From 1ae030db9c863374962d56069ac3b6ae721b1f54 Mon Sep 17 00:00:00 2001 From: jxw Date: Sun, 6 Jul 2025 00:22:24 +0800 Subject: [PATCH 1/4] =?UTF-8?q?http=20=E6=98=8E=E6=96=87=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: jxw --- .../websocket/websocket_module/src/net_ssl_c.cpp | 13 +++++++++++++ interfaces/kits/c/net_ssl/BUILD.gn | 1 + interfaces/kits/c/net_ssl/include/net_ssl_c.h | 1 + interfaces/kits/c/net_ssl/libnet_ssl_c.json | 4 ++++ .../utils/common_utils/NetStackCommonUtilsTest.cpp | 7 +++++++ utils/common_utils/src/netstack_common_utils.cpp | 6 ++++++ 6 files changed, 32 insertions(+) diff --git a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp index 8ddbe0575..9c6b6713d 100644 --- a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp +++ b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp @@ -206,4 +206,17 @@ int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *i } return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() .IsCleartextPermitted(std::string(hostname), *isCleartextPermitted); +} + +int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *componentCfg) +{ + if (!OHOS::NetManagerStandard::NetManagerPermission::IsSystemCaller()) { + NETSTACK_LOGE("Caller not have sys permission"); + return OHOS::NetManagerStandard::NETMANAGER_ERR_NOT_SYSTEM_CALL; + } + if (component == nullptr || componentCfg == nullptr) { + NETSTACK_LOGE("OH_Netstack_IsCleartextCfgByComponent received invalid parameters"); + return OHOS::NetManagerStandard::NETMANAGER_ERR_INVALID_PARAMETER; + } + return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() +.IsCleartextCfgByComponent(std::string(component), *componentCfg); } \ No newline at end of file diff --git a/interfaces/kits/c/net_ssl/BUILD.gn b/interfaces/kits/c/net_ssl/BUILD.gn index 9c3dd374e..a49001ded 100644 --- a/interfaces/kits/c/net_ssl/BUILD.gn +++ b/interfaces/kits/c/net_ssl/BUILD.gn @@ -45,6 +45,7 @@ ohos_shared_library("net_ssl_ndk") { "openssl:libcrypto_shared", "openssl:libssl_shared", "samgr:samgr_proxy", + "netmanager_base:net_manager_common", ] cflags_cc = [ diff --git a/interfaces/kits/c/net_ssl/include/net_ssl_c.h b/interfaces/kits/c/net_ssl/include/net_ssl_c.h index bb94978cb..676ccc4c0 100644 --- a/interfaces/kits/c/net_ssl/include/net_ssl_c.h +++ b/interfaces/kits/c/net_ssl/include/net_ssl_c.h @@ -80,6 +80,7 @@ int32_t OH_Netstack_IsCleartextPermitted(bool *isCleartextPermitted); int32_t OH_Netstack_IsCleartextPermittedByHostName(const char *hostname, bool *isCleartextPermitted); +int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *componentCfg); #ifdef __cplusplus } #endif diff --git a/interfaces/kits/c/net_ssl/libnet_ssl_c.json b/interfaces/kits/c/net_ssl/libnet_ssl_c.json index 30cbe0901..f98946f7b 100644 --- a/interfaces/kits/c/net_ssl/libnet_ssl_c.json +++ b/interfaces/kits/c/net_ssl/libnet_ssl_c.json @@ -22,5 +22,9 @@ { "first_introduced":"16", "name": "OH_Netstack_IsCleartextPermittedByHostName" + }, + { + "first_introduced": "20", + "name": "OH_Netstack_IsCleartextCfgByComponent" } ] diff --git a/test/unittest/utils/common_utils/NetStackCommonUtilsTest.cpp b/test/unittest/utils/common_utils/NetStackCommonUtilsTest.cpp index 054ea1a87..44124217e 100644 --- a/test/unittest/utils/common_utils/NetStackCommonUtilsTest.cpp +++ b/test/unittest/utils/common_utils/NetStackCommonUtilsTest.cpp @@ -832,6 +832,13 @@ HWTEST_F(NetStackCommonUtilsTest, IsCertPubKeyInPinned09, TestSize.Level2) "oChTociMee9wno="); EXPECT_TRUE(IsCertPubKeyInPinned(pubkey, pinnedPubkey)); } + +HWTEST_F(NetStackCommonUtilsTest, IsCleartextPermitted01, TestSize.Level2) +{ + std::string