From 234fb02b1f8387f2c338ec5115e2a31131c4d68e Mon Sep 17 00:00:00 2001 From: yangliu Date: Fri, 11 Apr 2025 15:51:33 +0800 Subject: [PATCH 01/31] check sync access Signed-off-by: yangliu --- .../service/config/include/config_factory.h | 1 + .../service/config/include/model/global_config.h | 1 + .../service/config/src/config_factory.cpp | 5 +++++ .../distributeddataservice/service/kvdb/BUILD.gn | 1 + .../service/kvdb/auth_delegate.cpp | 13 ++++++++++++- 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index b9cbebe7d..319ee5be8 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -34,6 +34,7 @@ public: API_EXPORT std::vector *GetAppIdMappingConfig(); API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT std::vector GetDataShareExtNames(); + API_EXPORT std::vector GetHOSAppList(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 1b048b46e..63fbf580e 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -41,6 +41,7 @@ public: std::vector *appIdMapping = nullptr; ThreadConfig *thread = nullptr; std::vector dataShareExtNames; + std::vector hosAppList; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 5936484a9..9e9cc02ea 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -96,5 +96,10 @@ std::vector ConfigFactory::GetDataShareExtNames() { return config_.dataShareExtNames; } + +std::vector ConfigFactory::GetHOSAppList() +{ + return config_.hosAppList; +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/kvdb/BUILD.gn b/services/distributeddataservice/service/kvdb/BUILD.gn index 874dc361c..0818b0730 100644 --- a/services/distributeddataservice/service/kvdb/BUILD.gn +++ b/services/distributeddataservice/service/kvdb/BUILD.gn @@ -31,6 +31,7 @@ ohos_source_set("distributeddata_kvdb") { "${data_service_path}/framework/include", "${data_service_path}/framework/include/dfx", "${data_service_path}/service/bootstrap/include", + "${data_service_path}/service/config/include", "${data_service_path}/service/crypto/include", "${data_service_path}/service/kvdb", "${data_service_path}/service/permission/include", diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 320db40c8..7d2c475a2 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -34,6 +34,7 @@ private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); bool IsSystemUser(int localUserId, int peerUserId); + bool CheckAppAccess(const std::string &bundleName); static constexpr pid_t UID_CAPACITY = 10000; static constexpr int SYSTEM_USER = 0; }; @@ -64,7 +65,11 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser return std::make_pair(false, false); } if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { - return std::make_pair(true, false); + if (DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { + return std::make_pair(true, false); + } + auto isPermitted = CheckAppAccess(aclParams.accCaller.bundleName); + return std::make_pair(isPermitted, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { @@ -97,6 +102,12 @@ bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t return false; } +bool AuthHandlerStub::CheckAppAccess(const std::string &bundleName) +{ + auto appList = ConfigFactory::GetInstance().GetHOSAppList(); + return (std::find(appList.begin(), appList.end(), bundleName) != appList.end()); +} + AuthHandler *AuthDelegate::GetInstance() { // change auth way in the future -- Gitee From 88e8cdfb6cda1eb000d431c30b3b291e5ae75d37 Mon Sep 17 00:00:00 2001 From: yangliu Date: Fri, 11 Apr 2025 18:54:36 +0800 Subject: [PATCH 02/31] check sync access Signed-off-by: yangliu --- conf/config.json | 3 +- .../app/src/kvstore_data_service.cpp | 1 + .../src/session_manager/session_manager.cpp | 16 ++++--- .../app/src/session_manager/session_manager.h | 4 +- .../distributeddataservice/framework/BUILD.gn | 1 + .../app_access_check_config_manager.cpp | 44 +++++++++++++++++++ .../app_access_check_config_manager.h | 39 ++++++++++++++++ .../service/bootstrap/include/bootstrap.h | 1 + .../service/bootstrap/src/bootstrap.cpp | 14 ++++++ .../service/config/BUILD.gn | 1 + .../service/config/include/config_factory.h | 2 +- .../include/model/app_access_check_config.h | 30 +++++++++++++ .../config/include/model/global_config.h | 3 +- .../service/config/src/config_factory.cpp | 2 +- .../src/model/app_access_check_config.cpp | 32 ++++++++++++++ .../config/src/model/global_config.cpp | 3 ++ .../service/kvdb/auth_delegate.cpp | 15 +++---- .../service/kvdb/auth_delegate.h | 2 +- 18 files changed, 190 insertions(+), 23 deletions(-) create mode 100644 services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp create mode 100644 services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h create mode 100644 services/distributeddataservice/service/config/include/model/app_access_check_config.h create mode 100644 services/distributeddataservice/service/config/src/model/app_access_check_config.cpp diff --git a/conf/config.json b/conf/config.json index d03630732..ab704c3ec 100644 --- a/conf/config.json +++ b/conf/config.json @@ -87,5 +87,6 @@ "backupInternal" : 36000, "backupNumber" : 20 }, - "dataShareExtNames": [] + "dataShareExtNames": [], + "hosAppList": [] } \ No newline at end of file diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 2c26686d8..2973178cc 100755 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -349,6 +349,7 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadBackup(executors_); Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); + Bootstrap::GetInstance().LoadAppAccess(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 4b5d6eaae..a3652c4c6 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -53,8 +53,9 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string session.targetUserIds.push_back(UserDelegate::SYSTEM_USER); } + std::string appId = ""; AclParams aclParams; - if (!GetSendAuthParams(local, targetDeviceId, aclParams)) { + if (!GetSendAuthParams(local, targetDeviceId, aclParams, appId)) { ZLOGE("get send auth params failed:%{public}s", Anonymous::Change(targetDeviceId).c_str()); return session; } @@ -63,7 +64,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string for (const auto &user : users) { aclParams.accCallee.userId = user.id; auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, user.id, - targetDeviceId, aclParams); + targetDeviceId, aclParams, appId); ZLOGD("targetDeviceId:%{public}s, user.id:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", Anonymous::Change(targetDeviceId).c_str(), user.id, isPermitted, isSameAccount); if (isPermitted) { @@ -82,7 +83,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string } bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams) const + AclParams &aclParams, std::string &appId) const { std::vector metaData; if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ local.deviceId }), metaData)) { @@ -99,6 +100,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; + appId = storeMeta.appId; return true; } } @@ -109,7 +111,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str } bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, int32_t peerUser) const + AclParams &aclParams, int32_t peerUser, std::string &appId) const { std::vector metaData; if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { @@ -129,6 +131,7 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::str aclParams.accCallee.userId = peerUser; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; + appId = storeMeta.appId; return true; } } @@ -140,13 +143,14 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::str bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint &peer) const { + std::string appId = ""; AclParams aclParams; - if (!GetRecvAuthParams(local, peer.deviceId, aclParams, peer.userId)) { + if (!GetRecvAuthParams(local, peer.deviceId, aclParams, peer.userId, appId)) { ZLOGE("get recv auth params failed:%{public}s", Anonymous::Change(peer.deviceId).c_str()); return false; } auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, - peer.userId, peer.deviceId, aclParams); + peer.userId, peer.deviceId, aclParams, appId); ZLOGD("peer.deviceId:%{public}s, peer.userId:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", Anonymous::Change(peer.deviceId).c_str(), peer.userId, isPermitted, isSameAccount); if (isPermitted && local.userId != UserDelegate::SYSTEM_USER) { diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index ca83970bc..9b7159b72 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -54,9 +54,9 @@ public: bool CheckSession(const SessionPoint &local, const SessionPoint &peer) const; private: bool GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams) const; + AclParams &aclParams, std::string &appId) const; bool GetRecvAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, int peerUser) const; + AclParams &aclParams, int peerUser, std::string &appId) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/framework/BUILD.gn b/services/distributeddataservice/framework/BUILD.gn index 344f08426..6067a4642 100644 --- a/services/distributeddataservice/framework/BUILD.gn +++ b/services/distributeddataservice/framework/BUILD.gn @@ -52,6 +52,7 @@ ohos_shared_library("distributeddatasvcfwk") { } sources = [ "account/account_delegate.cpp", + "access_check/app_access_check_config_manager.cpp", "app_id_mapping/app_id_mapping_config_manager.cpp", "backuprule/backup_rule_manager.cpp", "changeevent/remote_change_event.cpp", diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp new file mode 100644 index 000000000..2e3ac9754 --- /dev/null +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "AppAccessCheckConfigManager" +#include "access_check/app_access_check_config_manager.h" +#include "log_print.h" + +namespace OHOS::DistributedData { +AppAccessCheckConfigManager &AppAccessCheckConfigManager::GetInstance() +{ + static AppAccessCheckConfigManager instance; + return instance; +} + +void AppAccessCheckConfigManager::Initialize(const std::vector &mapper) +{ + for (const auto &info : mapper) { + appMapper_.insert_or_assign(info.bundleName, info.appId); + } +} + +bool AppAccessCheckConfigManager::CheckAppAccess(const std::string &bundleName, const std::string &appId) +{ + auto it = appMapper_.find(bundleName); + if (it != appMapper_.end() && (it->second == appId)) { + return true; + } + ZLOGE("check access failed, bundleName:%{public}s, appId:%{public}s", bundleName.c_str(), appId.c_str()); + return false; +} + +} // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h new file mode 100644 index 000000000..8edf9ad08 --- /dev/null +++ b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#include +#include +#include +#include "visibility.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfigManager { +public: + struct AppMappingInfo { + std::string appId; + std::string bundleName; + }; + API_EXPORT static AppAccessCheckConfigManager &GetInstance(); + API_EXPORT void Initialize(const std::vector &mapper); + API_EXPORT bool CheckAppAccess(const std::string &bundleName, const std::string &appId); + +private: + std::map appMapper_; +}; + +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index 785eadae2..01c2402fa 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -33,6 +33,7 @@ public: API_EXPORT void LoadBackup(std::shared_ptr executors); API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); + API_EXPORT void LoadAppAccess(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; static constexpr const char *DEFAULT_META = "service_meta"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index 107ca6a66..1213f67da 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -17,6 +17,7 @@ #include +#include "access_check/app_access_check_config_manager.h" #include "app_id_mapping/app_id_mapping_config_manager.h" #include "backup_manager.h" #include "backuprule/backup_rule_manager.h" @@ -191,5 +192,18 @@ void Bootstrap::LoadThread() } ThreadManager::GetInstance().Initialize(config->minThreadNum, config->maxThreadNum, config->ipcThreadNum); } + +void Bootstrap::LoadAppAccess() +{ + auto *appList = ConfigFactory::GetInstance().GetHOSAppListConfig(); + if (appList == nullptr) { + return; + } + std::vector infos; + for (auto &info : *appList) { + infos.push_back({ info.bundleName, info.appId }); + } + AppAccessCheckConfigManager::GetInstance().Initialize(infos); +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index a2ea71cf4..00d8331fb 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -24,6 +24,7 @@ ohos_source_set("distributeddata_config") { } sources = [ "src/config_factory.cpp", + "src/model/app_access_check_config.cpp", "src/model/app_id_mapping_config.cpp", "src/model/backup_config.cpp", "src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index 319ee5be8..9cbffdea7 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -34,7 +34,7 @@ public: API_EXPORT std::vector *GetAppIdMappingConfig(); API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT std::vector GetDataShareExtNames(); - API_EXPORT std::vector GetHOSAppList(); + API_EXPORT std::vector *GetHOSAppListConfig(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/app_access_check_config.h b/services/distributeddataservice/service/config/include/model/app_access_check_config.h new file mode 100644 index 000000000..03052c392 --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/app_access_check_config.h @@ -0,0 +1,30 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H + +#include "serializable/serializable.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfig final : public Serializable { +public: + std::string bundleName = ""; + std::string appId = ""; + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; +}; +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 63fbf580e..bd309faa5 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -15,6 +15,7 @@ #ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H #define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H +#include "model/app_access_check_config.h" #include "model/app_id_mapping_config.h" #include "model/backup_config.h" #include "model/checker_config.h" @@ -41,7 +42,7 @@ public: std::vector *appIdMapping = nullptr; ThreadConfig *thread = nullptr; std::vector dataShareExtNames; - std::vector hosAppList; + std::vector *hosAppList; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 9e9cc02ea..0c9620fb2 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -97,7 +97,7 @@ std::vector ConfigFactory::GetDataShareExtNames() return config_.dataShareExtNames; } -std::vector ConfigFactory::GetHOSAppList() +std::vector ConfigFactory::GetHOSAppListConfig() { return config_.hosAppList; } diff --git a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp new file mode 100644 index 000000000..1568b54a2 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "model/app_access_check_config.h" +namespace OHOS { +namespace DistributedData { +bool AppAccessCheckConfig::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(bundleName)], bundleName); + SetValue(node[GET_NAME(appId)], appId); + return true; +} +bool AppAccessCheckConfig::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(bundleName), bundleName); + GetValue(node, GET_NAME(appId), appId); + return true; +} +} // namespace DistributedData +} // namespace OHOS diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index e5c4d2f67..b9916249a 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -31,6 +31,7 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(appIdMapping)], appIdMapping); SetValue(node[GET_NAME(thread)], thread); SetValue(node[GET_NAME(dataShareExtNames)], dataShareExtNames); + SetValue(node[GET_NAME(hosAppList)], hosAppList); return true; } @@ -49,6 +50,7 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(appIdMapping), appIdMapping); GetValue(node, GET_NAME(thread), thread); GetValue(node, GET_NAME(dataShareExtNames), dataShareExtNames); + GetValue(node, GET_NAME(hosAppList), hosAppList); return true; } @@ -62,6 +64,7 @@ GlobalConfig::~GlobalConfig() delete cloud; delete appIdMapping; delete thread; + delete hosAppList; } } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 7d2c475a2..220702085 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -16,6 +16,7 @@ #define LOG_TAG "AuthHandler" #include "auth_delegate.h" +#include "access_check/app_access_check_config_manager.h" #include "checker/checker_manager.h" #include "device_manager_adapter.h" #include "log_print.h" @@ -29,12 +30,11 @@ class AuthHandlerStub : public AuthHandler { public: // override for mock auth in current version, need remove in the future std::pair CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) override; + const AclParams &aclParams, const std::string &appId) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); bool IsSystemUser(int localUserId, int peerUserId); - bool CheckAppAccess(const std::string &bundleName); static constexpr pid_t UID_CAPACITY = 10000; static constexpr int SYSTEM_USER = 0; }; @@ -56,7 +56,7 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str } std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) + const AclParams &aclParams, const std::string &appId) { if (IsSystemUser(localUserId, peerUserId)) { return std::make_pair(true, false); @@ -68,7 +68,8 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { return std::make_pair(true, false); } - auto isPermitted = CheckAppAccess(aclParams.accCaller.bundleName); + auto isPermitted = AppAccessCheckConfigManager::GetInstance().CheckAppAccess( + aclParams.accCaller.bundleName, appId); return std::make_pair(isPermitted, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { @@ -102,12 +103,6 @@ bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t return false; } -bool AuthHandlerStub::CheckAppAccess(const std::string &bundleName) -{ - auto appList = ConfigFactory::GetInstance().GetHOSAppList(); - return (std::find(appList.begin(), appList.end(), bundleName) != appList.end()); -} - AuthHandler *AuthDelegate::GetInstance() { // change auth way in the future diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 199b7e745..4d2e66b0b 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,7 +34,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual std::pair CheckAccess(int localUserId, int peerUserId, - const