diff --git a/services/distributeddataservice/adapter/BUILD.gn b/services/distributeddataservice/adapter/BUILD.gn index 99ed4c66222d61b122bd140b8afc671413f9bb96..e770a62d1a2182144412ccf7a09b832f41a7bd56 100755 --- a/services/distributeddataservice/adapter/BUILD.gn +++ b/services/distributeddataservice/adapter/BUILD.gn @@ -32,7 +32,6 @@ config("distributeddata_adapter_public_config") { "include/autils", "include/utils", "include", - "include/security", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/app_distributeddata/include", "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata/include/", "//foundation/distributeddatamgr/distributeddatamgr/frameworks/common", @@ -48,7 +47,6 @@ ohos_shared_library("distributeddata_adapter") { "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/autils:distributeddata_autils_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/communicator:distributeddata_communicator_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/dfx:distributeddata_dfx_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/security:distributeddata_security_static", ] external_deps = [ "hiviewdfx_hilog_native:libhilog" ] diff --git a/services/distributeddataservice/adapter/security/BUILD.gn b/services/distributeddataservice/adapter/security/BUILD.gn deleted file mode 100755 index 5b0f6a3a272286cabe598da297913226313bdad3..0000000000000000000000000000000000000000 --- a/services/distributeddataservice/adapter/security/BUILD.gn +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/ohos.gni") - -ohos_static_library("distributeddata_security_static") { - sources = [ - "src/security.cpp", - "src/security_adapter.cpp", - "src/sensitive.cpp", - ] - - cflags_cc = [ "-fvisibility=hidden" ] - - include_dirs = [ - "../include/autils", - "../include/log", - "../include/security", - "../include/communicator", - "//foundation/distributeddatamgr/distributeddatamgr/frameworks/common", - "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/app_distributeddata/include", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework/include", - ] - - deps = [ - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/libs/distributeddb:distributeddb", - "//utils/native/base:utils", - ] - - external_deps = [ - "dsoftbus_standard:softbus_client", - "hiviewdfx_hilog_native:libhilog", - "ipc:ipc_core", - "os_account_standard:libaccountkits", - ] -} diff --git a/services/distributeddataservice/app/BUILD.gn b/services/distributeddataservice/app/BUILD.gn index 09bf27e27605e508f2f3f91c9939dabde4deb125..160bbdcd41b674ec5f9e4db0e94236c4b905b871 100755 --- a/services/distributeddataservice/app/BUILD.gn +++ b/services/distributeddataservice/app/BUILD.gn @@ -53,7 +53,6 @@ config("module_private_config") { "../adapter/include/uninstaller", "../adapter/include/broadcaster", "../adapter/include/utils", - "../adapter/include/security", "../adapter/include", # for ipc_core interfaces. @@ -89,6 +88,9 @@ ohos_shared_library("distributeddataservice") { "src/kvstore_sync_manager.cpp", "src/kvstore_user_manager.cpp", "src/query_helper.cpp", + "src/security/block_integer.cpp", + "src/security/security.cpp", + "src/security/sensitive.cpp", "src/single_kvstore_impl.cpp", ] @@ -124,6 +126,7 @@ ohos_shared_library("distributeddataservice") { "battery_manager_native:batterysrv_client", "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 23da4382b999c3dc8f548d3f9b8169b980bc8a59..bbb73f695f77d48a8f4e18a3d1c7817d29008ce8 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -831,6 +831,7 @@ void KvStoreDataService::StartService() Reporter::GetInstance()->ServiceFault()->Report(msg); } Uninstaller::GetInstance().Init(this); + InitSecurityAdapter(); #ifndef UT_TEST // add softbus permission. AddPermission(); @@ -1127,6 +1128,25 @@ Status KvStoreDataService::GetDeviceList(std::vector &deviceInfoList return Status::SUCCESS; } +void KvStoreDataService::InitSecurityAdapter() +{ + auto ret = DATASL_OnStart(); + ZLOGI("datasl on start ret:%d", ret); + security_ = std::make_shared(); + if (security_ == nullptr) { + ZLOGD("Security is nullptr."); + return; + } + + auto dbStatus = DistributedDB::KvStoreDelegateManager::SetProcessSystemAPIAdapter(security_); + ZLOGD("set distributed db system api adapter: %d.", static_cast(dbStatus)); + + auto status = KvStoreUtils::GetProviderInstance().StartWatchDeviceChange(security_.get(), {"security"}); + if (status != AppDistributedKv::Status::SUCCESS) { + ZLOGD("security register device change failed, status:%d", static_cast(status)); + } +} + Status KvStoreDataService::StartWatchDeviceChange(sptr observer, DeviceFilterStrategy strategy) { diff --git a/services/distributeddataservice/app/src/kvstore_data_service.h b/services/distributeddataservice/app/src/kvstore_data_service.h index 9be5cf34f5a33d07604523775f697b87781cd886..d1230b69755fdbb3db4554f19057ef8f3f36fb36 100755 --- a/services/distributeddataservice/app/src/kvstore_data_service.h +++ b/services/distributeddataservice/app/src/kvstore_data_service.h @@ -30,6 +30,7 @@ #include "account_delegate.h" #include "backup_handler.h" #include "device_change_listener_impl.h" +#include "security/security.h" namespace OHOS::DistributedRdb { class IRdbService; @@ -134,6 +135,8 @@ private: void StartService(); + void InitSecurityAdapter(); + Status DeleteKvStore(const std::string &bundleName, const StoreId &storeId); template @@ -175,6 +178,7 @@ private: std::mutex deviceListenerMutex_; std::shared_ptr deviceListener_; + std::shared_ptr security_; sptr rdbService_; }; diff --git a/services/distributeddataservice/app/src/kvstore_meta_manager.cpp b/services/distributeddataservice/app/src/kvstore_meta_manager.cpp index 9318b9363b3f28189d5a3328a5bfcb029d1b09a3..5cba848d37ed69940e6942f2605ab67e7246169c 100755 --- a/services/distributeddataservice/app/src/kvstore_meta_manager.cpp +++ b/services/distributeddataservice/app/src/kvstore_meta_manager.cpp @@ -21,7 +21,6 @@ #include #include #include -#include "security_adapter.h" #include "hks_api.h" #include "hks_param.h" #include "account_delegate.h" diff --git a/services/distributeddataservice/adapter/include/security/security_adapter.h b/services/distributeddataservice/app/src/security/block_integer.cpp old mode 100755 new mode 100644 similarity index 60% rename from services/distributeddataservice/adapter/include/security/security_adapter.h rename to services/distributeddataservice/app/src/security/block_integer.cpp index 08ab9d4d9f9677cc4a4c6d21f43bc4e1e1cc444d..5c859bb33a0443db034fdbf6b91c3d75ba5ff259 --- a/services/distributeddataservice/adapter/include/security/security_adapter.h +++ b/services/distributeddataservice/app/src/security/block_integer.cpp @@ -1,23 +1,39 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_SECURITY_ADAPTER_H -#define OHOS_SECURITY_ADAPTER_H - -#include "visibility.h" -namespace OHOS::DistributedKv { -KVSTORE_API void InitSecurityAdapter(); -} -#endif // OHOS_SECURITY_ADAPTER_H +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "block_integer.h" +#include + +BlockInteger &BlockInteger::operator++() +{ + value_++; + usleep(interval_); + return *this; +} + +BlockInteger BlockInteger::operator++(int) +{ + BlockInteger temp(interval_); + temp.value_ = value_; + value_++; + usleep(interval_); + return temp; +} + +BlockInteger &BlockInteger::operator=(int value) +{ + value_ = value; + return *this; +} diff --git a/services/distributeddataservice/adapter/security/src/security_adapter.cpp b/services/distributeddataservice/app/src/security/block_integer.h old mode 100755 new mode 100644 similarity index 36% rename from services/distributeddataservice/adapter/security/src/security_adapter.cpp rename to services/distributeddataservice/app/src/security/block_integer.h index 377dc1917c0515cc584019a78c3edbd844c38505..6e152ae9e24d2ceb7fcbdce3add68ff344b231b1 --- a/services/distributeddataservice/adapter/security/src/security_adapter.cpp +++ b/services/distributeddataservice/app/src/security/block_integer.h @@ -1,66 +1,51 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "security_adapter.h" -#include "log_print.h" -#include "security.h" -#undef LOG_TAG -#define LOG_TAG "SecurityAdapter" - -namespace OHOS::DistributedKv { -namespace { -class InstallDevsl { -public: - InstallDevsl(); - ~InstallDevsl(); - void Initialize(); -private: - std::shared_ptr security_ = nullptr; -}; - -InstallDevsl::InstallDevsl() -{ - security_ = std::make_shared("distributeddata", "default", "/data/misc_de/0/mdds/Meta"); - if (security_ == nullptr) { - ZLOGD("Security is nullptr."); - return; - } - - auto status = DistributedDB::KvStoreDelegateManager::SetProcessSystemAPIAdapter(security_); - ZLOGD("set distributed db system api adapter: %d.", static_cast(status)); -} - -InstallDevsl::~InstallDevsl() -{ -} - -void InstallDevsl::Initialize() -{ - return; -} -__attribute__((used)) InstallDevsl g_installDevsl; -} - -KVSTORE_API void InitSecurityAdapter() -{ - if (!Security::IsFirstInit()) { - ZLOGD("Security is already inited."); - return; - } - - g_installDevsl.Initialize(); - ZLOGD("Security init finished!"); -} -} +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_BLOCK_INTEGER_H +#define OHOS_BLOCK_INTEGER_H + +class BlockInteger { +public: + explicit BlockInteger(int interval) + : interval_(interval) + { + }; + BlockInteger(const BlockInteger &integer) = default; + + BlockInteger &operator=(const BlockInteger &integer) = default; + + ~BlockInteger() = default; + + operator int () const + { + return value_; + } + bool operator < (int other) const + { + return value_ < other; + } + + BlockInteger &operator=(int value); + + BlockInteger &operator++(); + + BlockInteger operator++(int); +private: + int interval_ = 0; + int value_ = 0; +}; + + +#endif // OHOS_BLOCK_INTEGER_H diff --git a/services/distributeddataservice/adapter/security/src/security.cpp b/services/distributeddataservice/app/src/security/security.cpp old mode 100755 new mode 100644 similarity index 61% rename from services/distributeddataservice/adapter/security/src/security.cpp rename to