diff --git a/services/distributeddataservice/adapter/include/communicator/commu_types.h b/services/distributeddataservice/adapter/include/communicator/commu_types.h index f64fa0dc1f9abbd4696de10392ac362abace9ec6..a7a2e19370501dd505e4b090741ec41568f021c7 100644 --- a/services/distributeddataservice/adapter/include/communicator/commu_types.h +++ b/services/distributeddataservice/adapter/include/communicator/commu_types.h @@ -28,6 +28,7 @@ struct API_EXPORT AccessCaller { std::string bundleName; std::string networkId; int32_t userId; + std::string appId; }; struct API_EXPORT AccessCallee { diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 9e8319c83b4fdcc4fac3de9b43082c2e76d48904..cbf88385e07ccce86bfee6f4009409ae71fbb291 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -384,7 +384,8 @@ void KvStoreDataService::LoadConfigs() Bootstrap::GetInstance().LoadCloud(); Bootstrap::GetInstance().LoadAppIdMappings(); Bootstrap::GetInstance().LoadAutoSyncApps(); - Bootstrap::GetInstance().LoadSyncTrustedApp(); + Bootstrap::GetInstance().LoadSessionSyncApps(); + Bootstrap::GetInstance().LoadSASyncApps(); } void KvStoreDataService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index 2399a18eff94ca990525dc2ace5a8be6adfc64b8..d318b5586a04ef1f7463f04f3aec80624b591a89 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -24,9 +24,11 @@ #include "device_manager_adapter.h" #include "kvstore_meta_manager.h" #include "log_print.h" +#include "metadata/appid_meta_data.h" #include "metadata/meta_data_manager.h" #include "metadata/store_meta_data.h" #include "securec.h" +#include "sync_mgr/sync_mgr.h" #include "upgrade_manager.h" #include "bootstrap.h" #include "utils/anonymous.h" @@ -38,7 +40,6 @@ using namespace std::chrono; using DmAdapter = DistributedData::DeviceManagerAdapter; using DBManager = DistributedDB::KvStoreDelegateManager; constexpr const int ALIGN_WIDTH = 8; -constexpr const char *DEFAULT_USERID = "0"; constexpr const char *DATA_OBJECT_STORE_ID = "distributedObject_"; constexpr const char *UDMF_STORE_ID = "drag"; @@ -66,24 +67,13 @@ void RouteHeadHandlerImpl::Init() if (deviceId_.empty() || !DmAdapter::GetInstance().IsOHOSType(deviceId_)) { return; } - if (userId_ != DEFAULT_USERID) { - StoreMetaData metaData; - metaData.deviceId = deviceId_; - metaData.user = DEFAULT_USERID; - metaData.bundleName = appId_; - metaData.storeId = storeId_; - if (MetaDataManager::GetInstance().LoadMeta(metaData.GetKeyWithoutPath(), metaData)) { - userId_ = DEFAULT_USERID; - } - } - if (appId_ == Bootstrap::GetInstance().GetProcessLabel() && storeId_ != Bootstrap::GetInstance().GetMetaDBName()) { - int foregroundUserId = 0; - AccountDelegate::GetInstance()->QueryForegroundUserId(foregroundUserId); - userId_ = std::to_string(foregroundUserId); + AppIDMetaData appIdMeta; + if (!MetaDataManager::GetInstance().LoadMeta(appId_, appIdMeta, true)) { + return; } SessionPoint localPoint { DmAdapter::GetInstance().GetLocalDevice().uuid, static_cast(atoi(userId_.c_str())), appId_, storeId_, - AccountDelegate::GetInstance()->GetCurrentAccountId() }; + AccountDelegate::GetInstance()->GetCurrentAccountId(), appIdMeta.bundleName }; session_ = SessionManager::GetInstance().GetSession(localPoint, deviceId_); ZLOGD("valid session:appId:%{public}s, srcDevId:%{public}s, srcUser:%{public}u, trgDevId:%{public}s,", session_.appId.c_str(), Anonymous::Change(session_.sourceDeviceId).c_str(), @@ -114,11 +104,13 @@ DistributedDB::DBStatus RouteHeadHandlerImpl::GetHeadDataSize(uint32_t &headSize if (appId_.empty()) { return DistributedDB::DB_ERROR; } - if (!AppAccessCheckConfigManager::GetInstance().IsTrust( - AppIdMappingConfigManager::GetInstance().Convert(appId_))) { - return DistributedDB::DB_ERROR; + auto bundleName = AppIdMappingConfigManager::GetInstance().Convert(appId_); + if (!bundleName.empty() && SyncManager::GetInstance().IsSessionSyncApp(bundleName, appId_) { + return DistributedDB::OK; } - return DistributedDB::OK; + ZLOGE("deviceId:%{public}s, bundleName:%{public}s is not allow send", + Anonymous::Change(session_.targetDeviceId).c_str(), bundleName.c_str()) + return DistributedDB::DB_ERROR; } bool flag = false; auto peerCap = UpgradeManager::GetInstance().GetCapability(session_.targetDeviceId, flag); @@ -332,58 +324,66 @@ std::string RouteHeadHandlerImpl::ParseStoreId(const std::string &deviceId, cons bool RouteHeadHandlerImpl::ParseHeadDataUser(const uint8_t *data, uint32_t totalLen, const std::string &label, std::vector &userInfos) { + bool flag = false; + auto peerCap = UpgradeManager::GetInstance().GetCapability(session_.sourceDeviceId, flag); + if (!flag) { + ZLOGI("get peer cap failed, peer deviceId:%{public}s", Anonymous::Change(session_.sourceDeviceId).c_str()); + return