From 71f22541622c67f92de67adfed0d11cca9e345a8 Mon Sep 17 00:00:00 2001
From: BrainL <libuyan1@huawei.com>
Date: Tue, 11 Feb 2025 20:08:50 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E5=8F=AF=E4=BF=A1=E5=85=B3=E7=B3=BB?=
 =?UTF-8?q?=E5=AD=98=E5=82=A8=E6=9C=9F=E9=99=90=E6=94=AF=E6=8C=81=E8=80=81?=
 =?UTF-8?q?=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: BrainL <libuyan1@huawei.com>
---
 common/include/dm_constants.h                 |  1 +
 .../include/deviceprofile_connector.h         |  1 +
 .../src/deviceprofile_connector.cpp           |  6 ++++
 .../include/device_manager_service_impl.h     |  2 ++
 .../device_manager_service_impl_lite.h        |  2 ++
 .../src/device_manager_service_impl.cpp       | 34 +++++++++++++++++++
 .../src/device_manager_service_impl_lite.cpp  | 11 ++++++
 .../include/idevice_manager_service_impl.h    |  2 ++
 .../service/src/device_manager_service.cpp    |  1 +
 9 files changed, 60 insertions(+)

diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h
index 400647c70..3f60ecd8b 100755
--- a/common/include/dm_constants.h
+++ b/common/include/dm_constants.h
@@ -289,6 +289,7 @@ const std::string BIND_FOR_DEVICE_LEVEL = "BindForDeviceLevel";
 constexpr int32_t MAX_DEVICE_PROFILE_SIZE = 500;
 constexpr int32_t MAX_ICON_SIZE = 4 * 1024 * 1024;
 constexpr int32_t MAX_CONTAINER_SIZE = 500;
+constexpr int32_t MAX_ALWAYS_ALLOW_SECONDS = 31536000;
 } // namespace DistributedHardware
 } // namespace OHOS
 #endif // OHOS_DM_CONSTANTS_H
\ No newline at end of file
diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h
index d0bb054ce..a212e2c30 100644
--- a/commondependency/include/deviceprofile_connector.h
+++ b/commondependency/include/deviceprofile_connector.h
@@ -123,6 +123,7 @@ public:
     bool CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     bool CheckSinkDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     uint32_t DeleteTimeOutAcl(const std::string &deviceId);
+    void DeleteAclByControlId(const int64_t &controlId);
     int32_t GetTrustNumber(const std::string &deviceId);
     bool CheckDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     std::vector<int32_t> CompareBindType(std::vector<DistributedDeviceProfile::AccessControlProfile> profiles,
diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp
index 6d57f99bc..7e656bcc0 100644
--- a/commondependency/src/deviceprofile_connector.cpp
+++ b/commondependency/src/deviceprofile_connector.cpp
@@ -857,6 +857,12 @@ uint32_t DeviceProfileConnector::DeleteTimeOutAcl(const std::string &deviceId)
     return res;
 }
 
+void DeviceProfileConnector::DeleteAclByControlId(const int64_t &controlId)
+{
+    DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(controlId);
+    return;
+}
+
 int32_t DeviceProfileConnector::GetTrustNumber(const std::string &deviceId)
 {
     LOGI("Start");
diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h
index 0ad140dc5..c38afaf65 100644
--- a/services/implementation/include/device_manager_service_impl.h
+++ b/services/implementation/include/device_manager_service_impl.h
@@ -134,6 +134,8 @@ public:
     void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid,
         const std::string &localUdid, int32_t localUserId, const std::string &localAccountId);
     int32_t RegisterAuthenticationType(int32_t authenticationType);
+    void DeleteAlwaysAllowTimeOut();
+    void CheckDeleteCredential(const std::string &remoteUdid);
 private:
     int32_t PraseNotifyEventJson(const std::string &event, nlohmann::json &jsonObject);
     std::string GetUdidHashByNetworkId(const std::string &networkId);
diff --git a/services/implementation/include/device_manager_service_impl_lite.h b/services/implementation/include/device_manager_service_impl_lite.h
index 017f46316..953f053bc 100644
--- a/services/implementation/include/device_manager_service_impl_lite.h
+++ b/services/implementation/include/device_manager_service_impl_lite.h
@@ -156,6 +156,8 @@ public:
     void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid,
         int32_t localUserId, const std::string &localAccountId);
     int32_t RegisterAuthenticationType(int32_t authenticationType);
+    void DeleteAlwaysAllowTimeOut();
+    void CheckDeleteCredential(const std::string &remoteUdid);
 private:
     std::string GetUdidHashByNetworkId(const std::string &networkId);
 
diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp
index df37b5f6d..74f259b28 100644
--- a/services/implementation/src/device_manager_service_impl.cpp
+++ b/services/implementation/src/device_manager_service_impl.cpp
@@ -1016,6 +1016,40 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat
     return authMgr_->RegisterAuthenticationType(authenticationType);
 }
 