services/distributeddataservice/app/src/security/security.cpp index 7ab087ff89f2b3066784a83f41d7e6c8d48e1242..f2832f1a56a811db096a5f90d8958fdae7148f35 --- a/services/distributeddataservice/adapter/security/src/security.cpp +++ b/services/distributeddataservice/app/src/security/security.cpp @@ -1,263 +1,294 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "security.h" - -#include -#include - -#include "communication_provider.h" -#include "constant.h" -#include "log_print.h" -#include "ohos_account_kits.h" -#include "sensitive.h" -#include "utils/block_integer.h" - -#undef LOG_TAG -#define LOG_TAG "SecurityAdapter" -namespace OHOS::DistributedKv { -using namespace DistributedDB; -using BlockInteger = OHOS::DistributedData::BlockInteger; -std::atomic_bool Security::isInitialized_ = true; -const char * const Security::LABEL_VALUES[S4 + 1] = {}; -const char * const Security::DATA_DE[] = { nullptr }; -const char * const Security::DATA_CE[] = { nullptr }; - -Security::Security(const std::string &appId, const std::string &userId, const std::string &dir) -{ - ZLOGD("constructor kvStore_ is %s", dir.c_str()); -} - -Security::~Security() -{ - ZLOGD("destructor kvStore_"); -} - -DBStatus Security::RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) -{ - ZLOGD("add new lock status observer! current size: %d", static_cast(observers_.size())); - if (callback == nullptr) { - return INVALID_ARGS; - } - - if (!IsSupportSecurity()) { - ZLOGI("Not support lock status!"); - return NOT_SUPPORT; - } - - if (observers_.empty()) { - observers_.insert(std::pair(GetCurrentUserId(), callback)); - std::thread th = std::thread([this] { - ZLOGI("Start to subscribe lock status!"); - bool result = false; - std::function observer = [this](int32_t userId, int32_t state) -> int32_t { - auto observer = observers_.find(userId); - if (observer == observers_.end() || observer->second == nullptr) { - return DB_ERROR; - } - observer->second(!(state == UNLOCK || state == NO_PWD)); - return OK; - }; - // retry after 10 second, 10 * 1000 * 1000 mains 1 second - BlockInteger retry(10 * 1000 * 1000); - for (; retry < RETRY_MAX_TIMES && !result; ++retry) { - result = SubscribeUserStatus(observer); - } - - ZLOGI("Subscribe lock status! retry:%d, result: %d", static_cast(retry), result); - }); - th.detach(); - } else { - observers_.insert(std::pair(GetCurrentUserId(), callback)); - } - return OK; -} - -bool Security::IsAccessControlled() const -{ - int curStatus = GetCurrentUserStatus(); - return !(curStatus == UNLOCK || curStatus == NO_PWD); -} - -DBStatus Security::SetSecurityOption(const std::string &filePath, const SecurityOption &option) -{ - if (filePath.empty()) { - return INVALID_ARGS; - } - - if (!InPathsBox(filePath, DATA_DE) && !InPathsBox(filePath, DATA_CE)) { - return NOT_SUPPORT; - } - - struct stat curStat; - stat(filePath.c_str(), &curStat); - if (S_ISDIR(curStat.st_mode)) { - return SetDirSecurityOption(filePath, option); - } else { - return SetFileSecurityOption(filePath, option); - } -} - -DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption &option) const -{ - if (filePath.empty()) { - return INVALID_ARGS; - } - - if (!InPathsBox(filePath, DATA_DE) && !InPathsBox(filePath, DATA_CE)) { - return NOT_SUPPORT; - } - - struct stat curStat; - stat(filePath.c_str(), &curStat); - if (S_ISDIR(curStat.st_mode)) { - return GetDirSecurityOption(filePath, option); - } else { - return GetFileSecurityOption(filePath, option); - } -} - -DBStatus Security::GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const -{ - return NOT_SUPPORT; -} - -DBStatus Security::GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const -{ - return NOT_SUPPORT; -} - -DBStatus Security::SetDirSecurityOption(const std::string &filePath, const SecurityOption &option) -{ - return NOT_SUPPORT; -} - -DBStatus Security::SetFileSecurityOption(const std::string &filePath, const SecurityOption &option) -{ - if (option.securityLabel == NOT_SET) { - return OK; - } - return NOT_SUPPORT; -} - -bool Security::CheckDeviceSecurityAbility(const std::string &devId, const SecurityOption &option) const -{ - ZLOGD("The kv store is null, label:%d", option.securityLabel); - return GetDeviceNodeByUuid(devId, nullptr) >= option; -} - -int32_t Security::GetCurrentUserId() const -{ - std::int32_t uid = getuid(); - return AccountSA::OhosAccountKits::GetInstance().GetDeviceAccountIdByUID(uid); -} - -int32_t Security::GetCurrentUserStatus() const -{ - if (!IsSupportSecurity()) { - return NO_PWD; - } - return NO_PWD; -} - -bool Security::SubscribeUserStatus(std::function &observer) const -{ - return false; -} - -const char *Security::Convert2Name(const SecurityOption &option, bool isCE) -{ - if (option.securityLabel <= NOT_SET || option.securityLabel > S4) { - return nullptr; - } - - return nullptr; -} - -int Security::Convert2Security(const std::string &name) -{ - return NOT_SET; -} - -bool Security::IsSupportSecurity() -{ - return false; -} - -bool Security::IsFirstInit() -{ - return isInitialized_.exchange(false); -} - -bool