diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 5d7edbdd276b5e20ac3d56381cf20ae85e844fd1..0e40297fcb6661a1121ec2931d97e5cf7b70317e 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -251,7 +251,7 @@ std::shared_ptr ProcessCommunicatorImpl::GetExtendHeaderHand return {}; } -DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength) +DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(DataHeadInfo dataHeadInfo, uint32_t &headLength) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -262,16 +262,16 @@ DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->ParseHeadDataLen(data, totalLen, headLength); + auto ret = handler->ParseHeadDataLen(dataHeadInfo.data, dataHeadInfo.totalLen, headLength, dataHeadInfo.device); if (!ret) { - ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u", totalLen, headLength); + ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u, device:%{public}s", + dataHeadInfo.totalLen, headLength, Anonymous::Change(dataHeadInfo.device).c_str()); return DBStatus::INVALID_FORMAT; } return DBStatus::OK; } -DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - std::vector &userInfos) +DBStatus ProcessCommunicatorImpl::GetDataUserInfo(DataUserInfo dataUserInfo, std::vector &userInfos) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -282,9 +282,11 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); + auto ret = handler->ParseHeadDataUser(dataUserInfo.data, dataUserInfo.totalLen, dataUserInfo.label, userInfos); if (!ret) { - ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", totalLen, Anonymous::Change(label).c_str()); + ZLOGE("illegal head format, dataLen:%{public}u, label:%{public}s, device:%{public}s", + dataUserInfo.totalLen, Anonymous::Change(dataUserInfo.label).c_str(), + Anonymous::Change(dataUserInfo.device).c_str()); return DBStatus::INVALID_FORMAT; } if (userInfos.empty()) { diff --git a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp index f5c4cc30cc37bfaf066e57ce6dbbd0408689a40a..b2ed968d488f8dd4dd0a4c995f90b9a9a8818689 100644 --- a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp +++ b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp @@ -35,7 +35,8 @@ using OnSendAble = DistributedDB::OnSendAble; using DeviceInfos = DistributedDB::DeviceInfos; using DeviceInfoo = OHOS::AppDistributedKv::DeviceInfo; using UserInfo = DistributedDB::UserInfo; - +using DataHeadInfo = DistributedDB::DataHeadInfo; +using DataUserInfo = DistributedDB::DataUserInfo; namespace OHOS::AppDistributedKv { class MockCommunicationProvider : public CommunicationProvider { public: @@ -91,7 +92,7 @@ public: namespace OHOS::DistributedData { class ConcreteRouteHeadHandler : public RouteHeadHandler { public: - bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) + bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) { if (totalLen == 0) { return true; @@ -403,20 +404,20 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataHeadInfo, TestSize.Level0) ASSERT_NE(communicator_, nullptr); uint8_t data[] = {0x10, 0x20, 0x30, 0x40, 0x50}; uint8_t *ptr = data; - uint32_t totalLen = 1; uint32_t headLength = 1; + DataHeadInfo dataHeadInfo { ptr, 1, "" }; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + auto status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> std::shared_ptr { return std::make_shared(); }; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); - totalLen = 0; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + dataHeadInfo.totalLen = 0; + status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::OK); } @@ -432,31 +433,21 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataUserInfo, TestSize.Level0) ASSERT_NE(communicator_, nullptr); uint8_t data[] = {0x10, 0x20, 0x30, 0x40, 0x50}; uint8_t *ptr = data; - uint32_t totalLen = 1; - std::string label = "GetDataUserInfoTest"; + DataUserInfo dataUserInfo { ptr, 1, "GetDataUserInfoTest", "" }; std::vector userInfos; UserInfo user1{"GetDataUserInfo01"}; UserInfo user2{"GetDataUserInfo02"}; UserInfo user3{"GetDataUserInfo03"}; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + auto status = communicator_->GetDataUserInfo(dataUserInfo, userInfos); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> std::shared_ptr { return std::make_shared(); }; - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + status = communicator_->GetDataUserInfo(dataUserInfo, userInfos); EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); - totalLen = 0; - EXPECT_EQ(userInfos.empty(), true); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); - EXPECT_EQ(status, DistributedDB::NO_PERMISSION); - userInfos.push_back(user1); - userInfos.push_back(user2); - userInfos.push_back(user3); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); - EXPECT_EQ(status, DistributedDB::OK); } /** diff --git a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h index 