From 429f9fc7631f30629b18ba354f2dc1c865a374ba Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Mon, 14 Feb 2022 21:09:06 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E5=88=86=E5=B8=83=E5=BC=8F=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=94=AF=E6=8C=81=E5=88=86=E7=B1=BB=E5=88=86=E7=BA=A7?= =?UTF-8?q?=20Signed-off-by:=20zuojiangjiang=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../adapter/security/BUILD.gn | 14 +- .../adapter/security/src/block_integer.cpp | 7 + .../adapter/security/src/block_integer.h | 2 +- .../adapter/security/src/security.cpp | 232 +++++++++++------- .../adapter/security/src/security.h | 49 ++-- .../adapter/security/src/security_adapter.cpp | 19 +- .../adapter/security/src/sensitive.cpp | 102 ++++---- .../adapter/security/src/sensitive.h | 40 ++- .../app/src/kvstore_data_service.cpp | 2 + .../app/src/kvstore_meta_manager.cpp | 1 - 10 files changed, 260 insertions(+), 208 deletions(-) diff --git a/services/distributeddataservice/adapter/security/BUILD.gn b/services/distributeddataservice/adapter/security/BUILD.gn index 4ca34ef5c..73902810d 100755 --- a/services/distributeddataservice/adapter/security/BUILD.gn +++ b/services/distributeddataservice/adapter/security/BUILD.gn @@ -17,26 +17,36 @@ ohos_static_library("distributeddata_security_static") { sources = [ "src/block_integer.cpp", "src/security.cpp", - "src/security_adapter.cpp", "src/sensitive.cpp", ] cflags_cc = [ "-fvisibility=hidden" ] + remove_configs = [ "//build/config/compiler:no_exceptions" ] + + configs = [ + "//build/config/compiler:exceptions", + "//third_party/jsoncpp:jsoncpp_config", + ] + include_dirs = [ "../include/autils", "../include/log", - "../include/security", "../include/communicator", + "../include/utils", + "../include/security", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/app_distributeddata/include", + "//foundation/filemanagement/file_api/interfaces/innerkits/include", ] deps = [ "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/libs/distributeddb:distributeddb", + "//third_party/jsoncpp:jsoncpp", "//utils/native/base:utils", ] external_deps = [ + "dataclassification:data_transit_mgr", "dsoftbus_standard:softbus_client", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", diff --git a/services/distributeddataservice/adapter/security/src/block_integer.cpp b/services/distributeddataservice/adapter/security/src/block_integer.cpp index 8c800cca8..14cc45aa0 100755 --- a/services/distributeddataservice/adapter/security/src/block_integer.cpp +++ b/services/distributeddataservice/adapter/security/src/block_integer.cpp @@ -32,6 +32,13 @@ BlockInteger BlockInteger::operator++(int) return temp; } +BlockInteger &BlockInteger::operator=(const BlockInteger &integer) +{ + value_ = integer.value_; + interval_ = integer.interval_; + return *this; +} + BlockInteger &BlockInteger::operator=(int value) { value_ = value; diff --git a/services/distributeddataservice/adapter/security/src/block_integer.h b/services/distributeddataservice/adapter/security/src/block_integer.h index 62ed8b4db..ea4195f9d 100755 --- a/services/distributeddataservice/adapter/security/src/block_integer.h +++ b/services/distributeddataservice/adapter/security/src/block_integer.h @@ -26,7 +26,7 @@ public: : interval_(integer.interval_), value_(integer.value_) { }; - BlockInteger &operator=(const BlockInteger &integer) = default; + BlockInteger &operator=(const BlockInteger &integer); ~BlockInteger() = default; diff --git a/services/distributeddataservice/adapter/security/src/security.cpp b/services/distributeddataservice/adapter/security/src/security.cpp index 05f95e918..710fbe4c5 100755 --- a/services/distributeddataservice/adapter/security/src/security.cpp +++ b/services/distributeddataservice/adapter/security/src/security.cpp @@ -16,25 +16,36 @@ #include "security.h" #include #include -#include "communication_provider.h" +#include +#include #include "constant.h" -#include "sensitive.h" #include "log_print.h" #include "block_integer.h" #include "ohos_account_kits.h" +#include "communication_provider.h" +#include "dev_slinfo_mgr.h" +#include "security_label.h" #undef LOG_TAG -#define LOG_TAG "SecurityAdapter" +#define LOG_TAG "Security" namespace OHOS::DistributedKv { +namespace { + const std::string SECURITY_VALUE_XATTR_PARRERN = "s([01234])"; + const std::string EMPTY_STRING = ""; +} +const std::string Security::LABEL_VALUE_S0 = "s0"; +const std::string Security::LABEL_VALUE_S1 = "s1"; +const std::string Security::LABEL_VALUE_S2 = "s2"; +const std::string Security::LABEL_VALUE_S3 = "s3"; +const std::string Security::LABEL_VALUE_S4 = "s4"; using namespace DistributedDB; -std::atomic_bool Security::isInitialized_ = true; -const char * const Security::LABEL_VALUES[S4 + 1] = {}; -const char * const Security::DATA_DE[] = { nullptr }; -const char * const Security::DATA_CE[] = { nullptr }; +const std::string Security::LABEL_VALUES[S4 + 1] = { + "", LABEL_VALUE_S0, LABEL_VALUE_S1, LABEL_VALUE_S2, LABEL_VALUE_S3, LABEL_VALUE_S4 +}; -Security::Security(const std::string &appId, const std::string &userId, const std::string &dir) +Security::Security() { - ZLOGD("constructor kvStore_ is %s", dir.c_str()); + ZLOGD("construct kvStore_"); } Security::~Security() @@ -84,7 +95,7 @@ DBStatus Security::RegOnAccessControlledEvent(const OnAccessControlledEvent &cal bool Security::IsAccessControlled() const { - int curStatus = GetCurrentUserStatus(); + auto curStatus = GetCurrentUserStatus(); return !(curStatus == UNLOCK || curStatus == NO_PWD); } @@ -94,10 +105,6 @@ DBStatus Security::SetSecurityOption(const std::string &filePath, const Security return INVALID_ARGS; } - if (!InPathsBox(filePath, DATA_DE) && !InPathsBox(filePath, DATA_CE)) { - return NOT_SUPPORT; - } - struct stat curStat; stat(filePath.c_str(), &curStat); if (S_ISDIR(curStat.st_mode)) { @@ -113,89 +120,77 @@ DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption return INVALID_ARGS; } - if (!InPathsBox(filePath, DATA_DE) && !InPathsBox(filePath, DATA_CE)) { - return NOT_SUPPORT; - } - struct stat curStat; stat(filePath.c_str(), &curStat); if (S_ISDIR(curStat.st_mode)) { return GetDirSecurityOption(filePath, option); } else { return GetFileSecurityOption(filePath, option); - } + } } -DBStatus Security::GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const +bool Security::CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const { - return NOT_SUPPORT; + ZLOGD("The kvstore security level: label:%d", option.securityLabel); + Sensitive sensitive = GetDeviceNodeByUuid(deviceId, true, nullptr); + auto secuiryLevel = sensitive.GetDeviceSecurityLevel(); + return (option.securityLabel == DistributedDB::NOT_SET) || + (secuiryLevel >= static_cast(option.securityLabel - 1)); } -DBStatus Security::GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const -{ - return NOT_SUPPORT; -} - -DBStatus Security::SetDirSecurityOption(const std::string &filePath, const SecurityOption &option) -{ - return NOT_SUPPORT; -} - -DBStatus Security::SetFileSecurityOption(const std::string &filePath, const SecurityOption &option) +int Security::Convert2Security(const std::string &name) { - if (option.securityLabel == NOT_SET) { - return OK; + for (int i = 0; i <= S4; i++) { + if (name == LABEL_VALUES[i]) { + return i; + } } - return NOT_SUPPORT; + return NOT_SET; } -bool Security::CheckDeviceSecurityAbility(const std::string &devId, const SecurityOption &option) const +const std::string Security::Convert2Name(const SecurityOption &option) { - ZLOGD("The kv store is null, label:%d", option.securityLabel); - return GetDeviceNodeByUuid(devId, nullptr) >= option; -} + if (option.securityLabel <= NOT_SET || option.securityLabel > S4) { + return EMPTY_STRING; + } -int32_t Security::GetCurrentUserId() const -{ - std::int32_t uid = getuid(); - return AccountSA::OhosAccountKits::GetInstance().GetDeviceAccountIdByUID(uid); + return LABEL_VALUES[option.securityLabel]; } -int32_t Security::GetCurrentUserStatus() const +bool Security::IsXattrValueValid(const std::string& value) const { - if (!IsSupportSecurity()) { - return NO_PWD; + if (value.empty()) { + ZLOGD("value is empty"); + return false; } - return NO_PWD; + + return std::regex_match(value, std::regex(SECURITY_VALUE_XATTR_PARRERN)); } -bool Security::SubscribeUserStatus(std::function &observer) const +bool Security::IsSupportSecurity() { return false; } -const char *Security::Convert2Name(const SecurityOption &option, bool isCE) +void Security::OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, + const AppDistributedKv::DeviceChangeType &type) const { - if (option.securityLabel <= NOT_SET || option.securityLabel > S4) { - return nullptr; + if (info.deviceId.empty()) { + ZLOGD("deviceId is empty"); + return; } - return nullptr; -} - -int Security::Convert2Security(const std::string &name) -{ - return NOT_SET; -} - -bool Security::IsSupportSecurity() -{ - return false; + bool isOnline = type == AppDistributedKv::DeviceChangeType::DEVICE_ONLINE ? true : false; + Sensitive sensitive = GetDeviceNodeByUuid(info.deviceId, isOnline, nullptr); + if (isOnline) { + auto secuiryLevel = sensitive.GetDeviceSecurityLevel(); + ZLOGI("device is online, secuiry Level:%d", secuiryLevel); + } } -bool Security::IsFirstInit() +AppDistributedKv::ChangeLevelType Security::GetChangeLevelType() const { - return isInitialized_.exchange(false); + return AppDistributedKv::ChangeLevelType::HIGH; } bool Security::IsExits(const std::string &file) const @@ -203,29 +198,20 @@ bool Security::IsExits(const std::string &file) const return access(file.c_str(), F_OK) == 0; } -bool Security::InPathsBox(const std::string &file, const char * const pathsBox[]) const -{ - auto curPath = pathsBox; - if (curPath == nullptr) { - return false; - } - while ((*curPath) != nullptr) { - if (file.find(*curPath) == 0) { - return true; - } - curPath++; - } - return false; -} - -Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, +Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, const std::function(void)> &getValue) { static std::mutex mutex; static std::map devicesUdid; std::lock_guard guard(mutex); auto it = devicesUdid.find(uuid); - if (devicesUdid.find(uuid) != devicesUdid.end()) { + if (!isOnline) { + if (it != devicesUdid.end()) { + devicesUdid.erase(uuid); + } + return Sensitive(); + } + if (it != devicesUdid.end()) { return it->second; } @@ -239,22 +225,90 @@ Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, continue; } - Sensitive sensitive(network.GetUdidByNodeId(device.deviceId), 0); + Sensitive sensitive(network.GetUdidByNodeId(device.deviceId)); if (getValue == nullptr) { - devicesUdid.insert({uuid, std::move(sensitive)}); + devicesUdid.insert(std::pair(uuid, std::move(sensitive))); return devicesUdid[uuid]; } auto value = getValue(); - sensitive.Unmarshal(value); - if (!value.empty()) { - devicesUdid.insert({uuid, std::move(sensitive)}); - return devicesUdid[uuid]; - } - + ZLOGI("getValue is not nullptr!"); return sensitive; } return Sensitive(); } + +bool Security::SubscribeUserStatus(std::function &observer) const +{ + return false; +} + +int32_t Security::GetCurrentUserStatus() const +{ + if (!IsSupportSecurity()) { + return NO_PWD; + } + return NO_PWD; +} + +int32_t Security::GetCurrentUserId() const +{ + std::int32_t uid = getuid(); + return AccountSA::OhosAccountKits::GetInstance().GetDeviceAccountIdByUID(uid); +} + +DBStatus Security::SetFileSecurityOption(const std::string &filePath, const SecurityOption &option) +{ + ZLOGI("set security