Security::IsExits(const std::string &file) const -{ - return access(file.c_str(), F_OK) == 0; -} - -bool Security::InPathsBox(const std::string &file, const char * const pathsBox[]) const -{ - auto curPath = pathsBox; - if (curPath == nullptr) { - return false; - } - while ((*curPath) != nullptr) { - if (file.find(*curPath) == 0) { - return true; - } - curPath++; - } - return false; -} - -Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, - const std::function(void)> &getValue) -{ - static std::mutex mutex; - static std::map devicesUdid; - std::lock_guard guard(mutex); - auto it = devicesUdid.find(uuid); - if (devicesUdid.find(uuid) != devicesUdid.end()) { - return it->second; - } - - auto &network = AppDistributedKv::CommunicationProvider::GetInstance(); - auto devices = network.GetRemoteNodesBasicInfo(); - devices.push_back(network.GetLocalBasicInfo()); - for (auto &device : devices) { - auto deviceUuid = network.GetUuidByNodeId(device.deviceId); - ZLOGD("GetDeviceNodeByUuid(%.10s) peer device is %.10s", uuid.c_str(), deviceUuid.c_str()); - if (uuid != deviceUuid) { - continue; - } - - Sensitive sensitive(network.GetUdidByNodeId(device.deviceId), 0); - if (getValue == nullptr) { - devicesUdid.insert({uuid, std::move(sensitive)}); - return devicesUdid[uuid]; - } - - auto value = getValue(); - sensitive.Unmarshal(value); - if (!value.empty()) { - devicesUdid.insert({uuid, std::move(sensitive)}); - return devicesUdid[uuid]; - } - - return sensitive; - } - - return Sensitive(); -} -} +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "security.h" +#include +#include +#include +#include +#include "constant.h" +#include "log_print.h" +#include "block_integer.h" +#include "communication_provider.h" +#include "dev_slinfo_mgr.h" +#include "security_label.h" + +#undef LOG_TAG +#define LOG_TAG "Security" +namespace OHOS::DistributedKv { +namespace { + const std::string SECURITY_VALUE_XATTR_PARRERN = "s([01234])"; + const std::string EMPTY_STRING = ""; +} +using namespace DistributedDB; +const std::string Security::LABEL_VALUES[S4 + 1] = { + "", "s0", "s1", "s2", "s3", "s4" +}; + +Security::Security() +{ + ZLOGD("construct kvStore_"); +} + +Security::~Security() +{ + ZLOGD("destructor kvStore_"); +} + +DBStatus Security::RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) +{ + ZLOGD("add new lock status observer! current size: %d", static_cast(observers_.size())); + if (callback == nullptr) { + return INVALID_ARGS; + } + + if (!IsSupportSecurity()) { + ZLOGI("Not support lock status!"); + return NOT_SUPPORT; + } + + if (observers_.empty()) { + observers_.insert(std::pair(GetCurrentUserId(), callback)); + std::thread th = std::thread([this] { + ZLOGI("Start to subscribe lock status!"); + bool result = false; + std::function observer = [this](int32_t userId, int32_t state) -> int32_t { + auto observer = observers_.find(userId); + if (observer == observers_.end() || observer->second == nullptr) { + return DB_ERROR; + } + observer->second(!(state == UNLOCK || state == NO_PWD)); + return OK; + }; + // retry after 10 second, 10 * 1000 * 1000 mains 1 second + BlockInteger retry(10 * 1000 * 1000); + for (; retry < RETRY_MAX_TIMES && !result; ++retry) { + result = SubscribeUserStatus(observer); + } + + ZLOGI("Subscribe lock status! retry:%d, result: %d", static_cast(retry), result); + }); + th.detach(); + } else { + observers_.insert(std::pair(GetCurrentUserId(), callback)); + } + return OK; +} + +bool Security::IsAccessControlled() const +{ + auto curStatus = GetCurrentUserStatus(); + return !(curStatus == UNLOCK || curStatus == NO_PWD); +} + +DBStatus Security::SetSecurityOption(const std::string &filePath, const SecurityOption &option) +{ + if (filePath.empty()) { + return INVALID_ARGS; + } + + struct stat curStat; + stat(filePath.c_str(), &curStat); + if (S_ISDIR(curStat.st_mode)) { + ZLOGI("the filePath is a directory!"); + return INVALID_ARGS; + } + + return SetFileSecurityOption(filePath, option); +} + +DBStatus Security::GetSecurityOption(const std::string &filePath, SecurityOption &option) const +{ + if (filePath.empty()) { + return INVALID_ARGS; + } + + struct stat curStat; + stat(filePath.c_str(), &curStat); + if (S_ISDIR(curStat.st_mode)) { + ZLOGI("the filePath is a directory!"); + return INVALID_ARGS; + } + + return GetFileSecurityOption(filePath, option); +} + +bool Security::CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const +{ + ZLOGD("The kvstore security level: label:%d", option.securityLabel); + Sensitive sensitive = GetDeviceNodeByUuid(deviceId, true, nullptr); + return (sensitive >= option); +} + +int Security::Convert2Security(const std::string &name) +{ + for (int i = 0; i <= S4; i++) { + if (name == LABEL_VALUES[i]) { + return i; + } + } + return NOT_SET; +} + +const std::string Security::Convert2Name(const SecurityOption &option) +{ + if (option.securityLabel <= NOT_SET || option.securityLabel > S4) { + return EMPTY_STRING; + } + + return LABEL_VALUES[option.securityLabel]; +} + +bool Security::IsXattrValueValid(const