41df2779ca613a79431125ec807a3954320a9ba6..86eccf8e9e07bb2b40928a946796a14cdf901319 100644 --- a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h +++ b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h @@ -36,6 +36,8 @@ public: using UserInfo = DistributedDB::UserInfo; using RouteHeadHandlerCreator = std::function(const DistributedDB::ExtendInfo &info)>; + using DataHeadInfo = DistributedDB::DataHeadInfo; + using DataUserInfo = DistributedDB::DataUserInfo; API_EXPORT static ProcessCommunicatorImpl *GetInstance(); API_EXPORT void SetRouteHeadHandlerCreator(RouteHeadHandlerCreator handlerCreator); @@ -62,9 +64,8 @@ public: API_EXPORT std::shared_ptr GetExtendHeaderHandle( const DistributedDB::ExtendInfo &info) override; - API_EXPORT DBStatus GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength) override; - API_EXPORT DBStatus GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - std::vector &userInfos) override; + API_EXPORT DBStatus GetDataHeadInfo(DataHeadInfo dataHeadInfo, uint32_t &headLength) override; + API_EXPORT DBStatus GetDataUserInfo(DataUserInfo dataUserInfo, std::vector &userInfos) override; Status ReuseConnect(const DeviceId &deviceId); diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index 47596818d46374ad76acf0cdc8b2ac703e2d5d3d..c379ac097c610dd196454a285ed1b8464788015a 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -26,7 +26,8 @@ public: using DBStatus = DistributedDB::DBStatus; using UserInfo = DistributedDB::UserInfo; - virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) = 0; + virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) = 0; }; diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 673af00a581e8c7af5f46ef04ef0a5cb54d7bf40..0a3fc46a528ee656510fab1c41f09100fbdfe7f4 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -352,6 +352,7 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); Bootstrap::GetInstance().LoadDeviceSyncAppWhiteLists(); + Bootstrap::GetInstance().LoadSyncTrustedApp(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index bcce7f808625bd1fcd5cd7eebc24680adedb523f..24b103e3947d1839662cac5122f997e19e5605ea 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -19,6 +19,8 @@ #include #include "account/account_delegate.h" #include "auth_delegate.h" +#include "access_check/app_access_check_config_manager.h" +#include "app_id_mapping/app_id_mapping_config_manager.h" #include "device_manager_adapter.h" #include "kvstore_meta_manager.h" #include "log_print.h" @@ -58,21 +60,17 @@ RouteHeadHandlerImpl::RouteHeadHandlerImpl(const ExtendInfo &info) void RouteHeadHandlerImpl::Init() { ZLOGD("begin"); - if (deviceId_.empty()) { + if (deviceId_.empty() || !DmAdapter::GetInstance().IsOHOSType(deviceId_)) { return; } if (userId_ != DEFAULT_USERID) { - if (!DmAdapter::GetInstance().IsOHOSType(deviceId_)) { + StoreMetaData metaData; + metaData.deviceId = deviceId_; + metaData.user = DEFAULT_USERID; + metaData.bundleName = appId_; + metaData.storeId = storeId_; + if (MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData)) { userId_ = DEFAULT_USERID; - } else { - StoreMetaData metaData; - metaData.deviceId = deviceId_; - metaData.user = DEFAULT_USERID; - metaData.bundleName = appId_; - metaData.storeId = storeId_; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData)) { - userId_ = DEFAULT_USERID; - } } } SessionPoint localPoint { DmAdapter::GetInstance().GetLocalDevice().uuid, @@ -92,10 +90,16 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGI("meta data permitted"); return DistributedDB::OK; } - auto devInfo = DmAdapter::GetInstance().GetDeviceInfo(session_.targetDeviceId); - if (devInfo.osType != OH_OS_TYPE) { + if(!DmAdapter::GetInstance().IsOHOSType(session_.targetDeviceId)) { ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); + if (appId_.empty()) { + return DistributedDB::DB_ERROR; + } + if (!AppAccessCheckConfigManager::GetInstance().IsTrust( + AppIdMappingConfigManager::GetInstance().Convert(appId_))) { + return DistributedDB::DB_ERROR; + } return DistributedDB::OK; } bool flag = false; @@ -249,12 +253,17 @@ bool RouteHeadHandlerImpl::PackAccountId(uint8_t **data, const uint8_t *end) return true; } -bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) +bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) { if (data == nullptr) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); return false; } + if (!DmAdapter::GetInstance().IsOHOSType(device)) { + ZLOGI("other type device received. device:%{public}s", Anonymous::Change(device).c_str()); + return true; + } RouteHead head = { 0 }; auto ret = UnPackDataHead(data, totalLen, head); headSize = ret ? sizeof(RouteHead) + head.dataLen : 0; diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index bd3ff4261929bb97747f397b2aa94ad51f5f82b5..7751b0fb1241042fe63e858ca8a5d7145088a960 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -71,7 +71,8 @@ public: explicit RouteHeadHandlerImpl(const ExtendInfo &info); DBStatus GetHeadDataSize(uint32_t &headSize) override; DBStatus FillHeadData(uint8_t *data, uint32_t headSize, uint32_t totalLen) override; - bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) override; + bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) override; bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) override; diff --git a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp index 9b0706a085d31196a3179fcb24baca45cf6c1789..a6452ce4d287c3a8e7d7132d49dcadf0df1ce108 100644 --- a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp +++ b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp @@ -329,10 +329,9 @@ HWTEST_F(SessionManagerTest, PackAndUnPack01, TestSize.Level2) std::vector users; auto recvHandler = RouteHeadHandlerImpl::Create({}); ASSERT_NE(recvHandler, nullptr); - uint32_t parseSize = 1; - auto res = recvHandler->ParseHeadDataLen(nullptr, routeHeadSize, parseSize); - EXPECT_EQ(res, false); - recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize); + uint32_t parseSize = 0; + std::string device = ""; + recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize, device); EXPECT_EQ(routeHeadSize, parseSize); recvHandler->ParseHeadDataUser(data.get(), routeHeadSize, "", users); ASSERT_EQ(users.size(), 0); @@ -366,7 +365,7 @@ HWTEST_F(SessionManagerTest, GetHeadDataSize_Test2, TestSize.Level1) uint32_t headSize = 0; routeHeadHandlerImpl.appId_ = "otherAppId"; auto status = routeHeadHandlerImpl.GetHeadDataSize(headSize); - EXPECT_EQ(status, DistributedDB::OK); + EXPECT_EQ(status, DistributedDB::DB_ERROR); EXPECT_EQ(headSize, 0); } /** diff --git a/services/distributeddataservice/framework/BUILD.gn b/services/distributeddataservice/framework/BUILD.gn index 53b402127441eb41b1d812b7e95b8a5586ad9466..368fe24439b24aa9ddf3b8ebc6cfa79c98de19a5 100644 --- a/services/distributeddataservice/framework/BUILD.gn +++ b/services/distributeddataservice/framework/BUILD.gn @@ -49,6 +49,7 @@ ohos_shared_library("distributeddatasvcfwk") { } sources = [ "account/account_delegate.cpp", + "access_check/app_access_check_config_manager.cpp", "app_id_mapping/app_id_mapping_config_manager.cpp", "backuprule/backup_rule_manager.cpp", "changeevent/remote_change_event.cpp", diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp new file mode 100644 index 0000000000000000000000000000000000000000..7d5b5f9ddf597da3d320023f32d64e1a5626f19b --- /dev/null +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "AppAccessCheckConfigManager" +#include "access_check/app_access_check_config_manager.h" +#include "log_print.h" +#include "utils/anonymous.h" + +namespace OHOS::DistributedData { +AppAccessCheckConfigManager &AppAccessCheckConfigManager::GetInstance() +{ + static AppAccessCheckConfigManager instance; + return instance; +} + +void AppAccessCheckConfigManager::Initialize(const std::vector &mapper) +{ + for (const auto &info : mapper) { + appMapper_.insert_or_assign(info.bundleName, info.appId); + } +} + +bool AppAccessCheckConfigManager::IsTrust(const std::string &appId) +{ + auto it = appMapper_.find(appId); + if (it != appMapper_.end() && (it->second == appId)) { + return true; + } + ZLOGE("check access failed, appId:%{public}s", Anonymous::Change(appId).c_str()); + return false; +} + +} // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp b/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp index 3d03d5246261b7ba873aa408d3454edf801dd335..2f903bbbb9dd6e678df63b11835c3fb87a4990fd 100644 --- a/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp +++ b/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp @@ -40,4 +40,13 @@ std::pair AppIdMappingConfigManager::Convert(const std return std::make_pair(it->second, "default"); } + +std::string AppIdMappingConfigManager::Convert(const std::string &appId) +{ + auto it = toDstMapper_.find(appId); + if (it == toDstMapper_.end()) { + return appId; + } + return it->second; +} } // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h new file mode 100644 index 0000000000000000000000000000000000000000..fecf73150eccf327675e4296af8b63d101a88878 --- /dev/null +++ b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#include +#include +#include +#include "visibility.