+void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut()
+{
+    LOGI("Start DeleteAlwaysAllowTimeOut");
+    std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
+        DeviceProfileConnector::GetInstance().GetAllAccessControlProfile();
+    std::string remoteUdid = "";
+    int64_t currentTime =
+        std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
+    LOGI("currentTime is %{public}ld", currentTime);
+    for (auto &item : profiles) {
+        if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) {
+            DeviceProfileConnector::GetInstance().DeleteAclByControlId(item.GetAccessControlId());
+            remoteUdid = item.GetTrustedDeviceId();
+            CheckDeleteCredential(remoteUdid);
+        }
+    }
+}
+
+void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid)
+{
+    std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
+        DeviceProfileConnector::GetInstance().GetAllAccessControlProfile();
+    bool leftAcl = false;
+    for (auto &item : profiles) {
+        if (item.GetTrustedDeviceId() == remoteUdid) {
+            leftAcl = true;
+        }
+    }
+    if (!leftAcl) {
+        LOGI("CheckDeleteCredential delete credential");
+        hiChainAuthConnector_->DeleteCredential(remoteUdid, MultipleUserConnector::GetCurrentAccountUserID());
+    }
+}
+
 extern "C" IDeviceManagerServiceImpl *CreateDMServiceObject(void)
 {
     return new DeviceManagerServiceImpl;
diff --git a/services/implementation/src/device_manager_service_impl_lite.cpp b/services/implementation/src/device_manager_service_impl_lite.cpp
index 9bad670d5..990c303c0 100644
--- a/services/implementation/src/device_manager_service_impl_lite.cpp
+++ b/services/implementation/src/device_manager_service_impl_lite.cpp
@@ -593,6 +593,17 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat
     return DM_OK;
 }
 
+void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut()
+{
+    return;
+}
+
+void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid)
+{
+    (void)remoteUdid;
+    return;
+}
+
 extern "C" IDeviceManagerServiceImpl *CreateDMServiceObject(void)
 {
     return new DeviceManagerServiceImpl;
diff --git a/services/service/include/idevice_manager_service_impl.h b/services/service/include/idevice_manager_service_impl.h
index 52292916e..b50827e0d 100644
--- a/services/service/include/idevice_manager_service_impl.h
+++ b/services/service/include/idevice_manager_service_impl.h
@@ -257,6 +257,8 @@ public:
     virtual void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid,
         const std::string &localUdid, int32_t localUserId, const std::string &localAccountId) = 0;
     virtual int32_t RegisterAuthenticationType(int32_t authenticationType) = 0;
+    virtual void DeleteAlwaysAllowTimeOut() = 0;
+    virtual void CheckDeleteCredential(const std::string &remoteUdid) = 0;
 };
 
 using CreateDMServiceFuncPtr = IDeviceManagerServiceImpl *(*)(void);
diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp
index 772787869..43be4b9ec 100755
--- a/services/service/src/device_manager_service.cpp
+++ b/services/service/src/device_manager_service.cpp
@@ -2424,6 +2424,7 @@ int32_t DeviceManagerService::GetTrustedDeviceList(const std::string &pkgName, s
         return ret;
     }
     if (!onlineDeviceList.empty() && IsDMServiceImplReady()) {
+        dmServiceImpl_->DeleteAlwaysAllowTimeOut();
         std::unordered_map<std::string, DmAuthForm> udidMap;
         if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName)) {
             udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(std::string(ALL_PKGNAME));
-- 
Gitee


From cd7f50ce830095c3d4d0dff8b215418c92cade2d Mon Sep 17 00:00:00 2001
From: BrainL <libuyan1@huawei.com>
Date: Tue, 11 Feb 2025 21:00:49 +0800
Subject: [PATCH 2/4] fix code check

Signed-off-by: BrainL <libuyan1@huawei.com>
---
 services/implementation/src/device_manager_service_impl.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp
index 74f259b28..c4c2ac5e7 100644
--- a/services/implementation/src/device_manager_service_impl.cpp
+++ b/services/implementation/src/device_manager_service_impl.cpp
@@ -1024,11 +1024,10 @@ void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut()
     std::string remoteUdid = "";
     int64_t currentTime =
         std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
-    LOGI("currentTime is %{public}ld", currentTime);
     for (auto &item : profiles) {
         if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) {
             DeviceProfileConnector::GetInstance().DeleteAclByControlId(item.GetAccessControlId());
-            remoteUdid = item.GetTrustedDeviceId();
+            remoteUdid = item.GetTrustDeviceId();
             CheckDeleteCredential(remoteUdid);
         }
     }
@@ -1040,7 +1039,7 @@ void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUd
         DeviceProfileConnector::GetInstance().GetAllAccessControlProfile();
     bool leftAcl = false;
     for (auto &item : profiles) {
-        if (item.GetTrustedDeviceId() == remoteUdid) {
+        if (item.GetTrustDeviceId() == remoteUdid) {
             leftAcl = true;
         }
     }
-- 
Gitee


