diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index da8fd4d8c8a76d9b167a39d0bdf2b09c02148ff9..905a2048156aeed6265406d4587b3b515ae6066d 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -245,6 +245,7 @@ constexpr const char* DM_BIND_RESULT_NETWORK_ID = "DM_BIND_RESULT_NETWORK_ID"; constexpr const char* PARAM_KEY_POLICY_STRATEGY_FOR_BLE = "DM_POLICY_STRATEGY_FOR_BLE"; constexpr const char* PARAM_KEY_POLICY_TIME_OUT = "DM_POLICY_TIMEOUT"; constexpr const char* DEVICE_SCREEN_STATUS = "DEVICE_SCREEN_STATUS"; +constexpr const char* PROCESS_NAME = "PROCESS_NAME"; constexpr const char* PARAM_CLOSE_SESSION_DELAY_SECONDS = "DM_CLOSE_SESSION_DELAY_SECONDS"; // screen state diff --git a/services/implementation/include/authentication/dm_auth_manager.h b/services/implementation/include/authentication/dm_auth_manager.h index 073c65982b61cc14cef8fa3ad546724f22c07c2e..99ccdfe10c8af39bfe218140bc33d7c8fde6e72d 100644 --- a/services/implementation/include/authentication/dm_auth_manager.h +++ b/services/implementation/include/authentication/dm_auth_manager.h @@ -464,6 +464,7 @@ private: int32_t CheckAuthParamVaild(const std::string &pkgName, int32_t authType, const std::string &deviceId, const std::string &extra); int32_t CheckAuthParamVaildExtra(const std::string &extra); + bool CheckProcessNameInWhiteList(const std::string &processName); void ProcessSourceMsg(); void ProcessSinkMsg(); std::string GetAccountGroupIdHash(); @@ -531,7 +532,7 @@ private: void GetPeerUdidHash(int32_t sessionId, std::string &peerUdidHash); void DeleteOffLineTimer(int32_t sessionId); bool IsAllowDeviceBind(); - int32_t GetBindLevel(int32_t bindLevel); + int32_t GetBindLevel(int32_t bindLevel, const std::string &pkgName); std::string GetBundleName(nlohmann::json &jsonObject); int32_t GetBinderInfo(); void SetProcessInfo(); diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 7fc5ce67a6be36a35de1d110af4e7dea4d9428ea..b4e0a79f44a78963ab898233a86d60f9a858f4c5 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -78,6 +78,11 @@ const int32_t AUTH_DEVICE_TIMEOUT = 10; const int32_t SESSION_HEARTBEAT_TIMEOUT = 50; const int32_t ALREADY_BIND = 1; const int32_t STRTOLL_BASE_10 = 10; +constexpr int32_t PROCESS_NAME_WHITE_LIST_NUM = 1; +constexpr int32_t PROCESS_NAME_SIZE_MAX = 256; +constexpr const static char PROCESS_NAME_WHITE_LIST[PROCESS_NAME_WHITE_LIST_NUM][PROCESS_NAME_SIZE_MAX] = { + "com.example.myapplication", +}; // clone task timeout map const std::map TASK_TIME_OUT_MAP = { @@ -190,6 +195,25 @@ int32_t DmAuthManager::CheckAuthParamVaildExtra(const std::string &extra) return DM_OK; } +bool DmAuthManager::CheckProcessNameInWhiteList(const std::string &processName) +{ + LOGI("DmAuthManager::CheckProcessNameInWhiteList start"); + if (processName.empty()) { + LOGE("processName is empty"); + return false; + } + uint16_t index = 0; + for (; index < PROCESS_NAME_WHITE_LIST_NUM; ++index) { + std::string whitePkgName(PROCESS_NAME_WHITE_LIST[index]); + if (processName == whitePkgName) { + LOGI("processName = %{public}s in whiteList.", processName.c_str()); + return true; + } + } + LOGI("CheckProcessNameInWhiteList: %{public}s invalid.", processName.c_str()); + return false; +} + void DmAuthManager::GetAuthParam(const std::string &pkgName, int32_t authType, const std::string &deviceId, const std::string &extra) { @@ -214,6 +238,13 @@ void DmAuthManager::GetAuthParam(const std::string &pkgName, int32_t authType, authRequestContext_->isOnline = false; authRequestContext_->authed = !authRequestContext_->bindType.empty(); authRequestContext_->bindLevel = INVALIED_TYPE; + authRequestContext_->bundleName = GetBundleName(jsonObject); + authRequestContext_->token = std::to_string(GenRandInt(MIN_PIN_TOKEN, MAX_PIN_TOKEN)); + parseBindParam(extra); +} + +void parseBindParam(const std::string &extra) +{ nlohmann::json jsonObject = nlohmann::json::parse(extra, nullptr, false); if (!jsonObject.is_discarded()) { if (IsString(jsonObject, TARGET_PKG_NAME_KEY)) { @@ -236,10 +267,12 @@ void DmAuthManager::GetAuthParam(const std::string &pkgName, int32_t authType, std::string delaySecondsStr = jsonObject[PARAM_CLOSE_SESSION_DELAY_SECONDS].get(); authRequestContext_->closeSessionDelaySeconds = GetCloseSessionDelaySeconds(delaySecondsStr); } - authRequestContext_->bindLevel = GetBindLevel(authRequestContext_->bindLevel); + std::string processName = ""; + if (IsString(jsonObject, PROCESS_NAME)) { + processName = jsonObject[PROCESS_NAME].get(); + } + authRequestContext_->bindLevel = GetBindLevel(authRequestContext_->bindLevel, processName); } - authRequestContext_->bundleName = GetBundleName(jsonObject); - authRequestContext_->token = std::to_string(GenRandInt(MIN_PIN_TOKEN, MAX_PIN_TOKEN)); } int32_t DmAuthManager::GetCloseSessionDelaySeconds(std::string &delaySecondsStr) @@ -2612,7 +2645,7 @@ bool DmAuthManager::IsAllowDeviceBind() return false; } -int32_t DmAuthManager::GetBindLevel(int32_t bindLevel) +int32_t DmAuthManager::GetBindLevel(int32_t bindLevel, const std::string &processName) { if (IsAllowDeviceBind()) { if (static_cast(bindLevel) == INVALIED_TYPE || static_cast(bindLevel) > APP || @@ -2621,6 +2654,9 @@ int32_t DmAuthManager::GetBindLevel(int32_t bindLevel) } return bindLevel; } + if (CheckProcessNameInWhiteList(processName)) { + return DEVICE; + } if (static_cast(bindLevel) == INVALIED_TYPE || (static_cast(bindLevel) != APP && static_cast(bindLevel) != SERVICE)) { return APP; diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index 0868ce035f396a02f7f5021d85e784b1774b8543..ad957483ca40e2e3a666cf786216d6d1b2b74673 100755 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -507,10 +507,16 @@ int32_t DeviceManagerService::AuthenticateDevice(const std::string &pkgName, int LOGE("AuthenticateDevice failed, cannot get target info from cached discovered device map."); return ERR_DM_BIND_INPUT_PARA_INVALID; } + std::string processName = ""; + if (PermissionManager::GetInstance().GetCallerProcessName(processName) != DM_OK) { + LOGE("Get caller process name failed, pkgname: %{public}s.", pkgName.c_str()); + return ERR_DM_FAILED; + } std::map bindParam; bindParam.insert(std::pair(PARAM_KEY_AUTH_TYPE, std::to_string(authType))); bindParam.insert(std::pair(PARAM_KEY_BIND_EXTRA_DATA, extra)); bindParam.insert(std::pair(PARAM_KEY_CONN_ADDR_TYPE, std::to_string(addrType))); + bindParam.insert(std::pair(PROCESS_NAME, processName)); return dmServiceImpl_->BindTarget(pkgName, targetId, bindParam); } diff --git a/test/commonunittest/UTTest_dm_auth_manager_first.cpp b/test/commonunittest/UTTest_dm_auth_manager_first.cpp index 2306830dc425c1ffb4f820403e5b79c6b1c89048..d4cd54d16850134fbac8aefd80beb9fceff8b8cb 100644 --- a/test/commonunittest/UTTest_dm_auth_manager_first.cpp +++ b/test/commonunittest/UTTest_dm_auth_manager_first.cpp @@ -1444,11 +1444,11 @@ HWTEST_F(DmAuthManagerTest, GetBindLevel_001, testing::ext::TestSize.Level0) authManager_->ProcIncompatible(sessionId); EXPECT_CALL(*appManagerMock_, IsSystemSA()).WillOnce(Return(true)); - int32_t ret = authManager_->GetBindLevel(bindLevel); + int32_t ret = authManager_->GetBindLevel(bindLevel, ""); ASSERT_EQ(ret, DEVICE); EXPECT_CALL(*appManagerMock_, IsSystemSA()).WillOnce(Return(false)); - ret = authManager_->GetBindLevel(bindLevel); + ret = authManager_->GetBindLevel(bindLevel, ""); ASSERT_EQ(ret, APP); authManager_->authResponseContext_->authType == AUTH_TYPE_IMPORT_AUTH_CODE; @@ -1470,11 +1470,11 @@ HWTEST_F(DmAuthManagerTest, GetBindLevel_001, testing::ext::TestSize.Level0) bindLevel = SERVICE; EXPECT_CALL(*appManagerMock_, IsSystemSA()).WillOnce(Return(false)); - ret = authManager_->GetBindLevel(bindLevel); + ret = authManager_->GetBindLevel(bindLevel, ""); ASSERT_EQ(ret, SERVICE); EXPECT_CALL(*appManagerMock_, IsSystemSA()).WillOnce(Return(true)); - ret = authManager_->GetBindLevel(bindLevel); + ret = authManager_->GetBindLevel(bindLevel, ""); ASSERT_EQ(ret, SERVICE); }