diff --git a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp index d6a78e9c8e41c255f6eb83c4ead622aac80d4e64..ff992d6c8d6cfc2ef94af2f3c7808a49838cfb24 100644 --- a/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp +++ b/services/distributeddataservice/adapter/communicator/src/device_manager_adapter.cpp @@ -629,10 +629,10 @@ bool DeviceManagerAdapter::IsSameAccount(const std::string &id) bool DeviceManagerAdapter::CheckAccessControl(const AccessCaller &accCaller, const AccessCallee &accCallee) { DmAccessCaller dmAccessCaller = { .accountId = accCaller.accountId, .pkgName = accCaller.bundleName, - .networkId = accCaller.networkId, .userId = accCaller.userId }; - DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .networkId = accCallee.networkId, - .userId = accCallee.userId }; - return DeviceManager::GetInstance().CheckAccessControl(dmAccessCaller, dmAccessCallee); + .networkId = accCaller.networkId, .tokenId = accCaller.tokenId, .userId = accCaller.userId }; + DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .pkgName = accCallee.bundleName, + .networkId = accCallee.networkId, .tokenId = accCallee.tokenId, .userId = accCallee.userId }; + return DeviceManager::GetInstance().CheckSinkAccessControl(dmAccessCaller, dmAccessCallee); } bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const AccessCallee &accCallee) @@ -641,7 +641,7 @@ bool DeviceManagerAdapter::IsSameAccount(const AccessCaller &accCaller, const Ac .userId = accCaller.userId }; DmAccessCallee dmAccessCallee = { .accountId = accCallee.accountId, .networkId = accCallee.networkId, .userId = accCallee.userId }; - return DeviceManager::GetInstance().CheckIsSameAccount(dmAccessCaller, dmAccessCallee); + return DeviceManager::GetInstance().CheckSinkIsSameAccount(dmAccessCaller, dmAccessCallee); } void DeviceManagerAdapter::ResetLocalDeviceInfo() diff --git a/services/distributeddataservice/adapter/include/communicator/commu_types.h b/services/distributeddataservice/adapter/include/communicator/commu_types.h index 6b1f1af696dcb9482181dea2df903ce5f51913a8..dcc50a689a1c60bb12a8f76f29e61929ead661ce 100644 --- a/services/distributeddataservice/adapter/include/communicator/commu_types.h +++ b/services/distributeddataservice/adapter/include/communicator/commu_types.h @@ -35,12 +35,15 @@ struct API_EXPORT AccessCaller { std::string bundleName; std::string networkId; int32_t userId; + uint64_t tokenId; }; struct API_EXPORT AccessCallee { std::string accountId; + std::string bundleName; std::string networkId; int32_t userId; + uint64_t tokenId; }; struct API_EXPORT AclParams { diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 56d347e2e79d21cee509a975b1f35863288d5b72..9080f781263fe2e7f631f62c28aa04f58abdcf38 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -316,6 +316,7 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons if (labelTag != label) { continue; } + session_.storeId = storeMeta.storeId; return storeMeta.storeId; } return ""; @@ -352,7 +353,7 @@ bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t total } // flip the local and peer ends - SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId }; + SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId, .storeId = session_.storeId }; SessionPoint peer { .deviceId = session_.sourceDeviceId, .userId = session_.sourceUserId, .appId = session_.appId, .accountId = session_.accountId }; ZLOGD("valid session:appId:%{public}s, srcDevId:%{public}s, srcUser:%{public}u, trgDevId:%{public}s,", diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index cb435f6fb7e4e66e16f64ddff865e6b03bec3c9e..441a8bd863eae1845c2aad3ce42624814533a7e2 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -63,7 +63,9 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string std::vector targetUsers {}; for (const auto &user : users) { - aclParams.accCallee.userId = user.id; + if (!GetAclCalleeParams(user.id, targetDeviceId, local, aclParams)) { + continue; + } auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, user.id, targetDeviceId, aclParams); ZLOGD("targetDeviceId:%{public}s, user.id:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", @@ -79,7 +81,7 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string } } session.targetUserIds.insert(session.targetUserIds.end(), targetUsers.begin(), targetUsers.end()); - ZLOGD("access to peer users:%{public}s", DistributedData::Serializable::Marshall(session.targetUserIds).c_str()); + ZLOGI("access to peer