std::string &peerDeviceId, const AclParams &aclParams); + const std::string &peerDeviceId, const AclParams &aclParams, const std::string &appId); }; class AuthDelegate { -- Gitee From 8f115a5b6584133e439751371d23c093f8b6aef3 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 14 Apr 2025 18:17:19 +0800 Subject: [PATCH 03/31] modify Signed-off-by: yangliu --- conf/config.json | 3 +- .../app/src/checker/bundle_checker.cpp | 9 ++++ .../app/src/checker/bundle_checker.h | 2 +- .../app/src/checker/system_checker.cpp | 5 +++ .../app/src/checker/system_checker.h | 2 +- .../app/src/kvstore_data_service.cpp | 1 - .../route_head_handler_impl.cpp | 26 +++++++++++ .../session_manager/route_head_handler_impl.h | 1 + .../src/session_manager/session_manager.cpp | 18 +++----- .../app/src/session_manager/session_manager.h | 4 +- .../distributeddataservice/framework/BUILD.gn | 1 - .../app_access_check_config_manager.cpp | 44 ------------------- .../app_access_check_config_manager.h | 39 ---------------- .../include/checker/checker_manager.h | 2 + .../service/bootstrap/include/bootstrap.h | 1 - .../service/bootstrap/src/bootstrap.cpp | 14 ------ .../service/config/BUILD.gn | 1 - .../service/config/include/config_factory.h | 2 +- .../include/model/app_access_check_config.h | 30 ------------- .../config/include/model/global_config.h | 2 - .../service/config/src/config_factory.cpp | 5 --- .../src/model/app_access_check_config.cpp | 32 -------------- .../config/src/model/global_config.cpp | 3 -- .../service/kvdb/BUILD.gn | 1 - .../service/kvdb/auth_delegate.cpp | 10 +---- .../service/kvdb/auth_delegate.h | 2 +- 26 files changed, 59 insertions(+), 201 deletions(-) delete mode 100644 services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp delete mode 100644 services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h delete mode 100644 services/distributeddataservice/service/config/include/model/app_access_check_config.h delete mode 100644 services/distributeddataservice/service/config/src/model/app_access_check_config.cpp diff --git a/conf/config.json b/conf/config.json index ab704c3ec..d03630732 100644 --- a/conf/config.json +++ b/conf/config.json @@ -87,6 +87,5 @@ "backupInternal" : 36000, "backupNumber" : 20 }, - "dataShareExtNames": [], - "hosAppList": [] + "dataShareExtNames": [] } \ No newline at end of file diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.cpp b/services/distributeddataservice/app/src/checker/bundle_checker.cpp index 674e09d59..42ebca56a 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.cpp +++ b/services/distributeddataservice/app/src/checker/bundle_checker.cpp @@ -104,6 +104,15 @@ std::string BundleChecker::GetAppId(const CheckerManager::StoreInfo &info) return Crypto::Sha256(appId); } +bool BundleChecker::IsTrust(const std::string &bundleName, const std::string &appId) +{ + auto it = trusts_.find(bundleName); + if (it != trusts_.end() && (it->second == appId)) { + return true; + } + return false; +} + bool BundleChecker::IsValid(const CheckerManager::StoreInfo &info) { if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) { diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.h b/services/distributeddataservice/app/src/checker/bundle_checker.h index 1eba18e54..1e270423b 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.h +++ b/services/distributeddataservice/app/src/checker/bundle_checker.h @@ -36,7 +36,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - + bool IsTrust(const std::string &bundleName, const std::string &appId) override; private: static BundleChecker instance_; std::map trusts_; diff --git a/services/distributeddataservice/app/src/checker/system_checker.cpp b/services/distributeddataservice/app/src/checker/system_checker.cpp index babd1b307..a5aadd12c 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.cpp +++ b/services/distributeddataservice/app/src/checker/system_checker.cpp @@ -62,6 +62,11 @@ std::string SystemChecker::GetAppId(const CheckerManager::StoreInfo &info) return appId; } +bool SystemChecker::IsTrust(const std::string &bundleName, const std::string &appId) +{ + return false; +} + bool SystemChecker::IsValid(const CheckerManager::StoreInfo &info) { auto type = AccessTokenKit::GetTokenTypeFlag(info.tokenId); diff --git a/services/distributeddataservice/app/src/checker/system_checker.h b/services/distributeddataservice/app/src/checker/system_checker.h index ffe2de982..3f632ac03 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.h +++ b/services/distributeddataservice/app/src/checker/system_checker.h @@ -37,7 +37,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - + bool IsTrust(const std::string &bundleName, const std::string &appId) override; private: std::map trusts_; std::map distrusts_; diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 2973178cc..2c26686d8 100755 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -349,7 +349,6 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadBackup(executors_); Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); - Bootstrap::GetInstance().LoadAppAccess(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index f52cde722..94eb3ae59 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -19,6 +19,7 @@ #include #include "account/account_delegate.h" #include "auth_delegate.h" +#include "checker/checker_manager.h" #include "device_manager_adapter.h" #include "kvstore_meta_manager.h" #include "log_print.h" @@ -95,6 +96,12 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize if (devInfo.osType != OH_OS_TYPE) { ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); + StoreMetaData metaData; + GetStoreMeta("", metaData); + if (!CheckerManager::GetInstance().GetAppId(metaData.bundleName, metaData.appId)) { + ZLOGW("check access failed, bundleName:%{public}s", metaData.bundleName.c_str()); + return DistributedDB::DB_ERROR; + } return DistributedDB::OK; } bool flag = false; @@ -263,6 +270,13 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total userInfos.emplace_back(userInfo); return true; } + } else { + StoreMetaData metaData; + GetStoreMeta(label, metaData); + if (!CheckerManager::GetInstance().GetAppId(metaData.bundleName, metaData.appId)) { + ZLOGW("check access failed, bundleName:%{public}s", metaData.bundleName.c_str()); + return false; + } } } @@ -282,6 +296,18 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total return true; } +bool RouteHeadHandlerImpl::GetStoreMeta(const std::string &label, StoreMetaData &metaData) +{ + int foregroundUserId = 0; + AccountDelegate::GetInstance()->QueryForegroundUserId(foregroundUserId); + auto storeId = label.empty() ? storeId_ : ParseStoreId(session_.targetDeviceId, label); + metaData.deviceId = session_.targetDeviceId; + metaData.user = foregroundUserId; + metaData.bundleName = session_.appId; + metaData.storeId = storeId; + MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData); +} + bool RouteHeadHandlerImpl::UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize) { if (data == nullptr || totalLen < sizeof(RouteHead)) { diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index f23360dd7..b2fc2bc04 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -16,6 +16,7 @@ #ifndef DISTRIBUTEDDATAMGR_ROUTE_HEAD_HANDLER_H #define DISTRIBUTEDDATAMGR_ROUTE_HEAD_HANDLER_H #include "process_communicator_impl.h" +#include "metadata/store_meta_data.h" #include "route_head_handler.h" #include "serializable/serializable.h" #include "session_manager.h" diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index a3652c4c6..cffc4c81c 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -52,10 +52,9 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string if (local.userId == UserDelegate::SYSTEM_USER) { session.targetUserIds.push_back(UserDelegate::SYSTEM_USER); } - - std::string appId = ""; + AclParams aclParams; - if (!GetSendAuthParams(local, targetDeviceId, aclParams, appId)) { + if (!GetSendAuthParams(local, targetDeviceId, aclParams)) { ZLOGE("get send auth params failed:%{public}s", Anonymous::Change(targetDeviceId).c_str()); return session; } @@ -64,7 +63,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string for (const auto &user : users) { aclParams.accCallee.userId = user.id; auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, user.id, - targetDeviceId, aclParams, appId); + targetDeviceId, aclParams); ZLOGD("targetDeviceId:%{public}s, user.id:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", Anonymous::Change(targetDeviceId).c_str(), user.id, isPermitted, isSameAccount); if (isPermitted) { @@ -83,7 +82,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string } bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, std::string &appId) const + AclParams &aclParams) const { std::vector metaData; if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ local.deviceId }), metaData)) { @@ -100,7 +99,6 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; - appId = storeMeta.appId; return true; } } @@ -111,7 +109,7 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str } bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, int32_t peerUser, std::string &appId) const + AclParams &aclParams, int32_t peerUser) const { std::vector metaData; if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ targetDeviceId }), metaData)) { @@ -131,7 +129,6 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::str aclParams.accCallee.userId = peerUser; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); aclParams.authType = storeMeta.authType; - appId = storeMeta.appId; return true; } } @@ -143,14 +140,13 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const std::str bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint &peer) const { - std::string appId = ""; AclParams aclParams; - if (!GetRecvAuthParams(local, peer.deviceId, aclParams, peer.userId, appId)) { + if (!GetRecvAuthParams(local, peer.deviceId, aclParams, peer.userId)) { ZLOGE("get recv auth params failed:%{public}s", Anonymous::Change(peer.deviceId).c_str()); return false; } auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, - peer.userId, peer.deviceId, aclParams, appId); + peer.userId, peer.deviceId, aclParams); ZLOGD("peer.deviceId:%{public}s, peer.userId:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", Anonymous::Change(peer.deviceId).c_str(), peer.userId, isPermitted, isSameAccount); if (isPermitted && local.userId != UserDelegate::SYSTEM_USER) { diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index 9b7159b72..ca83970bc 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -54,9 +54,9 @@ public: bool CheckSession(const SessionPoint &local, const SessionPoint &peer) const; private: bool GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, std::string &appId) const; + AclParams &aclParams) const; bool GetRecvAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams, int peerUser, std::string &appId) const; + AclParams &aclParams, int peerUser) const; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/framework/BUILD.gn b/services/distributeddataservice/framework/BUILD.gn index 6067a4642..344f08426 100644 --- a/services/distributeddataservice/framework/BUILD.gn +++ b/services/distributeddataservice/framework/BUILD.gn @@ -52,7 +52,6 @@ ohos_shared_library("distributeddatasvcfwk") { } sources = [ "account/account_delegate.cpp", - "access_check/app_access_check_config_manager.cpp", "app_id_mapping/app_id_mapping_config_manager.cpp", "backuprule/backup_rule_manager.cpp", "changeevent/remote_change_event.cpp", diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp deleted file mode 100644 index 2e3ac9754..000000000 --- a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "AppAccessCheckConfigManager" -#include "access_check/app_access_check_config_manager.h" -#include "log_print.h" - -namespace OHOS::DistributedData { -AppAccessCheckConfigManager &AppAccessCheckConfigManager::GetInstance() -{ - static AppAccessCheckConfigManager instance; - return instance; -} - -void AppAccessCheckConfigManager::Initialize(const std::vector &mapper) -{ - for (const auto &info : mapper) { - appMapper_.insert_or_assign(info.bundleName, info.appId); - } -} - -bool AppAccessCheckConfigManager::CheckAppAccess(const std::string &bundleName, const std::string &appId) -{ - auto it = appMapper_.find(bundleName); - if (it != appMapper_.end() && (it->second == appId)) { - return true; - } - ZLOGE("check access failed, bundleName:%{public}s, appId:%{public}s", bundleName.c_str(), appId.c_str()); - return false; -} - -} // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h deleted file mode 100644 index 8edf9ad08..000000000 --- a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H -#define OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H -#include -#include -#include -#include "visibility.h" -namespace OHOS { -namespace DistributedData { -class AppAccessCheckConfigManager { -public: - struct AppMappingInfo { - std::string appId; - std::string bundleName; - }; - API_EXPORT static AppAccessCheckConfigManager &GetInstance(); - API_EXPORT void Initialize(const std::vector &mapper); - API_EXPORT bool CheckAppAccess(const std::string &bundleName, const std::string &appId); - -private: - std::map appMapper_; -}; - -} // namespace DistributedData -} // namespace OHOS -#endif //OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H diff --git a/services/distributeddataservice/framework/include/checker/checker_manager.h b/services/distributeddataservice/framework/include/checker/checker_manager.h index f53279949..ab678e823 100644 --- a/services/distributeddataservice/framework/include/checker/checker_manager.h +++ b/services/distributeddataservice/framework/include/checker/checker_manager.h @@ -53,6 +53,7 @@ public: virtual std::vector GetStaticStores() = 0; virtual bool IsDynamic(const StoreInfo &info) = 0; virtual bool IsStatic(const StoreInfo &info) = 0; + virtual bool IsTrust(const std::string &bundleName, const std::string &appId) = 0; protected: API_EXPORT ~Checker() = default; }; @@ -68,6 +69,7 @@ public: API_EXPORT bool IsSwitches(const StoreInfo &info); API_EXPORT void LoadCheckers(std::vector &checkers); API_EXPORT Checker *GetChecker(const std::string &checker); + API_EXPORT bool IsTrust(const std::string &bundleName, const std::string &appId); private: std::map checkers_; ConcurrentMap> getters_; diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index 01c2402fa..785eadae2 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -33,7 +33,6 @@ public: API_EXPORT void LoadBackup(std::shared_ptr executors); API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); - API_EXPORT void LoadAppAccess(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; static constexpr const char *DEFAULT_META = "service_meta"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index 1213f67da..107ca6a66 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -17,7 +17,6 @@ #include -#include "access_check/app_access_check_config_manager.h" #include "app_id_mapping/app_id_mapping_config_manager.h" #include "backup_manager.h" #include "backuprule/backup_rule_manager.h" @@ -192,18 +191,5 @@ void Bootstrap::LoadThread() } ThreadManager::GetInstance().Initialize(config->minThreadNum, config->maxThreadNum, config->ipcThreadNum); } - -void Bootstrap::LoadAppAccess() -{ - auto *appList = ConfigFactory::GetInstance().GetHOSAppListConfig(); - if (appList == nullptr) { - return; - } - std::vector infos; - for (auto &info : *appList) { - infos.push_back({ info.bundleName, info.appId }); - } - AppAccessCheckConfigManager::GetInstance().Initialize(infos); -} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index 00d8331fb..a2ea71cf4 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -24,7 +24,6 @@ ohos_source_set("distributeddata_config") { } sources = [ "src/config_factory.cpp", - "src/model/app_access_check_config.cpp", "src/model/app_id_mapping_config.cpp", "src/model/backup_config.cpp", "src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index 9cbffdea7..2bd900838 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -34,7 +34,7 @@ public: API_EXPORT std::vector *GetAppIdMappingConfig(); API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT std::vector GetDataShareExtNames(); - API_EXPORT std::vector *GetHOSAppListConfig(); + private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/app_access_check_config.h b/services/distributeddataservice/service/config/include/model/app_access_check_config.h deleted file mode 100644 index 03052c392..000000000 --- a/services/distributeddataservice/service/config/include/model/app_access_check_config.h +++ /dev/null @@ -1,30 +0,0 @@ -/* -* Copyright (c) 2025 Huawei Device Co., Ltd. -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H -#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H - -#include "serializable/serializable.h" -namespace OHOS { -namespace DistributedData { -class AppAccessCheckConfig final : public Serializable { -public: - std::string bundleName = ""; - std::string appId = ""; - bool Marshal(json &node) const override; - bool Unmarshal(const json &node) override; -}; -} // namespace DistributedData -} // namespace OHOS -#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index bd309faa5..1b048b46e 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -15,7 +15,6 @@ #ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H #define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H -#include "model/app_access_check_config.h" #include "model/app_id_mapping_config.h" #include "model/backup_config.h" #include "model/checker_config.h" @@ -42,7 +41,6 @@ public: std::vector *appIdMapping = nullptr; ThreadConfig *thread = nullptr; std::vector dataShareExtNames; - std::vector *hosAppList; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 0c9620fb2..5936484a9 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -96,10 +96,5 @@ std::vector ConfigFactory::GetDataShareExtNames() { return config_.dataShareExtNames; } - -std::vector ConfigFactory::GetHOSAppListConfig() -{ - return config_.hosAppList; -} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp deleted file mode 100644 index 1568b54a2..000000000 --- a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (c) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "model/app_access_check_config.h" -namespace OHOS { -namespace DistributedData { -bool AppAccessCheckConfig::Marshal(Serializable::json &node) const -{ - SetValue(node[GET_NAME(bundleName)], bundleName); - SetValue(node[GET_NAME(appId)], appId); - return true; -} -bool AppAccessCheckConfig::Unmarshal(const Serializable::json &node) -{ - GetValue(node, GET_NAME(bundleName), bundleName); - GetValue(node, GET_NAME(appId), appId); - return true; -} -} // namespace DistributedData -} // namespace OHOS diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index b9916249a..e5c4d2f67 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -31,7 +31,6 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(appIdMapping)], appIdMapping); SetValue(node[GET_NAME(thread)], thread); SetValue(node[GET_NAME(dataShareExtNames)], dataShareExtNames); - SetValue(node[GET_NAME(hosAppList)], hosAppList); return true; } @@ -50,7 +49,6 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(appIdMapping), appIdMapping); GetValue(node, GET_NAME(thread), thread); GetValue(node, GET_NAME(dataShareExtNames), dataShareExtNames); - GetValue(node, GET_NAME(hosAppList), hosAppList); return true; } @@ -64,7 +62,6 @@ GlobalConfig::~GlobalConfig() delete cloud; delete appIdMapping; delete thread; - delete hosAppList; } } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/kvdb/BUILD.gn b/services/distributeddataservice/service/kvdb/BUILD.gn index 0818b0730..874dc361c 100644 --- a/services/distributeddataservice/service/kvdb/BUILD.gn +++ b/services/distributeddataservice/service/kvdb/BUILD.gn @@ -31,7 +31,6 @@ ohos_source_set("distributeddata_kvdb") { "${data_service_path}/framework/include", "${data_service_path}/framework/include/dfx", "${data_service_path}/service/bootstrap/include", - "${data_service_path}/service/config/include", "${data_service_path}/service/crypto/include", "${data_service_path}/service/kvdb", "${data_service_path}/service/permission/include", diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 220702085..9a862aaa4 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -16,7 +16,6 @@ #define LOG_TAG "AuthHandler" #include "auth_delegate.h" -#include "access_check/app_access_check_config_manager.h" #include "checker/checker_manager.h" #include "device_manager_adapter.h" #include "log_print.h" @@ -30,7 +29,7 @@ class AuthHandlerStub : public AuthHandler { public: // override for mock auth in current version, need remove in the future std::pair CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams, const std::string &appId) override; + const AclParams &aclParams) override; private: bool IsUserActive(const std::vector &users, int32_t userId); bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); @@ -65,12 +64,7 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser return std::make_pair(false, false); } if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { - if (DmAdapter::GetInstance().IsSameAccount(peerDeviceId)) { - return std::make_pair(true, false); - } - auto isPermitted = AppAccessCheckConfigManager::GetInstance().CheckAppAccess( - aclParams.accCaller.bundleName, appId); - return std::make_pair(isPermitted, false); + return std::make_pair(true, false); } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 4d2e66b0b..199b7e745 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -34,7 +34,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: virtual std::pair CheckAccess(int localUserId, int peerUserId, - const std::string &peerDeviceId, const AclParams &aclParams, const std::string &appId); + const std::string &peerDeviceId, const AclParams &aclParams); }; class AuthDelegate { -- Gitee From a009ece246ac29f16bbfecf89fc9589aaabbf89e Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 14 Apr 2025 18:19:26 +0800 Subject: [PATCH 04/31] modify Signed-off-by: yangliu --- .../app/src/session_manager/session_manager.cpp | 2 +- .../service/config/include/config_factory.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index cffc4c81c..4b5d6eaae 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -52,7 +52,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string if (local.userId == UserDelegate::SYSTEM_USER) { session.targetUserIds.push_back(UserDelegate::SYSTEM_USER); } - + AclParams aclParams; if (!GetSendAuthParams(local, targetDeviceId, aclParams)) { ZLOGE("get send auth params failed:%{public}s", Anonymous::Change(targetDeviceId).c_str()); diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index 2bd900838..b9cbebe7d 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -34,7 +34,6 @@ public: API_EXPORT std::vector *GetAppIdMappingConfig(); API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT std::vector GetDataShareExtNames(); - private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); -- Gitee From eb1b0fa07a1cb33225eb34fa9508f51d53fb36ab Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 14 Apr 2025 18:20:09 +0800 Subject: [PATCH 05/31] modify Signed-off-by: yangliu --- services/distributeddataservice/service/kvdb/auth_delegate.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 9a862aaa4..320db40c8 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -55,7 +55,7 @@ bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::str } std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams, const std::string &appId) + const AclParams &aclParams) { if (IsSystemUser(localUserId, peerUserId)) { return std::make_pair(true, false); -- Gitee From 523d738183ec845bd0b45d5378d3ec95a5a8ee52 Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 24 Apr 2025 20:48:55 +0800 Subject: [PATCH 06/31] update Signed-off-by: yangliu --- .../src/process_communicator_impl.cpp | 11 ++- .../communicator/process_communicator_impl.h | 5 +- .../include/communicator/route_head_handler.h | 1 + .../app/src/checker/bundle_checker.cpp | 6 +- .../app/src/checker/system_checker.cpp | 6 +- .../route_head_handler_impl.cpp | 89 ++++++++++++++----- .../session_manager/route_head_handler_impl.h | 5 ++ .../framework/checker/checker_manager.cpp | 14 +++ .../include/checker/checker_manager.h | 5 +- .../framework/utils/converter.cpp | 2 +- 10 files changed, 109 insertions(+), 35 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 5d7edbdd2..e2d3ae27d 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -251,7 +251,7 @@ std::shared_ptr ProcessCommunicatorImpl::GetExtendHeaderHand return {}; } -DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength) +DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, const std::string &device) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -271,7 +271,7 @@ DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t } DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - std::vector &userInfos) + const std::string &device, std::vector &userInfos) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -282,7 +282,12 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); + auto ret = handler->IsAppTrusted(label, device); + if (!ret) { + ZLOGE("app not trust"); + return DBStatus::DB_ERROR; + } + ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); if (!ret) { ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", totalLen, Anonymous::Change(label).c_str()); return DBStatus::INVALID_FORMAT; diff --git a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h index 41df2779c..a1cab8ed4 100644 --- a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h +++ b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h @@ -62,9 +62,10 @@ public: API_EXPORT std::shared_ptr GetExtendHeaderHandle( const DistributedDB::ExtendInfo &info) override; - API_EXPORT DBStatus GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength) override; + API_EXPORT DBStatus GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, + const std::string &device) override; API_EXPORT DBStatus GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - std::vector &userInfos) override; + const std::string &device, std::vector &userInfos) override; Status ReuseConnect(const DeviceId &deviceId); diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index 47596818d..97b0ca7cb 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -29,6 +29,7 @@ public: virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) = 0; + virtual bool IsAppTrusted(const std::string &label, const std::string &device) = 0; }; } // namespace OHOS::DistributedData #endif // DISTRIBUTEDDATAMGR_EXTEND_HEAD_HANDLER_H diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.cpp b/services/distributeddataservice/app/src/checker/bundle_checker.cpp index 42ebca56a..ea59a2ac4 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.cpp +++ b/services/distributeddataservice/app/src/checker/bundle_checker.cpp @@ -104,10 +104,10 @@ std::string BundleChecker::GetAppId(const CheckerManager::StoreInfo &info) return Crypto::Sha256(appId); } -bool BundleChecker::IsTrust(const std::string &bundleName, const std::string &appId) +bool BundleChecker::IsTrust(const CheckerManager::StoreInfo &info) { - auto it = trusts_.find(bundleName); - if (it != trusts_.end() && (it->second == appId)) { + auto it = trusts_.find(info.bundleName); + if (it != trusts_.end() && (it->second == info.appId)) { return true; } return false; diff --git a/services/distributeddataservice/app/src/checker/system_checker.cpp b/services/distributeddataservice/app/src/checker/system_checker.cpp index a5aadd12c..ae5104b58 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.cpp +++ b/services/distributeddataservice/app/src/checker/system_checker.cpp @@ -62,8 +62,12 @@ std::string SystemChecker::GetAppId(const CheckerManager::StoreInfo &info) return appId; } -bool SystemChecker::IsTrust(const std::string &bundleName, const std::string &appId) +bool SystemChecker::IsTrust(const CheckerManager::StoreInfo &info) { + auto it = trusts_.find(info.bundleName); + if (it != trusts_.end() && (it->second == info.appId)) { + return true; + } return false; } diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 94eb3ae59..7b389b9d7 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -19,7 +19,9 @@ #include #include "account/account_delegate.h" #include "auth_delegate.h" +#include "app_id_mapping/app_id_mapping_config_manager.h" #include "checker/checker_manager.h" +#include "utils/converter.h" #include "device_manager_adapter.h" #include "kvstore_meta_manager.h" #include "log_print.h" @@ -96,9 +98,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize if (devInfo.osType != OH_OS_TYPE) { ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); - StoreMetaData metaData; - GetStoreMeta("", metaData); - if (!CheckerManager::GetInstance().GetAppId(metaData.bundleName, metaData.appId)) { + if (!IsTrust()) { ZLOGW("check access failed, bundleName:%{public}s", metaData.bundleName.c_str()); return DistributedDB::DB_ERROR; } @@ -214,7 +214,8 @@ bool RouteHeadHandlerImpl::PackDataBody(uint8_t *data, uint32_t totalLen) return true; } -bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) +bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) { if (data == nullptr) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); @@ -227,6 +228,59 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL return ret; } +bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const std::string &label, + StoreMetaData &storeMeta) +{ + std::vector accountIds { accountId, "ohosAnonymousUid", "default" }; + for (auto &id : accountIds) { + auto convertedIds = + AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId, storeMeta.user); + const std::string tempTripleLabel = + DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, convertedIds.first, + storeMeta.storeId, false); + if (tempTripleLabel == label) { + ZLOGI("find triple identifier,storeId:%{public}s,storeMeta.bundleName:%{public}s", + Anonymous::Change(storeMeta.storeId).c_str(), Anonymous::Change(storeMeta.bundleName).c_str()); + storeMeta.appId = convertedIds.first; + storeMeta.bundleName = convertedIds.first; + return true; + } + } + return false; +} + +bool RouteHeadHandlerImpl::IsTrust() +{ + StoreMetaData metaData; + auto [appId, storeId] = AppIdMappingConfigManager::GetInstance().Convert(appId_, storeId_); + metaData.bundleName = appId; + metaData.appId = appId; + return CheckerManager::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); +} + +bool RouteHeadHandlerImpl::IsTrust(const std::string &label) +{ + std::vector metaDatas; + auto prefix = StoreMetaData::GetPrefix({ DmAdapter::GetInstance().GetLocalDevice().uuid }); + if (!MetaDataManager::GetInstance().LoadMeta(prefix, metaDatas)) { + ZLOGE("get meta failed."); + return false; + } + + auto accountId = AccountDelegate::GetInstance()->GetUnencryptedAccountId(); + for (auto storeMeta : metaDatas) { + if (storeMeta.appId = DistributedData::Bootstrap::GetInstance().GetProcessLabel()) { + continue; + } + if (!ParseStoreInfo(accountId, label, storeMeta)) { + continue; + } + return CheckerManager::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); + } + ZLOGE("not found app msg:%{public}s", label.c_str()); + return false; +} + std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, const std::string &label) { std::vector metaData; @@ -244,6 +298,14 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons return ""; } +bool RouteHeadHandlerImpl::IsAppTrusted(const std::string &label, const std::string &device) +{ + if (DmAdapter::GetInstance().IsOHOSType(device)) { + return true; + } + return IsTrust(label); +} + bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) { @@ -270,13 +332,6 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total userInfos.emplace_back(userInfo); return true; } - } else { - StoreMetaData metaData; - GetStoreMeta(label, metaData); - if (!CheckerManager::GetInstance().GetAppId(metaData.bundleName, metaData.appId)) { - ZLOGW("check access failed, bundleName:%{public}s", metaData.bundleName.c_str()); - return false; - } } } @@ -296,18 +351,6 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total return true; } -bool RouteHeadHandlerImpl::GetStoreMeta(const std::string &label, StoreMetaData &metaData) -{ - int foregroundUserId = 0; - AccountDelegate::GetInstance()->QueryForegroundUserId(foregroundUserId); - auto storeId = label.empty() ? storeId_ : ParseStoreId(session_.targetDeviceId, label); - metaData.deviceId = session_.targetDeviceId; - metaData.user = foregroundUserId; - metaData.bundleName = session_.appId; - metaData.storeId = storeId; - MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData); -} - bool RouteHeadHandlerImpl::UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize) { if (data == nullptr || totalLen < sizeof(RouteHead)) { diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index b2fc2bc04..6f2de5b94 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -65,6 +65,7 @@ public: bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) override; bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) override; + bool IsAppTrusted(const std::string &label, const std::string &device) override; private: void Init(); @@ -75,6 +76,10 @@ private: bool UnPackDataHead(const uint8_t *data, uint32_t totalLen, RouteHead &routeHead); bool UnPackDataBody(const uint8_t *data, uint32_t totalLen); std::string ParseStoreId(const std::string &deviceId, const std::string &label); + bool IsTrust(const std::string &label); + bool IsTrust(); + bool ParseStoreInfo(const std::string &accountId, const std::string &label, + StoreMetaData &storeMeta); std::string userId_; std::string appId_; diff --git a/services/distributeddataservice/framework/checker/checker_manager.cpp b/services/distributeddataservice/framework/checker/checker_manager.cpp index e02f50c64..8ad7d6a8e 100644 --- a/services/distributeddataservice/framework/checker/checker_manager.cpp +++ b/services/distributeddataservice/framework/checker/checker_manager.cpp @@ -76,6 +76,20 @@ bool CheckerManager::IsValid(const StoreInfo &info) return false; } +bool CheckerManager::IsTrust(const StoreInfo &info) +{ + for (auto &[name, checker] : checkers_) { + if (checker == nullptr) { + continue; + } + if (!checker->IsTrust(info)) { + continue; + } + return true; + } + return false; +} + bool CheckerManager::IsDistrust(const StoreInfo &info) { for (auto &[name, checker] : checkers_) { diff --git a/services/distributeddataservice/framework/include/checker/checker_manager.h b/services/distributeddataservice/framework/include/checker/checker_manager.h index ab678e823..244f6afbf 100644 --- a/services/distributeddataservice/framework/include/checker/checker_manager.h +++ b/services/distributeddataservice/framework/include/checker/checker_manager.h @@ -36,6 +36,7 @@ public: uint32_t tokenId; std::string bundleName; std::string storeId; + std::string appId; }; class Checker { public: @@ -53,7 +54,7 @@ public: virtual std::vector GetStaticStores() = 0; virtual bool IsDynamic(const StoreInfo &info) = 0; virtual bool IsStatic(const StoreInfo &info) = 0; - virtual bool IsTrust(const std::string &bundleName, const std::string &appId) = 0; + virtual bool IsTrust(const StoreInfo &info) = 0; protected: API_EXPORT ~Checker() = default; }; @@ -69,7 +70,7 @@ public: API_EXPORT bool IsSwitches(const StoreInfo &info); API_EXPORT void LoadCheckers(std::vector &checkers); API_EXPORT Checker *GetChecker(const std::string &checker); - API_EXPORT bool IsTrust(const std::string &bundleName, const std::string &appId); + API_EXPORT bool IsTrust(const StoreInfo &info); private: std::map checkers_; ConcurrentMap> getters_; diff --git a/services/distributeddataservice/framework/utils/converter.cpp b/services/distributeddataservice/framework/utils/converter.cpp index a49f0c529..95e060233 100644 --- a/services/distributeddataservice/framework/utils/converter.cpp +++ b/services/distributeddataservice/framework/utils/converter.cpp @@ -17,6 +17,6 @@ namespace OHOS::DistributedData { CheckerManager::StoreInfo Converter::ConvertToStoreInfo(const StoreMetaData &metaData) { - return { metaData.uid, metaData.tokenId, metaData.bundleName, metaData.storeId }; + return { metaData.uid, metaData.tokenId, metaData.bundleName, metaData.storeId, metaData.appId }; } } // namespace OHOS::DistributedData \ No newline at end of file -- Gitee From ce10246c783e4a052adb024a398d5736da49e22c Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 24 Apr 2025 20:54:17 +0800 Subject: [PATCH 07/31] update Signed-off-by: yangliu --- .../distributeddataservice/app/src/checker/bundle_checker.h | 2 +- .../distributeddataservice/app/src/checker/system_checker.h | 2 +- .../app/src/session_manager/route_head_handler_impl.cpp | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.h b/services/distributeddataservice/app/src/checker/bundle_checker.h index 1e270423b..c6d59ba2a 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.h +++ b/services/distributeddataservice/app/src/checker/bundle_checker.h @@ -36,7 +36,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - bool IsTrust(const std::string &bundleName, const std::string &appId) override; + bool IsTrust(const CheckerManager::StoreInfo &info) override; private: static BundleChecker instance_; std::map trusts_; diff --git a/services/distributeddataservice/app/src/checker/system_checker.h b/services/distributeddataservice/app/src/checker/system_checker.h index 3f632ac03..d934b5b5d 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.h +++ b/services/distributeddataservice/app/src/checker/system_checker.h @@ -37,7 +37,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - bool IsTrust(const std::string &bundleName, const std::string &appId) override; + bool IsTrust(const CheckerManager::StoreInfo &info) override; private: std::map trusts_; std::map distrusts_; diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 7b389b9d7..1ce4b2df3 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -214,8 +214,7 @@ bool RouteHeadHandlerImpl::PackDataBody(uint8_t *data, uint32_t totalLen) return true; } -bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, - const std::string &device) +bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) { if (data == nullptr) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); -- Gitee From 7910065d0493de951b4d9b5fd3b54683e543d3b9 Mon Sep 17 00:00:00 2001 From: yangliu Date: Fri, 25 Apr 2025 18:41:21 +0800 Subject: [PATCH 08/31] update Signed-off-by: yangliu --- services/distributeddataservice/service/kvdb/auth_delegate.