std::string& value) const +{ + if (value.empty()) { + ZLOGD("value is empty"); + return false; + } + + return std::regex_match(value, std::regex(SECURITY_VALUE_XATTR_PARRERN)); +} + +bool Security::IsSupportSecurity() +{ + return false; +} + +void Security::OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, + const AppDistributedKv::DeviceChangeType &type) const +{ + if (info.deviceId.empty()) { + ZLOGD("deviceId is empty"); + return; + } + + bool isOnline = type == AppDistributedKv::DeviceChangeType::DEVICE_ONLINE ? true : false; + Sensitive sensitive = GetDeviceNodeByUuid(info.deviceId, isOnline, nullptr); + if (isOnline) { + auto secuiryLevel = sensitive.GetDeviceSecurityLevel(); + ZLOGI("device is online, secuiry Level:%d", secuiryLevel); + } +} + +bool Security::IsExits(const std::string &file) const +{ + return access(file.c_str(), F_OK) == 0; +} + +Sensitive Security::GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, + const std::function(void)> &getValue) +{ + static std::mutex mutex; + static std::map devicesUdid; + std::lock_guard guard(mutex); + auto it = devicesUdid.find(uuid); + if (!isOnline) { + if (it != devicesUdid.end()) { + devicesUdid.erase(uuid); + } + return Sensitive(); + } + if (it != devicesUdid.end()) { + return it->second; + } + + auto &network = AppDistributedKv::CommunicationProvider::GetInstance(); + auto devices = network.GetRemoteNodesBasicInfo(); + devices.push_back(network.GetLocalBasicInfo()); + for (auto &device : devices) { + auto deviceUuid = network.GetUuidByNodeId(device.deviceId); + ZLOGD("GetDeviceNodeByUuid(%.10s) peer device is %.10s", uuid.c_str(), deviceUuid.c_str()); + if (uuid != deviceUuid) { + continue; + } + + Sensitive sensitive(network.GetUdidByNodeId(device.deviceId)); + if (getValue == nullptr) { + devicesUdid.insert(std::pair(uuid, std::move(sensitive))); + return devicesUdid[uuid]; + } + + auto value = getValue(); + ZLOGI("getValue is not nullptr!"); + return sensitive; + } + + return Sensitive(); +} + +bool Security::SubscribeUserStatus(std::function &observer) const +{ + return false; +} + +int32_t Security::GetCurrentUserStatus() const +{ + if (!IsSupportSecurity()) { + return NO_PWD; + } + return NO_PWD; +} + +int32_t Security::GetCurrentUserId() const +{ + return 0; +} + +DBStatus Security::SetFileSecurityOption(const std::string &filePath, const SecurityOption &option) +{ + ZLOGI("set security option %d", option.securityLabel); + if (!IsExits(filePath)) { + return INVALID_ARGS; + } + if (option.securityLabel == NOT_SET) { + return OK; + } + auto dataLevel = Convert2Name(option); + if (dataLevel.empty()) { + ZLOGE("Invalid label args! label:%d, flag:%d path:%s", + option.securityLabel, option.securityFlag, filePath.c_str()); + return INVALID_ARGS; + } + + bool result = FileIO::SecurityLabel::SetSecurityLabel(filePath, dataLevel); + if (!result) { + ZLOGE("set security label failed!, result:%d, datalevel:%s", result, dataLevel.c_str()); + return DB_ERROR; + } + + return OK; +} + +DBStatus Security::GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const +{ + if (!IsExits(filePath)) { + option = {NOT_SET, ECE}; + return OK; + } + + std::string value = FileIO::SecurityLabel::GetSecurityLabel(filePath); + if (!IsXattrValueValid(value)) { + option = {NOT_SET, ECE}; + return OK; + } + ZLOGI("get security option %s", value.c_str()); + if (value == "s3") { + option = { Convert2Security(value), SECE}; + } else { + option = { Convert2Security(value), ECE }; + } + return OK; +} +} diff --git a/services/distributeddataservice/adapter/security/src/security.h b/services/distributeddataservice/app/src/security/security.h similarity index 67% rename from services/distributeddataservice/adapter/security/src/security.h rename to services/distributeddataservice/app/src/security/security.h index 074192551de330d861359d98857d48ae155c9c0b..8a07b059cbbb16e6c681c4d7421e5f70ddac1cb5 100644 --- a/services/distributeddataservice/adapter/security/src/security.h +++ b/services/distributeddataservice/app/src/security/security.h @@ -1,89 +1,82 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_SECURITY_H -#define OHOS_SECURITY_H - -#include -#include -#include -#include -#include "iprocess_system_api_adapter.h" -#include "kv_store_delegate_manager.h" -#include "visibility.h" -#include "sensitive.h" - -namespace OHOS::DistributedKv { -class Security - : public DistributedDB::IProcessSystemApiAdapter, public std::enable_shared_from_this { -public: - using DBStatus = DistributedDB::DBStatus; - using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent; - using SecurityOption = DistributedDB::SecurityOption; - Security(const std::string &appId, const std::string &userId, const std::string &dir); - ~Security() override; - - static bool IsFirstInit(); - static bool IsSupportSecurity(); - - DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override; - - // Check is the access of this device in locked state - bool IsAccessControlled() const override; - - // Set the SecurityOption to