diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 400647c701f15d9b4015be4691af4b988b82d656..d145695d08b1b01e608d4393444cb14c1272d6a6 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -289,6 +289,8 @@ const std::string BIND_FOR_DEVICE_LEVEL = "BindForDeviceLevel"; constexpr int32_t MAX_DEVICE_PROFILE_SIZE = 500; constexpr int32_t MAX_ICON_SIZE = 4 * 1024 * 1024; constexpr int32_t MAX_CONTAINER_SIZE = 500; +// One year 365 * 24 * 60 * 60 +constexpr int32_t MAX_ALWAYS_ALLOW_SECONDS = 31536000; } // namespace DistributedHardware } // namespace OHOS #endif // OHOS_DM_CONSTANTS_H \ No newline at end of file diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h index 0ad140dc58a1529e70d654733817526d9733da5a..c38afaf65a7d624b54117bf22d22543452c991e8 100644 --- a/services/implementation/include/device_manager_service_impl.h +++ b/services/implementation/include/device_manager_service_impl.h @@ -134,6 +134,8 @@ public: void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId); int32_t RegisterAuthenticationType(int32_t authenticationType); + void DeleteAlwaysAllowTimeOut(); + void CheckDeleteCredential(const std::string &remoteUdid); private: int32_t PraseNotifyEventJson(const std::string &event, nlohmann::json &jsonObject); std::string GetUdidHashByNetworkId(const std::string &networkId); diff --git a/services/implementation/include/device_manager_service_impl_lite.h b/services/implementation/include/device_manager_service_impl_lite.h index 017f4631630a8a8ae765df1d76548d2c558349ea..953f053bc480a179c55d59dc327bde2371695ce7 100644 --- a/services/implementation/include/device_manager_service_impl_lite.h +++ b/services/implementation/include/device_manager_service_impl_lite.h @@ -156,6 +156,8 @@ public: void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId); int32_t RegisterAuthenticationType(int32_t authenticationType); + void DeleteAlwaysAllowTimeOut(); + void CheckDeleteCredential(const std::string &remoteUdid); private: std::string GetUdidHashByNetworkId(const std::string &networkId); diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index df37b5f6da677e2873aa17658288e75b4cd8b272..56261b8e693e7ade8652d3cde62ef82ce36c3852 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -1016,6 +1016,42 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat return authMgr_->RegisterAuthenticationType(authenticationType); } +void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut() +{ + LOGI("Start DeleteAlwaysAllowTimeOut"); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAllAccessControlProfile(); + std::string remoteUdid = ""; + int64_t currentTime = + std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); + for (auto &item : profiles) { + if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { + continue; + } + if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.GetAccessControlId()); + remoteUdid = item.GetTrustDeviceId(); + CheckDeleteCredential(remoteUdid); + } + } +} + +void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid) +{ + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAllAccessControlProfile(); + bool leftAcl = false; + for (auto &item : profiles) { + if (item.GetTrustDeviceId() == remoteUdid) { + leftAcl = true; + } + } + if (!leftAcl) { + LOGI("CheckDeleteCredential delete credential"); + hiChainAuthConnector_->DeleteCredential(remoteUdid, MultipleUserConnector::GetCurrentAccountUserID()); + } +} + extern "C" IDeviceManagerServiceImpl *CreateDMServiceObject(void) { return new DeviceManagerServiceImpl; diff --git a/services/implementation/src/device_manager_service_impl_lite.cpp b/services/implementation/src/device_manager_service_impl_lite.cpp index 9bad670d588dd2eaafb3582d5777283cd019a8b9..990c303c0252bc692d89b4094c1e142dcb93765e 100644 --- a/services/implementation/src/device_manager_service_impl_lite.cpp +++ b/services/implementation/src/device_manager_service_impl_lite.cpp @@ -593,6 +593,17 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat return DM_OK; } +void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut() +{ + return; +} + +void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid) +{ + (void)remoteUdid; + return; +} + extern "C" IDeviceManagerServiceImpl *CreateDMServiceObject(void) { return new DeviceManagerServiceImpl; diff --git a/services/service/include/idevice_manager_service_impl.h b/services/service/include/idevice_manager_service_impl.h index 52292916ecd3ab97ba10ca823d77a9cfa29e603d..b50827e0d71fb8e1606d88c4cc6b9eeb87a9f227 100644 --- a/services/service/include/idevice_manager_service_impl.h +++ b/services/service/include/idevice_manager_service_impl.h @@ -257,6 +257,8 @@ public: virtual void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId) = 0; virtual int32_t RegisterAuthenticationType(int32_t authenticationType) = 0; + virtual void DeleteAlwaysAllowTimeOut() = 0; + virtual void CheckDeleteCredential(const std::string &remoteUdid) = 0; }; using CreateDMServiceFuncPtr = IDeviceManagerServiceImpl *(*)(void); diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index 77278786900b06bf3cdf964881ff8a7facd55d0a..43be4b9ec4bfbcc17ef42beff4abd871d3f37788 100755 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -2424,6 +2424,7 @@ int32_t DeviceManagerService::GetTrustedDeviceList(const std::string &pkgName, s return ret; } if (!onlineDeviceList.empty() && IsDMServiceImplReady()) { + dmServiceImpl_->DeleteAlwaysAllowTimeOut(); std::unordered_map udidMap; if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName)) { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(std::string(ALL_PKGNAME));