!"); return ERR_NULL_OBJECT; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckAddOrRemovePermission(callingPid, systemAbilityId)) { - HILOGE("RemoveSystemAbilityInner selinx permission denied!SA : %{public}d", systemAbilityId); + + if (!CheckAddOrRemovePermission(systemAbilityId)) { + HILOGE("RemoveSystemAbilityInner selinux permission denied!SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + int32_t result = RemoveSystemAbility(systemAbilityId); HILOGI("SystemAbilityManagerStub::RemoveSystemAbilityInner result is %{public}d", result); bool ret = reply.WriteInt32(result); @@ -484,13 +499,12 @@ int32_t SystemAbilityManagerStub::LoadSystemAbilityInner(MessageParcel& data, Me HILOGW("SystemAbilityManagerStub::LoadSystemAbilityInner read systemAbilityId failed!"); return ERR_INVALID_VALUE; } -#ifdef WITH_SELINUX - auto callingPid = IPCSkeleton::GetCallingPid(); - if (!CheckGetSAPermission(callingPid, systemAbilityId)) { - HILOGE("LoadSystemAbilityInner selinx permission denied!SA : %{public}d", systemAbilityId); + + if (!CheckGetSAPermission(systemAbilityId)) { + HILOGE("LoadSystemAbilityInner selinux permission denied!SA : %{public}d", systemAbilityId); return ERR_PERMISSION_DENIED; } -#endif + sptr remoteObject = data.ReadRemoteObject(); if (remoteObject == nullptr) { HILOGW("SystemAbilityManagerStub::LoadSystemAbilityInner read callback failed!"); -- Gitee