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index 320db40c8..f76965451 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -63,9 +63,6 @@ std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUser if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { return std::make_pair(false, false); } - if (!DmAdapter::GetInstance().IsOHOSType(peerDeviceId)) { - return std::make_pair(true, false); - } if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { return std::make_pair(true, true); -- Gitee From a98e694b7d242b49571fb48949761c83bf6e6e98 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sun, 27 Apr 2025 14:43:11 +0800 Subject: [PATCH 09/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 1ce4b2df3..aa9270069 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -99,7 +99,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); if (!IsTrust()) { - ZLOGW("check access failed, bundleName:%{public}s", metaData.bundleName.c_str()); + ZLOGW("distrust app, bundleName:%{public}s", metaData.bundleName.c_str()); return DistributedDB::DB_ERROR; } return DistributedDB::OK; @@ -268,7 +268,7 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) auto accountId = AccountDelegate::GetInstance()->GetUnencryptedAccountId(); for (auto storeMeta : metaDatas) { - if (storeMeta.appId = DistributedData::Bootstrap::GetInstance().GetProcessLabel()) { + if (storeMeta.appId == DistributedData::Bootstrap::GetInstance().GetProcessLabel()) { continue; } if (!ParseStoreInfo(accountId, label, storeMeta)) { -- Gitee From 24b1addf2c73c9c0e2d290e6bd6bf09a2a136926 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 28 Apr 2025 09:30:00 +0800 Subject: [PATCH 10/31] update Signed-off-by: yangliu --- .../src/process_communicator_impl.cpp | 9 ++-- .../include/communicator/route_head_handler.h | 2 +- .../app/src/checker/bundle_checker.cpp | 9 ---- .../app/src/checker/bundle_checker.h | 1 - .../app/src/checker/system_checker.cpp | 9 ---- .../app/src/checker/system_checker.h | 1 - .../app/src/kvstore_data_service.cpp | 1 + .../route_head_handler_impl.cpp | 23 ++++++---- .../session_manager/route_head_handler_impl.h | 2 +- .../distributeddataservice/framework/BUILD.gn | 1 + .../app_access_check_config_manager.cpp | 44 +++++++++++++++++++ .../framework/checker/checker_manager.cpp | 14 ------ .../app_access_check_config_manager.h | 39 ++++++++++++++++ .../include/checker/checker_manager.h | 3 -- .../framework/utils/converter.cpp | 2 +- .../service/bootstrap/include/bootstrap.h | 1 + .../service/bootstrap/src/bootstrap.cpp | 14 ++++++ .../service/config/BUILD.gn | 1 + .../service/config/include/config_factory.h | 1 + .../include/model/app_access_check_config.h | 36 +++++++++++++++ .../config/include/model/global_config.h | 2 + .../service/config/src/config_factory.cpp | 5 +++ .../src/model/app_access_check_config.cpp | 42 ++++++++++++++++++ .../config/src/model/global_config.cpp | 3 ++ 24 files changed, 213 insertions(+), 52 deletions(-) create mode 100644 services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp create mode 100644 services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h create mode 100644 services/distributeddataservice/service/config/include/model/app_access_check_config.h create mode 100644 services/distributeddataservice/service/config/src/model/app_access_check_config.cpp diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index e2d3ae27d..eeafaf5ae 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -282,12 +282,15 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->IsAppTrusted(label, device); - if (!ret) { + auto [isTrust, isOHOSType] = handler->IsAppTrusted(label, device); + if (!isTrust && !isOHOSType) { ZLOGE("app not trust"); return DBStatus::DB_ERROR; } - ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); + if (isTrust && !isOHOSType) { + return DBStatus::OK; + } + auto ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); if (!ret) { ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", totalLen, Anonymous::Change(label).c_str()); return DBStatus::INVALID_FORMAT; diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index 97b0ca7cb..f43ffaee8 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -29,7 +29,7 @@ public: virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) = 0; - virtual bool IsAppTrusted(const std::string &label, const std::string &device) = 0; + virtual std::pair IsAppTrusted(const std::string &label, const std::string &device) = 0; }; } // namespace OHOS::DistributedData #endif // DISTRIBUTEDDATAMGR_EXTEND_HEAD_HANDLER_H diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.cpp b/services/distributeddataservice/app/src/checker/bundle_checker.cpp index ea59a2ac4..674e09d59 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.cpp +++ b/services/distributeddataservice/app/src/checker/bundle_checker.cpp @@ -104,15 +104,6 @@ std::string BundleChecker::GetAppId(const CheckerManager::StoreInfo &info) return Crypto::Sha256(appId); } -bool BundleChecker::IsTrust(const CheckerManager::StoreInfo &info) -{ - auto it = trusts_.find(info.bundleName); - if (it != trusts_.end() && (it->second == info.appId)) { - return true; - } - return false; -} - bool BundleChecker::IsValid(const CheckerManager::StoreInfo &info) { if (AccessTokenKit::GetTokenTypeFlag(info.tokenId) != TOKEN_HAP) { diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.h b/services/distributeddataservice/app/src/checker/bundle_checker.h index c6d59ba2a..b0c63431a 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.h +++ b/services/distributeddataservice/app/src/checker/bundle_checker.h @@ -36,7 +36,6 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - bool IsTrust(const CheckerManager::StoreInfo &info) override; private: static BundleChecker instance_; std::map trusts_; diff --git a/services/distributeddataservice/app/src/checker/system_checker.cpp b/services/distributeddataservice/app/src/checker/system_checker.cpp index ae5104b58..babd1b307 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.cpp +++ b/services/distributeddataservice/app/src/checker/system_checker.cpp @@ -62,15 +62,6 @@ std::string SystemChecker::GetAppId(const CheckerManager::StoreInfo &info) return appId; } -bool SystemChecker::IsTrust(const CheckerManager::StoreInfo &info) -{ - auto it = trusts_.find(info.bundleName); - if (it != trusts_.end() && (it->second == info.appId)) { - return true; - } - return false; -} - bool SystemChecker::IsValid(const CheckerManager::StoreInfo &info) { auto type = AccessTokenKit::GetTokenTypeFlag(info.tokenId); diff --git a/services/distributeddataservice/app/src/checker/system_checker.h b/services/distributeddataservice/app/src/checker/system_checker.h index d934b5b5d..84e550b6b 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.h +++ b/services/distributeddataservice/app/src/checker/system_checker.h @@ -37,7 +37,6 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; - bool IsTrust(const CheckerManager::StoreInfo &info) override; private: std::map trusts_; std::map distrusts_; diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 03cae1122..fa078eea6 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -352,6 +352,7 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); Bootstrap::GetInstance().LoadDeviceSyncAppWhiteLists(); + Bootstrap::GetInstance().LoadTrustedApp(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 07e306d7e..1627d9ea9 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -19,9 +19,8 @@ #include #include "account/account_delegate.h" #include "auth_delegate.h" +#include "access_check/app_access_check_config_manager.h" #include "app_id_mapping/app_id_mapping_config_manager.h" -#include "checker/checker_manager.h" -#include "utils/converter.h" #include "device_manager_adapter.h" #include "kvstore_meta_manager.h" #include "log_print.h" @@ -40,6 +39,8 @@ using DmAdapter = DistributedData::DeviceManagerAdapter; using DBManager = DistributedDB::KvStoreDelegateManager; constexpr const int ALIGN_WIDTH = 8; constexpr const char *DEFAULT_USERID = "0"; +constexpr const char *DEFAULT_ACCOUNT_A = "default"; +constexpr const char *DEFAULT_ACCOUNT_Z = "ohosAnonymousUid"; std::shared_ptr RouteHeadHandlerImpl::Create(const ExtendInfo &info) { auto handler = std::make_shared(info); @@ -223,12 +224,15 @@ bool RouteHeadHandlerImpl::PackDataBody(uint8_t *data, uint32_t totalLen) return true; } -bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) +bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) { if (data == nullptr) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); return false; } + if (!DmAdapter::GetInstance().IsOHOSType(device)) { + return false; + } RouteHead head = { 0 }; auto ret = UnPackDataHead(data, totalLen, head); headSize = ret ? sizeof(RouteHead) + head.dataLen : 0; @@ -239,7 +243,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const std::string &label, StoreMetaData &storeMeta) { - std::vector accountIds { accountId, "ohosAnonymousUid", "default" }; + std::vector accountIds { accountId, DEFAULT_ACCOUNT_Z, DEFAULT_ACCOUNT_A }; for (auto &id : accountIds) { auto convertedIds = AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId, storeMeta.user); @@ -263,7 +267,7 @@ bool RouteHeadHandlerImpl::IsTrust() auto [appId, storeId] = AppIdMappingConfigManager::GetInstance().Convert(appId_, storeId_); metaData.bundleName = appId; metaData.appId = appId; - return CheckerManager::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); + return ::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); } bool RouteHeadHandlerImpl::IsTrust(const std::string &label) @@ -283,7 +287,7 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) if (!ParseStoreInfo(accountId, label, storeMeta)) { continue; } - return CheckerManager::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); + return ::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); } ZLOGE("not found app msg:%{public}s", label.c_str()); return false; @@ -309,12 +313,13 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons return ""; } -bool RouteHeadHandlerImpl::IsAppTrusted(const std::string &label, const std::string &device) +std::pair RouteHeadHandlerImpl::IsAppTrusted(const std::string &label, const std::string &device) { if (DmAdapter::GetInstance().IsOHOSType(device)) { - return true; + return std::make_pair(true, true); } - return IsTrust(label); + bool isTrust = IsTrust(label); + return return std::make_pair(isTrust, false); } bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index 01c94e5ec..6df536170 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -70,7 +70,7 @@ public: bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) override; bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) override; - bool IsAppTrusted(const std::string &label, const std::string &device) override; + std::pair IsAppTrusted(const std::string &label, const std::string &device) override; private: void Init(); diff --git a/services/distributeddataservice/framework/BUILD.gn b/services/distributeddataservice/framework/BUILD.gn index a99bba56a..cc130cfe1 100644 --- a/services/distributeddataservice/framework/BUILD.gn +++ b/services/distributeddataservice/framework/BUILD.gn @@ -52,6 +52,7 @@ ohos_shared_library("distributeddatasvcfwk") { } sources = [ "account/account_delegate.cpp", + "access_check/app_access_check_config_manager.cpp", "app_id_mapping/app_id_mapping_config_manager.cpp", "backuprule/backup_rule_manager.cpp", "changeevent/remote_change_event.cpp", diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp new file mode 100644 index 000000000..d9a2a2361 --- /dev/null +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "AppAccessCheckConfigManager" +#include "access_check/app_access_check_config_manager.h" +#include "log_print.h" + +namespace OHOS::DistributedData { +AppAccessCheckConfigManager &AppAccessCheckConfigManager::GetInstance() +{ + static AppAccessCheckConfigManager instance; + return instance; +} + +void AppAccessCheckConfigManager::Initialize(const std::vector &mapper) +{ + for (const auto &info : mapper) { + appMapper_.insert_or_assign(info.bundleName, info.appId); + } +} + +bool AppAccessCheckConfigManager::IsTrust(const AppMappingInfo &mapper) +{ + auto it = appMapper_.find(mapper.bundleName); + if (it != appMapper_.end() && (it->second == mapper.appId)) { + return true; + } + ZLOGE("check access failed, bundleName:%{public}s, appId:%{public}s", bundleName.c_str(), appId.c_str()); + return false; +} + +} // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/checker/checker_manager.cpp b/services/distributeddataservice/framework/checker/checker_manager.cpp index 8ad7d6a8e..e02f50c64 100644 --- a/services/distributeddataservice/framework/checker/checker_manager.cpp +++ b/services/distributeddataservice/framework/checker/checker_manager.cpp @@ -76,20 +76,6 @@ bool CheckerManager::IsValid(const StoreInfo &info) return false; } -bool CheckerManager::IsTrust(const StoreInfo &info) -{ - for (auto &[name, checker] : checkers_) { - if (checker == nullptr) { - continue; - } - if (!checker->IsTrust(info)) { - continue; - } - return true; - } - return false; -} - bool CheckerManager::IsDistrust(const StoreInfo &info) { for (auto &[name, checker] : checkers_) { diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h new file mode 100644 index 000000000..519344f70 --- /dev/null +++ b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H +#include +#include +#include +#include "visibility.