From 619b3b96a97c5037b5047eff39e9b04948ad6c99 Mon Sep 17 00:00:00 2001
From: zuojiangjiang <zuojiangjiang@huawei.com>
Date: Sat, 29 Jan 2022 16:07:32 +0800
Subject: [PATCH] Cancel dependencies to security part of device and data
 security

Signed-off-by: zuojiangjiang <zuojiangjiang@huawei.com>
---
 .../adapter/security/BUILD.gn                 |   4 +-
 .../adapter/security/src/security.cpp         | 128 ++----------------
 .../adapter/security/src/security.h           |   2 +-
 .../adapter/security/src/security_adapter.cpp |   3 -
 .../adapter/security/src/sensitive.cpp        |  47 +------
 5 files changed, 15 insertions(+), 169 deletions(-)

diff --git a/services/distributeddataservice/adapter/security/BUILD.gn b/services/distributeddataservice/adapter/security/BUILD.gn
index b60a7bf1e..ce3319b1e 100755
--- a/services/distributeddataservice/adapter/security/BUILD.gn
+++ b/services/distributeddataservice/adapter/security/BUILD.gn
@@ -39,14 +39,12 @@ ohos_static_library("distributeddata_security_static") {
   ]
 
   deps = [
+    "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/libs/distributeddb:distributeddb",
     "//third_party/jsoncpp:jsoncpp",
     "//utils/native/base:utils",
-    "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/libs/distributeddb:distributeddb",
   ]
 
   external_deps = [
-    "dataclassification:fbe_iudf_xattr",
-    "dataclassification:hwdsl",
     "dsoftbus_standard:softbus_client",
     "hiviewdfx_hilog_native:libhilog",
     "ipc:ipc_core",
diff --git a/services/distributeddataservice/adapter/security/src/security.cpp b/services/distributeddataservice/adapter/security/src/security.cpp
index dd8ddf5ce..849c37647 100755
--- a/services/distributeddataservice/adapter/security/src/security.cpp
+++ b/services/distributeddataservice/adapter/security/src/security.cpp
@@ -18,7 +18,6 @@
 #include <thread>
 #include "communication_provider.h"
 #include "constant.h"
-#include "fbe_sdp_policy.h"
 #include "sensitive.h"
 #include "log_print.h"
 #include "block_integer.h"
@@ -29,23 +28,9 @@
 namespace OHOS::DistributedKv {
 using namespace DistributedDB;
 std::atomic_bool Security::isInitialized_ = true;
-const char * const Security::LABEL_VALUES[S4 + 1] = {
-    "", LABEL_VALUE_S0, LABEL_VALUE_S1, LABEL_VALUE_S2, LABEL_VALUE_S3, LABEL_VALUE_S4
-};
-
-const char * const Security::DATA_DE[] = {
-    "/data/user_de/",
-    "/data/misc_de/",
-    nullptr
-};
-
-const char * const Security::DATA_CE[] = {
-    "/storage/emulated/",
-    "/data/misc_ce/",
-    "/data/user/",
-    "/mnt/mdfs/",
-    nullptr
-};
+const char * const Security::LABEL_VALUES[S4 + 1] = {};
+const char * const Security::DATA_DE[] = {};
+const char * const Security::DATA_CE[] = {};
 
 Security::Security(const std::string &appId, const std::string &userId, const std::string &dir)
 {
@@ -143,76 +128,17 @@ DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption
 
 DBStatus Security::GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const
 {
-    if (!IsSupportSecurity()) {
-        option.securityFlag = -1;
-        return OK;
-    }
-
-    int policy = GetPathPolicy(filePath.c_str());
-    switch (policy) {
-        case FSCRYPT_SDP_ECE_CLASS:
-            option.securityFlag = ECE;
-            break;
-        case FSCRYPT_SDP_SECE_CLASS:
-            option.securityFlag = SECE;
-            break;
-        default:
-            option.securityFlag = -1;
-            break;
-    }
-    return OK;
+    return NOT_SUPPORT;
 }
 
 DBStatus Security::GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const
 {
-    if (!IsExits(filePath)) {
-        option = {NOT_SET, ECE};
-        return OK;
-    }
-
-    int userId = GetCurrentUserId();
-    char value[LABEL_VALUE_LEN]{0};
-    int err = GetLabel(userId, filePath.c_str(), LABEL_NAME_SECURITY_LEVEL, value, LABEL_VALUE_LEN);
-    if (err != RET_SDP_OK && err != RET_SDP_NOT_SET_ERROR && err != RET_SDP_NOT_SUPPORT_ATTR) {
-        ZLOGE("Get Label failed! error: %d, value: %s path:%s", err, value, filePath.c_str());
-        return DB_ERROR;
-    }
-
-    if (err == RET_SDP_NOT_SUPPORT_ATTR) {
-        ZLOGD("Not support attr ioctl! value: %s path:%s", value, filePath.c_str());
-        return NOT_SUPPORT;
-    }
-
-    int flag = (err == RET_SDP_OK) ? GetFlag(userId, filePath.c_str(), LABEL_NAME_SECURITY_LEVEL) : ECE;
-    if (flag == -1) {
-        ZLOGE("Get Flag failed! error: %d, value: %s path:%s", err, value, filePath.c_str());
-    }
-
-    option = {Convert2Security(std::string(value)), flag};
-    return OK;
+    return NOT_SUPPORT;
 }
 