false; + } uint32_t headSize = 0; - auto ret = UnPackData(data, totalLen, headSize); + auto ret = UnPackData(data, totalLen, headSize, peerCap.version); if (!ret) { return false; } auto time = static_cast(duration_cast(system_clock::now().time_since_epoch()).count()); ZLOGI("unpacked size:%{public}u times %{public}" PRIu64 ".", headSize, time); - - if (DmAdapter::GetInstance().IsOHOSType(session_.sourceDeviceId)) { - auto storeId = ParseStoreId(session_.targetDeviceId, label); - if (!storeId.empty() && std::to_string(session_.sourceUserId) == DEFAULT_USERID) { - StoreMetaData metaData; - metaData.deviceId = session_.targetDeviceId; - metaData.user = DEFAULT_USERID; - metaData.bundleName = session_.appId; - metaData.storeId = std::move(storeId); - if (!MetaDataManager::GetInstance().LoadMeta(metaData.GetKeyWithoutPath(), metaData)) { - int foregroundUserId = 0; - AccountDelegate::GetInstance()->QueryForegroundUserId(foregroundUserId); - UserInfo userInfo = { .receiveUser = std::to_string(foregroundUserId), - .sendUser = std::to_string(session_.sourceUserId) }; - userInfos.emplace_back(userInfo); - return true; - } - } + auto storeId = ParseStoreId(session_.targetDeviceId, label); + if (storeId.empty()) { + return false; } - - // flip the local and peer ends - SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId }; + AppIDMetaData appIdMeta; + if (!MetaDataManager::GetInstance().LoadMeta(session_.appId, appIdMeta, true)) { + return false; + } + bool accountFlag = peerCap.version >= CapMetaData::ACCOUNT_VERSION; + SessionPoint local { .deviceId = session_.targetDeviceId, .appId = session_.appId, + .accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(), .bundleName = appIdMeta.bundleName }; SessionPoint peer { .deviceId = session_.sourceDeviceId, .userId = session_.sourceUserId, .appId = session_.appId, - .accountId = session_.accountId }; + .accountId = session_.accountId, .bundleName = appIdMeta.bundleName }; ZLOGD("valid session:appId:%{public}s, srcDevId:%{public}s, srcUser:%{public}u, trgDevId:%{public}s,", session_.appId.c_str(), Anonymous::Change(session_.sourceDeviceId).c_str(), session_.sourceUserId, Anonymous::Change(session_.targetDeviceId).c_str()); - bool flag = false; - auto peerCap = UpgradeManager::GetInstance().GetCapability(session_.sourceDeviceId, flag); - if (!flag) { - ZLOGI("get peer cap failed, peer deviceId:%{public}s", Anonymous::Change(session_.sourceDeviceId).c_str()); - return false; - } - bool accountFlag = peerCap.version >= CapMetaData::ACCOUNT_VERSION; + for (const auto &item : session_.targetUserIds) { local.userId = item; if (SessionManager::GetInstance().CheckSession(local, peer, accountFlag)) { - UserInfo userInfo = { .receiveUser = std::to_string(item), .sendUser = std::to_string(peer.userId) }; + if (item == 0) { + int foregroundUserId = 0; + if (!AccountDelegate::GetInstance()->QueryForegroundUserId(foregroundUserId)) { + break; + } + StoreMetaData metaData; + metaData.deviceId = session_.targetDeviceId; + metaData.user = foregroundUserId; + metaData.bundleName = appIdMeta.bundleName; + metaData.storeId = storeId; + UserInfo userInfo; + userInfo.sendUser = std::to_string(session_.sourceUserId); + bool flag = MetaDataManager::GetInstance().LoadMeta(metaData.GetKeyWithoutPath(), metaData); + local.userId = flag ? foregroundUserId : item; + } + UserInfo userInfo; + userInfo.sendUser = std::to_string(peer.userId); + userInfo.receiveUser = std::to_string(local.userId); userInfos.emplace_back(userInfo); + break; } } return true; } -bool RouteHeadHandlerImpl::UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize) +bool RouteHeadHandlerImpl::UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize, + int32_t capMetaVersion) { if (data == nullptr || totalLen < sizeof(RouteHead)) { ZLOGE("invalid input data, totalLen:%{public}d", totalLen); @@ -393,7 +393,7 @@ bool RouteHeadHandlerImpl::UnPackData(const uint8_t *data, uint32_t totalLen, ui RouteHead head = { 0 }; bool result = UnPackDataHead(data, totalLen, head); if (result && head.version == RouteHead::VERSION) { - auto isOk = UnPackDataBody(data + sizeof(RouteHead), totalLen - sizeof(RouteHead)); + auto isOk = UnPackDataBody(data + sizeof(RouteHead), totalLen - sizeof(RouteHead), capMetaVersion); if (isOk) { unpackedSize = sizeof(RouteHead) + head.dataLen; } @@ -424,7 +424,7 @@ bool RouteHeadHandlerImpl::UnPackDataHead(const uint8_t *data, uint32_t totalLen return true; } -bool RouteHeadHandlerImpl::UnPackDataBody(const uint8_t *data, uint32_t totalLen) +bool RouteHeadHandlerImpl::UnPackDataBody(const uint8_t *data, uint32_t totalLen, int32_t capMetaVersion) { uint8_t *ptr = const_cast(data); uint32_t leftSize = totalLen; @@ -462,13 +462,7 @@ bool RouteHeadHandlerImpl::UnPackDataBody(const uint8_t *data, uint32_t totalLen if (!UnPackAppId(&ptr, leftSize)) { return false; } - bool flag = false; - auto peerCap = UpgradeManager::GetInstance().GetCapability(session_.sourceDeviceId, flag); - if (!flag) { - ZLOGE("get peer cap failed, peer deviceId:%{public}s", Anonymous::Change(session_.sourceDeviceId).c_str()); - return false; - } - if (peerCap.version >= CapMetaData::ACCOUNT_VERSION && + if (capMetaVersion >= CapMetaData::ACCOUNT_VERSION && (!UnPackStoreId(&ptr, leftSize) || !UnPackAccountId(&ptr, leftSize))) { return false; } diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h index 85611780bd5256677d1d59686296a4a67622bbbc..69a471f31143cd0d91470fe2ba31caf6deb0506e 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.h @@ -85,9 +85,9 @@ private: bool PackAppId(uint8_t **data, const uint8_t *end); bool PackStoreId(uint8_t **data, const uint8_t *end); bool PackAccountId(uint8_t **data, const uint8_t *end); - bool UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize); + bool UnPackData(const uint8_t *data, uint32_t totalLen, uint32_t &unpackedSize, int32_t capMetaVersion); bool UnPackDataHead(const uint8_t *data, uint32_t totalLen, RouteHead &routeHead); - bool UnPackDataBody(const uint8_t *data, uint32_t totalLen); + bool UnPackDataBody(const uint8_t *data, uint32_t totalLen, int32_t capMetaVersion); bool UnPackAppId(uint8_t **data, uint32_t leftSize); bool UnPackStoreId(uint8_t **data, uint32_t leftSize); bool UnPackAccountId(uint8_t **data, uint32_t leftSize); diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index cb435f6fb7e4e66e16f64ddff865e6b03bec3c9e..fe163964dfefa0034e5141c3c399d972f9c33022 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -41,7 +41,6 @@ SessionManager &SessionManager::GetInstance() Session SessionManager::GetSession(const SessionPoint &local, const std::string &targetDeviceId) const { - ZLOGD("begin. peer device:%{public}s", Anonymous::Change(targetDeviceId).c_str()); Session session; session.appId = local.appId; session.storeId = local.storeId; @@ -49,25 +48,28 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string session.sourceDeviceId = local.deviceId; session.targetDeviceId = targetDeviceId; session.accountId = local.accountId; - auto users = UserDelegate::GetInstance().GetRemoteUserStatus(targetDeviceId); - // system service - if (local.userId == UserDelegate::SYSTEM_USER) { - session.targetUserIds.push_back(UserDelegate::SYSTEM_USER); - } - - AclParams aclParams; - if (!GetSendAuthParams(local, targetDeviceId, aclParams)) { - ZLOGE("get send auth params failed:%{public}s", Anonymous::Change(targetDeviceId).c_str()); + + auto [flag, authType] = LoadMetaData(local); + if (!flag) { return session; } + AclParams aclParams; + aclParams.accCaller.bundleName = local.bundleName; + aclParams.accCaller.accountId = local.accountId; + aclParams.accCaller.userId = local.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCaller.appId = local.appId; + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); + aclParams.authType = authType; + auto users = UserDelegate::GetInstance().GetRemoteUserStatus(targetDeviceId); std::vector targetUsers {}; for (const auto &user : users) { aclParams.accCallee.userId = user.id; - auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, user.id, - targetDeviceId, aclParams); - ZLOGD("targetDeviceId:%{public}s, user.id:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", + auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(aclParams); + ZLOGI("targetDeviceId:%{public}s, peerUser:%{public}d, isPermitted:%{public}d, isSameAccount:%{public}d", Anonymous::Change(targetDeviceId).c_str(), user.id, isPermitted, isSameAccount); + // acl is invalid, isSameAccount is first, isPermitted is second if (isPermitted) { auto it = std::find(session.targetUserIds.begin(), session.targetUserIds.end(), user.id); if (it == session.targetUserIds.end() && isSameAccount) { @@ -79,84 +81,42 @@ Session SessionManager::GetSession(const SessionPoint &local, const std::string } } session.targetUserIds.insert(session.targetUserIds.end(), targetUsers.begin(), targetUsers.end()); - ZLOGD("access to peer users:%{public}s", DistributedData::Serializable::Marshall(session.targetUserIds).c_str()); + ZLOGI("access to peer users:%{public}s", DistributedData::Serializable::Marshall(session.targetUserIds).c_str()); return session; } -bool SessionManager::GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams) const -{ - std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ local.deviceId }), metaData)) { - ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(local.deviceId).c_str(), - local.userId); - return false; - } - for (const auto &storeMeta : metaData) { - if (storeMeta.appId == local.appId && storeMeta.storeId == local.storeId) { - aclParams.accCaller.bundleName = storeMeta.bundleName; - aclParams.accCaller.accountId = local.accountId; - aclParams.accCaller.userId = local.userId; - aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); - - aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(targetDeviceId); - aclParams.authType = storeMeta.authType; - return true; - } - } - ZLOGE("get params failed,appId:%{public}s,localDevId:%{public}s,tarDevid:%{public}s,user:%{public}d,", - local.appId.c_str(), Anonymous::Change(local.deviceId).c_str(), - Anonymous::Change(targetDeviceId).c_str(), local.userId); - return false; -} - -bool SessionManager::GetRecvAuthParams(const SessionPoint &local, const SessionPoint &peer, bool accountFlag, - AclParams &aclParams) const -{ - std::vector metaData; - if (!MetaDataManager::GetInstance().LoadMeta(StoreMetaData::GetPrefix({ peer.deviceId }), metaData)) { - ZLOGE("load meta failed, deviceId:%{public}s, user:%{public}d", Anonymous::Change(peer.deviceId).c_str(), - peer.userId); - return false; - } - for (const auto &storeMeta : metaData) { - if (storeMeta.appId == local.appId) { - auto accountId = AccountDelegate::GetInstance()->GetCurrentAccountId(); - aclParams.accCaller.bundleName = storeMeta.bundleName; - aclParams.accCaller.accountId = accountId; - aclParams.accCaller.userId = local.userId; - aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); - - aclParams.accCallee.accountId = accountFlag ? peer.accountId : accountId; - aclParams.accCallee.userId = peer.userId; - aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(peer.deviceId); - aclParams.authType = storeMeta.authType; - return true; - } - } - - ZLOGE("get params failed,appId:%{public}s,tarDevid:%{public}s,user:%{public}d,peer:%{public}d", - local.appId.c_str(), Anonymous::Change(peer.deviceId).c_str(), local.userId, peer.userId); - return false; -} - bool SessionManager::CheckSession(const SessionPoint &local, const SessionPoint &peer, bool accountFlag) const { - AclParams aclParams; - if (!GetRecvAuthParams(local, peer, accountFlag, aclParams)) { - ZLOGE("get recv auth params failed:%{public}s", Anonymous::Change(peer.deviceId).c_str()); + auto [flag, authType] = LoadMetaData(local); + if (!flag) { return false; } - auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(local.userId, - peer.userId, peer.deviceId, aclParams); - ZLOGD("peer.deviceId:%{public}s, peer.userId:%{public}d, isPermitted:%{public}d, isSameAccount: %{public}d", + AclParams aclParams; + aclParams.accCaller.bundleName = local.bundleName; + aclParams.accCaller.accountId = local.accountId; + aclParams.accCaller.userId = local.userId; + aclParams.accCaller.networkId = DmAdapter::GetInstance().ToNetworkID(local.deviceId); + aclParams.accCallee.accountId = accountFlag ? peer.accountId : local.accountId; + aclParams.accCallee.userId = peer.userId; + aclParams.accCallee.networkId = DmAdapter::GetInstance().ToNetworkID(peer.deviceId); + aclParams.authType = authType; + auto [isPermitted, isSameAccount] = AuthDelegate::GetInstance()->CheckAccess(aclParams); + ZLOGI("peer.deviceId:%{public}s, peer.userId:%{public}d, isPermitted:%{public}d, isSameAccount:%{public}d", Anonymous::Change(peer.deviceId).c_str(), peer.userId, isPermitted, isSameAccount); - if (isPermitted && local.userId != UserDelegate::SYSTEM_USER) { - isPermitted = Account::GetInstance()->IsUserForeground(local.userId); - } return isPermitted; } +std::pair SessionManager::LoadMetaData(const SessionPoint &local) const +{ + StoreMetaData metaData; + metaData.deviceId = local.deviceId; + metaData.user = local.userId; + metaData.bundleName = local.bundleName; + metaData.storeId = local.storeId; + bool flag = MetaDataManager::GetInstance().LoadMeta(metaData.GetKeyWithoutPath(), metaData); + return std::make_pair(flag, metaData.authType); +} + bool Session::Marshal(json &node) const { bool ret = true; diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.h b/services/distributeddataservice/app/src/session_manager/session_manager.h index c41e30c2381316ba24f4d9d574b47d2245e6a143..f65fcfae8cc9296542c3cfffa87c139c1d238a96 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.h +++ b/services/distributeddataservice/app/src/session_manager/session_manager.h @@ -31,6 +31,7 @@ struct SessionPoint { std::string appId; std::string storeId; std::string accountId; + std::string bundleName; }; class Session : public Serializable { @@ -56,11 +57,7 @@ public: Session GetSession(const SessionPoint &local, const std::string &targetDeviceId) const; bool CheckSession(const SessionPoint &local, const SessionPoint &peer, bool accountFlag) const; private: - bool GetSendAuthParams(const SessionPoint &local, const std::string &targetDeviceId, - AclParams &aclParams) const; - bool GetRecvAuthParams(const SessionPoint &local, const SessionPoint &peer, bool accountFlag, - AclParams &aclParams) const; + std::pair LoadMetaData(const SessionPoint &local) const; }; } // namespace OHOS::DistributedData - -#endif // DISTRIBUTEDDATAMGR_SESSIONMANAGER_H +#endif // DISTRIBUTEDDATAMGR_SESSIONMANAGER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/include/sync_mgr/sync_mgr.h b/services/distributeddataservice/framework/include/sync_mgr/sync_mgr.h index 5907e8594b734d676a670774da40ecc55fe3332c..04cb80023599b9076a6932f6d541e86096dfd705 100644 --- a/services/distributeddataservice/framework/include/sync_mgr/sync_mgr.h +++ b/services/distributeddataservice/framework/include/sync_mgr/sync_mgr.h @@ -29,6 +29,19 @@ public: std::string bundleName; std::vector storeIds; }; + + struct SessionSyncInfo { + uint32_t version = 0; + std::string appId; + std::string bundleName; + }; + + struct SASyncInfo { + uint32_t version = 0; + std::string appId; + std::string bundleName; + }; + API_EXPORT static SyncManager &GetInstance(); API_EXPORT void Initialize(const std::vector &autoSyncApps); API_EXPORT void SetAutoSyncAppInfo(const AutoSyncInfo &autoSyncApp); @@ -37,9 +50,17 @@ public: const std::string &store); API_EXPORT bool NeedForceReplaceSchema(const AutoSyncInfo &autoSyncApp); + API_EXPORT void SetSessionSyncAppInfo(const SessionSyncInfo &sessionSyncApp); + API_EXPORT bool IsSessionSyncApp(const std::string &bundleName, const std::string &appId); + + API_EXPORT void SetSASyncAppInfo(const SASyncInfo &saSyncApp); + API_EXPORT bool IsSASyncApp(const std::string &bundleName, const std::string &appId); + private: SyncManager(); std::map autoSyncApps_; + std::map sessionSyncApps_; + std::map saSyncApps_; }; } // namespace OHOS::DistributedData #endif // DISTRIBUTEDDATAMGR_DEVICE_SYNC_APP_MANAGER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/sync_mgr/sync_mgr.cpp b/services/distributeddataservice/framework/sync_mgr/sync_mgr.cpp index 9b7d91f0fb6884e10d23136fee0cf0dab444a2b0..065c0b90216b9f38ede10649eb60c223ac46b230 100644 --- a/services/distributeddataservice/framework/sync_mgr/sync_mgr.cpp +++ b/services/distributeddataservice/framework/sync_mgr/sync_mgr.cpp @@ -73,4 +73,32 @@ bool SyncManager::NeedForceReplaceSchema(const AutoSyncInfo &autoSyncApp) } return ((it->second.version == autoSyncApp.version) && (it->second.appId == autoSyncApp.appId)); } + +void SyncManager::SetSessionSyncAppInfo(const SessionSyncInfo &sessionSyncApp) +{ + sessionSyncApps_[sessionSyncApp.bundleName] = sessionSyncApp; +} + +bool SyncManager::IsSessionSyncApp(const std::string &bundleName, const std::string &appId) +{ + auto it = sessionSyncApps_.find(bundleName); + if (it == sessionSyncApps_.end()) { + return false; + } + return it->second.appId == appId; +} + +void SyncManager::SetSASyncAppInfo(const SASyncInfo &saSyncApp) +{ + saSyncApps_[saSyncApp.bundleName] = saSyncApp; +} + +bool SyncManager::IsSASyncApp(const std::string &bundleName, const std::string &appId) +{ + auto it = saSyncApps_.find(bundleName); + if (it == saSyncApps_.end()) { + return false; + } + return it->second.appId == appId; +} } // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/service/bootstrap/include/bootstrap.h b/services/distributeddataservice/service/bootstrap/include/bootstrap.h index eb94790ba16ff2b04a7bf132ba299df0468abd39..21cf21dad0d174357f0ed3172ed272898c02e04f 100644 --- a/services/distributeddataservice/service/bootstrap/include/bootstrap.h +++ b/services/distributeddataservice/service/bootstrap/include/bootstrap.h @@ -34,6 +34,8 @@ public: API_EXPORT void LoadAppIdMappings(); API_EXPORT void LoadThread(); API_EXPORT void LoadAutoSyncApps(); + API_EXPORT void LoadSessionSyncApps(); + API_EXPORT void LoadSASyncApps(); API_EXPORT void LoadSyncTrustedApp(); private: static constexpr const char *DEFAULT_LABEL = "distributeddata"; diff --git a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp index a241ef80b5a70acd7be22127e5dbfd7e7349a200..6e0e0d1e470641b8e3279b513ac759ce17ef1d1e 100644 --- a/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp +++ b/services/distributeddataservice/service/bootstrap/src/bootstrap.cpp @@ -222,5 +222,27 @@ void Bootstrap::LoadSyncTrustedApp() } AppAccessCheckConfigManager::GetInstance().Initialize(infos); } + +void Bootstrap::LoadSessionSyncApps() +{ + auto *sessionSyncApps = ConfigFactory::GetInstance().GetSessionSyncAppConfig(); + if (sessionSyncApps == nullptr) { + return; + } + for (auto &sessionSyncApp : *sessionSyncApps) { + SyncManager::GetInstance().SetSessionSyncAppInfo(sessionSyncApp); + } +} + +void Bootstrap::LoadSASyncApps() +{ + auto *saSyncApps = ConfigFactory::GetInstance().GetSASyncAppConfig(); + if (saSyncApps == nullptr) { + return; + } + for (auto &saSyncApp : *saSyncApps) { + SyncManager::GetInstance().SetSASyncAppInfo(saSyncApp); + } +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/BUILD.gn b/services/distributeddataservice/service/config/BUILD.gn index 3b36840999f077d61d6908d8ff729e001317f482..fd9430f769890da55215072b00952aa019e64d96 100644 --- a/services/distributeddataservice/service/config/BUILD.gn +++ b/services/distributeddataservice/service/config/BUILD.gn @@ -36,6 +36,8 @@ ohos_source_set("distributeddata_config") { "src/model/global_config.cpp", "src/model/network_config.cpp", "src/model/protocol_config.cpp", + "src/model/sa_sync_app_config.cpp", + "src/model/session_sync_app_config.cpp", "src/model/thread_config.cpp", ] diff --git a/services/distributeddataservice/service/config/include/config_factory.h b/services/distributeddataservice/service/config/include/config_factory.h index 448eec27a7d810922ec2a7a7ce92b542a0795620..ae6ad7bb4106cc5abc476b610b93fa53b50a3909 100644 --- a/services/distributeddataservice/service/config/include/config_factory.h +++ b/services/distributeddataservice/service/config/include/config_factory.h @@ -36,6 +36,8 @@ public: API_EXPORT DataShareConfig *GetDataShareConfig(); API_EXPORT std::vector *GetAutoSyncAppConfig(); API_EXPORT AppAccessCheckConfig *GetSyncAppsConfig(); + API_EXPORT std::vector *GetSessionSyncAppConfig(); + API_EXPORT std::vector *GetSASyncAppConfig(); private: static constexpr const char *CONF_PATH = "/system/etc/distributeddata/conf"; ConfigFactory(); diff --git a/services/distributeddataservice/service/config/include/model/global_config.h b/services/distributeddataservice/service/config/include/model/global_config.h index da3c907d41e05e8d468cb3234b1c504baaf2b0de..0c83ca7cd470b0cadb77e286f615e5971a472d99 100644 --- a/services/distributeddataservice/service/config/include/model/global_config.h +++ b/services/distributeddataservice/service/config/include/model/global_config.h @@ -25,6 +25,8 @@ #include "model/datashare_config.h" #include "model/directory_config.h" #include "model/network_config.h" +#include "model/sa_sync_app_config.h" +#include "model/session_sync_app_config.h" #include "model/thread_config.h" #include "serializable/serializable.h" namespace OHOS { @@ -45,6 +47,8 @@ public: ThreadConfig *thread = nullptr; DataShareConfig *dataShare = nullptr; std::vector *autoSyncApps = nullptr; + std::vector *saSyncApps = nullptr; + std::vector *sessionSyncApps = nullptr; AppAccessCheckConfig *syncAppList = nullptr; ~GlobalConfig(); bool Marshal(json &node) const override; diff --git a/services/distributeddataservice/service/config/include/model/sa_sync_app_config.h b/services/distributeddataservice/service/config/include/model/sa_sync_app_config.h new file mode 100644 index 0000000000000000000000000000000000000000..55478565f33d49eb0ed853d9035f5eeb5a467e1a --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/sa_sync_app_config.h @@ -0,0 +1,31 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SA_SYNC_APP_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SA_SYNC_APP_CONFIG_H + +#include "sync_mgr/sync_mgr.h" +#include "serializable/serializable.h" + +namespace OHOS { +namespace DistributedData { +struct SASyncAppConfig final : public Serializable, public SyncManager::SASyncInfo { +public: + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; +}; +} // namespace DistributedData +} // namespace OHOS +#endif // OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SA_SYNC_APP_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/include/model/session_sync_app_config.h b/services/distributeddataservice/service/config/include/model/session_sync_app_config.h new file mode 100644 index 0000000000000000000000000000000000000000..b1f7fc7d69d096abc3f625df7ae5dfd6e5f819b5 --- /dev/null +++ b/services/distributeddataservice/service/config/include/model/session_sync_app_config.h @@ -0,0 +1,31 @@ +/* +* Copyright (c) 2025 Huawei Device Co., Ltd. +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +#ifndef OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SESSION_SYNC_APP_CONFIG_H +#define OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SESSION_SYNC_APP_CONFIG_H + +#include "sync_mgr/sync_mgr.h" +#include "serializable/serializable.h" + +namespace OHOS { +namespace DistributedData { +struct SessionSyncAppConfig final : public Serializable, public SyncManager::SessionSyncInfo { +public: + bool Marshal(json &node) const override; + bool Unmarshal(const json &node) override; +}; +} // namespace DistributedData +} // namespace OHOS +#endif // OHOS_DISTRIBUTED_DATA_SERVICES_CONFIG_MODEL_SESSION_SYNC_APP_CONFIG_H \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/config_factory.cpp b/services/distributeddataservice/service/config/src/config_factory.cpp index 9c7c7cdd32ad042448939540a22a631d546429c1..2c1f45143961d7a3a67e8b44b00b7b3dd4f5f748 100644 --- a/services/distributeddataservice/service/config/src/config_factory.cpp +++ b/services/distributeddataservice/service/config/src/config_factory.cpp @@ -106,5 +106,15 @@ AppAccessCheckConfig *ConfigFactory::GetSyncAppsConfig() { return config_.syncAppList; } + +std::vector *ConfigFactory::GetSessionSyncAppConfig() +{ + return config_.sessionSyncApps; +} + +std::vector *ConfigFactory::GetSASyncAppConfig() +{ + return config_.saSyncApps; +} } // namespace DistributedData } // namespace OHOS \ No newline at end of file diff --git a/services/distributeddataservice/service/config/src/model/global_config.cpp b/services/distributeddataservice/service/config/src/model/global_config.cpp index 09891bc37e9d54061037476e132d6923b9105fdc..f12ec0265fd8b83129133babf86486697f0abd7d 100644 --- a/services/distributeddataservice/service/config/src/model/global_config.cpp +++ b/services/distributeddataservice/service/config/src/model/global_config.cpp @@ -32,6 +32,8 @@ bool GlobalConfig::Marshal(json &node) const SetValue(node[GET_NAME(thread)], thread); SetValue(node[GET_NAME(dataShare)], dataShare); SetValue(node[GET_NAME(autoSyncApps)], autoSyncApps); + SetValue(node[GET_NAME(saSyncApps)], saSyncApps); + SetValue(node[GET_NAME(sessionSyncApps)], sessionSyncApps); SetValue(node[GET_NAME(syncAppList)], syncAppList); return true; } @@ -52,6 +54,8 @@ bool GlobalConfig::Unmarshal(const json &node) GetValue(node, GET_NAME(thread), thread); GetValue(node, GET_NAME(dataShare), dataShare); GetValue(node, GET_NAME(autoSyncApps), autoSyncApps); + GetValue(node, GET_NAME(saSyncApps), saSyncApps); + GetValue(node, GET_NAME(sessionSyncApps), sessionSyncApps); GetValue(node, GET_NAME(syncAppList), syncAppList); return true; } @@ -68,6 +72,8 @@ GlobalConfig::~GlobalConfig() delete thread; delete dataShare; delete autoSyncApps; + delete saSyncApps; + delete sessionSyncApps; delete syncAppList; } } // namespace DistributedData diff --git a/services/distributeddataservice/service/config/src/model/sa_sync_app_config.cpp b/services/distributeddataservice/service/config/src/model/sa_sync_app_config.cpp new file mode 100644 index 0000000000000000000000000000000000000000..65569f9687e0a008373f2b9a5e08aa36633d0ea1 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/sa_sync_app_config.cpp @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "model/sa_sync_app_config.h" + +namespace OHOS { +namespace DistributedData { +bool SAAppConfig::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(version)], version); + SetValue(node[GET_NAME(appId)], appId); + SetValue(node[GET_NAME(bundleName)], bundleName); + return true; +} +bool SAAppConfig::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(version), version); + GetValue(node, GET_NAME(appId), appId); + GetValue(node, GET_NAME(bundleName), bundleName); + return true; +} +} // namespace DistributedData +} // namespace OHOS diff --git a/services/distributeddataservice/service/config/src/model/session_sync_app_config.cpp b/services/distributeddataservice/service/config/src/model/session_sync_app_config.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6298647424d050d0ec629fa8603c75e10ecff956 --- /dev/null +++ b/services/distributeddataservice/service/config/src/model/session_sync_app_config.cpp @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "model/session_sync_app_config.h" + +namespace OHOS { +namespace DistributedData { +bool SessionSyncAppConfig::Marshal(Serializable::json &node) const +{ + SetValue(node[GET_NAME(version)], version); + SetValue(node[GET_NAME(appId)], appId); + SetValue(node[GET_NAME(bundleName)], bundleName); + return true; +} +bool SessionSyncAppConfig::Unmarshal(const Serializable::json &node) +{ + GetValue(node, GET_NAME(version), version); + GetValue(node, GET_NAME(appId), appId); + GetValue(node, GET_NAME(bundleName), bundleName); + return true; +} +} // namespace DistributedData +} // namespace OHOS diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp index f76965451bf328bfd835be7706c169da18a5f590..ab4998c4cb369131bd7994f508609b37715a9a4f 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -14,89 +14,63 @@ */ #define LOG_TAG "AuthHandler" + #include "auth_delegate.h" -#include "checker/checker_manager.h" +#include "account/account_delegate.h" #include "device_manager_adapter.h" #include "log_print.h" -#include "user_delegate.h" +#include "sync_mgr/sync_mgr.h" #include "utils/anonymous.h" -#include "metadata/store_meta_data.h" -#include "metadata/meta_data_manager.h" + namespace OHOS::DistributedData { using DmAdapter = OHOS::DistributedData::DeviceManagerAdapter; class AuthHandlerStub : public AuthHandler { public: // override for mock auth in current version, need remove in the future - std::pair CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) override; + std::pair CheckAccess(const AclParams &aclParams) override; private: - bool IsUserActive(const std::vector &users, int32_t userId); - bool CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId); - bool IsSystemUser(int localUserId, int peerUserId); - static constexpr pid_t UID_CAPACITY = 10000; + std::pair CheckSystemAccess(const AclParams &aclParams); static constexpr int SYSTEM_USER = 0; }; -bool AuthHandlerStub::IsSystemUser(int localUserId, int peerUserId) -{ - return localUserId == SYSTEM_USER && peerUserId == SYSTEM_USER; -} - -bool AuthHandlerStub::CheckUsers(int localUserId, int peerUserId, const std::string &peerDeviceId) +std::pair AuthHandlerStub::CheckSystemAccess(const AclParams &aclParams) { - if (localUserId == SYSTEM_USER) { - return peerUserId == SYSTEM_USER; + if (aclParams.accCallee.userId != SYSTEM_USER) { + return std::make_pair(false, false); } - - auto localUsers = UserDelegate::GetInstance().GetLocalUserStatus(); - auto peerUsers = UserDelegate::GetInstance().GetRemoteUserStatus(peerDeviceId); - return peerUserId != SYSTEM_USER && IsUserActive(localUsers, localUserId) && IsUserActive(peerUsers, peerUserId); + auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee); + if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { + return std::make_pair(isSameAccount, isSameAccount); + } + if (isSameAccount || + SyncManager::GetInstance().IsSASyncApp(aclParams.accCaller.bundleName, aclParams.accCaller.appId)) { + return std::make_pair(true, isSameAccount); + } + return std::make_pair(false, false); } -std::pair AuthHandlerStub::CheckAccess(int localUserId, int peerUserId, const std::string &peerDeviceId, - const AclParams &aclParams) +std::pair AuthHandlerStub::CheckAccess(const AclParams &aclParams) { - if (IsSystemUser(localUserId, peerUserId)) { - return std::make_pair(true, false); + if (aclParams.accCaller.userId == SYSTEM_USER) { + return CheckSystemAccess(aclParams); } - if (!CheckUsers(localUserId, peerUserId, peerDeviceId)) { + if (aclParams.accCallee.userId == SYSTEM_USER) { return std::make_pair(false, false); } - if (aclParams.authType == static_cast(DistributedKv::AuthType::DEFAULT)) { - if (DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee)) { - return std::make_pair(true, true); - } - if (DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee)) { - return std::make_pair(true, false); - } - ZLOGE("CheckAccess failed. bundleName:%{public}s, localUser:%{public}d, peerUser:%{public}d", - aclParams.accCaller.bundleName.c_str(), localUserId, peerUserId); + if (!AccountDelegate::GetInstance()->IsUserForeground(aclParams.accCaller.userId)) { return std::make_pair(false, false); } - + auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee); if (aclParams.authType == static_cast(DistributedKv::AuthType::IDENTICAL_ACCOUNT)) { - auto isSameAccount = DmAdapter::GetInstance().IsSameAccount(aclParams.accCaller, aclParams.accCallee); return std::make_pair(isSameAccount, isSameAccount); } - ZLOGE("CheckAccess failed.bundleName:%{public}s,peerDeviceId:%{public}s,authtype:%{public}d", - aclParams.accCaller.bundleName.c_str(), Anonymous::Change(peerDeviceId).c_str(), aclParams.authType); - return std::make_pair(false, false); -} - -bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t userId) -{ - for (const auto &user : users) { - if (user.id == userId && user.isActive) { - return true; - } - } - return false; + auto isAccess = DmAdapter::GetInstance().CheckAccessControl(aclParams.accCaller, aclParams.accCallee); + return std::make_pair(isAccess, isSameAccount); } AuthHandler *AuthDelegate::GetInstance() { - // change auth way in the future static AuthHandlerStub instance; return &instance; } diff --git a/services/distributeddataservice/service/kvdb/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h index 199b7e74599245cbd4f123389bfa89da1a534e75..d1aebbc87960a6a3ca29614580ea483ba36b02f1 100644 --- a/services/distributeddataservice/service/kvdb/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -33,8 +33,7 @@ enum AUTH_GROUP_TYPE { class AuthHandler { public: - virtual std::pair CheckAccess(int localUserId, int peerUserId, - const std::string &peerDeviceId, const AclParams &aclParams); + virtual std::pair CheckAccess(const AclParams &aclParams); }; class AuthDelegate {