option %d", option.securityLabel); + if (!IsExits(filePath)) { + return INVALID_ARGS; + } + if (option.securityLabel == NOT_SET) { + return OK; + } + auto dataLevel = Convert2Name(option); + if (dataLevel.empty()) { + ZLOGE("Invalid label args! label:%d, flag:%d path:%s", + option.securityLabel, option.securityFlag, filePath.c_str()); + return INVALID_ARGS; + } + + bool result = FileIO::SecurityLabel::SetSecurityLabel(filePath, dataLevel); + if (!result) { + ZLOGE("set security label failed!, result:%d, datalevel:%s", result, dataLevel.c_str()); + return DB_ERROR; + } + + return OK; +} + +DBStatus Security::SetDirSecurityOption(const std::string &filePath, const SecurityOption &option) +{ + ZLOGI("the filePath is a directory!"); + return NOT_SUPPORT; +} + +DBStatus Security::GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const +{ + if (!IsExits(filePath)) { + option = {NOT_SET, ECE}; + return OK; + } + + std::string value = FileIO::SecurityLabel::GetSecurityLabel(filePath); + if (!IsXattrValueValid(value)) { + option = {NOT_SET, ECE}; + return OK; + } + ZLOGI("get security option %s", value.c_str()); + option = { Convert2Security(value), ECE }; + return OK; +} + +DBStatus Security::GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const +{ + ZLOGI("the filePath is a directory!"); + return NOT_SUPPORT; +} } diff --git a/services/distributeddataservice/adapter/security/src/security.h b/services/distributeddataservice/adapter/security/src/security.h index 074192551..854edd1fb 100644 --- a/services/distributeddataservice/adapter/security/src/security.h +++ b/services/distributeddataservice/adapter/security/src/security.h @@ -17,25 +17,24 @@ #define OHOS_SECURITY_H #include -#include #include #include #include "iprocess_system_api_adapter.h" #include "kv_store_delegate_manager.h" +#include "app_device_status_change_listener.h" #include "visibility.h" #include "sensitive.h" namespace OHOS::DistributedKv { class Security - : public DistributedDB::IProcessSystemApiAdapter, public std::enable_shared_from_this { + : public DistributedDB::IProcessSystemApiAdapter, + public AppDistributedKv::AppDeviceStatusChangeListener { public: using DBStatus = DistributedDB::DBStatus; using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent; using SecurityOption = DistributedDB::SecurityOption; - Security(const std::string &appId, const std::string &userId, const std::string &dir); + Security(); ~Security() override; - - static bool IsFirstInit(); static bool IsSupportSecurity(); DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override; @@ -44,16 +43,16 @@ public: bool IsAccessControlled() const override; // Set the SecurityOption to the targe filepath. - // If the filePath is a directory, All the files and directories in the filePath should be effective. + // If the filePath is a directory, the function would not effective. DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override; // Get the SecurityOption of the targe filepath. DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override; // Check if the target device can save the data at the give sensitive class. - bool CheckDeviceSecurityAbility(const std::string &devId, const SecurityOption &option) const override; + bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override; - static const char *Convert2Name(const SecurityOption &option, bool isCE); + static const std::string Convert2Name(const SecurityOption &option); static int Convert2Security(const std::string &name); private: enum { @@ -62,28 +61,30 @@ private: LOCKED, UNINITIALIZED, }; - - // the key is security_chain/{deviceId} - static const char * const LABEL_VALUES[DistributedDB::S4 + 1]; - static const char * const DATA_DE[]; // = "/data/misc_de/", "/data/user_de/"; - static const char * const DATA_CE[]; - static constexpr int LABEL_VALUE_LEN = 10; static constexpr int RETRY_MAX_TIMES = 10; - int32_t GetCurrentUserId() const; - int32_t GetCurrentUserStatus() const; - bool SubscribeUserStatus(std::function &observer) const; + static const std::string LABEL_VALUES[DistributedDB::S4 + 1]; + static const std::string LABEL_VALUE_S0; + static const std::string LABEL_VALUE_S1; + static const std::string LABEL_VALUE_S2; + static const std::string LABEL_VALUE_S3; + static const std::string LABEL_VALUE_S4; bool IsExits(const std::string &file) const; - bool InPathsBox(const std::string &file, const char * const pathsBox[]) const; - static Sensitive GetDeviceNodeByUuid(const std::string &uuid, + void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, + const AppDistributedKv::DeviceChangeType &type) const override; + AppDistributedKv::ChangeLevelType GetChangeLevelType() const override; + static Sensitive GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, const std::function(void)> &getValue); - DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; - DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; - DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); + bool IsXattrValueValid(const std::string& value) const; + bool SubscribeUserStatus(std::function &observer) const; + int32_t GetCurrentUserStatus() const; + int32_t GetCurrentUserId() const; DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); + DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); + DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; + DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; std::map observers_ {}; - static std::atomic_bool isInitialized_; }; -} +} // namespace OHOS::DistributedKv #endif // OHOS_SECURITY_H diff --git a/services/distributeddataservice/adapter/security/src/security_adapter.cpp b/services/distributeddataservice/adapter/security/src/security_adapter.cpp index 377dc1917..0694c0a91 100755 --- a/services/distributeddataservice/adapter/security/src/security_adapter.cpp +++ b/services/distributeddataservice/adapter/security/src/security_adapter.cpp @@ -32,7 +32,9 @@ private: InstallDevsl::InstallDevsl() { - security_ = std::make_shared("distributeddata", "default", "/data/misc_de/0/mdds/Meta"); + auto ret = DATASL_OnStart(); + ZLOGI("datasl on start ret:%d", ret); + security_ = std::make_shared(); if (security_ == nullptr) { ZLOGD("Security is nullptr."); return; @@ -44,22 +46,25 @@ InstallDevsl::InstallDevsl() InstallDevsl::~InstallDevsl() { + auto ret = DATASL_OnStop(); + ZLOGI("datasl on stop ret:%d", ret); } void InstallDevsl::Initialize() { - return; + if (security_ == nullptr) { + return; + } + auto status = KvStoreUtils::GetProviderInstance().StartWatchDeviceChange(security_.get(), {"security"}); + if (status != AppDistributedKv::Status::SUCCESS) { + ZLOGD("security register device change failed, status:%d", static_cast(status)); + } } __attribute__((used)) InstallDevsl g_installDevsl; } KVSTORE_API void InitSecurityAdapter() { - if (!Security::IsFirstInit()) { - ZLOGD("Security is already inited."); - return; - } - g_installDevsl.Initialize(); ZLOGD("Security init finished!"); } diff --git a/services/distributeddataservice/adapter/security/src/sensitive.cpp b/services/distributeddataservice/adapter/security/src/sensitive.cpp index 1d9e1834f..cf1b53e69 100755 --- a/services/distributeddataservice/adapter/security/src/sensitive.cpp +++ b/services/distributeddataservice/adapter/security/src/sensitive.