diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 400647c701f15d9b4015be4691af4b988b82d656..d145695d08b1b01e608d4393444cb14c1272d6a6 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -289,6 +289,8 @@ const std::string BIND_FOR_DEVICE_LEVEL = "BindForDeviceLevel"; constexpr int32_t MAX_DEVICE_PROFILE_SIZE = 500; constexpr int32_t MAX_ICON_SIZE = 4 * 1024 * 1024; constexpr int32_t MAX_CONTAINER_SIZE = 500; +// One year 365 * 24 * 60 * 60 +constexpr int32_t MAX_ALWAYS_ALLOW_SECONDS = 31536000; } // namespace DistributedHardware } // namespace OHOS #endif // OHOS_DM_CONSTANTS_H \ No newline at end of file diff --git a/services/implementation/include/device_manager_service_impl.h b/services/implementation/include/device_manager_service_impl.h index 2f91bd3d882e33604a9d4cef9d19df816b053fa1..55e5426b0d74072de0d67f6315933cb9d90d7d05 100644 --- a/services/implementation/include/device_manager_service_impl.h +++ b/services/implementation/include/device_manager_service_impl.h @@ -134,6 +134,8 @@ public: void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId); int32_t RegisterAuthenticationType(int32_t authenticationType); + void DeleteAlwaysAllowTimeOut(); + void CheckDeleteCredential(const std::string &remoteUdid); int32_t CheckDeviceInfoPermission(const std::string &localUdid, const std::string &peerDeviceId); private: int32_t PraseNotifyEventJson(const std::string &event, nlohmann::json &jsonObject); diff --git a/services/implementation/include/device_manager_service_impl_lite.h b/services/implementation/include/device_manager_service_impl_lite.h index cab542b2cf8e0228e823ff0a47c26d0f81bac0f8..6d05f91e9bab95539d362cbb8430c70bc48d5e48 100644 --- a/services/implementation/include/device_manager_service_impl_lite.h +++ b/services/implementation/include/device_manager_service_impl_lite.h @@ -156,6 +156,8 @@ public: void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId); int32_t RegisterAuthenticationType(int32_t authenticationType); + void DeleteAlwaysAllowTimeOut(); + void CheckDeleteCredential(const std::string &remoteUdid); int32_t CheckDeviceInfoPermission(const std::string &localUdid, const std::string &peerDeviceId); private: std::string GetUdidHashByNetworkId(const std::string &networkId); diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index 5d914b48ed3ef00068a01b71b44b3454dadc1782..37e4207c6d880057b3c2cb374d7cedb1d53c1022 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -1016,6 +1016,42 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat return authMgr_->RegisterAuthenticationType(authenticationType); } +void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut() +{ + LOGI("Start DeleteAlwaysAllowTimeOut"); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAllAccessControlProfile(); + std::string remoteUdid = ""; + int64_t currentTime = + std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); + for (auto &item : profiles) { + if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { + continue; + } + if ((currentTime - item.GetLastAuthTime()) > MAX_ALWAYS_ALLOW_SECONDS && item.GetLastAuthTime() > 0) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(item.GetAccessControlId()); + remoteUdid = item.GetTrustDeviceId(); + CheckDeleteCredential(remoteUdid); + } + } +} + +void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid) +{ + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAllAccessControlProfile(); + bool leftAcl = false; + for (auto &item : profiles) { + if (item.GetTrustDeviceId() == remoteUdid) { + leftAcl = true; + } + } + if (!leftAcl) { + LOGI("CheckDeleteCredential delete credential"); + hiChainAuthConnector_->DeleteCredential(remoteUdid, MultipleUserConnector::GetCurrentAccountUserID()); + } +} + int32_t DeviceManagerServiceImpl::CheckDeviceInfoPermission(const std::string &localUdid, const std::string &peerDeviceId) { diff --git a/services/implementation/src/device_manager_service_impl_lite.cpp b/services/implementation/src/device_manager_service_impl_lite.cpp index 4959149a737ed10458c8faa6e5a5a64aab55a94f..07abe0cde1d2ac9f840c89cdf46d01ccd122f044 100644 --- a/services/implementation/src/device_manager_service_impl_lite.cpp +++ b/services/implementation/src/device_manager_service_impl_lite.cpp @@ -593,6 +593,17 @@ int32_t DeviceManagerServiceImpl::RegisterAuthenticationType(int32_t authenticat return DM_OK; } +void DeviceManagerServiceImpl::DeleteAlwaysAllowTimeOut() +{ + return; +} + +void DeviceManagerServiceImpl::CheckDeleteCredential(const std::string &remoteUdid) +{ + (void)remoteUdid; + return; +} + int32_t DeviceManagerServiceImpl::CheckDeviceInfoPermission(const std::string &localUdid, const std::string &peerDeviceId) { diff --git a/services/service/include/idevice_manager_service_impl.h b/services/service/include/idevice_manager_service_impl.h index 9247e049e44d8f6c6a1c12600e7bbc67be3e7d62..7df04af0ada2d5a66d64b56414acdab5ce7da3fe 100644 --- a/services/service/include/idevice_manager_service_impl.h +++ b/services/service/include/idevice_manager_service_impl.h @@ -257,6 +257,8 @@ public: virtual void HandleDeviceUnBind(int32_t bindType, const std::string &peerUdid, const std::string &localUdid, int32_t localUserId, const std::string &localAccountId) = 0; virtual int32_t RegisterAuthenticationType(int32_t authenticationType) = 0; + virtual void DeleteAlwaysAllowTimeOut() = 0; + virtual void CheckDeleteCredential(const std::string &remoteUdid) = 0; virtual int32_t CheckDeviceInfoPermission(const std::string &localUdid, const std::string &peerDeviceId) = 0; }; diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index dfac00129833d7640d88cdbe1b1701e4e6c41cd1..7c0745e0769ac1f23b76676abb72e316a4af0538 100755 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -2442,6 +2442,7 @@ int32_t DeviceManagerService::GetTrustedDeviceList(const std::string &pkgName, s return ret; } if (!onlineDeviceList.empty() && IsDMServiceImplReady()) { + dmServiceImpl_->DeleteAlwaysAllowTimeOut(); std::unordered_map udidMap; if (PermissionManager::GetInstance().CheckWhiteListSystemSA(pkgName)) { udidMap = dmServiceImpl_->GetAppTrustDeviceIdList(std::string(ALL_PKGNAME));