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfigManager { +public: + struct AppMappingInfo { + std::string appId; + std::string bundleName; + }; + API_EXPORT static AppAccessCheckConfigManager &GetInstance(); + API_EXPORT void Initialize(const std::vector &mapper); + API_EXPORT bool IsTrust(const AppMappingInfo &mapper); + +private: + std::map appMapper_; +}; + +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_FRAMEWORK_APP_ACCESS_CHECK_CONFIG_MANAGER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/checker/checker_manager.h b/services/distributeddataservice/framework/include/checker/checker_manager.h index 244f6afbf..f53279949 100644 --- a/services/distributeddataservice/framework/include/checker/checker_manager.h +++ b/services/distributeddataservice/framework/include/checker/checker_manager.h @@ -36,7 +36,6 @@ public: uint32_t tokenId; std::string bundleName; std::string storeId; - std::string appId; }; class Checker { public: @@ -54,7 +53,6 @@ public: virtual std::vector GetStaticStores() = 0; virtual bool IsDynamic(const StoreInfo &info) = 0; virtual bool IsStatic(const StoreInfo &info) = 0; - virtual bool IsTrust(const StoreInfo &info) = 0; protected: API_EXPORT ~Checker() = default; }; @@ -70,7 +68,6 @@ public: API_EXPORT bool IsSwitches(const StoreInfo &info); API_EXPORT void LoadCheckers(std::vector &checkers); API_EXPORT Checker *GetChecker(const std::string &checker); - API_EXPORT bool IsTrust(const StoreInfo &info); private: std::map checkers_; ConcurrentMap> getters_; diff --git a/services/distributeddataservice/framework/utils/converter.cpp b/services/distributeddataservice/framework/utils/converter.cpp index 95e060233..a49f0c529 100644 --- a/services/distributeddataservice/framework/utils/converter.cpp +++ b/services/distributeddataservice/framework/utils/converter.cpp @@ -17,6 +17,6 @@ namespace OHOS::DistributedData { CheckerManager::StoreInfo Converter::ConvertToStoreInfo(const StoreMetaData &metaData) { - return { metaData.uid, metaData.tokenId, metaData.bundleName, metaData.storeId, metaData.appId }; + return { metaData.uid, metaData.tokenId, metaData.bundleName, metaData.storeId }; } } // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index 186217fc5..30cfd7f5f 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -34,6 +34,7 @@ public: API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); API_EXPORT void LoadDeviceSyncAppWhiteLists(); + API_EXPORT void LoadTrustedApp(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; static constexpr const char *DEFAULT_META = "service_meta"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index 41f1b755f..edcdd6c3b 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -17,6 +17,7 @@ #include +#include "access_check/app_access_check_config_manager.h" #include "app_id_mapping/app_id_mapping_config_manager.h" #include "backup_manager.h" #include "backuprule/backup_rule_manager.h" @@ -205,5 +206,18 @@ void Bootstrap::LoadDeviceSyncAppWhiteLists() } DeviceSyncAppManager::GetInstance().Initialize(infos); } + +void Bootstrap::LoadTrustedApp() +{ + auto *config = ConfigFactory::GetInstance().GetSyncAppsConfig(); + if (config == nullptr) { + return; + } + std::vector infos; + for (auto &info : config->trusts) { + infos.push_back({ info.bundleName, info.appId }); + } + AppAccessCheckConfigManager::GetInstance().Initialize(infos); +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index b5d636802..cccd96958 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -24,6 +24,7 @@ ohos_source_set("distributeddata_config") { } sources = [ "src/config_factory.cpp", + "src/model/app_access_check_config.cpp", "src/model/app_id_mapping_config.cpp", "src/model/backup_config.cpp", "src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index a5e9dbe08..87fcb7e69 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -35,6 +35,7 @@ public: API_EXPORT ThreadConfig *GetThreadConfig(); API_EXPORT DataShareConfig *GetDataShareConfig(); API_EXPORT DeviceSyncAppWhiteListConfig *GetDeviceSyncAppWhiteListConfig(); + API_EXPORT AppAccessCheckConfig *GetSyncAppsConfig(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/app_access_check_config.h b/services/distributeddataservice/service/config/include/model/app_access_check_config.h new file mode 100644 index 000000000..4e3c7a42f --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/app_access_check_config.h @@ -0,0 +1,36 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H + +#include "serializable/serializable.h" +namespace OHOS { +namespace DistributedData { +class AppAccessCheckConfig final : public Serializable { +public: + struct TrustApp final : public Serializable + { + std::string bundleName = ""; + std::string appId = ""; + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + }; + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; + std::vector trusts; +}; +} // namespace DistributedData +} // namespace OHOS +#endif //OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_APP_ACCESS_CHECK_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index 751b91f2e..d98790db7 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -15,6 +15,7 @@ #ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H #define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_GLOBAL_CONFIG_H +#include "model/app_access_check_config.h" #include "model/app_id_mapping_config.h" #include "model/backup_config.h" #include "model/checker_config.h" @@ -44,6 +45,7 @@ public: ThreadConfig *thread = nullptr; DataShareConfig *dataShare = nullptr; DeviceSyncAppWhiteListConfig *deviceSyncAppWhiteList = nullptr; + std::vector *syncAppList = nullptr; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 781e3b55b..466af16e2 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -101,5 +101,10 @@ DeviceSyncAppWhiteListConfig *ConfigFactory::GetDeviceSyncAppWhiteListConfig() { return config_.deviceSyncAppWhiteList; } + +AppAccessCheckConfig *ConfigFactory::GetHOSAppListConfig() +{ + return config_.syncAppList; +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp new file mode 100644 index 000000000..1c51e887d --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "model/app_access_check_config.h" +namespace OHOS { +namespace DistributedData { +bool AppAccessCheckConfig::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(trusts)], trusts); + return true; +} +bool AppAccessCheckConfig::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(trusts), trusts); + return true; +} +bool AppAccessCheckConfig::TrustApp::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(bundleName)], bundleName); + SetValue(node[GET_NAME(appId)], appId); + return true; +} +bool AppAccessCheckConfig::TrustApp::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(bundleName), bundleName); + GetValue(node, GET_NAME(appId), appId); + return true; +} +} // namespace DistributedData +} // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index 1956f8218..1bf2e35a6 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -32,6 +32,7 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(thread)], thread); SetValue(node[GET_NAME(dataShare)], dataShare); SetValue(node[GET_NAME(deviceSyncAppWhiteList)], deviceSyncAppWhiteList); + SetValue(node[GET_NAME(syncAppList)], syncAppList); return true; } @@ -51,6 +52,7 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(thread), thread); GetValue(node, GET_NAME(dataShare), dataShare); GetValue(node, GET_NAME(deviceSyncAppWhiteList), deviceSyncAppWhiteList); + GetValue(node, GET_NAME(syncAppList), syncAppList); return true; } @@ -65,6 +67,7 @@ GlobalConfig::~GlobalConfig() delete appIdMapping; delete thread; delete deviceSyncAppWhiteList; + delete syncAppList; } } // namespace DistributedData } // namespace OHOS \ No newline at end of file -- Gitee From 0ae3b377a024661bc1c196b705f7a552f577e65a Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 28 Apr 2025 09:34:56 +0800 Subject: [PATCH 11/31] update Signed-off-by: yangliu --- services/distributeddataservice/app/src/checker/bundle_checker.h | 1 + services/distributeddataservice/app/src/checker/system_checker.h | 1 + 2 files changed, 2 insertions(+) diff --git a/services/distributeddataservice/app/src/checker/bundle_checker.h b/services/distributeddataservice/app/src/checker/bundle_checker.h index b0c63431a..1eba18e54 100644 --- a/services/distributeddataservice/app/src/checker/bundle_checker.h +++ b/services/distributeddataservice/app/src/checker/bundle_checker.h @@ -36,6 +36,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; + private: static BundleChecker instance_; std::map trusts_; diff --git a/services/distributeddataservice/app/src/checker/system_checker.h b/services/distributeddataservice/app/src/checker/system_checker.h index 84e550b6b..ffe2de982 100644 --- a/services/distributeddataservice/app/src/checker/system_checker.h +++ b/services/distributeddataservice/app/src/checker/system_checker.h @@ -37,6 +37,7 @@ public: std::vector GetStaticStores() override; bool IsDynamic(const CheckerManager::StoreInfo &info) override; bool IsStatic(const CheckerManager::StoreInfo &info) override; + private: std::map trusts_; std::map distrusts_; -- Gitee From c970c019226ec7f8838fc45f67c6015ed9a98f78 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 28 Apr 2025 09:45:09 +0800 Subject: [PATCH 12/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 1627d9ea9..267e88fbb 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -267,7 +267,7 @@ bool RouteHeadHandlerImpl::IsTrust() auto [appId, storeId] = AppIdMappingConfigManager::GetInstance().Convert(appId_, storeId_); metaData.bundleName = appId; metaData.appId = appId; - return ::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); + return AppAccessCheckConfigManager::GetInstance().IsTrust({ metaData.bundleName, metaData.appId }); } bool RouteHeadHandlerImpl::IsTrust(const std::string &label) @@ -287,7 +287,7 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) if (!ParseStoreInfo(accountId, label, storeMeta)) { continue; } - return ::GetInstance().IsTrust(Converter::ConvertToStoreInfo(metaData)); + return AppAccessCheckConfigManager::GetInstance().IsTrust({ storeMeta.bundleName, storeMeta.appId }); } ZLOGE("not found app msg:%{public}s", label.c_str()); return false; -- Gitee From 698edbfc55653542f78bb9aca742b75be347e3b7 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 28 Apr 2025 10:02:52 +0800 Subject: [PATCH 13/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 2 +- .../service/config/include/model/global_config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 267e88fbb..6285dd027 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -289,7 +289,7 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) } return AppAccessCheckConfigManager::GetInstance().IsTrust({ storeMeta.bundleName, storeMeta.appId }); } - ZLOGE("not found app msg:%{public}s", label.c_str()); + ZLOGI("not found app msg:%{public}s", label.c_str()); return false; } diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index d98790db7..4d7a9e531 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -45,7 +45,7 @@ public: ThreadConfig *thread = nullptr; DataShareConfig *dataShare = nullptr; DeviceSyncAppWhiteListConfig *deviceSyncAppWhiteList = nullptr; - std::vector *syncAppList = nullptr; + AppAccessCheckConfig *syncAppList = nullptr; ~GlobalConfig(); bool Marshal(json &node) const override; bool Unmarshal(const json &node) override; -- Gitee From 7a2ff54c8769bf95a7a50b91d82b2b7922224547 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 28 Apr 2025 15:26:22 +0800 Subject: [PATCH 14/31] update Signed-off-by: yangliu --- .../adapter/communicator/src/process_communicator_impl.cpp | 3 ++- .../app/src/session_manager/route_head_handler_impl.cpp | 3 ++- .../framework/access_check/app_access_check_config_manager.cpp | 3 ++- .../service/config/include/model/app_access_check_config.h | 3 +-- .../service/config/src/config_factory.cpp | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index eeafaf5ae..1ef56aa69 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -251,7 +251,8 @@ std::shared_ptr ProcessCommunicatorImpl::GetExtendHeaderHand return {}; } -DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, const std::string &device) +DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, + const std::string &device) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 6285dd027..369e955f1 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -224,7 +224,8 @@ bool RouteHeadHandlerImpl::PackDataBody(uint8_t *data, uint32_t totalLen) return true; } -bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) +bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) { if (data == nullptr) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp index d9a2a2361..b6cf5d125 100644 --- a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -37,7 +37,8 @@ bool AppAccessCheckConfigManager::IsTrust(const AppMappingInfo &mapper) if (it != appMapper_.end() && (it->second == mapper.appId)) { return true; } - ZLOGE("check access failed, bundleName:%{public}s, appId:%{public}s", bundleName.c_str(), appId.c_str()); + ZLOGW("check access failed, bundleName:%{public}s, appId:%{public}s", + mapper.bundleName.c_str(), mapper.appId.c_str()); return false; } diff --git a/services/distributeddataservice/service/config/include/model/app_access_check_config.h b/services/distributeddataservice/service/config/include/model/app_access_check_config.h index 4e3c7a42f..5c3876f95 100644 --- a/services/distributeddataservice/service/config/include/model/app_access_check_config.h +++ b/services/distributeddataservice/service/config/include/model/app_access_check_config.h @@ -20,8 +20,7 @@ namespace OHOS { namespace DistributedData { class AppAccessCheckConfig final : public Serializable { public: - struct TrustApp final : public Serializable - { + struct TrustApp final : public Serializable { std::string bundleName = ""; std::string appId = ""; bool Marshal(json &node) const override; diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 466af16e2..0f91cb6aa 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -102,7 +102,7 @@ DeviceSyncAppWhiteListConfig *ConfigFactory::GetDeviceSyncAppWhiteListConfig() return config_.deviceSyncAppWhiteList; } -AppAccessCheckConfig *ConfigFactory::GetHOSAppListConfig() +AppAccessCheckConfig *ConfigFactory::GetSyncAppsConfig() { return config_.syncAppList; } -- Gitee From 0eddc4d2a15193ccb4b2ec121e18009d3e1a3484 Mon Sep 17 00:00:00 2001 From: yangliu Date: Tue, 29 Apr 2025 19:26:33 +0800 Subject: [PATCH 15/31] update Signed-off-by: yangliu --- .../src/process_communicator_impl.cpp | 11 ++---- .../process_communicator_impl_test.cpp | 14 ++++--- .../include/communicator/route_head_handler.h | 5 ++- .../route_head_handler_impl.cpp | 38 ++++++++----------- .../session_manager/route_head_handler_impl.h | 5 ++- .../test/unittest/session_manager_test.cpp | 3 +- .../app_id_mapping_config_manager.cpp | 9 +++++ .../app_id_mapping_config_manager.h | 2 +- .../service/kvdb/kvdb_service_impl.cpp | 6 +-- 9 files changed, 48 insertions(+), 45 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 1ef56aa69..50b7b2288 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -263,7 +263,7 @@ DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->ParseHeadDataLen(data, totalLen, headLength); + auto ret = handler->ParseHeadDataLen(data, totalLen, headLength, device); if (!ret) { ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u", totalLen, headLength); return DBStatus::INVALID_FORMAT; @@ -283,13 +283,8 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto [isTrust, isOHOSType] = handler->IsAppTrusted(label, device); - if (!isTrust && !isOHOSType) { - ZLOGE("app not trust"); - return DBStatus::DB_ERROR; - } - if (isTrust && !isOHOSType) { - return DBStatus::OK; + if (!DmAdapter::GetInstance().IsOHOSType(device)) { + return handler->IsAppTrusted(label); } auto ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); if (!ret) { diff --git a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp index f5c4cc30c..212f51832 100644 --- a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp +++ b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp @@ -405,18 +405,19 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataHeadInfo, TestSize.Level0) uint8_t *ptr = data; uint32_t totalLen = 1; uint32_t headLength = 1; + std::string device = ""; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + auto status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> std::shared_ptr { return std::make_shared(); }; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); totalLen = 0; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength); + status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); EXPECT_EQ(status, DistributedDB::OK); } @@ -434,12 +435,13 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataUserInfo, TestSize.Level0) uint8_t *ptr = data; uint32_t totalLen = 1; std::string label = "GetDataUserInfoTest"; + std::string device = ""; std::vector userInfos; UserInfo user1{"GetDataUserInfo01"}; UserInfo user2{"GetDataUserInfo02"}; UserInfo user3{"GetDataUserInfo03"}; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + auto status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> @@ -450,12 +452,12 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataUserInfo, TestSize.Level0) EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); totalLen = 0; EXPECT_EQ(userInfos.empty(), true); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); EXPECT_EQ(status, DistributedDB::NO_PERMISSION); userInfos.push_back(user1); userInfos.push_back(user2); userInfos.push_back(user3); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); EXPECT_EQ(status, DistributedDB::OK); } diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index f43ffaee8..06caebd9d 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -26,9 +26,10 @@ public: using DBStatus = DistributedDB::DBStatus; using UserInfo = DistributedDB::UserInfo; - virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) = 0; + virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, - std::vector &userInfos) = 0; + const std::string &device, std::vector &userInfos) = 0; virtual std::pair IsAppTrusted(const std::string &label, const std::string &device) = 0; }; } // namespace OHOS::DistributedData diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 369e955f1..8e18991db 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -39,8 +39,8 @@ using DmAdapter = DistributedData::DeviceManagerAdapter; using DBManager = DistributedDB::KvStoreDelegateManager; constexpr const int ALIGN_WIDTH = 8; constexpr const char *DEFAULT_USERID = "0"; -constexpr const char *DEFAULT_ACCOUNT_A = "default"; -constexpr const char *DEFAULT_ACCOUNT_Z = "ohosAnonymousUid"; +constexpr const char *DEFAULT_ACCOUNT = "default"; +constexpr const char *ANONYMOUS_ACCOUNT = "ohosAnonymousUid"; std::shared_ptr RouteHeadHandlerImpl::Create(const ExtendInfo &info) { auto handler = std::make_shared(info); @@ -100,7 +100,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); if (!IsTrust()) { - ZLOGW("distrust app, bundleName:%{public}s", metaData.bundleName.c_str()); + ZLOGE("distrust app, bundleName:%{public}s", metaData.bundleName.c_str()); return DistributedDB::DB_ERROR; } return DistributedDB::OK; @@ -231,9 +231,6 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL ZLOGE("invalid input data, totalLen:%{public}d", totalLen); return false; } - if (!DmAdapter::GetInstance().IsOHOSType(device)) { - return false; - } RouteHead head = { 0 }; auto ret = UnPackDataHead(data, totalLen, head); headSize = ret ? sizeof(RouteHead) + head.dataLen : 0; @@ -244,18 +241,18 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const std::string &label, StoreMetaData &storeMeta) { - std::vector accountIds { accountId, DEFAULT_ACCOUNT_Z, DEFAULT_ACCOUNT_A }; + std::vector accountIds { accountId, ANONYMOUS_ACCOUNT, DEFAULT_ACCOUNT }; for (auto &id : accountIds) { - auto convertedIds = - AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId, storeMeta.user); + auto appId = + AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); const std::string tempTripleLabel = - DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, convertedIds.first, + DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, storeMeta.storeId, false); if (tempTripleLabel == label) { ZLOGI("find triple identifier,storeId:%{public}s,storeMeta.bundleName:%{public}s", Anonymous::Change(storeMeta.storeId).c_str(), Anonymous::Change(storeMeta.bundleName).c_str()); - storeMeta.appId = convertedIds.first; - storeMeta.bundleName = convertedIds.first; + storeMeta.appId = appId; + storeMeta.bundleName = appId; return true; } } @@ -265,10 +262,8 @@ bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const st bool RouteHeadHandlerImpl::IsTrust() { StoreMetaData metaData; - auto [appId, storeId] = AppIdMappingConfigManager::GetInstance().Convert(appId_, storeId_); - metaData.bundleName = appId; - metaData.appId = appId; - return AppAccessCheckConfigManager::GetInstance().IsTrust({ metaData.bundleName, metaData.appId }); + auto appId = AppIdMappingConfigManager::GetInstance().Convert(appId_); + return AppAccessCheckConfigManager::GetInstance().IsTrust({ appId, appId }); } bool RouteHeadHandlerImpl::IsTrust(const std::string &label) @@ -276,7 +271,6 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) std::vector metaDatas; auto prefix = StoreMetaData::GetPrefix({ DmAdapter::GetInstance().GetLocalDevice().uuid }); if (!MetaDataManager::GetInstance().LoadMeta(prefix, metaDatas)) { - ZLOGE("get meta failed."); return false; } @@ -314,13 +308,13 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons return ""; } -std::pair RouteHeadHandlerImpl::IsAppTrusted(const std::string &label, const std::string &device) +DistributedDB::DBStatus RouteHeadHandlerImpl::IsAppTrusted(const std::string &label) { - if (DmAdapter::GetInstance().IsOHOSType(device)) { - return std::make_pair(true, true); + if (!IsTrust(label)) { + ZLOGE("app not trust."); + return DBStatus::DB_ERROR; } - bool isTrust = IsTrust(label); - return return std::make_pair(isTrust, false); + return DBStatus::OK; } bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index 6df536170..fbb1d8419 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -67,8 +67,9 @@ public: explicit RouteHeadHandlerImpl(const ExtendInfo &info); DBStatus GetHeadDataSize(uint32_t &headSize) override; DBStatus FillHeadData(uint8_t *data, uint32_t headSize, uint32_t totalLen) override; - bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) override; - bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, + bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, + const std::string &device) override; + bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, const std::string &device, std::vector &userInfos) override; std::pair IsAppTrusted(const std::string &label, const std::string &device) override; diff --git a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp index 8031dc6c6..77a857df9 100644 --- a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp +++ b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp @@ -152,7 +152,8 @@ HWTEST_F(SessionManagerTest, PackAndUnPack01, TestSize.Level2) auto recvHandler = RouteHeadHandlerImpl::Create({}); ASSERT_NE(recvHandler, nullptr); uint32_t parseSize = 1; - recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize); + std::string device; + recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize, device); EXPECT_EQ(routeHeadSize, parseSize); recvHandler->ParseHeadDataUser(data.get(), routeHeadSize, "", users); ASSERT_EQ(users.size(), 0); diff --git a/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp b/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp index 3d03d5246..2f903bbbb 100644 --- a/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp +++ b/services/distributeddataservice/framework/app_id_mapping/app_id_mapping_config_manager.cpp @@ -40,4 +40,13 @@ std::pair AppIdMappingConfigManager::Convert(const std return std::make_pair(it->second, "default"); } + +std::string AppIdMappingConfigManager::Convert(const std::string &appId) +{ + auto it = toDstMapper_.find(appId); + if (it == toDstMapper_.end()) { + return appId; + } + return it->second; +} } // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h b/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h index 9799f9af6..2133bcb0d 100644 --- a/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h +++ b/services/distributeddataservice/framework/include/app_id_mapping/app_id_mapping_config_manager.h @@ -30,7 +30,7 @@ public: API_EXPORT void Initialize(const std::vector &mapper); API_EXPORT std::pair Convert(const std::string &appId, const std::string &accountId); - + API_EXPORT std::string Convert(const std::string &appId); private: std::map toDstMapper_; }; diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp index 859f9eb30..680cc34c6 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp @@ -830,10 +830,10 @@ bool KVDBServiceImpl::CompareTripleIdentifier(const std::string &accountId, cons { std::vector accountIds { accountId, "ohosAnonymousUid", "default" }; for (auto &id : accountIds) { - auto convertedIds = - AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId, storeMeta.user); + auto appId = + AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); const std::string &tempTripleIdentifier = - DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, convertedIds.first, + DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, storeMeta.storeId, false); if (tempTripleIdentifier == identifier) { ZLOGI("find triple identifier,storeId:%{public}s,id:%{public}s", -- Gitee From c81edeb4400b44ba419978092b9283ce69228284 Mon Sep 17 00:00:00 2001 From: yangliu Date: Tue, 29 Apr 2025 19:29:58 +0800 Subject: [PATCH 16/31] update Signed-off-by: yangliu --- .../service/bootstrap/include/bootstrap.h | 2 +- .../distributeddataservice/service/bootstrap/src/bootstrap.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index 30cfd7f5f..eaf767244 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -34,7 +34,7 @@ public: API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); API_EXPORT void LoadDeviceSyncAppWhiteLists(); - API_EXPORT void LoadTrustedApp(); + API_EXPORT void LoadSyncTrustedApp(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; static constexpr const char *DEFAULT_META = "service_meta"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index edcdd6c3b..29a71bc3d 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -207,7 +207,7 @@ void Bootstrap::LoadDeviceSyncAppWhiteLists() DeviceSyncAppManager::GetInstance().Initialize(infos); } -void Bootstrap::LoadTrustedApp() +void Bootstrap::LoadSyncTrustedApp() { auto *config = ConfigFactory::GetInstance().GetSyncAppsConfig(); if (config == nullptr) { -- Gitee From 2834bd7ae29fe3b0c2fa7cf92845517c906f61fd Mon Sep 17 00:00:00 2001 From: yangliu Date: Wed, 30 Apr 2025 10:47:29 +0800 Subject: [PATCH 17/31] update Signed-off-by: yangliu --- .../adapter/include/communicator/route_head_handler.h | 4 ++-- .../app/src/kvstore_data_service.cpp | 2 +- .../app/src/session_manager/route_head_handler_impl.cpp | 8 +++++--- .../app/src/session_manager/route_head_handler_impl.h | 4 ++-- .../app/test/unittest/session_manager_test.cpp | 2 +- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index 06caebd9d..cf79d5841 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -29,8 +29,8 @@ public: virtual bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, - const std::string &device, std::vector &userInfos) = 0; - virtual std::pair IsAppTrusted(const std::string &label, const std::string &device) = 0; + std::vector &userInfos) = 0; + virtual DBStatus IsAppTrusted(const std::string &label) = 0; }; } // namespace OHOS::DistributedData #endif // DISTRIBUTEDDATAMGR_EXTEND_HEAD_HANDLER_H diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index fa078eea6..cd7c662e4 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -352,7 +352,7 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); Bootstrap::GetInstance().LoadDeviceSyncAppWhiteLists(); - Bootstrap::GetInstance().LoadTrustedApp(); + Bootstrap::GetInstance().LoadSyncTrustedApp(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index d15b8560d..aa65e993d 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -100,7 +100,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); if (!IsTrust()) { - ZLOGE("distrust app, bundleName:%{public}s", metaData.bundleName.c_str()); + ZLOGE("distrust app, appId:%{public}s", Anonymous::Change(appId_).c_str()); return DistributedDB::DB_ERROR; } return DistributedDB::OK; @@ -234,6 +234,9 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL ZLOGE("invalid input data, totalLen:%{public}d", totalLen); return false; } + if (!DmAdapter::GetInstance().IsOHOSType(device)) { + return false; + } RouteHead head = { 0 }; auto ret = UnPackDataHead(data, totalLen, head); headSize = ret ? sizeof(RouteHead) + head.dataLen : 0; @@ -245,9 +248,8 @@ bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const st StoreMetaData &storeMeta) { std::vector accountIds { accountId, ANONYMOUS_ACCOUNT, DEFAULT_ACCOUNT }; + auto appId = AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); for (auto &id : accountIds) { - auto appId = - AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); const std::string tempTripleLabel = DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, storeMeta.storeId, false); diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index fbb1d8419..7c0bdafea 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -69,9 +69,9 @@ public: DBStatus FillHeadData(uint8_t *data, uint32_t headSize, uint32_t totalLen) override; bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) override; - bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, const std::string &device, + bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) override; - std::pair IsAppTrusted(const std::string &label, const std::string &device) override; + DBStatus IsAppTrusted(const std::string &label) override; private: void Init(); diff --git a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp index f3d006289..b72e33089 100644 --- a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp +++ b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp @@ -333,7 +333,7 @@ HWTEST_F(SessionManagerTest, PackAndUnPack01, TestSize.Level2) std::string device = ""; recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize, device); EXPECT_EQ(routeHeadSize, parseSize); - recvHandler->ParseHeadDataUser(data.get(), routeHeadSize, "", device, users); + recvHandler->ParseHeadDataUser(data.get(), routeHeadSize, "", users); ASSERT_EQ(users.size(), 0); } /** -- Gitee From 64eb7811780e987ff6a407f5f9428a3666365d32 Mon Sep 17 00:00:00 2001 From: yangliu Date: Tue, 13 May 2025 16:34:21 +0800 Subject: [PATCH 18/31] fix Signed-off-by: yangliu --- .../src/process_communicator_impl.cpp | 19 +++++----- .../process_communicator_impl_test.cpp | 38 ++++++++----------- .../communicator/process_communicator_impl.h | 8 ++-- .../service/test/BUILD.gn | 2 + .../fuzztest/cloudservicestub_fuzzer/BUILD.gn | 1 + .../fuzztest/kvdbservicestub_fuzzer/BUILD.gn | 1 + .../objectservicestub_fuzzer/BUILD.gn | 1 + .../fuzztest/rdbservicestub_fuzzer/BUILD.gn | 1 + 8 files changed, 35 insertions(+), 36 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 50b7b2288..63ab038c2 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -251,8 +251,7 @@ std::shared_ptr ProcessCommunicatorImpl::GetExtendHeaderHand return {}; } -DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, - const std::string &device) +DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(DataHeadInfo dataHeadInfo, uint32_t &headLength) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -263,16 +262,15 @@ DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - auto ret = handler->ParseHeadDataLen(data, totalLen, headLength, device); + auto ret = handler->ParseHeadDataLen(dataHeadInfo.data, dataHeadInfo.totalLen, headLength, dataHeadInfo.device); if (!ret) { - ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u", totalLen, headLength); + ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u", dataHeadInfo.totalLen, headLength); return DBStatus::INVALID_FORMAT; } return DBStatus::OK; } -DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - const std::string &device, std::vector &userInfos) +DBStatus ProcessCommunicatorImpl::GetDataUserInfo(DataUserInfo dataUserInfo, std::vector &userInfos) { if (routeHeadHandlerCreator_ == nullptr) { ZLOGE("header handler creator not registered"); @@ -283,12 +281,13 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(const uint8_t *data, uint32_t ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - if (!DmAdapter::GetInstance().IsOHOSType(device)) { - return handler->IsAppTrusted(label); + if (!DmAdapter::GetInstance().IsOHOSType(dataUserInfo.device)) { + return handler->IsAppTrusted(dataUserInfo.label); } - auto ret = handler->ParseHeadDataUser(data, totalLen, label, userInfos); + auto ret = handler->ParseHeadDataUser(dataUserInfo.data, dataUserInfo.totalLen, dataUserInfo.label, userInfos); if (!ret) { - ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", totalLen, Anonymous::Change(label).c_str()); + ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", + dataUserInfo.totalLen, Anonymous::Change(dataUserInfo.label).c_str()); return DBStatus::INVALID_FORMAT; } if (userInfos.empty()) { diff --git a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp index 212f51832..a1bb8eed6 100644 --- a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp +++ b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp @@ -35,7 +35,8 @@ using OnSendAble = DistributedDB::OnSendAble; using DeviceInfos = DistributedDB::DeviceInfos; using DeviceInfoo = OHOS::AppDistributedKv::DeviceInfo; using UserInfo = DistributedDB::UserInfo; - +using DataHeadInfo = DistributedDB::DataHeadInfo; +using DataUserInfo = DistributedDB::DataUserInfo; namespace OHOS::AppDistributedKv { class MockCommunicationProvider : public CommunicationProvider { public: @@ -91,7 +92,7 @@ public: namespace OHOS::DistributedData { class ConcreteRouteHeadHandler : public RouteHeadHandler { public: - bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize) + bool ParseHeadDataLen(const uint8_t *data, uint32_t totalLen, uint32_t &headSize, const std::string &device) { if (totalLen == 0) { return true; @@ -107,6 +108,11 @@ class ConcreteRouteHeadHandler : public RouteHeadHandler { } return false; } + + DBStatus IsAppTrusted(const std::string &label) + { + return DBStatus::INVALID_FORMAT; + } }; } @@ -403,21 +409,20 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataHeadInfo, TestSize.Level0) ASSERT_NE(communicator_, nullptr); uint8_t data[] = {0x10, 0x20, 0x30, 0x40, 0x50}; uint8_t *ptr = data; - uint32_t totalLen = 1; uint32_t headLength = 1; - std::string device = ""; + DataHeadInfo dataHeadInfo { ptr, 1, "" }; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); + auto status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> std::shared_ptr { return std::make_shared(); }; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); + status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); - totalLen = 0; - status = communicator_->GetDataHeadInfo(ptr, totalLen, headLength, device); + dataHeadInfo.totalLen = 0; + status = communicator_->GetDataHeadInfo(dataHeadInfo, headLength); EXPECT_EQ(status, DistributedDB::OK); } @@ -433,32 +438,21 @@ HWTEST_F(ProcessCommunicatorImplTest, GetDataUserInfo, TestSize.Level0) ASSERT_NE(communicator_, nullptr); uint8_t data[] = {0x10, 0x20, 0x30, 0x40, 0x50}; uint8_t *ptr = data; - uint32_t totalLen = 1; - std::string label = "GetDataUserInfoTest"; - std::string device = ""; + DataUserInfo dataUserInfo { ptr, 1, "GetDataUserInfoTest", "" }; std::vector userInfos; UserInfo user1{"GetDataUserInfo01"}; UserInfo user2{"GetDataUserInfo02"}; UserInfo user3{"GetDataUserInfo03"}; communicator_->routeHeadHandlerCreator_ = nullptr; - auto status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); + auto status = communicator_->GetDataUserInfo(dataUserInfo, userInfos); EXPECT_EQ(status, DistributedDB::DB_ERROR); communicator_->routeHeadHandlerCreator_ = [](const DistributedDB::ExtendInfo &info) -> std::shared_ptr { return std::make_shared(); }; - status = communicator_->GetDataUserInfo(ptr, totalLen, label, userInfos); + status = communicator_->GetDataUserInfo(dataUserInfo, userInfos); EXPECT_EQ(status, DistributedDB::INVALID_FORMAT); - totalLen = 0; - EXPECT_EQ(userInfos.empty(), true); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); - EXPECT_EQ(status, DistributedDB::NO_PERMISSION); - userInfos.push_back(user1); - userInfos.push_back(user2); - userInfos.push_back(user3); - status = communicator_->GetDataUserInfo(ptr, totalLen, label, device, userInfos); - EXPECT_EQ(status, DistributedDB::OK); } /** diff --git a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h index a1cab8ed4..86eccf8e9 100644 --- a/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h +++ b/services/distributeddataservice/adapter/include/communicator/process_communicator_impl.h @@ -36,6 +36,8 @@ public: using UserInfo = DistributedDB::UserInfo; using RouteHeadHandlerCreator = std::function(const DistributedDB::ExtendInfo &info)>; + using DataHeadInfo = DistributedDB::DataHeadInfo; + using DataUserInfo = DistributedDB::DataUserInfo; API_EXPORT static ProcessCommunicatorImpl *GetInstance(); API_EXPORT void SetRouteHeadHandlerCreator(RouteHeadHandlerCreator handlerCreator); @@ -62,10 +64,8 @@ public: API_EXPORT std::shared_ptr GetExtendHeaderHandle( const DistributedDB::ExtendInfo &info) override; - API_EXPORT DBStatus GetDataHeadInfo(const uint8_t *data, uint32_t totalLen, uint32_t &headLength, - const std::string &device) override; - API_EXPORT DBStatus GetDataUserInfo(const uint8_t *data, uint32_t totalLen, const std::string &label, - const std::string &device, std::vector &userInfos) override; + API_EXPORT DBStatus GetDataHeadInfo(DataHeadInfo dataHeadInfo, uint32_t &headLength) override; + API_EXPORT DBStatus GetDataUserInfo(DataUserInfo dataUserInfo, std::vector &userInfos) override; Status ReuseConnect(const DeviceId &deviceId); diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index 0a54979be..54814a804 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -80,6 +80,7 @@ ohos_unittest("CloudDataTest") { "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/common/xcollie.