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,83 +15,67 @@ #include "sensitive.h" #include -#include "iprocess_system_api_adapter.h" +#include #include "log_print.h" +#include "app_types.h" +#include "kvstore_utils.h" #undef LOG_TAG #define LOG_TAG "Sensitive" -namespace OHOS::DistributedKv { -Sensitive::Sensitive(std::string deviceId, uint32_t type) - : deviceId(std::move(deviceId)), securityLevel(0), deviceType(type) +namespace OHOS { +namespace DistributedKv { +Sensitive::Sensitive(std::string deviceId) + : deviceId(std::move(deviceId)), securityLevel(DATA_SEC_LEVEL1) { } -Sensitive::Sensitive(const std::vector &value) - : securityLevel(0), deviceType(0) +Sensitive::Sensitive() + : deviceId(""), securityLevel(DATA_SEC_LEVEL1) { - Unmarshal(value); } -std::vector Sensitive::Marshal() const +uint32_t Sensitive::GetDeviceSecurityLevel() { - return {}; -} - -void Sensitive::Unmarshal(const std::vector &value) -{ -} - -uint32_t Sensitive::GetSensitiveLevel() -{ - return securityLevel; -} - -bool Sensitive::operator >= (const DistributedDB::SecurityOption &option) -{ - return true; + if (securityLevel > DATA_SEC_LEVEL1) { + ZLOGI("the device security level had gotten"); + return securityLevel; + } + return GetSensitiveLevel(deviceId); } -bool Sensitive::LoadData() +bool Sensitive::InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid) { + ZLOGI("udid is [%s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + if (params == nullptr || udid.empty()) { + return false; + } + std::vector vec(udid.begin(), udid.end()); + for (size_t i = 0; i < MAX_UDID_LENGTH && i < vec.size(); i++) { + params->udid[i] = vec[i]; + } + params->udidLen = uint32_t(udid.size()); return true; } -Sensitive::Sensitive(Sensitive &&sensitive) noexcept +uint32_t Sensitive::GetSensitiveLevel(const std::string &udid) { - this->operator=(std::move(sensitive)); -} - -Sensitive &Sensitive::operator=(Sensitive &&sensitive) noexcept -{ - if (this == &sensitive) { - return *this; + DEVSLQueryParams query; + if (!InitDEVSLQueryParams(&query, udid)) { + ZLOGE("init query params failed! udid:[%s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + return DATA_SEC_LEVEL1; } - deviceId = std::move(sensitive.deviceId); - dataBase64 = std::move(sensitive.dataBase64); - securityLevel = sensitive.securityLevel; - deviceType = sensitive.deviceType; - return *this; -} - -Sensitive::Sensitive(const Sensitive &sensitive) -{ - this->operator=(sensitive); -} -Sensitive &Sensitive::operator=(const Sensitive &sensitive) -{ - if (this == &sensitive) { - return *this; + uint32_t level = DATA_SEC_LEVEL1; + int32_t result = DATASL_GetHighestSecLevel(&query, &level); + if (result != DEVSL_SUCCESS) { + ZLOGE("get highest level failed(%.10s)! level: %d, error: %d", + KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + return DATA_SEC_LEVEL1; } - deviceId = sensitive.deviceId; - dataBase64 = sensitive.dataBase64; - securityLevel = sensitive.securityLevel; - deviceType = sensitive.deviceType; - return *this; -} - -uint32_t Sensitive::GetDevslDeviceType() const -{ - return deviceType; -} + securityLevel = level; + ZLOGI("get highest level success(%s)! level: %d, error: %d", + KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + return securityLevel; } +} // namespace DistributedKv +} // namespace OHOS diff --git a/services/distributeddataservice/adapter/security/src/sensitive.h b/services/distributeddataservice/adapter/security/src/sensitive.h index 2aba82b70..f29d96624 100755 --- a/services/distributeddataservice/adapter/security/src/sensitive.h +++ b/services/distributeddataservice/adapter/security/src/sensitive.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,36 +17,26 @@ #define OHOS_SENSITIVE_H #include -#include -#include +#include +#include +#include "visibility.h" +#include "dev_slinfo_mgr.h" -namespace OHOS::DistributedKv { +namespace OHOS { +namespace DistributedKv { class Sensitive final { public: - static constexpr uint32_t MAX_DATA_LEN = 16 * 1024; - Sensitive(std::string deviceId, uint32_t type); - explicit Sensitive(const std::vector &value = {}); - Sensitive(const Sensitive &sensitive); - Sensitive &operator=(const Sensitive &sensitive); - Sensitive(Sensitive &&sensitive) noexcept; - Sensitive &operator=(Sensitive &&sensitive) noexcept; + explicit Sensitive(std::string deviceId); + explicit Sensitive(); ~Sensitive() = default; + uint32_t GetDeviceSecurityLevel(); - std::vector Marshal() const; - void Unmarshal(const std::vector &value); - - bool operator >= (const DistributedDB::SecurityOption &option); - - bool LoadData(); private: - uint32_t GetSensitiveLevel(); - uint32_t GetDevslDeviceType() const; - + uint32_t GetSensitiveLevel(const std::string &udid); + bool InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid); std::string deviceId {}; - std::string dataBase64 {}; uint32_t securityLevel = 0; - uint32_t deviceType = 0; }; -} - -#endif // OHOS_SENSITIVE_H +} // namespace DistributedKv +} // namespace OHOS +#endif // OHOS_SENSITIVE_H \ No newline at end of file diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index b59f3ea40..437e5e684 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -46,6 +46,7 @@ #include "system_ability_definition.h" #include "uninstaller/uninstaller.h" #include "utils/crypto.h" +#include "security_adapter.h" namespace OHOS::DistributedKv { using json = nlohmann::json; @@ -819,6 +820,7 @@ void KvStoreDataService::StartService() Reporter::GetInstance()->ServiceFault()->Report(msg); } Uninstaller::GetInstance().Init(this); + InitSecurityAdapter(); #ifndef UT_TEST // add softbus permission. AddPermission(); diff --git a/services/distributeddataservice/app/src/kvstore_meta_manager.cpp b/services/distributeddataservice/app/src/kvstore_meta_manager.cpp index 046808d08..974416806 100755 --- a/services/distributeddataservice/app/src/kvstore_meta_manager.cpp +++ b/services/distributeddataservice/app/src/kvstore_meta_manager.cpp @@ -21,7 +21,6 @@ #include #include #include -#include "security_adapter.h" #include "hks_api.h" #include "hks_param.h" #include "account_delegate.h" -- Gitee From 938be3eaef36090becafda8760b5688b1bc0cfc3 Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Mon, 14 Feb 2022 22:49:00 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E5=88=86=E5=B8=83=E5=BC=8F=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=94=AF=E6=8C=81=E5=88=86=E7=B1=BB=E5=88=86=E7=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zuojiangjiang --- services/distributeddataservice/adapter/security/BUILD.gn | 1 + .../distributeddataservice/adapter/security/src/security.cpp | 2 +- .../adapter/security/src/security_adapter.cpp | 3 +-- services/distributeddataservice/adapter/utils/BUILD.gn | 3 ++- services/distributeddataservice/app/BUILD.gn | 1 + 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/distributeddataservice/adapter/security/BUILD.gn b/services/distributeddataservice/adapter/security/BUILD.gn index 73902810d..ecdce7d7d 100755 --- a/services/distributeddataservice/adapter/security/BUILD.gn +++ b/services/distributeddataservice/adapter/security/BUILD.gn @@ -41,6 +41,7 @@ ohos_static_library("distributeddata_security_static") { deps = [ "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/libs/distributeddb:distributeddb", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", "//third_party/jsoncpp:jsoncpp", "//utils/native/base:utils", ] diff --git a/services/distributeddataservice/adapter/security/src/security.cpp b/services/distributeddataservice/adapter/security/src/security.cpp index 710fbe4c5..fe4fec64e 100755 --- a/services/distributeddataservice/adapter/security/src/security.cpp +++ b/services/distributeddataservice/adapter/security/src/security.cpp @@ -126,7 +126,7 @@ DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption return GetDirSecurityOption(filePath, option); } else { return GetFileSecurityOption(filePath, option); - } + } } bool Security::CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const diff --git a/services/distributeddataservice/adapter/security/src/security_adapter.cpp