From 735c7fe6a7fe85191496595a60c5a12473957b8f Mon Sep 17 00:00:00 2001
From: BrainL <libuyan1@huawei.com>
Date: Wed, 12 Feb 2025 16:22:35 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E6=8C=81=E4=B9=85=E8=80=81=E5=8C=96?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: BrainL <libuyan1@huawei.com>
---
 common/include/dm_constants.h                               | 1 +
 commondependency/include/deviceprofile_connector.h          | 1 -
 commondependency/src/deviceprofile_connector.cpp            | 6 ------
 services/implementation/src/device_manager_service_impl.cpp | 2 +-
 4 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h
index 3f60ecd8b..d145695d0 100755
--- a/common/include/dm_constants.h
+++ b/common/include/dm_constants.h
@@ -289,6 +289,7 @@ const std::string BIND_FOR_DEVICE_LEVEL = "BindForDeviceLevel";
 constexpr int32_t MAX_DEVICE_PROFILE_SIZE = 500;
 constexpr int32_t MAX_ICON_SIZE = 4 * 1024 * 1024;
 constexpr int32_t MAX_CONTAINER_SIZE = 500;
+// One year 365 * 24 * 60 * 60
 constexpr int32_t MAX_ALWAYS_ALLOW_SECONDS = 31536000;
 } // namespace DistributedHardware
 } // namespace OHOS
diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h
index a212e2c30..d0bb054ce 100644
--- a/commondependency/include/deviceprofile_connector.h
+++ b/commondependency/include/deviceprofile_connector.h
@@ -123,7 +123,6 @@ public:
     bool CheckSrcDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     bool CheckSinkDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     uint32_t DeleteTimeOutAcl(const std::string &deviceId);
-    void DeleteAclByControlId(const int64_t &controlId);
     int32_t GetTrustNumber(const std::string &deviceId);
     bool CheckDevIdInAclForDevBind(const std::string &pkgName, const std::string &deviceId);
     std::vector<int32_t> CompareBindType(std::vector<DistributedDeviceProfile::AccessControlProfile> profiles,
diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp
index 7e656bcc0..6d57f99bc 100644
--- a/commondependency/src/deviceprofile_connector.cpp
+++ b/commondependency/src/deviceprofile_connector.cpp
@@ -857,12 +857,6 @@ uint32_t DeviceProfileConnector::DeleteTimeOutAcl(const std::string &deviceId)
     return res;
 }
 
-void DeviceProfileConnector::DeleteAclByControlId(const int64_t &controlId)
-{
-    DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(controlId);
-    return;
-}
-
 int32_t DeviceProfileConnector::GetTrustNumber(const std::string &deviceId)
 {
     LOGI("Start");
diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp
index c4c2ac5e7..1fc0c22b2 100644
--- a/services/implementation/src/device_manager_service_impl.cpp
+++ b/services/implementation/src/device_manager_service_impl.cpp
@@ -1026,7 +1026,7 @@ void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut()
         std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
     for (auto &item : profiles) {
         if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) {
-            DeviceProfileConnector::GetInstance().DeleteAclByControlId(item.GetAccessControlId());
+            DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.GetAccessControlId());
             remoteUdid = item.GetTrustDeviceId();
             CheckDeleteCredential(remoteUdid);
         }
-- 
Gitee


From a221bb7a23d32d0c9411e303b06c2c027a675432 Mon Sep 17 00:00:00 2001
From: BrainL <libuyan1@huawei.com>
Date: Thu, 13 Feb 2025 11:43:37 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E6=8C=81=E4=B9=85=E4=BF=A1=E4=BB=BB?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: BrainL <libuyan1@huawei.com>
---
 services/implementation/src/device_manager_service_impl.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp
index 1fc0c22b2..56261b8e6 100644
--- a/services/implementation/src/device_manager_service_impl.cpp
+++ b/services/implementation/src/device_manager_service_impl.cpp
@@ -1025,6 +1025,9 @@ void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut()
     int64_t currentTime =
         std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count();
     for (auto &item : profiles) {
+        if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) {
+            continue;
+        }
         if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) {
             DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.GetAccessControlId());
             remoteUdid = item.GetTrustDeviceId();
-- 
Gitee