the targe filepath. - // If the filePath is a directory, All the files and directories in the filePath should be effective. - DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override; - - // Get the SecurityOption of the targe filepath. - DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override; - - // Check if the target device can save the data at the give sensitive class. - bool CheckDeviceSecurityAbility(const std::string &devId, const SecurityOption &option) const override; - - static const char *Convert2Name(const SecurityOption &option, bool isCE); - static int Convert2Security(const std::string &name); -private: - enum { - NO_PWD = -1, - UNLOCK, - LOCKED, - UNINITIALIZED, - }; - - // the key is security_chain/{deviceId} - static const char * const LABEL_VALUES[DistributedDB::S4 + 1]; - static const char * const DATA_DE[]; // = "/data/misc_de/", "/data/user_de/"; - static const char * const DATA_CE[]; - static constexpr int LABEL_VALUE_LEN = 10; - static constexpr int RETRY_MAX_TIMES = 10; - int32_t GetCurrentUserId() const; - int32_t GetCurrentUserStatus() const; - bool SubscribeUserStatus(std::function &observer) const; - bool IsExits(const std::string &file) const; - bool InPathsBox(const std::string &file, const char * const pathsBox[]) const; - static Sensitive GetDeviceNodeByUuid(const std::string &uuid, - const std::function(void)> &getValue); - DBStatus GetDirSecurityOption(const std::string &filePath, SecurityOption &option) const; - DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; - DBStatus SetDirSecurityOption(const std::string &filePath, const SecurityOption &option); - DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); - - std::map observers_ {}; - static std::atomic_bool isInitialized_; -}; -} - -#endif // OHOS_SECURITY_H +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_SECURITY_H +#define OHOS_SECURITY_H + +#include +#include +#include +#include "iprocess_system_api_adapter.h" +#include "kv_store_delegate_manager.h" +#include "app_device_status_change_listener.h" +#include "visibility.h" +#include "sensitive.h" + +namespace OHOS::DistributedKv { +class Security + : public DistributedDB::IProcessSystemApiAdapter, + public AppDistributedKv::AppDeviceStatusChangeListener { +public: + using DBStatus = DistributedDB::DBStatus; + using OnAccessControlledEvent = DistributedDB::OnAccessControlledEvent; + using SecurityOption = DistributedDB::SecurityOption; + Security(); + ~Security() override; + static bool IsSupportSecurity(); + + DBStatus RegOnAccessControlledEvent(const OnAccessControlledEvent &callback) override; + + // Check is the access of this device in locked state + bool IsAccessControlled() const override; + + // Set the SecurityOption to the targe filepath. + // If the filePath is a directory, the function would not effective. + DBStatus SetSecurityOption(const std::string &filePath, const SecurityOption &option) override; + + // Get the SecurityOption of the targe filepath. + DBStatus GetSecurityOption(const std::string &filePath, SecurityOption &option) const override; + + // Check if the target device can save the data at the give sensitive class. + bool CheckDeviceSecurityAbility(const std::string &deviceId, const SecurityOption &option) const override; + +private: + enum { + NO_PWD = -1, + UNLOCK, + LOCKED, + UNINITIALIZED, + }; + static constexpr int RETRY_MAX_TIMES = 10; + static const std::string LABEL_VALUES[DistributedDB::S4 + 1]; + static const std::string Convert2Name(const SecurityOption &option); + static int Convert2Security(const std::string &name); + bool IsExits(const std::string &file) const; + void OnDeviceChanged(const AppDistributedKv::DeviceInfo &info, + const AppDistributedKv::DeviceChangeType &type) const override; + static Sensitive GetDeviceNodeByUuid(const std::string &uuid, bool isOnline, + const std::function(void)> &getValue); + bool IsXattrValueValid(const std::string& value) const; + bool SubscribeUserStatus(std::function &observer) const; + int32_t GetCurrentUserStatus() const; + int32_t GetCurrentUserId() const; + DBStatus SetFileSecurityOption(const std::string &filePath, const SecurityOption &option); + DBStatus GetFileSecurityOption(const std::string &filePath, SecurityOption &option) const; + + std::map observers_ {}; +}; +} // namespace OHOS::DistributedKv + +#endif // OHOS_SECURITY_H diff --git a/services/distributeddataservice/adapter/security/src/sensitive.cpp b/services/distributeddataservice/app/src/security/sensitive.cpp old mode 100755 new mode 100644 similarity index 40% rename from services/distributeddataservice/adapter/security/src/sensitive.cpp rename to services/distributeddataservice/app/src/security/sensitive.cpp index 1d9e1834f24282797f6c239444eba156170bcc6c..f272acdad3505acbd1c9c4861e35c87e106605dc --- a/services/distributeddataservice/adapter/security/src/sensitive.cpp +++ b/services/distributeddataservice/app/src/security/sensitive.cpp @@ -1,97 +1,125 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sensitive.h" -#include -#include "iprocess_system_api_adapter.h" -#include "log_print.h" -#undef LOG_TAG -#define LOG_TAG "Sensitive" - -namespace OHOS::DistributedKv { -Sensitive::Sensitive(std::string deviceId, uint32_t type) - : deviceId(std::move(deviceId)), securityLevel(0), deviceType(type) -{ -} - -Sensitive::Sensitive(const std::vector &value) - : securityLevel(0), deviceType(0) -{ - Unmarshal(value); -} - -std::vector Sensitive::Marshal() const -{ - return {}; -} - -void Sensitive::Unmarshal(const std::vector &value) -{ -} - -uint32_t Sensitive::GetSensitiveLevel() -{ - return securityLevel; -} - -bool Sensitive::operator >= (const DistributedDB::SecurityOption &option) -{ - return true; -} - -bool Sensitive::LoadData() -{ - return true; -} - -Sensitive::Sensitive(Sensitive &&sensitive) noexcept -{ - this->operator=(std::move(sensitive)); -} - -Sensitive &Sensitive::operator=(Sensitive &&sensitive) noexcept -{ - if (this == &sensitive) { - return *this; - } - deviceId = std::move(sensitive.deviceId); - dataBase64 = std::move(sensitive.dataBase64); - securityLevel = sensitive.securityLevel; - deviceType = sensitive.deviceType; - return *this; -} - -Sensitive::Sensitive(const Sensitive &sensitive) -{ - this->operator=(sensitive); -} - -Sensitive &Sensitive::operator=(const Sensitive &sensitive) -{ - if (this == &sensitive) { - return *this; - } - deviceId = sensitive.deviceId; - dataBase64 = sensitive.dataBase64; - securityLevel = sensitive.securityLevel; - deviceType = sensitive.deviceType; - return *this; -} - -uint32_t Sensitive::GetDevslDeviceType() const -{ - return deviceType; -} -} +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sensitive.h" +#include +#include +#include "log_print.h" +#include "app_types.h" +#include "kvstore_utils.h" +#undef LOG_TAG +#define LOG_TAG "Sensitive" + +namespace OHOS { +namespace DistributedKv { +Sensitive::Sensitive(std::string deviceId) + : deviceId(std::move(deviceId)), securityLevel(DATA_SEC_LEVEL1) +{ +} + +Sensitive::Sensitive() + : deviceId(""), securityLevel(DATA_SEC_LEVEL1) +{ +} + +uint32_t Sensitive::GetDeviceSecurityLevel() +{ + if (securityLevel > DATA_SEC_LEVEL1) { + ZLOGI("the device security level had gotten"); + return securityLevel; + } + return GetSensitiveLevel(deviceId); +} + +bool Sensitive::InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid) +{ + ZLOGI("udid is [%s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + if (params == nullptr || udid.empty()) { + return false; + } + std::vector vec(udid.begin(), udid.end()); + for (size_t i = 0; i < MAX_UDID_LENGTH && i < vec.size(); i++) { + params->udid[i] = vec[i]; + } + params->udidLen = uint32_t(udid.size()); + return true; +} + +bool Sensitive::operator >= (const DistributedDB::SecurityOption &option) +{ + if (option.securityLabel == DistributedDB::NOT_SET) { + return true; + } + + uint32_t level = securityLevel; + if (level <= DATA_SEC_LEVEL1) { + ZLOGI("the device security level hadn't gotten"); + level = GetSensitiveLevel(deviceId); + } + return (level >= static_cast(option.securityLabel - 1)); +} + +Sensitive::Sensitive(const Sensitive &sensitive) +{ + this->operator=(sensitive); +} + +Sensitive &Sensitive::operator=(const Sensitive &sensitive) +{ + if (this == &sensitive) { + return *this; + } + deviceId = sensitive.deviceId; + securityLevel = sensitive.securityLevel; + return *this; +} + +Sensitive::Sensitive(Sensitive &&sensitive) noexcept +{ + this->operator=(std::move(sensitive)); +} + +Sensitive &Sensitive::operator=(Sensitive &&sensitive) noexcept +{ + if (this == &sensitive) { + return *this; + } + deviceId = std::move(sensitive.deviceId); + securityLevel = sensitive.securityLevel; + return *this; +} + +uint32_t Sensitive::GetSensitiveLevel(const std::string &udid) +{ + DEVSLQueryParams query; + if (!InitDEVSLQueryParams(&query, udid)) { + ZLOGE("init query params failed! udid:[%s]", KvStoreUtils::ToBeAnonymous(udid).c_str()); + return DATA_SEC_LEVEL1; + } + + uint32_t level = DATA_SEC_LEVEL1; + int32_t result = DATASL_GetHighestSecLevel(&query, &level); + if (result != DEVSL_SUCCESS) { + ZLOGE("get highest level failed(%.10s)! level: %d, error: %d", + KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + return DATA_SEC_LEVEL1; + } + securityLevel = level; + ZLOGI("get highest level success(%s)! level: %d, error: %d", + KvStoreUtils::ToBeAnonymous(udid).c_str(), securityLevel, result); + return securityLevel; +} +} // namespace DistributedKv +} // namespace OHOS diff --git a/services/distributeddataservice/adapter/security/src/sensitive.h b/services/distributeddataservice/app/src/security/sensitive.h old mode 100755 new mode 100644 similarity index 61% rename from services/distributeddataservice/adapter/security/src/sensitive.h rename to services/distributeddataservice/app/src/security/sensitive.h index 2aba82b705a169bd82c30a05b0e44a02478f6fcf..250ad76120f89d2ed7e9299586510d09cd0c8ede --- a/services/distributeddataservice/adapter/security/src/sensitive.h +++ b/services/distributeddataservice/app/src/security/sensitive.h @@ -1,52 +1,47 @@ -/* - * Copyright (c) 2021 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef OHOS_SENSITIVE_H -#define OHOS_SENSITIVE_H - -#include -#include -#include - -namespace OHOS::DistributedKv { -class Sensitive final { -public: - static constexpr uint32_t MAX_DATA_LEN = 16 * 1024; - Sensitive(std::string deviceId, uint32_t type); - explicit Sensitive(const std::vector &value = {}); - Sensitive(const Sensitive &sensitive); - Sensitive &operator=(const Sensitive &sensitive); - Sensitive(Sensitive &&sensitive) noexcept; - Sensitive &operator=(Sensitive &&sensitive) noexcept; - ~Sensitive() = default; - - std::vector Marshal() const; - void Unmarshal(const std::vector &value); - - bool operator >= (const DistributedDB::SecurityOption &option); - - bool LoadData(); -private: - uint32_t GetSensitiveLevel(); - uint32_t GetDevslDeviceType() const; - - std::string deviceId {}; - std::string dataBase64 {}; - uint32_t securityLevel = 0; - uint32_t deviceType = 0; -}; -} - -#endif // OHOS_SENSITIVE_H +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OHOS_SENSITIVE_H +#define OHOS_SENSITIVE_H + +#include +#include "visibility.h" +#include "iprocess_system_api_adapter.h" +#include "dev_slinfo_mgr.h" + +namespace OHOS { +namespace DistributedKv { +class Sensitive final { +public: + explicit Sensitive(std::string deviceId); + explicit Sensitive(); + Sensitive(const Sensitive &sensitive); + Sensitive &operator=(const Sensitive &sensitive); + Sensitive(Sensitive &&sensitive) noexcept; + Sensitive &operator=(Sensitive &&sensitive) noexcept; + ~Sensitive() = default; + + bool operator >= (const DistributedDB::SecurityOption &option); + uint32_t GetDeviceSecurityLevel(); + +private: + uint32_t GetSensitiveLevel(const std::string &udid); + bool InitDEVSLQueryParams(DEVSLQueryParams *params, const std::string &udid); + std::string deviceId {}; + uint32_t securityLevel = 0; +}; +} // namespace DistributedKv +} // namespace OHOS +#endif // OHOS_SENSITIVE_H \ No newline at end of file diff --git a/services/distributeddataservice/app/src/uninstaller/BUILD.gn b/services/distributeddataservice/app/src/uninstaller/BUILD.gn index ca0b860852d6076c21b87bd2f25860943aff1d99..3532513ca0fd974e3c7b1b0c64c1903d06eadc8a 100755 --- a/services/distributeddataservice/app/src/uninstaller/BUILD.gn +++ b/services/distributeddataservice/app/src/uninstaller/BUILD.gn @@ -44,6 +44,7 @@ ohos_static_library("distributeddata_uninstaller_static") { # "ces:libcommonevent", "ability_base:want", "ces_standard:cesfwk_innerkits", + "dataclassification:data_transit_mgr", "dmsfwk_standard:zuri", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", diff --git a/services/distributeddataservice/app/test/BUILD.gn b/services/distributeddataservice/app/test/BUILD.gn index 5083a0a6f34c804d3d57fdc49f3eae8b4ee4decd..bda7015e00b143ac4100433cc8fb50def330ab7a 100755 --- a/services/distributeddataservice/app/test/BUILD.gn +++ b/services/distributeddataservice/app/test/BUILD.gn @@ -35,6 +35,7 @@ config("module_private_config") { "//utils/system/safwk/native/include", "../include", "../src", + "../src/security", "unittest", "../src/uninstaller", "../src/flowctrl_manager", @@ -64,6 +65,9 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", "unittest/kvstore_impl_logical_isolation_test.cpp", ] @@ -72,6 +76,7 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -119,6 +124,9 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", "unittest/kvstore_impl_physical_isolation_test.cpp", ] @@ -127,6 +135,7 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -174,6 +183,9 @@ ohos_unittest("KvStoreDataServiceTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", "unittest/kvstore_data_service_test.cpp", ] @@ -182,6 +194,7 @@ ohos_unittest("KvStoreDataServiceTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -229,6 +242,9 @@ ohos_unittest("KvStoreBackupTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", "unittest/kvstore_backup_test.cpp", ] @@ -238,6 +254,7 @@ ohos_unittest("KvStoreBackupTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -275,6 +292,7 @@ ohos_unittest("KvStoreFlowCtrlManagerTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -316,6 +334,9 @@ ohos_unittest("KvStoreSyncManagerTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", ] @@ -323,6 +344,7 @@ ohos_unittest("KvStoreSyncManagerTest") { external_deps = [ "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -370,6 +392,9 @@ ohos_unittest("KvStoreUninstallerTest") { "../src/kvstore_sync_manager.cpp", "../src/kvstore_user_manager.cpp", "../src/query_helper.cpp", + "../src/security/block_integer.cpp", + "../src/security/security.cpp", + "../src/security/sensitive.cpp", "../src/single_kvstore_impl.cpp", "unittest/uninstaller_test.cpp", ] @@ -396,6 +421,7 @@ ohos_unittest("KvStoreUninstallerTest") { "ability_base:base", "ability_runtime:intent", "battery_manager_native:batterysrv_client", + "dataclassification:data_transit_mgr", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core",