 DBStatus Security::SetDirSecurityOption(const std::string &filePath, const SecurityOption &option)
 {
-    int error = RET_SDP_OK;
-    switch (option.securityLabel) {
-        case S3:
-        case S4: {
-            if (IsSupportSecurity()) {
-                int userId = GetCurrentUserId();
-                error = SetSecePathPolicy(userId, filePath.c_str());
-            }
-            break;
-        }
-        default:
-            break;
-    }
-    if (error != RET_SDP_OK && error != RET_SDP_SUPPORT_IUDF_ERROR) {
-        ZLOGE("Set path policy failed(%d)! label:%d, flag:%d path:%s",
-              error, option.securityLabel, option.securityFlag, filePath.c_str());
-        return NO_PERMISSION;
-    }
-    return OK;
+    return NOT_SUPPORT;
 }
 
 DBStatus Security::SetFileSecurityOption(const std::string &filePath, const SecurityOption &option)
@@ -220,28 +146,7 @@ DBStatus Security::SetFileSecurityOption(const std::string &filePath, const Secu
     if (option.securityLabel == NOT_SET) {
         return OK;
     }
-
-    const char *value = Convert2Name(option, !InPathsBox(filePath, DATA_DE));
-    if (value == nullptr) {
-        ZLOGE("Invalid args Label failed! label:%d, flag:%d path:%s",
-              option.securityLabel, option.securityFlag, filePath.c_str());
-        return INVALID_ARGS;
-    }
-
-    int userId = GetCurrentUserId();
-    int err = SetLabel(userId, filePath.c_str(), LABEL_NAME_SECURITY_LEVEL, value, option.securityFlag);
-    if (err != RET_SDP_OK && err != RET_SDP_LABEL_HAS_BEEN_SET && err != RET_SDP_NOT_SUPPORT_ATTR) {
-        ZLOGE("Set Label failed! label:%d, flag:%d value:%s path:%s",
-              option.securityLabel, option.securityFlag, value, filePath.c_str());
-        return DB_ERROR;
-    }
-
-    if (err == RET_SDP_NOT_SUPPORT_ATTR) {
-        ZLOGD("Not support attr ioctl! value: %s path:%s", value, filePath.c_str());
-        return NOT_SUPPORT;
-    }
-
-    return OK;
+    return NOT_SUPPORT;
 }
 
 bool Security::CheckDeviceSecurityAbility(const std::string &devId, const SecurityOption &option) const
@@ -261,17 +166,12 @@ int32_t Security::GetCurrentUserStatus() const
     if (!IsSupportSecurity()) {
         return NO_PWD;
     }
-    return GetLockState(GetCurrentUserId(), FLAG_LOCAL_STATE);
+    return NO_PWD;
 }
 
 bool Security::SubscribeUserStatus(std::function<int32_t(int32_t, int32_t)> &observer) const
 {
-    int error = RegisterLockStateChangeCallback(FLAG_LOCAL_STATE, observer);
-    if (error == RET_LOCK_OK) {
-        // retroactively the current status
-        observer(GetCurrentUserId(), GetCurrentUserStatus());
-    }
-    return (error == RET_LOCK_OK);
+    return false;
 }
 
 const char *Security::Convert2Name(const SecurityOption &option, bool isCE)
@@ -280,14 +180,6 @@ const char *Security::Convert2Name(const SecurityOption &option, bool isCE)
         return nullptr;
     }
 
-    if (isCE && option.securityLabel < S2) {
-        return nullptr;
-    }
-
-    if (!isCE && option.securityLabel >= S2) {
-        return nullptr;
-    }
-
     return LABEL_VALUES[option.securityLabel];
 }
 
@@ -303,7 +195,7 @@ int Security::Convert2Security(const std::string &name)
 
 bool Security::IsSupportSecurity()
 {
-    return IsSupportIudf();
+    return false;
 }
 
 bool Security::IsFirstInit()
diff --git a/services/distributeddataservice/adapter/security/src/security.h b/services/distributeddataservice/adapter/security/src/security.h
index d7463f7d2..074192551 100644
--- a/services/distributeddataservice/adapter/security/src/security.h
+++ b/services/distributeddataservice/adapter/security/src/security.h
@@ -81,7 +81,7 @@ private:
     DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option);
     DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option);
 
