| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
!19644 merge claw into master claw Created-by: xuzheheng Commit-by: xuzheheng Merged-by: openharmony_ci Description: **IssueNo**: https://gitcode.com/openharmony/ability_ability_runtime/issues/15497 **Description**: claw **稳定性自检:** | 自检项 | 自检结果 | | ------------------------------------------------------------ | -------- | | 涉及跨进程调用的相关操作需要抛至主线程或加锁防止并发 | √ | | 成员变量进行赋值或创建需要排查并发 | √ | | 谨慎在lambda表达式中使用引用捕获 | √ | | 谨慎在未经拷贝的情况下使用外部传入的string、C字符串 | √ | | map\vector\list\set等stl模板类使用时需要排查并发 | √ | | 谨慎考虑加锁范围 | √ | | 在IPC通信中谨慎使用同步通信方式 | √ | | 禁止传递this指针至其他模块或线程(特别是eventhandler任务) | √ | | 禁止将外部传入的裸指针在内部直接构造智能指针 | √ | | 禁止多个独立创建的智能指针管理同一地址 | √ | | 禁止在析构函数中抛异步任务 | √ | | 禁止js对象在非js线程(例如在IPC线程)创建、使用或销毁 | √ | | 禁止在对外接口中未经判空直接使用外部传入的指针 | √ | | 禁止接口返回局部变量引用 | √ | | 禁止在信号函数中加锁 | √ | | 禁止在关键流程(SA启动、应用启动等主流程)执行耗时的操作 | √ | | 禁止将同一个cpp编译在不同的so中 | √ | **安全编码自检:** | 自检项 | 自检结果 | | -------------------------------------------------------------- | -------- | | 裸指针避免通过隐式转换构造为sptr | √ | | json对象在取值之前必须先判断类型,避免类型不匹配 | √ | | 序列化时必须对传入的数组大小进行校验,避免出现超大数组 | √ | | 避免使用未明确位宽的整型,选择使用int8_t、uint8_t等类型 | √ | | 外部传入的路径要做规范化校验,对路径中的.、..、../等特殊字符严格校验 | √ | | 指针变量、表示资源描述符的变量、bool变量必须赋初值 | √ | | readParcelable获取的对象使用前需要判空 | √ | | 分配和释放内存的函数需要成对出现 | √ | | 申请内存后异常退出前需要及时进行内存释放 | √ | | 内存申请前必须对内存大小进行合法性校验 | √ | | 内存分配后必须判断是否成功 | √ | | 禁止使用realloc、alloca函数 | √ | | 禁止打印文件路径、口令等敏感信息,如有需要,使用private修饰 | √ | | 禁止打印内存地址 | √ | | 整数之间运算时必须严格检查,确保不会出现溢出、反转、除0 | √ | | 禁止对有符号整数进行位操作符运算 | √ | | 禁止对指针进行逻辑或位运算 | √ | | 循环次数如果收外部数据控制,需要检验其合法性 | √ | | 禁止使用内存操作类危险函数,需要使用安全函数 | √ | | 谨慎使用不可重入函数 | √ | | 必须检查安全函数的返回值,并进行正确处理 | √ | | 禁止仅通过TokenType类型判断绕过权限校验 | √ | **TDD Result**:√ **XTS Result**:√ ### 是否已执行L0用例 - [√ ] 已验证 - [ ] 不涉及。如不涉及,请写明理由 See merge request: openharmony/ability_ability_runtime!19644 | 16 天前 | |
revert(skill): do not strip skill params after ForegroundNew, fix exitCode propagation Two related fixes folded together: 1. Revert the L2 RemoveSkillParam calls added in "fix(skill): strip skill params from non-skill want paths". The L2 strip in AbilityRecord::ForegroundAbility and ForegroundUIExtensionAbility breaks the legitimate cold-start skill path: StartAbilityByCallWithSkill (target not yet started) -> StartAbilityByCall -> ResolveLocked -> target launches and enters ForegroundAbility -> ForegroundNew(GetWant(), ...) IPCs the want (with skill params) to the app, but the FOREGROUND_NEW branch in UIAbilityImpl::AbilityTransaction only checks InsightIntent, not skill, so HandleExecuteSkill is NOT called here -> L2 then strips skill params from want_ -> later the ability moves to BACKGROUND_NEW -> BackgroundNew(GetWant(), ...) reuses the now-stripped want_ -> app-side IsSkillExecute(want) returns false -> HandleExecuteSkill is never called, skill silently drops InsightIntent is unaffected because it triggers in FOREGROUND_NEW (HandleExecuteInsightIntentForeground), so the params are consumed before L2 clears them. Skill only triggers in BACKGROUND_NEW, which makes L2 unsafe for skill. L1 (entry stripping) and L3 (ExecuteSkillDone cleanup) are sufficient. 2. Propagate AMS failure code to CLI exitCode. BuildSkillSessionInfo sets ExecResult.exitCode from skillResult.code, but SkillExecuteManager constructs a default SkillExecuteResult (code=0) for OnTimeout / OnLaunchFailed / OnTargetProcessDied. The OnExecuteDone resultCode carries the real error (e.g. ERR_SKILL_EXECUTE_TARGET_DIED), yet CLI consumers saw exitCode=0 alongside status="failed", masking the failure. Fix at two layers: - CLI: BuildSkillSessionInfo falls back to resultCode when skillResult.code==0 && resultCode!=ERR_OK. - AMS: SkillExecuteManager now mirrors the resultCode into emptyResult.code at all three failure sites, matching how the app-side ReportSkillError already populates .code with errCode. Co-Authored-By: Agent Signed-off-by: RuiChen_01 <chenrui193@huawei.com> | 11 天前 | |
Add cfi/pac config Co-Authored-By: Agent Signed-off-by: wangzhen <wangzhen416@huawei.com> 🤖 AI[0%] 👌 AI Adopted[0%] 🧑 Human[100%] | 4 天前 |