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfigManager { +public: + struct AppMappingInfo { + std::string appId; + std::string bundleName; + }; + API_EXPORT static AppAccessCheckConfigManager &GetInstance(); + API_EXPORT void Initialize(const std::vector &mapper); + API_EXPORT bool IsTrust(const std::string &appId); + +private: + std::map appMapper_; +}; + +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h b/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h index 9799f9af673fa969a71d9d01cf57b249b6b09592..2133bcb0d4361929e587f715f5e9c2a240c911ff 100644 --- a/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h +++ b/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h @@ -30,7 +30,7 @@ public: API_EXPORT void Initialize(const std::vector &mapper); API_EXPORT std::pair Convert(const std::string &appId, const std::string &accountId); - + API_EXPORT std::string Convert(const std::string &appId); private: std::map toDstMapper_; }; diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index 186217fc5fb7e8dd38ceb7f1754060fe66ce8a24..eaf7672446ef568faff65715ef6c64451097de04 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -34,6 +34,7 @@ public: API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); API_EXPORT void LoadDeviceSyncAppWhiteLists(); + API_EXPORT void LoadSyncTrustedApp(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; static constexpr const char *DEFAULT_META = "service_meta"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index 41f1b755fa94b4690ca7bf5869cf52b1e5148331..791b392a99c71c1d47848c84d6b7c44109013f0f 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -17,6 +17,7 @@ #include +#include "access_check/app_access_check_config_manager.h" #include "app_id_mapping/app_id_mapping_config_manager.h" #include "backup_manager.h" #include "backuprule/backup_rule_manager.h" @@ -200,10 +201,23 @@ void Bootstrap::LoadDeviceSyncAppWhiteLists() return; } std::vector infos; - for (auto &info : deviceSyncAppWhiteLists->whiteLists) { + for (const auto &info : deviceSyncAppWhiteLists->whiteLists) { infos.push_back({ info.appId, info.bundleName, info.version }); } DeviceSyncAppManager::GetInstance().Initialize(infos); } + +void Bootstrap::LoadSyncTrustedApp() +{ + auto *config = ConfigFactory::GetInstance().GetSyncAppsConfig(); + if (config == nullptr) { + return; + } + std::vector infos; + for (const auto &info : config->trusts) { + infos.push_back({ info.bundleName, info.appId }); + } + AppAccessCheckConfigManager::GetInstance().Initialize(infos); +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index b5d6368020292f8baef84a9fa95b80bfbe859348..cccd96958e3a2162f63ff534b39e7e79b7873fbd 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -24,6 +24,7 @@ ohos_source_set("distributeddata_config") { } sources = [ "src/config_factory.cpp", + "src/model/app_access_check_config.cpp", "src/model/app_id_mapping_config.cpp", "src/model/backup_config.cpp", "src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index a5e9dbe089defb8ad393b6afcf842ab2bfa300df..87fcb7e693fefc00a13d6a381dc446471cba8ab8 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -35,6 +35,7 @@ public: API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT DataShareConfig *GetDataShareConfig(); API_EXPORT DeviceSyncAppWhiteListConfig *GetDeviceSyncAppWhiteListConfig(); + API_EXPORT AppAccessCheckConfig *GetSyncAppsConfig(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/app_access_check_config.h b/services/distributeddataservice/service/config/include/model/app_access_check_config.h new file mode 100644 index 0000000000000000000000000000000000000000..5c3876f95cc030e61bc130dc8ba87a3ab48c83e4 --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/app_access_check_config.h @@ -0,0 +1,35 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H + +#include "serializable/serializable.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfig final : public Serializable { +public: + struct TrustApp final : public Serializable { + std::string bundleName = ""; + std::string appId = ""; + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + }; + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + std::vector trusts; +}; +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 751b91f2ee74cd9f0298290ca187ff00af2322ca..4d7a9e531c067edd42a59e07e66385f3e07afc4c 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -15,6 +15,7 @@ #ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H #define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H +#include "model/app_access_check_config.h" #include "model/app_id_mapping_config.h" #include "model/backup_config.h" #include "model/checker_config.h" @@ -44,6 +45,7 @@ public: ThreadConfig *thread = nullptr; DataShareConfig *dataShare = nullptr; DeviceSyncAppWhiteListConfig *deviceSyncAppWhiteList = nullptr; + AppAccessCheckConfig *syncAppList = nullptr; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 781e3b55b4a100a2802d70587f8ec501a71c5c74..0f91cb6aaad97d053323787ce4f517d6ffff764e 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -101,5 +101,10 @@ DeviceSyncAppWhiteListConfig *ConfigFactory::GetDeviceSyncAppWhiteListConfig() { return config_.deviceSyncAppWhiteList; } + +AppAccessCheckConfig *ConfigFactory::GetSyncAppsConfig() +{ + return config_.syncAppList; +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp new file mode 100644 index 0000000000000000000000000000000000000000..41b658f967725423dfc05005fcbec68fb4a39b86 