-    std::map<int32_t, OnAccessControlledEvent> observers_ { };
+    std::map<int32_t, OnAccessControlledEvent> observers_ {};
     static std::atomic_bool isInitialized_;
 };
 }
diff --git a/services/distributeddataservice/adapter/security/src/security_adapter.cpp b/services/distributeddataservice/adapter/security/src/security_adapter.cpp
index c49140690..377dc1917 100755
--- a/services/distributeddataservice/adapter/security/src/security_adapter.cpp
+++ b/services/distributeddataservice/adapter/security/src/security_adapter.cpp
@@ -16,7 +16,6 @@
 #include "security_adapter.h"
 #include "log_print.h"
 #include "security.h"
-#include "1.0/dev_slinfo_mgr.h"
 #undef LOG_TAG
 #define LOG_TAG "SecurityAdapter"
 
@@ -33,7 +32,6 @@ private:
 
 InstallDevsl::InstallDevsl()
 {
-    (void)DEVSL_OnStart(0);
     security_ = std::make_shared<Security>("distributeddata", "default", "/data/misc_de/0/mdds/Meta");
     if (security_ == nullptr) {
         ZLOGD("Security is nullptr.");
@@ -46,7 +44,6 @@ InstallDevsl::InstallDevsl()
 
 InstallDevsl::~InstallDevsl()
 {
-    DEVSL_ToFinish();
 }
 
 void InstallDevsl::Initialize()
diff --git a/services/distributeddataservice/adapter/security/src/sensitive.cpp b/services/distributeddataservice/adapter/security/src/sensitive.cpp
index c0e408768..96cd5a780 100755
--- a/services/distributeddataservice/adapter/security/src/sensitive.cpp
+++ b/services/distributeddataservice/adapter/security/src/sensitive.cpp
@@ -18,18 +18,17 @@
 #include "iprocess_system_api_adapter.h"
 #include "log_print.h"
 #include "serializable.h"
-#include "1.0/dev_slinfo_mgr.h"
 #undef LOG_TAG
 #define LOG_TAG "Sensitive"
 
 namespace OHOS::DistributedKv {
 Sensitive::Sensitive(std::string deviceId, uint32_t type)
-    : deviceId(std::move(deviceId)), securityLevel(DATA_SEC_LEVEL1), deviceType(type)
+    : deviceId(std::move(deviceId)), securityLevel(0), deviceType(type)
 {
 }
 
 Sensitive::Sensitive(const std::vector<uint8_t> &value)
-    : securityLevel(DATA_SEC_LEVEL1), deviceType(0)
+    : securityLevel(0), deviceType(0)
 {
     Unmarshal(value);
 }
@@ -67,56 +66,16 @@ void Sensitive::Unmarshal(const std::vector<uint8_t> &value)
 
 uint32_t Sensitive::GetSensitiveLevel()
 {
-    DEVSLQueryParams query;
-    DEVSL_INIT_PARAMS(&query);
-    query.udid = reinterpret_cast<const uint8_t *>(deviceId.c_str());
-    query.sensitiveData = reinterpret_cast<const uint8_t *>(dataBase64.c_str());
-    query.idLen = uint32_t(deviceId.size());
-    query.sensitiveDataLen = uint32_t(dataBase64.size());
-    if (dataBase64.empty()) {
-        query.devType = GetDevslDeviceType();
-    }
-
-    uint32_t level = DATA_SEC_LEVEL2;
-    uint32_t result = DEVSL_GetHighestSecLevel(&query, &level);
-    if (result != DEVSL_SUCCESS) {
-        ZLOGE("get highest level failed(%.10s)! level: %d, error: %d, cert (%.10s)",
-              deviceId.c_str(), securityLevel, result, dataBase64.c_str());
-        return securityLevel;
-    }
-    securityLevel = level;
-    ZLOGD("get highest level success(%.10s)! level: %d cert (%.10s)",
-          deviceId.c_str(), securityLevel, dataBase64.c_str());
     return securityLevel;
 }
 
 bool Sensitive::operator >= (const DistributedDB::SecurityOption &option)
 {
-    return (option.securityLabel == DistributedDB::NOT_SET) ||
-           (GetSensitiveLevel() >= static_cast<uint32_t>(option.securityLabel - 1));
+    return true;
 }
 
 bool Sensitive::LoadData()
 {
-    uint8_t data[Sensitive::MAX_DATA_LEN + 1];
-    uint32_t length = Sensitive::MAX_DATA_LEN;
-    int32_t result = DEVSL_GetLocalCertData(data, Sensitive::MAX_DATA_LEN, &length);
-    if (result != DEVSL_SUCCESS) {
-        ZLOGE("DEVSL_GetLocalCertData failed %d", result);
-        return false;
-    }
-    data[length] = 0;
-    dataBase64 = reinterpret_cast<char *>(data);
-    DEVSLQueryParams query;
-    DEVSL_INIT_PARAMS(&query);
-    query.udid = reinterpret_cast<const uint8_t *>(deviceId.c_str());
-    query.sensitiveData = data;
-    query.idLen = uint32_t(deviceId.size());
-    query.sensitiveDataLen = length;
-
-    if (DEVSL_GetHighestSecLevel(&query, &securityLevel) != DEVSL_SUCCESS) {
-        securityLevel = DATA_SEC_LEVEL1;
-    }
     return true;
 }
 
-- 
Gitee