b/services/distributeddataservice/adapter/security/src/security_adapter.cpp index 0694c0a91..34beed045 100755 --- a/services/distributeddataservice/adapter/security/src/security_adapter.cpp +++ b/services/distributeddataservice/adapter/security/src/security_adapter.cpp @@ -46,8 +46,7 @@ InstallDevsl::InstallDevsl() InstallDevsl::~InstallDevsl() { - auto ret = DATASL_OnStop(); - ZLOGI("datasl on stop ret:%d", ret); + DATASL_OnStop(); } void InstallDevsl::Initialize() diff --git a/services/distributeddataservice/adapter/utils/BUILD.gn b/services/distributeddataservice/adapter/utils/BUILD.gn index ef6f6d676..459076931 100755 --- a/services/distributeddataservice/adapter/utils/BUILD.gn +++ b/services/distributeddataservice/adapter/utils/BUILD.gn @@ -25,6 +25,7 @@ ohos_static_library("distributeddata_utils_static") { "../include/permission", "../include/utils", "../include/log", + "../include/communicator", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata/include", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/app_distributeddata/include", "//utils/native/base/include", @@ -32,7 +33,7 @@ ohos_static_library("distributeddata_utils_static") { ] ldflags = [ "-Wl,--exclude-libs,ALL" ] deps = [ - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/communicator:distributeddata_communicator_static", "//utils/native/base:utils", ] diff --git a/services/distributeddataservice/app/BUILD.gn b/services/distributeddataservice/app/BUILD.gn index 6e830702a..13ff6fa14 100755 --- a/services/distributeddataservice/app/BUILD.gn +++ b/services/distributeddataservice/app/BUILD.gn @@ -110,6 +110,7 @@ ohos_shared_library("distributeddataservice") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", -- Gitee From 19c8811dd43ba0d4457d6963a26e06804384d472 Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Tue, 15 Feb 2022 08:26:04 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E5=88=86=E5=B8=83=E5=BC=8F=E6=95=B0?= =?UTF-8?q?=E6=8D=AE=E6=94=AF=E6=8C=81=E5=88=86=E7=B1=BB=E5=88=86=E7=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: zuojiangjiang --- services/distributeddataservice/app/test/BUILD.gn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/services/distributeddataservice/app/test/BUILD.gn b/services/distributeddataservice/app/test/BUILD.gn index 5083a0a6f..b69bfacee 100755 --- a/services/distributeddataservice/app/test/BUILD.gn +++ b/services/distributeddataservice/app/test/BUILD.gn @@ -27,6 +27,7 @@ config("module_private_config") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/include", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/include/broadcaster", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/include/utils", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/include/security", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework/include", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/service/bootstrap/include", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/service/config/include", @@ -88,6 +89,7 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", @@ -143,6 +145,7 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", @@ -198,6 +201,7 @@ ohos_unittest("KvStoreDataServiceTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", @@ -254,6 +258,7 @@ ohos_unittest("KvStoreBackupTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", @@ -339,6 +344,7 @@ ohos_unittest("KvStoreSyncManagerTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", @@ -383,6 +389,7 @@ ohos_unittest("KvStoreUninstallerTest") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", + "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/flowctrl_manager:distributeddata_flowctrl_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/app/src/uninstaller:distributeddata_uninstaller_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", -- Gitee