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "model/app_access_check_config.h" +namespace OHOS { +namespace DistributedData { +bool AppAccessCheckConfig::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(trusts)], trusts); + return true; +} + +bool AppAccessCheckConfig::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(trusts), trusts); + return true; +} + +bool AppAccessCheckConfig::TrustApp::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(bundleName)], bundleName); + SetValue(node[GET_NAME(appId)], appId); + return true; +} + +bool AppAccessCheckConfig::TrustApp::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(bundleName), bundleName); + GetValue(node, GET_NAME(appId), appId); + return true; +} + +} // namespace DistributedData +} // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index 1956f82187097f3203048e0c3cd7c5759bc45f7c..1bf2e35a670499ba08a1a5eec01ce26a4e26973d 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -32,6 +32,7 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(thread)], thread); SetValue(node[GET_NAME(dataShare)], dataShare); SetValue(node[GET_NAME(deviceSyncAppWhiteList)], deviceSyncAppWhiteList); + SetValue(node[GET_NAME(syncAppList)], syncAppList); return true; } @@ -51,6 +52,7 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(thread), thread); GetValue(node, GET_NAME(dataShare), dataShare); GetValue(node, GET_NAME(deviceSyncAppWhiteList), deviceSyncAppWhiteList); + GetValue(node, GET_NAME(syncAppList), syncAppList); return true; } @@ -65,6 +67,7 @@ GlobalConfig::~GlobalConfig() delete appIdMapping; delete thread; delete deviceSyncAppWhiteList; + delete syncAppList; } } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 320db40c8e4213538be38e0985695fdbdfbcfc64..f76965451bf328bfd835be7706c169da18a5f590 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -63,9 +63,6 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { return std::make_pair(false, false); } - if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { - return std::make_pair(true, false); - } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { return std::make_pair(true, true); diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp index f04980ccc167301f48916a6a907e72f745330e5e..149598d07b69eb839c8da582646b3b304120779a 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp @@ -801,10 +801,9 @@ bool KVDBServiceImpl::CompareTripleIdentifier(const std::string &accountId, cons { std::vector accountIds { accountId, "ohosAnonymousUid", "default" }; for (auto &id : accountIds) { - auto convertedIds = - AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId, storeMeta.user); + auto appId = AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); const std::string &tempTripleIdentifier = - DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, convertedIds.first, + DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, storeMeta.storeId, false); if (tempTripleIdentifier == identifier) { ZLOGI("find triple identifier,storeId:%{public}s,id:%{public}s", diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index e9d0d0a84bfb23523fe8678f0c72907a5725c0f8..4f7f096831fd6a3215645826e0f9dcaf8405987b 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -1590,6 +1590,7 @@ ohos_unittest("BootStrapMockTest") { module_out_path = module_output_path sources = [ "${data_service_path}/service/bootstrap/src/bootstrap.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp b/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp index 1d6c08d7ef1b9c0b9fd7abd2a7b0923bcf752818..5b1b206b2f9f1dc1e3ca75860bcf775a9ee73658 100644 --- a/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp +++ b/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp @@ -91,7 +91,7 @@ HWTEST_F(AuthDelegateMockTest, CheckAccess001, testing::ext::TestSize.Level0) EXPECT_CALL(*userDelegateMock, GetRemoteUserStatus(_)).WillOnce(Return(peerUsers)); EXPECT_CALL(*devMgrAdapterMock, IsOHOSType(_)).WillOnce(Return(false)); auto result = authHandler->CheckAccess(localUserId, peerUserId, peerDevId, aclParams); - EXPECT_TRUE(result.first); + EXPECT_FALSE(result.first); } /** diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn index 87efa4b39748655714529db3064e91d4c3811773..aaf2b9f9d7108d8af3b27386ab18380d4fe746f8 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn @@ -64,6 +64,7 @@ ohos_fuzztest("KvdbServiceStubFuzzTest") { "${data_service_path}/service/bootstrap/src/bootstrap.cpp", "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn index e3d93e45b12bc78a313eddf3fe9dc341d70375f3..83047a36e138b64b62977652a7ddd30a7f46904a 100755 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn @@ -63,6 +63,7 @@ ohos_fuzztest("ObjectServiceStubFuzzTest") { "${data_service_path}/service/common/common_types_utils.cpp", "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp",