From 27f31add3e298a48af92eb176a2232b426f78dc7 Mon Sep 17 00:00:00 2001 From: zuojiangjiang Date: Thu, 21 Apr 2022 10:37:36 +0800 Subject: [PATCH] =?UTF-8?q?fixed=20622d61b=20from=20https://gitee.com/zuo-?= =?UTF-8?q?jiangjiang/distributeddatamgr=5Fdatamgr/pulls/397=20=E5=A4=9A?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=95=B0=E6=8D=AE=E5=90=8C=E6=AD=A5=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E4=BF=AE=E5=A4=8D=20Signed-off-by:=20zuojiangjiang=20?= =?UTF-8?q??= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../adapter/auth/BUILD.gn | 43 --- services/distributeddataservice/app/BUILD.gn | 3 +- .../app/src/kvstore_data_service.cpp | 2 +- .../route_head_handler_impl.cpp | 6 +- .../src/session_manager/session_manager.cpp | 2 +- .../app/src/session_manager/upgrade_manager.h | 2 +- .../app/src/single_kvstore_impl.cpp | 2 +- .../distributeddataservice/app/test/BUILD.gn | 19 +- .../src => service/kvdb}/auth_delegate.cpp | 329 +++++++++--------- .../auth => service/kvdb}/auth_delegate.h | 208 +++++------ 10 files changed, 298 insertions(+), 318 deletions(-) delete mode 100644 services/distributeddataservice/adapter/auth/BUILD.gn rename services/distributeddataservice/{adapter/auth/src => service/kvdb}/auth_delegate.cpp (91%) rename services/distributeddataservice/{adapter/include/auth => service/kvdb}/auth_delegate.h (96%) diff --git a/services/distributeddataservice/adapter/auth/BUILD.gn b/services/distributeddataservice/adapter/auth/BUILD.gn deleted file mode 100644 index 0b250db92..000000000 --- a/services/distributeddataservice/adapter/auth/BUILD.gn +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright (c) 2022 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import("//build/ohos.gni") - -ohos_static_library("distributeddata_auth_static") { - sources = [ "src/auth_delegate.cpp" ] - - include_dirs = [ - "../include", - "../include/autils", - "../include/communicator", - "../include/log", - "//third_party/json/single_include", - "//utils/native/base/include", - "//foundation/distributeddatamgr/distributeddatamgr/frameworks/common", - "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata/include", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework/include", - ] - - cflags_cc = [ "-fvisibility=hidden" ] - - deps = [ - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/framework:distributeddatasvcfwk", - "//utils/native/base:utils", - ] - - external_deps = [ - "deviceauth_standard:deviceauth_sdk", - "hiviewdfx_hilog_native:libhilog", - ] - part_name = "distributeddatamgr" -} diff --git a/services/distributeddataservice/app/BUILD.gn b/services/distributeddataservice/app/BUILD.gn index e7e17bdef..b3f332efe 100644 --- a/services/distributeddataservice/app/BUILD.gn +++ b/services/distributeddataservice/app/BUILD.gn @@ -109,6 +109,7 @@ ohos_shared_library("distributeddataservice") { ] kv_sources = [ + "../service/kvdb/auth_delegate.cpp", "../service/kvdb/executor_factory.cpp", "../service/kvdb/user_delegate.cpp", ] @@ -121,7 +122,6 @@ ohos_shared_library("distributeddataservice") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -139,6 +139,7 @@ ohos_shared_library("distributeddataservice") { "bundle_framework:appexecfwk_base", "bundle_framework:appexecfwk_core", "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", diff --git a/services/distributeddataservice/app/src/kvstore_data_service.cpp b/services/distributeddataservice/app/src/kvstore_data_service.cpp index 1d9310a57..643dab853 100644 --- a/services/distributeddataservice/app/src/kvstore_data_service.cpp +++ b/services/distributeddataservice/app/src/kvstore_data_service.cpp @@ -25,7 +25,7 @@ #include #include -#include "auth/auth_delegate.h" +#include "auth_delegate.h" #include "auto_launch_export.h" #include "bootstrap.h" #include "checker/checker_manager.h" diff --git a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp index dcdb9920b..2947a236f 100644 --- a/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp +++ b/services/distributeddataservice/app/src/session_manager/route_head_handler_impl.cpp @@ -16,7 +16,7 @@ #define LOG_TAG "RouteHeadHandler" -#include "auth/auth_delegate.h" +#include "auth_delegate.h" #include "device_kvstore_impl.h" #include "kvstore_meta_manager.h" #include "log_print.h" @@ -245,8 +245,8 @@ bool RouteHeadHandlerImpl::UnPackDataBody(const uint8_t *data, uint32_t totalLen return false; } const SessionDevicePair *devicePair = reinterpret_cast(ptr); - session_.sourceDeviceId.append(devicePair->sourceDeviceId, DEVICE_ID_SIZE_MAX); - session_.targetDeviceId.append(devicePair->targetDeviceId, DEVICE_ID_SIZE_MAX); + session_.sourceDeviceId.append(devicePair->sourceDeviceId, DEVICE_ID_SIZE_MAX - 1); + session_.targetDeviceId.append(devicePair->targetDeviceId, DEVICE_ID_SIZE_MAX - 1); ptr += sizeof(SessionDevicePair); leftSize -= sizeof(SessionDevicePair); diff --git a/services/distributeddataservice/app/src/session_manager/session_manager.cpp b/services/distributeddataservice/app/src/session_manager/session_manager.cpp index 93d7a6042..da49c05dc 100644 --- a/services/distributeddataservice/app/src/session_manager/session_manager.cpp +++ b/services/distributeddataservice/app/src/session_manager/session_manager.cpp @@ -19,7 +19,7 @@ #include -#include "auth/auth_delegate.h" +#include "auth_delegate.h" #include "checker/checker_manager.h" #include "log/log_print.h" #include "user_delegate.h" diff --git a/services/distributeddataservice/app/src/session_manager/upgrade_manager.h b/services/distributeddataservice/app/src/session_manager/upgrade_manager.h index 7b04ec813..18c044b25 100644 --- a/services/distributeddataservice/app/src/session_manager/upgrade_manager.h +++ b/services/distributeddataservice/app/src/session_manager/upgrade_manager.h @@ -17,7 +17,7 @@ #define DISTRIBUTEDDATAMGR_UPGRADE_MANAGER_H #include -#include "auth/auth_delegate.h" +#include "auth_delegate.h" #include "concurrent_map.h" #include "kvstore_meta_manager.h" #include "metadata/capability_meta_data.h" diff --git a/services/distributeddataservice/app/src/single_kvstore_impl.cpp b/services/distributeddataservice/app/src/single_kvstore_impl.cpp index ddd671361..4f58d0c7f 100644 --- a/services/distributeddataservice/app/src/single_kvstore_impl.cpp +++ b/services/distributeddataservice/app/src/single_kvstore_impl.cpp @@ -18,12 +18,12 @@ #include "single_kvstore_impl.h" #include #include "account_delegate.h" +#include "auth_delegate.h" #include "backup_handler.h" #include "checker/checker_manager.h" #include "constant.h" #include "dds_trace.h" #include "device_kvstore_impl.h" -#include "auth/auth_delegate.h" #include "kvstore_data_service.h" #include "kvstore_utils.h" #include "ipc_skeleton.h" diff --git a/services/distributeddataservice/app/test/BUILD.gn b/services/distributeddataservice/app/test/BUILD.gn index f9ace5b33..7c465b7ea 100644 --- a/services/distributeddataservice/app/test/BUILD.gn +++ b/services/distributeddataservice/app/test/BUILD.gn @@ -88,6 +88,7 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -104,6 +105,7 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { } kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -113,7 +115,6 @@ ohos_unittest("KvStoreImplLogicalIsolationTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -159,6 +160,7 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { "unittest/kvstore_impl_physical_isolation_test.cpp", ] kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -169,6 +171,7 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -188,7 +191,6 @@ ohos_unittest("KvStoreImplPhysicalIsolationTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -234,6 +236,7 @@ ohos_unittest("KvStoreDataServiceTest") { "unittest/kvstore_data_service_test.cpp", ] kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -243,6 +246,7 @@ ohos_unittest("KvStoreDataServiceTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -262,7 +266,6 @@ ohos_unittest("KvStoreDataServiceTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -308,6 +311,7 @@ ohos_unittest("KvStoreBackupTest") { "unittest/kvstore_backup_test.cpp", ] kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -318,6 +322,7 @@ ohos_unittest("KvStoreBackupTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -337,7 +342,6 @@ ohos_unittest("KvStoreBackupTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -363,6 +367,7 @@ ohos_unittest("KvStoreFlowCtrlManagerTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -420,6 +425,7 @@ ohos_unittest("KvStoreSyncManagerTest") { "../src/single_kvstore_impl.cpp", ] kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -429,6 +435,7 @@ ohos_unittest("KvStoreSyncManagerTest") { external_deps = [ "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", @@ -448,7 +455,6 @@ ohos_unittest("KvStoreSyncManagerTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -494,6 +500,7 @@ ohos_unittest("KvStoreUninstallerTest") { "unittest/uninstaller_test.cpp", ] kv_sources = [ + "../../service/kvdb/auth_delegate.cpp", "../../service/kvdb/executor_factory.cpp", "../../service/kvdb/user_delegate.cpp", ] @@ -505,7 +512,6 @@ ohos_unittest("KvStoreUninstallerTest") { "//foundation/distributeddatamgr/distributeddatamgr/interfaces/innerkits/distributeddata:distributeddata_inner", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter:distributeddata_adapter", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/account:distributeddata_account_static", - "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/auth:distributeddata_auth_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/broadcaster:distributeddata_broadcaster_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/permission:distributeddata_permission_static", "//foundation/distributeddatamgr/distributeddatamgr/services/distributeddataservice/adapter/utils:distributeddata_utils_static", @@ -522,6 +528,7 @@ ohos_unittest("KvStoreUninstallerTest") { "ability_base:base", "ability_base:want", "dataclassification:data_transit_mgr", + "deviceauth_standard:deviceauth_sdk", "hiviewdfx_hilog_native:libhilog", "huks:libhukssdk", "ipc:ipc_core", diff --git a/services/distributeddataservice/adapter/auth/src/auth_delegate.cpp b/services/distributeddataservice/service/kvdb/auth_delegate.cpp similarity index 91% rename from services/distributeddataservice/adapter/auth/src/auth_delegate.cpp rename to services/distributeddataservice/service/kvdb/auth_delegate.cpp index 310e73926..7f52b5cbd 100644 --- a/services/distributeddataservice/adapter/auth/src/auth_delegate.cpp +++ b/services/distributeddataservice/service/kvdb/auth_delegate.cpp @@ -1,159 +1,172 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "AuthHandler" -#include "auth/auth_delegate.h" - -#include "checker/checker_manager.h" -#include "communication_provider.h" -#include "device_auth.h" -#include "device_auth_defines.h" -#include "log_print.h" -#include "utils/anonymous.h" - -namespace OHOS::DistributedData { -bool AuthHandler::CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) -{ - auto group = GetGroupInfo(localUserId, appId, peerDeviceId); - if (group.groupType < GroupType::ALL_GROUP) { - ZLOGE("failed to parse group %{public}s)", group.groupId.c_str()); - return false; - } - auto groupManager = GetGmInstance(); - if (groupManager == nullptr || groupManager->checkAccessToGroup == nullptr) { - ZLOGE("failed to get group manager"); - return false; - } - auto ret = groupManager->checkAccessToGroup(localUserId, appId.c_str(), group.groupId.c_str()); - ZLOGD("check access to group ret:%{public}d", ret); - return ret == HC_SUCCESS; -} - -int32_t AuthHandler::GetGroupType( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) -{ - auto group = GetGroupInfo(localUserId, appId, peerDeviceId); - if (group.groupType < GroupType::ALL_GROUP) { - ZLOGE("failed to parse group json(%{public}d)", group.groupType); - } - return group.groupType; -} - -AuthHandler::RelatedGroup AuthHandler::GetGroupInfo( - int32_t localUserId, const std::string &appId, const std::string &peerDeviceId) -{ - auto groupManager = GetGmInstance(); - if (groupManager == nullptr || groupManager->getRelatedGroups == nullptr || groupManager->destroyInfo == nullptr) { - ZLOGE("failed to get group manager"); - return {}; - } - char *groupInfo = nullptr; - uint32_t groupNum = 0; - ZLOGI("get related groups, user:%{public}d, app:%{public}s", localUserId, appId.c_str()); - auto ret = groupManager->getRelatedGroups(localUserId, appId.c_str(), peerDeviceId.c_str(), &groupInfo, &groupNum); - if (groupInfo == nullptr) { - ZLOGE("failed to get related groups, ret:%{public}d", ret); - return {}; - } - ZLOGI("get related group json :%{public}s", groupInfo); - std::vector groups; - RelatedGroup::Unmarshall(groupInfo, groups); - groupManager->destroyInfo(&groupInfo); - - // same account has priority - std::sort(groups.begin(), groups.end(), - [](const RelatedGroup &group1, const RelatedGroup &group2) { return group1.groupType < group2.groupType; }); - if (!groups.empty()) { - ZLOGI("get group type:%{public}d", groups.front().groupType); - return groups.front(); - } - ZLOGD("there is no group to access to peer device:%{public}s", Anonymous::Change(peerDeviceId).c_str()); - return {}; -} - -std::vector AuthHandler::GetTrustedDevicesByType( - AUTH_GROUP_TYPE type, int32_t localUserId, const std::string &appId) -{ - auto groupManager = GetGmInstance(); - if (groupManager == nullptr || groupManager->getRelatedGroups == nullptr - || groupManager->getTrustedDevices == nullptr || groupManager->destroyInfo == nullptr) { - ZLOGE("failed to get group manager"); - return {}; - } - - char *groupsJson = nullptr; - uint32_t groupNum = 0; - ZLOGI("get joined groups, user:%{public}d, app:%{public}s, type:%{public}d", localUserId, appId.c_str(), type); - auto ret = groupManager->getJoinedGroups(localUserId, appId.c_str(), type, &groupsJson, &groupNum); - if (groupsJson == nullptr) { - ZLOGE("failed to get joined groups, ret:%{public}d", ret); - return {}; - } - ZLOGI("get joined group json :%{public}s", groupsJson); - std::vector groups; - RelatedGroup::Unmarshall(groupsJson, groups); - groupManager->destroyInfo(&groupsJson); - - std::vector trustedDevices; - for (const auto &group : groups) { - if (group.groupType != type) { - continue; - } - char *devicesJson = nullptr; - uint32_t devNum = 0; - ret = groupManager->getTrustedDevices(localUserId, appId.c_str(), group.groupId.c_str(), &devicesJson, &devNum); - if (devicesJson == nullptr) { - ZLOGE("failed to get trusted devicesJson, ret:%{public}d", ret); - return {}; - } - ZLOGI("get trusted device json:%{public}s", devicesJson); - std::vector devices; - TrustDevice::Unmarshall(devicesJson, devices); - groupManager->destroyInfo(&devicesJson); - for (const auto &item : devices) { - auto &provider = AppDistributedKv::CommunicationProvider::GetInstance(); - auto networkId = provider.ToNodeId(item.authId); - auto uuid = provider.GetUuidByNodeId(networkId); - trustedDevices.push_back(uuid); - } - } - - return trustedDevices; -} - -bool AuthHandlerStub::CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) -{ - auto checker = CheckerManager::GetInstance().GetChecker("SystemChecker"); - if (checker == nullptr) { - ZLOGE("get system checker failed"); - return false; - } - bool isSystemApp = checker->IsValid(UID_CAPACITY * localUserId, appId); - if (isSystemApp) { - ZLOGE("system app:%{public}s", appId.c_str()); - return peerUserId == SYSTEM_USER; - } - return peerUserId != SYSTEM_USER; -} - -AuthHandler *AuthDelegate::GetInstance() -{ - // change auth way in the future - static AuthHandlerStub instance; - return &instance; -} +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "AuthHandler" +#include "auth_delegate.h" + +#include "checker/checker_manager.h" +#include "communication_provider.h" +#include "device_auth.h" +#include "device_auth_defines.h" +#include "log_print.h" +#include "utils/anonymous.h" +#include "user_delegate.h" + +namespace OHOS::DistributedData { +bool AuthHandler::CheckAccess( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) +{ + auto group = GetGroupInfo(localUserId, appId, peerDeviceId); + if (group.groupType < GroupType::ALL_GROUP) { + ZLOGE("failed to parse group %{public}s)", group.groupId.c_str()); + return false; + } + auto groupManager = GetGmInstance(); + if (groupManager == nullptr || groupManager->checkAccessToGroup == nullptr) { + ZLOGE("failed to get group manager"); + return false; + } + auto ret = groupManager->checkAccessToGroup(localUserId, appId.c_str(), group.groupId.c_str()); + ZLOGD("check access to group ret:%{public}d", ret); + return ret == HC_SUCCESS; +} + +int32_t AuthHandler::GetGroupType( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) +{ + auto group = GetGroupInfo(localUserId, appId, peerDeviceId); + if (group.groupType < GroupType::ALL_GROUP) { + ZLOGE("failed to parse group json(%{public}d)", group.groupType); + } + return group.groupType; +} + +AuthHandler::RelatedGroup AuthHandler::GetGroupInfo( + int32_t localUserId, const std::string &appId, const std::string &peerDeviceId) +{ + auto groupManager = GetGmInstance(); + if (groupManager == nullptr || groupManager->getRelatedGroups == nullptr || groupManager->destroyInfo == nullptr) { + ZLOGE("failed to get group manager"); + return {}; + } + char *groupInfo = nullptr; + uint32_t groupNum = 0; + ZLOGI("get related groups, user:%{public}d, app:%{public}s", localUserId, appId.c_str()); + auto ret = groupManager->getRelatedGroups(localUserId, appId.c_str(), peerDeviceId.c_str(), &groupInfo, &groupNum); + if (groupInfo == nullptr) { + ZLOGE("failed to get related groups, ret:%{public}d", ret); + return {}; + } + ZLOGI("get related group json :%{public}s", groupInfo); + std::vector groups; + RelatedGroup::Unmarshall(groupInfo, groups); + groupManager->destroyInfo(&groupInfo); + + // same account has priority + std::sort(groups.begin(), groups.end(), + [](const RelatedGroup &group1, const RelatedGroup &group2) { return group1.groupType < group2.groupType; }); + if (!groups.empty()) { + ZLOGI("get group type:%{public}d", groups.front().groupType); + return groups.front(); + } + ZLOGD("there is no group to access to peer device:%{public}s", Anonymous::Change(peerDeviceId).c_str()); + return {}; +} + +std::vector AuthHandler::GetTrustedDevicesByType( + AUTH_GROUP_TYPE type, int32_t localUserId, const std::string &appId) +{ + auto groupManager = GetGmInstance(); + if (groupManager == nullptr || groupManager->getRelatedGroups == nullptr + || groupManager->getTrustedDevices == nullptr || groupManager->destroyInfo == nullptr) { + ZLOGE("failed to get group manager"); + return {}; + } + + char *groupsJson = nullptr; + uint32_t groupNum = 0; + ZLOGI("get joined groups, user:%{public}d, app:%{public}s, type:%{public}d", localUserId, appId.c_str(), type); + auto ret = groupManager->getJoinedGroups(localUserId, appId.c_str(), type, &groupsJson, &groupNum); + if (groupsJson == nullptr) { + ZLOGE("failed to get joined groups, ret:%{public}d", ret); + return {}; + } + ZLOGI("get joined group json :%{public}s", groupsJson); + std::vector groups; + RelatedGroup::Unmarshall(groupsJson, groups); + groupManager->destroyInfo(&groupsJson); + + std::vector trustedDevices; + for (const auto &group : groups) { + if (group.groupType != type) { + continue; + } + char *devicesJson = nullptr; + uint32_t devNum = 0; + ret = groupManager->getTrustedDevices(localUserId, appId.c_str(), group.groupId.c_str(), &devicesJson, &devNum); + if (devicesJson == nullptr) { + ZLOGE("failed to get trusted devicesJson, ret:%{public}d", ret); + return {}; + } + ZLOGI("get trusted device json:%{public}s", devicesJson); + std::vector devices; + TrustDevice::Unmarshall(devicesJson, devices); + groupManager->destroyInfo(&devicesJson); + for (const auto &item : devices) { + auto &provider = AppDistributedKv::CommunicationProvider::GetInstance(); + auto networkId = provider.ToNodeId(item.authId); + auto uuid = provider.GetUuidByNodeId(networkId); + trustedDevices.push_back(uuid); + } + } + + return trustedDevices; +} + +bool AuthHandlerStub::CheckAccess( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) +{ + auto checker = CheckerManager::GetInstance().GetChecker("SystemChecker"); + if (checker == nullptr) { + ZLOGE("get system checker failed"); + return false; + } + bool isSystemApp = checker->IsValid(UID_CAPACITY * localUserId, appId); + if (isSystemApp) { + ZLOGE("system app:%{public}s", appId.c_str()); + return peerUserId == SYSTEM_USER; + } + auto localUsers = UserDelegate::GetInstance().GetLocalUserStatus(); + auto peerUsers = UserDelegate::GetInstance().GetRemoteUserStatus(peerDeviceId); + return peerUserId != SYSTEM_USER && IsUserActive(localUsers, localUserId) && IsUserActive(peerUsers, peerUserId); +} + +bool AuthHandlerStub::IsUserActive(const std::vector &users, int32_t userId) +{ + for (const auto &user : users) { + if (user.id == userId && user.isActive) { + return true; + } + } + return false; +} + +AuthHandler *AuthDelegate::GetInstance() +{ + // change auth way in the future + static AuthHandlerStub instance; + return &instance; +} } // namespace OHOS::DistributedData \ No newline at end of file diff --git a/services/distributeddataservice/adapter/include/auth/auth_delegate.h b/services/distributeddataservice/service/kvdb/auth_delegate.h similarity index 96% rename from services/distributeddataservice/adapter/include/auth/auth_delegate.h rename to services/distributeddataservice/service/kvdb/auth_delegate.h index b4af68d9e..3ee3a2248 100644 --- a/services/distributeddataservice/adapter/include/auth/auth_delegate.h +++ b/services/distributeddataservice/service/kvdb/auth_delegate.h @@ -1,103 +1,105 @@ -/* - * Copyright (c) 2022 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H -#define DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H - -#include - -#include "serializable/serializable.h" -namespace OHOS::DistributedData { -enum AUTH_GROUP_TYPE { - ALL_GROUP = 0, - IDENTICAL_ACCOUNT_GROUP = 1, - PEER_TO_PEER_GROUP = 256, - COMPATIBLE_GROUP = 512, - ACROSS_ACCOUNT_AUTHORIZE_GROUP = 1282 -}; - -class AuthHandler { -public: - virtual bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId); - virtual int32_t GetGroupType( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId); - virtual std::vector GetTrustedDevicesByType( - AUTH_GROUP_TYPE type, int32_t localUserId, const std::string &appId); - -private: - struct RelatedGroup final : public Serializable { - int32_t groupType = -1; - std::string groupId; - RelatedGroup() - { - } - ~RelatedGroup() - { - } - RelatedGroup(const RelatedGroup &) = default; - RelatedGroup &operator=(const RelatedGroup &) = default; - bool Marshal(json &node) const override - { - SetValue(node[GET_NAME(groupType)], groupType); - SetValue(node[GET_NAME(groupId)], groupId); - return true; - } - - bool Unmarshal(const json &node) override - { - GetValue(node, GET_NAME(groupType), groupType); - GetValue(node, GET_NAME(groupId), groupId); - return true; - } - }; - - struct TrustDevice final : public Serializable { - std::string authId; // udid - TrustDevice() = default; - TrustDevice(const TrustDevice &) = default; - TrustDevice &operator=(const TrustDevice &) = default; - bool Marshal(json &node) const override - { - SetValue(node[GET_NAME(authId)], authId); - return true; - } - - bool Unmarshal(const json &node) override - { - GetValue(node, GET_NAME(authId), authId); - return true; - } - }; - static RelatedGroup GetGroupInfo(int32_t localUserId, const std::string &appId, const std::string &peerDeviceId); -}; - -class AuthHandlerStub : public AuthHandler { -public: - // override for mock auth in current version, need remove in the future - bool CheckAccess( - int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) override; - -private: - static constexpr pid_t UID_CAPACITY = 10000; - static constexpr int SYSTEM_USER = 0; -}; - -class AuthDelegate { -public: - API_EXPORT static AuthHandler *GetInstance(); -}; -} // namespace OHOS::DistributedData -#endif // DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H +#define DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H + +#include + +#include "metadata/user_meta_data.h" +#include "serializable/serializable.h" +namespace OHOS::DistributedData { +enum AUTH_GROUP_TYPE { + ALL_GROUP = 0, + IDENTICAL_ACCOUNT_GROUP = 1, + PEER_TO_PEER_GROUP = 256, + COMPATIBLE_GROUP = 512, + ACROSS_ACCOUNT_AUTHORIZE_GROUP = 1282 +}; + +class AuthHandler { +public: + virtual bool CheckAccess( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId); + virtual int32_t GetGroupType( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId); + virtual std::vector GetTrustedDevicesByType( + AUTH_GROUP_TYPE type, int32_t localUserId, const std::string &appId); + +private: + struct RelatedGroup final : public Serializable { + int32_t groupType = -1; + std::string groupId; + RelatedGroup() + { + } + ~RelatedGroup() + { + } + RelatedGroup(const RelatedGroup &) = default; + RelatedGroup &operator=(const RelatedGroup &) = default; + bool Marshal(json &node) const override + { + SetValue(node[GET_NAME(groupType)], groupType); + SetValue(node[GET_NAME(groupId)], groupId); + return true; + } + + bool Unmarshal(const json &node) override + { + GetValue(node, GET_NAME(groupType), groupType); + GetValue(node, GET_NAME(groupId), groupId); + return true; + } + }; + + struct TrustDevice final : public Serializable { + std::string authId; // udid + TrustDevice() = default; + TrustDevice(const TrustDevice &) = default; + TrustDevice &operator=(const TrustDevice &) = default; + bool Marshal(json &node) const override + { + SetValue(node[GET_NAME(authId)], authId); + return true; + } + + bool Unmarshal(const json &node) override + { + GetValue(node, GET_NAME(authId), authId); + return true; + } + }; + static RelatedGroup GetGroupInfo(int32_t localUserId, const std::string &appId, const std::string &peerDeviceId); +}; + +class AuthHandlerStub : public AuthHandler { +public: + // override for mock auth in current version, need remove in the future + bool CheckAccess( + int localUserId, int peerUserId, const std::string &peerDeviceId, const std::string &appId) override; + +private: + bool IsUserActive(const std::vector &userStatus, int32_t userId); + static constexpr pid_t UID_CAPACITY = 10000; + static constexpr int SYSTEM_USER = 0; +}; + +class AuthDelegate { +public: + API_EXPORT static AuthHandler *GetInstance(); +}; +} // namespace OHOS::DistributedData +#endif // DISTRIBUTEDDATAMGR_AUTH_DELEGATE_H -- Gitee