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", @@ -178,6 +179,7 @@ ohos_unittest("CloudServiceImplTest") { "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/common/xcollie.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn index ca4c9f005..120420b0e 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn @@ -77,6 +77,7 @@ ohos_fuzztest("CloudServiceStubFuzzTest") { "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/common/xcollie.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn index 87efa4b39..aaf2b9f9d 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/BUILD.gn @@ -64,6 +64,7 @@ ohos_fuzztest("KvdbServiceStubFuzzTest") { "${data_service_path}/service/bootstrap/src/bootstrap.cpp", "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn index e3d93e45b..83047a36e 100755 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/BUILD.gn @@ -63,6 +63,7 @@ ohos_fuzztest("ObjectServiceStubFuzzTest") { "${data_service_path}/service/common/common_types_utils.cpp", "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", diff --git a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn index e9d34a5d4..6ddc6d686 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn @@ -69,6 +69,7 @@ ohos_fuzztest("RdbServiceStubFuzzTest") { "${data_service_path}/service/common/value_proxy.cpp", "${data_service_path}/service/common/xcollie.cpp", "${data_service_path}/service/config/src/config_factory.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", -- Gitee From 2ede36b4a8c3769d84ee149be0cd71e9560ca0bc Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 15 May 2025 09:58:45 +0800 Subject: [PATCH 19/31] update Signed-off-by: yangliu --- .../distributeddataservice/service/bootstrap/src/bootstrap.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index 29a71bc3d..a6d237d21 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -201,7 +201,7 @@ void Bootstrap::LoadDeviceSyncAppWhiteLists() return; } std::vector infos; - for (auto &info : deviceSyncAppWhiteLists->whiteLists) { + for (const auto &info : deviceSyncAppWhiteLists->whiteLists) { infos.push_back({ info.appId, info.bundleName, info.version }); } DeviceSyncAppManager::GetInstance().Initialize(infos); -- Gitee From 7db7f9df7778316fcecedd1656bb47383e0b576e Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 15 May 2025 14:07:48 +0800 Subject: [PATCH 20/31] update Signed-off-by: yangliu --- services/distributeddataservice/service/test/BUILD.gn | 1 + 1 file changed, 1 insertion(+) diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index ed3ba11db..f77420dae 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -1689,6 +1689,7 @@ ohos_unittest("BootStrapMockTest") { module_out_path = module_output_path sources = [ "${data_service_path}/service/bootstrap/src/bootstrap.cpp", + "${data_service_path}/service/config/src/model/app_access_check_config.cpp", "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", "${data_service_path}/service/config/src/model/backup_config.cpp", "${data_service_path}/service/config/src/model/checker_config.cpp", -- Gitee From f359244f5a9680da7f7782a099fc669561684d0d Mon Sep 17 00:00:00 2001 From: yangliu Date: Thu, 15 May 2025 16:32:23 +0800 Subject: [PATCH 21/31] update Signed-off-by: yangliu --- .../app/test/unittest/session_manager_test.cpp | 4 ++-- .../service/test/auth_delegate_mock_test.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp index 47c06ed50..a6452ce4d 100644 --- a/services/distributeddataservice/app/test/unittest/session_manager_test.cpp +++ b/services/distributeddataservice/app/test/unittest/session_manager_test.cpp @@ -329,7 +329,7 @@ HWTEST_F(SessionManagerTest, PackAndUnPack01, TestSize.Level2) std::vector users; auto recvHandler = RouteHeadHandlerImpl::Create({}); ASSERT_NE(recvHandler, nullptr); - uint32_t parseSize = 1; + uint32_t parseSize = 0; std::string device = ""; recvHandler->ParseHeadDataLen(data.get(), routeHeadSize, parseSize, device); EXPECT_EQ(routeHeadSize, parseSize); @@ -365,7 +365,7 @@ HWTEST_F(SessionManagerTest, GetHeadDataSize_Test2, TestSize.Level1) uint32_t headSize = 0; routeHeadHandlerImpl.appId_ = "otherAppId"; auto status = routeHeadHandlerImpl.GetHeadDataSize(headSize); - EXPECT_EQ(status, DistributedDB::OK); + EXPECT_EQ(status, DistributedDB::DB_ERROR); EXPECT_EQ(headSize, 0); } /** diff --git a/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp b/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp index 1d6c08d7e..5b1b206b2 100644 --- a/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp +++ b/services/distributeddataservice/service/test/auth_delegate_mock_test.cpp @@ -91,7 +91,7 @@ HWTEST_F(AuthDelegateMockTest, CheckAccess001, testing::ext::TestSize.Level0) EXPECT_CALL(*userDelegateMock, GetRemoteUserStatus(_)).WillOnce(Return(peerUsers)); EXPECT_CALL(*devMgrAdapterMock, IsOHOSType(_)).WillOnce(Return(false)); auto result = authHandler->CheckAccess(localUserId, peerUserId, peerDevId, aclParams); - EXPECT_TRUE(result.first); + EXPECT_FALSE(result.first); } /** -- Gitee From 13d2a3a3f8e51aa9313b7f19617e0ffbaef4fe7a Mon Sep 17 00:00:00 2001 From: yangliu Date: Fri, 16 May 2025 17:24:31 +0800 Subject: [PATCH 22/31] update Signed-off-by: yangliu --- .../framework/access_check/app_access_check_config_manager.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp index b6cf5d125..6da8ffd69 100644 --- a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -16,6 +16,7 @@ #define LOG_TAG "AppAccessCheckConfigManager" #include "access_check/app_access_check_config_manager.h" #include "log_print.h" +#include "utils/anonymous.h" namespace OHOS::DistributedData { AppAccessCheckConfigManager &AppAccessCheckConfigManager::GetInstance() @@ -38,7 +39,7 @@ bool AppAccessCheckConfigManager::IsTrust(const AppMappingInfo &mapper) return true; } ZLOGW("check access failed, bundleName:%{public}s, appId:%{public}s", - mapper.bundleName.c_str(), mapper.appId.c_str()); + mapper.bundleName.c_str(), Anonymous::Change(mapper.appId).c_str()); return false; } -- Gitee From 966b828a5b5ada56e7c46f32d2bb0f550a856200 Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 17 May 2025 19:06:28 +0800 Subject: [PATCH 23/31] update Signed-off-by: yangliu --- .../route_head_handler_impl.cpp | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 0f0900bb7..aee1580d6 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -62,21 +62,17 @@ RouteHeadHandlerImpl::RouteHeadHandlerImpl(const ExtendInfo &info) void RouteHeadHandlerImpl::Init() { ZLOGD("begin"); - if (deviceId_.empty()) { + if (deviceId_.empty() || !DmAdapter::GetInstance().IsOHOSType(deviceId_)) { return; } if (userId_ != DEFAULT_USERID) { - if (!DmAdapter::GetInstance().IsOHOSType(deviceId_)) { + StoreMetaData metaData; + metaData.deviceId = deviceId_; + metaData.user = DEFAULT_USERID; + metaData.bundleName = appId_; + metaData.storeId = storeId_; + if (MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData)) { userId_ = DEFAULT_USERID; - } else { - StoreMetaData metaData; - metaData.deviceId = deviceId_; - metaData.user = DEFAULT_USERID; - metaData.bundleName = appId_; - metaData.storeId = storeId_; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetKey(), metaData)) { - userId_ = DEFAULT_USERID; - } } } SessionPoint localPoint { DmAdapter::GetInstance().GetLocalDevice().uuid, @@ -96,8 +92,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGI("meta data permitted"); return DistributedDB::OK; } - auto devInfo = DmAdapter::GetInstance().GetDeviceInfo(session_.targetDeviceId); - if (devInfo.osType != OH_OS_TYPE) { + if(!DmAdapter::GetInstance().IsOHOSType(session_.targetDeviceId)) ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); if (!IsTrust()) { -- Gitee From cd99e55455dc2f7420b6f90b733d46caa90733de Mon Sep 17 00:00:00 2001 From: yangliu Date: Sat, 17 May 2025 19:45:40 +0800 Subject: [PATCH 24/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index aee1580d6..0e8d86e76 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -92,7 +92,7 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize ZLOGI("meta data permitted"); return DistributedDB::OK; } - if(!DmAdapter::GetInstance().IsOHOSType(session_.targetDeviceId)) + if(!DmAdapter::GetInstance().IsOHOSType(session_.targetDeviceId)) { ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); if (!IsTrust()) { -- Gitee From 0a3f086627aeba3206424e7bff80d677374be174 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 19 May 2025 12:52:05 +0800 Subject: [PATCH 25/31] update Signed-off-by: yangliu --- .../service/test/BUILD.gn | 74 ------------------- .../fuzztest/cloudservicestub_fuzzer/BUILD.gn | 44 ----------- .../fuzztest/rdbservicestub_fuzzer/BUILD.gn | 33 --------- 3 files changed, 151 deletions(-) diff --git a/services/distributeddataservice/service/test/BUILD.gn b/services/distributeddataservice/service/test/BUILD.gn index 0262f4f16..4f7f09683 100644 --- a/services/distributeddataservice/service/test/BUILD.gn +++ b/services/distributeddataservice/service/test/BUILD.gn @@ -74,43 +74,6 @@ ohos_unittest("CloudDataTest") { "${data_service_path}/service/cloud/cloud_value_util.cpp", "${data_service_path}/service/cloud/sync_manager.cpp", "${data_service_path}/service/cloud/sync_strategies/network_sync_strategy.cpp", - "${data_service_path}/service/common/common_types_utils.cpp", - "${data_service_path}/service/common/value_proxy.cpp", - "${data_service_path}/service/common/xcollie.cpp", - "${data_service_path}/service/config/src/config_factory.cpp", - "${data_service_path}/service/config/src/model/app_access_check_config.cpp", - "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", - "${data_service_path}/service/config/src/model/backup_config.cpp", - "${data_service_path}/service/config/src/model/checker_config.cpp", - "${data_service_path}/service/config/src/model/cloud_config.cpp", - "${data_service_path}/service/config/src/model/component_config.cpp", - "${data_service_path}/service/config/src/model/datashare_config.cpp", - "${data_service_path}/service/config/src/model/device_sync_app_white_list_config.cpp", - "${data_service_path}/service/config/src/model/directory_config.cpp", - "${data_service_path}/service/config/src/model/global_config.cpp", - "${data_service_path}/service/config/src/model/network_config.cpp", - "${data_service_path}/service/config/src/model/protocol_config.cpp", - "${data_service_path}/service/config/src/model/thread_config.cpp", - "${data_service_path}/service/crypto/src/crypto_manager.cpp", - "${data_service_path}/service/kvdb/user_delegate.cpp", - "${data_service_path}/service/matrix/src/device_matrix.cpp", - "${data_service_path}/service/matrix/src/matrix_event.cpp", - "${data_service_path}/service/permission/src/permission_validator.cpp", - "${data_service_path}/service/permission/src/permit_delegate.cpp", - "${data_service_path}/service/rdb/cache_cursor.cpp", - "${data_service_path}/service/rdb/rdb_asset_loader.cpp", - "${data_service_path}/service/rdb/rdb_cloud.cpp", - "${data_service_path}/service/rdb/rdb_cursor.cpp", - "${data_service_path}/service/rdb/rdb_general_store.cpp", - "${data_service_path}/service/rdb/rdb_hiview_adapter.cpp", - "${data_service_path}/service/rdb/rdb_notifier_proxy.cpp", - "${data_service_path}/service/rdb/rdb_query.cpp", - "${data_service_path}/service/rdb/rdb_result_set_impl.cpp", - "${data_service_path}/service/rdb/rdb_result_set_stub.cpp", - "${data_service_path}/service/rdb/rdb_schema_config.cpp", - "${data_service_path}/service/rdb/rdb_service_impl.cpp", - "${data_service_path}/service/rdb/rdb_service_stub.cpp", - "${data_service_path}/service/rdb/rdb_watcher.cpp", "${data_service_path}/service/test/mock/checker_mock.cpp", "cloud_data_test.cpp", ] @@ -163,43 +126,6 @@ ohos_unittest("CloudServiceImplTest") { "${data_service_path}/service/cloud/cloud_value_util.cpp", "${data_service_path}/service/cloud/sync_manager.cpp", "${data_service_path}/service/cloud/sync_strategies/network_sync_strategy.cpp", - "${data_service_path}/service/common/common_types_utils.cpp", - "${data_service_path}/service/common/value_proxy.cpp", - "${data_service_path}/service/common/xcollie.cpp", - "${data_service_path}/service/config/src/config_factory.cpp", - "${data_service_path}/service/config/src/model/app_access_check_config.cpp", - "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", - "${data_service_path}/service/config/src/model/backup_config.cpp", - "${data_service_path}/service/config/src/model/checker_config.cpp", - "${data_service_path}/service/config/src/model/cloud_config.cpp", - "${data_service_path}/service/config/src/model/component_config.cpp", - "${data_service_path}/service/config/src/model/datashare_config.cpp", - "${data_service_path}/service/config/src/model/device_sync_app_white_list_config.cpp", - "${data_service_path}/service/config/src/model/directory_config.cpp", - "${data_service_path}/service/config/src/model/global_config.cpp", - "${data_service_path}/service/config/src/model/network_config.cpp", - "${data_service_path}/service/config/src/model/protocol_config.cpp", - "${data_service_path}/service/config/src/model/thread_config.cpp", - "${data_service_path}/service/crypto/src/crypto_manager.cpp", - "${data_service_path}/service/kvdb/user_delegate.cpp", - "${data_service_path}/service/matrix/src/device_matrix.cpp", - "${data_service_path}/service/matrix/src/matrix_event.cpp", - "${data_service_path}/service/permission/src/permission_validator.cpp", - "${data_service_path}/service/permission/src/permit_delegate.cpp", - "${data_service_path}/service/rdb/cache_cursor.cpp", - "${data_service_path}/service/rdb/rdb_asset_loader.cpp", - "${data_service_path}/service/rdb/rdb_cloud.cpp", - "${data_service_path}/service/rdb/rdb_cursor.cpp", - "${data_service_path}/service/rdb/rdb_general_store.cpp", - "${data_service_path}/service/rdb/rdb_hiview_adapter.cpp", - "${data_service_path}/service/rdb/rdb_notifier_proxy.cpp", - "${data_service_path}/service/rdb/rdb_query.cpp", - "${data_service_path}/service/rdb/rdb_result_set_impl.cpp", - "${data_service_path}/service/rdb/rdb_result_set_stub.cpp", - "${data_service_path}/service/rdb/rdb_schema_config.cpp", - "${data_service_path}/service/rdb/rdb_service_impl.cpp", - "${data_service_path}/service/rdb/rdb_service_stub.cpp", - "${data_service_path}/service/rdb/rdb_watcher.cpp", "${data_service_path}/service/test/mock/checker_mock.cpp", "cloud_service_impl_test.cpp", ] diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn index 5bb4aac65..55b263a74 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/BUILD.gn @@ -44,50 +44,6 @@ ohos_fuzztest("CloudServiceStubFuzzTest") { sources = [ "${data_service_path}/app/src/checker/bundle_checker.cpp", "${data_service_path}/app/src/checker/system_checker.cpp", - "${data_service_path}/service/backup/src/backup_manager.cpp", - "${data_service_path}/service/bootstrap/src/bootstrap.cpp", - "${data_service_path}/service/cloud/cloud_data_translate.cpp", - "${data_service_path}/service/cloud/cloud_service_impl.cpp", - "${data_service_path}/service/cloud/cloud_service_stub.cpp", - "${data_service_path}/service/cloud/cloud_types_util.cpp", - "${data_service_path}/service/cloud/cloud_value_util.cpp", - "${data_service_path}/service/cloud/sync_manager.cpp", - "${data_service_path}/service/cloud/sync_strategies/network_sync_strategy.cpp", - "${data_service_path}/service/common/common_types_utils.cpp", - "${data_service_path}/service/common/value_proxy.cpp", - "${data_service_path}/service/common/xcollie.cpp", - "${data_service_path}/service/config/src/config_factory.cpp", - "${data_service_path}/service/config/src/model/app_access_check_config.cpp", - "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", - "${data_service_path}/service/config/src/model/backup_config.cpp", - "${data_service_path}/service/config/src/model/checker_config.cpp", - "${data_service_path}/service/config/src/model/cloud_config.cpp", - "${data_service_path}/service/config/src/model/component_config.cpp", - "${data_service_path}/service/config/src/model/datashare_config.cpp", - "${data_service_path}/service/config/src/model/device_sync_app_white_list_config.cpp", - "${data_service_path}/service/config/src/model/directory_config.cpp", - "${data_service_path}/service/config/src/model/global_config.cpp", - "${data_service_path}/service/config/src/model/network_config.cpp", - "${data_service_path}/service/config/src/model/protocol_config.cpp", - "${data_service_path}/service/config/src/model/thread_config.cpp", - "${data_service_path}/service/crypto/src/crypto_manager.cpp", - "${data_service_path}/service/kvdb/user_delegate.cpp", - "${data_service_path}/service/permission/src/permission_validator.cpp", - "${data_service_path}/service/permission/src/permit_delegate.cpp", - "${data_service_path}/service/rdb/cache_cursor.cpp", - "${data_service_path}/service/rdb/rdb_asset_loader.cpp", - "${data_service_path}/service/rdb/rdb_cloud.cpp", - "${data_service_path}/service/rdb/rdb_cursor.cpp", - "${data_service_path}/service/rdb/rdb_general_store.cpp", - "${data_service_path}/service/rdb/rdb_hiview_adapter.cpp", - "${data_service_path}/service/rdb/rdb_notifier_proxy.cpp", - "${data_service_path}/service/rdb/rdb_query.cpp", - "${data_service_path}/service/rdb/rdb_result_set_impl.cpp", - "${data_service_path}/service/rdb/rdb_result_set_stub.cpp", - "${data_service_path}/service/rdb/rdb_schema_config.cpp", - "${data_service_path}/service/rdb/rdb_service_impl.cpp", - "${data_service_path}/service/rdb/rdb_service_stub.cpp", - "${data_service_path}/service/rdb/rdb_watcher.cpp", "cloudservicestub_fuzzer.cpp", ] diff --git a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn index 1bffe5e4a..d8f90d832 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn +++ b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/BUILD.gn @@ -64,39 +64,6 @@ ohos_fuzztest("RdbServiceStubFuzzTest") { sources = [ "${data_service_path}/app/src/checker/bundle_checker.cpp", "${data_service_path}/app/src/checker/system_checker.cpp", - "${data_service_path}/service/backup/src/backup_manager.cpp", - "${data_service_path}/service/bootstrap/src/bootstrap.cpp", - "${data_service_path}/service/common/value_proxy.cpp", - "${data_service_path}/service/common/xcollie.cpp", - "${data_service_path}/service/config/src/config_factory.cpp", - "${data_service_path}/service/config/src/model/app_access_check_config.cpp", - "${data_service_path}/service/config/src/model/app_id_mapping_config.cpp", - "${data_service_path}/service/config/src/model/backup_config.cpp", - "${data_service_path}/service/config/src/model/checker_config.cpp", - "${data_service_path}/service/config/src/model/cloud_config.cpp", - "${data_service_path}/service/config/src/model/component_config.cpp", - "${data_service_path}/service/config/src/model/datashare_config.cpp", - "${data_service_path}/service/config/src/model/device_sync_app_white_list_config.cpp", - "${data_service_path}/service/config/src/model/directory_config.cpp", - "${data_service_path}/service/config/src/model/global_config.cpp", - "${data_service_path}/service/config/src/model/network_config.cpp", - "${data_service_path}/service/config/src/model/protocol_config.cpp", - "${data_service_path}/service/config/src/model/thread_config.cpp", - "${data_service_path}/service/crypto/src/crypto_manager.cpp", - "${data_service_path}/service/rdb/cache_cursor.cpp", - "${data_service_path}/service/rdb/rdb_asset_loader.cpp", - "${data_service_path}/service/rdb/rdb_cloud.cpp", - "${data_service_path}/service/rdb/rdb_cursor.cpp", - "${data_service_path}/service/rdb/rdb_general_store.cpp", - "${data_service_path}/service/rdb/rdb_hiview_adapter.cpp", - "${data_service_path}/service/rdb/rdb_notifier_proxy.cpp", - "${data_service_path}/service/rdb/rdb_query.cpp", - "${data_service_path}/service/rdb/rdb_result_set_impl.cpp", - "${data_service_path}/service/rdb/rdb_result_set_stub.cpp", - "${data_service_path}/service/rdb/rdb_schema_config.cpp", - "${data_service_path}/service/rdb/rdb_service_impl.cpp", - "${data_service_path}/service/rdb/rdb_service_stub.cpp", - "${data_service_path}/service/rdb/rdb_watcher.cpp", "rdbservicestub_fuzzer.cpp", ] -- Gitee From 70d5b0981e5b036795337e9bc0ad9bae1ac90c50 Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 19 May 2025 14:54:16 +0800 Subject: [PATCH 26/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 0e8d86e76..63a677797 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -305,7 +305,7 @@ bool RouteHeadHandlerImpl::IsTrust(const std::string &label) } auto accountId = AccountDelegate::GetInstance()->GetUnencryptedAccountId(); - for (auto storeMeta : metaDatas) { + for (auto &storeMeta : metaDatas) { if (storeMeta.appId == DistributedData::Bootstrap::GetInstance().GetProcessLabel()) { continue; } -- Gitee From 612299798a250e8d43452be7f8a209eb4680846c Mon Sep 17 00:00:00 2001 From: yangliu Date: Mon, 19 May 2025 17:19:25 +0800 Subject: [PATCH 27/31] update Signed-off-by: yangliu --- .../include/access_check/app_access_check_config_manager.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h index 519344f70..e5987219d 100644 --- a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h +++ b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at -- Gitee From db1ff88ea12e0cb76333c153f63413b66b0707c6 Mon Sep 17 00:00:00 2001 From: yangliu Date: Wed, 21 May 2025 09:18:14 +0800 Subject: [PATCH 28/31] update Signed-off-by: yangliu --- .../src/process_communicator_impl.cpp | 3 - .../process_communicator_impl_test.cpp | 5 -- .../include/communicator/route_head_handler.h | 1 - .../route_head_handler_impl.cpp | 69 ++----------------- .../session_manager/route_head_handler_impl.h | 5 -- 5 files changed, 6 insertions(+), 77 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 63ab038c2..6c61afb8f 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -281,9 +281,6 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(DataUserInfo dataUserInfo, std ZLOGE("failed to get header handler"); return DBStatus::DB_ERROR; } - if (!DmAdapter::GetInstance().IsOHOSType(dataUserInfo.device)) { - return handler->IsAppTrusted(dataUserInfo.label); - } auto ret = handler->ParseHeadDataUser(dataUserInfo.data, dataUserInfo.totalLen, dataUserInfo.label, userInfos); if (!ret) { ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", diff --git a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp index a1bb8eed6..b2ed968d4 100644 --- a/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp +++ b/services/distributeddataservice/adapter/communicator/test/unittest/process_communicator_impl_test.cpp @@ -108,11 +108,6 @@ class ConcreteRouteHeadHandler : public RouteHeadHandler { } return false; } - - DBStatus IsAppTrusted(const std::string &label) - { - return DBStatus::INVALID_FORMAT; - } }; } diff --git a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h index cf79d5841..c379ac097 100644 --- a/services/distributeddataservice/adapter/include/communicator/route_head_handler.h +++ b/services/distributeddataservice/adapter/include/communicator/route_head_handler.h @@ -30,7 +30,6 @@ public: const std::string &device) = 0; virtual bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) = 0; - virtual DBStatus IsAppTrusted(const std::string &label) = 0; }; } // namespace OHOS::DistributedData #endif // DISTRIBUTEDDATAMGR_EXTEND_HEAD_HANDLER_H diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 63a677797..97181793f 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -39,8 +39,6 @@ using DmAdapter = DistributedData::DeviceManagerAdapter; using DBManager = DistributedDB::KvStoreDelegateManager; constexpr const int ALIGN_WIDTH = 8; constexpr const char *DEFAULT_USERID = "0"; -constexpr const char *DEFAULT_ACCOUNT = "default"; -constexpr const char *ANONYMOUS_ACCOUNT = "ohosAnonymousUid"; std::shared_ptr RouteHeadHandlerImpl::Create(const ExtendInfo &info) { auto handler = std::make_shared(info); @@ -95,8 +93,11 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize if(!DmAdapter::GetInstance().IsOHOSType(session_.targetDeviceId)) { ZLOGD("devicdId:%{public}s is not oh type", Anonymous::Change(session_.targetDeviceId).c_str()); - if (!IsTrust()) { - ZLOGE("distrust app, appId:%{public}s", Anonymous::Change(appId_).c_str()); + if (appId_.empty()) { + return DistributedDB::DB_ERROR; + } + auto appId = AppIdMappingConfigManager::GetInstance().Convert(appId_); + if (!AppAccessCheckConfigManager::GetInstance().IsTrust({ appId, appId })) { return DistributedDB::DB_ERROR; } return DistributedDB::OK; @@ -260,7 +261,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL return false; } if (!DmAdapter::GetInstance().IsOHOSType(device)) { - return false; + return true; } RouteHead head = { 0 }; auto ret = UnPackDataHead(data, totalLen, head); @@ -269,55 +270,6 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL return ret; } -bool RouteHeadHandlerImpl::ParseStoreInfo(const std::string &accountId, const std::string &label, - StoreMetaData &storeMeta) -{ - std::vector accountIds { accountId, ANONYMOUS_ACCOUNT, DEFAULT_ACCOUNT }; - auto appId = AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); - for (auto &id : accountIds) { - const std::string tempTripleLabel = - DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, - storeMeta.storeId, false); - if (tempTripleLabel == label) { - ZLOGI("find triple identifier,storeId:%{public}s,storeMeta.bundleName:%{public}s", - Anonymous::Change(storeMeta.storeId).c_str(), Anonymous::Change(storeMeta.bundleName).c_str()); - storeMeta.appId = appId; - storeMeta.bundleName = appId; - return true; - } - } - return false; -} - -bool RouteHeadHandlerImpl::IsTrust() -{ - StoreMetaData metaData; - auto appId = AppIdMappingConfigManager::GetInstance().Convert(appId_); - return AppAccessCheckConfigManager::GetInstance().IsTrust({ appId, appId }); -} - -bool RouteHeadHandlerImpl::IsTrust(const std::string &label) -{ - std::vector metaDatas; - auto prefix = StoreMetaData::GetPrefix({ DmAdapter::GetInstance().GetLocalDevice().uuid }); - if (!MetaDataManager::GetInstance().LoadMeta(prefix, metaDatas)) { - return false; - } - - auto accountId = AccountDelegate::GetInstance()->GetUnencryptedAccountId(); - for (auto &storeMeta : metaDatas) { - if (storeMeta.appId == DistributedData::Bootstrap::GetInstance().GetProcessLabel()) { - continue; - } - if (!ParseStoreInfo(accountId, label, storeMeta)) { - continue; - } - return AppAccessCheckConfigManager::GetInstance().IsTrust({ storeMeta.bundleName, storeMeta.appId }); - } - ZLOGI("not found app msg:%{public}s", label.c_str()); - return false; -} - std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, const std::string &label) { if (!session_.storeId.empty()) { @@ -338,15 +290,6 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons return ""; } -DistributedDB::DBStatus RouteHeadHandlerImpl::IsAppTrusted(const std::string &label) -{ - if (!IsTrust(label)) { - ZLOGE("app not trust."); - return DBStatus::DB_ERROR; - } - return DBStatus::OK; -} - bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) { diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index adc2ea24b..3b9cd00ea 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -76,7 +76,6 @@ public: const std::string &device) override; bool ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) override; - DBStatus IsAppTrusted(const std::string &label) override; private: void Init(); @@ -93,10 +92,6 @@ private: bool UnPackStoreId(uint8_t **data, uint32_t leftSize); bool UnPackAccountId(uint8_t **data, uint32_t leftSize); std::string ParseStoreId(const std::string &deviceId, const std::string &label); - bool IsTrust(const std::string &label); - bool IsTrust(); - bool ParseStoreInfo(const std::string &accountId, const std::string &label, - StoreMetaData &storeMeta); std::string userId_; std::string appId_; -- Gitee From 0217625219c789261d13aed9b09898db304286e5 Mon Sep 17 00:00:00 2001 From: yangliu Date: Wed, 21 May 2025 09:21:53 +0800 Subject: [PATCH 29/31] update Signed-off-by: yangliu --- .../service/config/src/model/app_access_check_config.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp index 1c51e887d..41b658f96 100644 --- a/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp +++ b/services/distributeddataservice/service/config/src/model/app_access_check_config.cpp @@ -21,22 +21,26 @@ bool AppAccessCheckConfig::Marshal(Serializable::json &node) const SetValue(node[GET_NAME(trusts)], trusts); return true; } + bool AppAccessCheckConfig::Unmarshal(const Serializable::json &node) { GetValue(node, GET_NAME(trusts), trusts); return true; } + bool AppAccessCheckConfig::TrustApp::Marshal(Serializable::json &node) const { SetValue(node[GET_NAME(bundleName)], bundleName); SetValue(node[GET_NAME(appId)], appId); return true; } + bool AppAccessCheckConfig::TrustApp::Unmarshal(const Serializable::json &node) { GetValue(node, GET_NAME(bundleName), bundleName); GetValue(node, GET_NAME(appId), appId); return true; } + } // namespace DistributedData } // namespace OHOS \ No newline at end of file -- Gitee From ecfa95f754bc98c55a1c48c17f44a0bf7fb2f87a Mon Sep 17 00:00:00 2001 From: yangliu Date: Wed, 21 May 2025 16:53:21 +0800 Subject: [PATCH 30/31] update Signed-off-by: yangliu --- .../communicator/src/process_communicator_impl.cpp | 8 +++++--- .../app/src/session_manager/route_head_handler_impl.cpp | 5 +++-- .../app/src/session_manager/route_head_handler_impl.h | 1 - .../access_check/app_access_check_config_manager.cpp | 9 ++++----- .../access_check/app_access_check_config_manager.h | 2 +- 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp index 6c61afb8f..0e40297fc 100644 --- a/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp +++ b/services/distributeddataservice/adapter/communicator/src/process_communicator_impl.cpp @@ -264,7 +264,8 @@ DBStatus ProcessCommunicatorImpl::GetDataHeadInfo(DataHeadInfo dataHeadInfo, uin } auto ret = handler->ParseHeadDataLen(dataHeadInfo.data, dataHeadInfo.totalLen, headLength, dataHeadInfo.device); if (!ret) { - ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u", dataHeadInfo.totalLen, headLength); + ZLOGE("illegal head format, dataLen:%{public}u, headLength:%{public}u, device:%{public}s", + dataHeadInfo.totalLen, headLength, Anonymous::Change(dataHeadInfo.device).c_str()); return DBStatus::INVALID_FORMAT; } return DBStatus::OK; @@ -283,8 +284,9 @@ DBStatus ProcessCommunicatorImpl::GetDataUserInfo(DataUserInfo dataUserInfo, std } auto ret = handler->ParseHeadDataUser(dataUserInfo.data, dataUserInfo.totalLen, dataUserInfo.label, userInfos); if (!ret) { - ZLOGD("illegal head format, dataLen:%{public}u, label:%{public}s", - dataUserInfo.totalLen, Anonymous::Change(dataUserInfo.label).c_str()); + ZLOGE("illegal head format, dataLen:%{public}u, label:%{public}s, device:%{public}s", + dataUserInfo.totalLen, Anonymous::Change(dataUserInfo.label).c_str(), + Anonymous::Change(dataUserInfo.device).c_str()); return DBStatus::INVALID_FORMAT; } if (userInfos.empty()) { diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 97181793f..097776c3d 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -96,8 +96,8 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize if (appId_.empty()) { return DistributedDB::DB_ERROR; } - auto appId = AppIdMappingConfigManager::GetInstance().Convert(appId_); - if (!AppAccessCheckConfigManager::GetInstance().IsTrust({ appId, appId })) { + if (!AppAccessCheckConfigManager::GetInstance().IsTrust( + AppIdMappingConfigManager::GetInstance().Convert(appId_))) { return DistributedDB::DB_ERROR; } return DistributedDB::OK; @@ -261,6 +261,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL return false; } if (!DmAdapter::GetInstance().IsOHOSType(device)) { + ZLOGI("other type device received. device:%{public}d", Anonymous::Change(device).c_str()); return true; } RouteHead head = { 0 }; diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index 3b9cd00ea..7751b0fb1 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -16,7 +16,6 @@ #ifndef DISTRIBUTEDDATAMGR_ROUTE_HEAD_HANDLER_H #define DISTRIBUTEDDATAMGR_ROUTE_HEAD_HANDLER_H #include "process_communicator_impl.h" -#include "metadata/store_meta_data.h" #include "route_head_handler.h" #include "serializable/serializable.h" #include "session_manager.h" diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp index 6da8ffd69..a534e4603 100644 --- a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -32,14 +32,13 @@ void AppAccessCheckConfigManager::Initialize(const std::vector & } } -bool AppAccessCheckConfigManager::IsTrust(const AppMappingInfo &mapper) +bool AppAccessCheckConfigManager::IsTrust(const std::string &appId) { - auto it = appMapper_.find(mapper.bundleName); - if (it != appMapper_.end() && (it->second == mapper.appId)) { + auto it = appMapper_.find(appId); + if (it != appMapper_.end() && (it->second == appId)) { return true; } - ZLOGW("check access failed, bundleName:%{public}s, appId:%{public}s", - mapper.bundleName.c_str(), Anonymous::Change(mapper.appId).c_str()); + ZLOGW("check access failed, appId:%{public}s", Anonymous::Change(appId).c_str()); return false; } diff --git a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h index e5987219d..fecf73150 100644 --- a/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h +++ b/services/distributeddataservice/framework/include/access_check/app_access_check_config_manager.h @@ -28,7 +28,7 @@ public: }; API_EXPORT static AppAccessCheckConfigManager &GetInstance(); API_EXPORT void Initialize(const std::vector &mapper); - API_EXPORT bool IsTrust(const AppMappingInfo &mapper); + API_EXPORT bool IsTrust(const std::string &appId); private: std::map appMapper_; -- Gitee From 37d0113579242ff44e26639cc2051c41f05a0768 Mon Sep 17 00:00:00 2001 From: yangliu Date: Wed, 21 May 2025 20:03:50 +0800 Subject: [PATCH 31/31] update Signed-off-by: yangliu --- .../app/src/session_manager/route_head_handler_impl.cpp | 2 +- .../framework/access_check/app_access_check_config_manager.cpp | 2 +- .../distributeddataservice/service/bootstrap/src/bootstrap.cpp | 2 +- .../distributeddataservice/service/kvdb/kvdb_service_impl.cpp | 3 +-- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 097776c3d..24b103e39 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -261,7 +261,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataLen(const uint8_t *data, uint32_t totalL return false; } if (!DmAdapter::GetInstance().IsOHOSType(device)) { - ZLOGI("other type device received. device:%{public}d", Anonymous::Change(device).c_str()); + ZLOGI("other type device received. device:%{public}s", Anonymous::Change(device).c_str()); return true; } RouteHead head = { 0 }; diff --git a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp index a534e4603..7d5b5f9dd 100644 --- a/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp +++ b/services/distributeddataservice/framework/access_check/app_access_check_config_manager.cpp @@ -38,7 +38,7 @@ bool AppAccessCheckConfigManager::IsTrust(const std::string &appId) if (it != appMapper_.end() && (it->second == appId)) { return true; } - ZLOGW("check access failed, appId:%{public}s", Anonymous::Change(appId).c_str()); + ZLOGE("check access failed, appId:%{public}s", Anonymous::Change(appId).c_str()); return false; } diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index a6d237d21..791b392a9 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -214,7 +214,7 @@ void Bootstrap::LoadSyncTrustedApp() return; } std::vector infos; - for (auto &info : config->trusts) { + for (const auto &info : config->trusts) { infos.push_back({ info.bundleName, info.appId }); } AppAccessCheckConfigManager::GetInstance().Initialize(infos); diff --git a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp index 651236496..149598d07 100644 --- a/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp +++ b/services/distributeddataservice/service/kvdb/kvdb_service_impl.cpp @@ -801,8 +801,7 @@ bool KVDBServiceImpl::CompareTripleIdentifier(const std::string &accountId, cons { std::vector accountIds { accountId, "ohosAnonymousUid", "default" }; for (auto &id : accountIds) { - auto appId = - AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); + auto appId = AppIdMappingConfigManager::GetInstance().Convert(storeMeta.appId); const std::string &tempTripleIdentifier = DistributedDB::KvStoreDelegateManager::GetKvStoreIdentifier(id, appId, storeMeta.storeId, false); -- Gitee