url("http://text.com"); + std::string protocol("http://"); + EXPECT_TRUE(IsCleartextPermitted(url, protocol)); +} } // namespace CommonUtils } // namespace NetStack } // namespace OHOS \ No newline at end of file diff --git a/utils/common_utils/src/netstack_common_utils.cpp b/utils/common_utils/src/netstack_common_utils.cpp index 69018132a..c77883b89 100644 --- a/utils/common_utils/src/netstack_common_utils.cpp +++ b/utils/common_utils/src/netstack_common_utils.cpp @@ -597,6 +597,12 @@ bool IsCleartextPermitted(const std::string &url, const std::string &protocol) bool isCleartextPermitted = true; #if HAS_NETMANAGER_BASE using namespace OHOS::NetManagerStandard; + bool isComponetCfg = true; + int32_t ret = NetworkSecurityConfig::GetInstance().IsCleartextCfgByComponent("Network Kit", isComponetCfg); + if (ret || !isComponetCfg) { + NETSTACK_LOGD("Network Kit Component Not Cfg or Cfg False"); + return isCleartextPermitted; + } if (url.find(protocol) != std::string::npos) { std::string hostName = GetHostnameFromURL(url); NetworkSecurityConfig::GetInstance().IsCleartextPermitted(hostName, isCleartextPermitted); -- Gitee From a3de865e11de3fd2cabaca8fd36acc2751d3ee68 Mon Sep 17 00:00:00 2001 From: jxw Date: Sun, 6 Jul 2025 01:47:17 +0000 Subject: [PATCH 2/4] update frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp. Signed-off-by: jxw --- .../js/napi/websocket/websocket_module/src/net_ssl_c.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp index 9c6b6713d..2d39b97b0 100644 --- a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp +++ b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp @@ -218,5 +218,6 @@ int32_t OH_Netstack_IsCleartextCfgByComponent(const char *component, bool *compo NETSTACK_LOGE("OH_Netstack_IsCleartextCfgByComponent received invalid parameters"); return OHOS::NetManagerStandard::NETMANAGER_ERR_INVALID_PARAMETER; } - return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() +.IsCleartextCfgByComponent(std::string(component), *componentCfg); + return OHOS::NetManagerStandard::NetworkSecurityConfig::GetInstance() + .IsCleartextCfgByComponent(std::string(component), *componentCfg); } \ No newline at end of file -- Gitee From b1ee8c0d3a706ff7ad7c5c4344600a9f22fd6852 Mon Sep 17 00:00:00 2001 From: jxw Date: Sun, 6 Jul 2025 02:33:40 +0000 Subject: [PATCH 3/4] update frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp. Signed-off-by: jxw --- frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp index 2d39b97b0..a791a33f5 100644 --- a/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp +++ b/frameworks/js/napi/websocket/websocket_module/src/net_ssl_c.cpp @@ -28,6 +28,7 @@ #include "net_ssl_verify_cert.h" #include "net_manager_constants.h" #include "network_security_config.h" +#include "netmanager_base_permission.h" struct OHOS::NetStack::Ssl::CertBlob SwitchToCertBlob(const struct NetStack_CertBlob cert) { -- Gitee From 29e058f368d5e0bca6579d176e968c44727b70c8 Mon Sep 17 00:00:00 2001 From: jxw Date: Sun, 6 Jul 2025 03:23:36 +0000 Subject: [PATCH 4/4] update test/fuzztest/netsslinner_fuzzer/BUILD.gn. Signed-off-by: jxw --- test/fuzztest/netsslinner_fuzzer/BUILD.gn | 1 + 1 file changed, 1 insertion(+) diff --git a/test/fuzztest/netsslinner_fuzzer/BUILD.gn b/test/fuzztest/netsslinner_fuzzer/BUILD.gn index 4adf9dba9..68c1a1ef9 100644 --- a/test/fuzztest/netsslinner_fuzzer/BUILD.gn +++ b/test/fuzztest/netsslinner_fuzzer/BUILD.gn @@ -35,6 +35,7 @@ common_external_deps = [ "openssl:libcrypto_shared", "openssl:libssl_shared", "samgr:samgr_proxy", + "netmanager_base:net_manager_common", ] ohos_fuzztest("NetsslInnerFuzzTest") { -- Gitee