users:%{public}s", DistributedData::Serializable::Marshall(session.targetUserIds).c_str()); return session; } @@ -87,7 +89,8 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str AclParams &aclParams) const { std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ local.deviceId }), metaData)) { + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ local.deviceId, + std::to_string(local.userId) }), metaData)) { ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(local.deviceId).c_str(), local.userId); return false; @@ -98,8 +101,10 @@ bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::str aclParams.accCaller.accountId = local.accountId; aclParams.accCaller.userId = local.userId; aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCaller.tokenId = storeMeta.tokenId; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); + aclParams.accCallee.bundleName = storeMeta.bundleName; aclParams.authType = storeMeta.authType; return true; } @@ -114,22 +119,26 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const SessionP AclParams &aclParams) const { std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ peer.deviceId }), metaData)) { + if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ peer.deviceId, + std::to_string(peer.userId) }), metaData)) { ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(peer.deviceId).c_str(), peer.userId); return false; } for (const auto &storeMeta : metaData) { - if (storeMeta.appId == local.appId) { + if (storeMeta.appId == local.appId && storeMeta.storeId == local.storeId) { auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); aclParams.accCaller.bundleName = storeMeta.bundleName; aclParams.accCaller.accountId = accountId; aclParams.accCaller.userId = local.userId; aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCaller.tokenId = GetTokenId(storeMeta.bundleName, local); + aclParams.accCallee.bundleName = storeMeta.bundleName; aclParams.accCallee.accountId = accountFlag ? peer.accountId : accountId; aclParams.accCallee.userId = peer.userId; aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(peer.deviceId); + aclParams.accCallee.tokenId = storeMeta.tokenId; aclParams.authType = storeMeta.authType; return true; } @@ -140,6 +149,43 @@ bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const SessionP return false; } +bool SessionManager::GetAclCalleeParams(int32_t peerUser, const std::string &targetDeviceId, + const SessionPoint &local, AclParams &aclParams) const +{ + StoreMetaData meta; + meta.deviceId = targetDeviceId; + meta.user = std::to_string(peerUser); + meta.bundleName = aclParams.accCaller.bundleName; + meta.storeId = local.storeId; + if (!MetaDataManager::GetInstance().LoadMeta(meta.GetKey(), meta)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d, bundleName:%{public}s, store:%{public}s", + Anonymous::Change(targetDeviceId).c_str(), peerUser, meta.bundleName.c_str(), + Anonymous::Change(meta.storeId).c_str()); + return false; + } + aclParams.accCallee.accountId = meta.account; + aclParams.accCallee.tokenId = meta.tokenId; + aclParams.accCallee.userId = peerUser; + ZLOGI("find... add log"); + return true; +} + +uint64_t SessionManager::GetTokenId(const std::string &bundleName, const SessionPoint &local) const +{ + StoreMetaData meta; + meta.deviceId = local.deviceId; + meta.user = std::to_string(local.userId); + meta.bundleName = bundleName; + meta.storeId = local.storeId; + if (!MetaDataManager::GetInstance().LoadMeta(meta.GetKey(), meta)) { + ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d, bundleName:%{public}s, store:%{public}s", + Anonymous::Change(local.deviceId).c_str(), local.userId, bundleName.c_str(), + Anonymous::Change(local.storeId).c_str()); + } + ZLOGI("find... add log"); + return meta.tokenId; +} + bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint &peer, bool accountFlag) const { AclParams aclParams; diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index c41e30c2381316ba24f4d9d574b47d2245e6a143..c686a64eff42d1b95ecf08ea7a2fdd50789194fb 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -60,6 +60,9 @@ private: AclParams &aclParams) const; bool GetRecvAuthParams(const SessionPoint &local, const SessionPoint &peer, bool accountFlag, AclParams &aclParams) const; + bool GetAclCalleeParams(int32_t peerUser, const std::string &targetDeviceId, + const SessionPoint &local, AclParams &aclParams) const; + uint64_t GetTokenId(const std::string &bundleName, const SessionPoint &local) const; }; } // namespace OHOS::DistributedData