From 875732cf0026e508b32e827d52340001e68c2327 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 14:31:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9C=AA=E7=BB=8F=E6=8E=88=E6=9D=83=E7=9A=84?= =?UTF-8?q?=E4=B8=9A=E5=8A=A1=E8=AE=BF=E9=97=AE=E5=9F=BA=E7=A1=80=E8=83=BD?= =?UTF-8?q?=E5=8A=9B=E6=9E=84=E5=BB=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../include/deviceprofile_connector.h | 13 +- .../src/deviceprofile_connector.cpp | 124 ++++++++++++++---- .../native_cpp/include/dm_device_info.h | 1 + .../src/device_manager_service_impl.cpp | 15 ++- .../service/src/device_manager_service.cpp | 6 +- .../UTTest_dm_deviceprofile_connector.cpp | 97 +++++++++----- .../UTTest_device_manager_service_two.cpp | 2 +- 7 files changed, 190 insertions(+), 68 deletions(-) diff --git a/commondependency/include/deviceprofile_connector.h b/commondependency/include/deviceprofile_connector.h index f37fc6b9b..4af2dff24 100644 --- a/commondependency/include/deviceprofile_connector.h +++ b/commondependency/include/deviceprofile_connector.h @@ -180,8 +180,19 @@ private: const std::string &reqDev); int32_t CheckAuthForm(DmAuthForm form, DistributedDeviceProfile::AccessControlProfile profiles, DmDiscoveryInfo discoveryInfo); + bool CheckIdenticalAccountAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid, const bool &isSrcUse); + bool CheckSrcUseAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const std::string &sinkUdid); + bool CheckSinkUseAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid); + bool CheckPointToPointAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid, const bool &isSrcUse); bool SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, const DmAccessCaller &caller, - const DmAccessCallee &callee); + const DmAccessCallee &callee, const std::string &srcUdid, const std::string &sinkUdid, const bool &isSrcUse); void DeleteAppBindLevel(DmOfflineParam &offlineParam, const std::string &pkgName, const std::vector &profiles, const std::string &localUdid, const std::string &remoteUdid); diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6ec0ef91d..e94f0246b 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -987,17 +987,19 @@ std::vector GetACLByDeviceIdAndUserId(std::vector profiles = GetAllAccessControlProfile(); - std::vector profilesFilter = - GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid); - for (auto &item : profilesFilter) { + for (auto &item : profiles) { if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && item.GetTrustDeviceId() != srcUdid)) { continue; } - if (SingleUserProcess(item, caller, callee)) { + if (SingleUserProcess(item, caller, callee, srcUdid, sinkUdid, isSrcUse)) { return DM_OK; } } @@ -1022,34 +1024,97 @@ bool DeviceProfileConnector::CheckIdenticalAccount(int32_t userId, const std::st return false; } +bool DeviceProfileConnector::CheckPointToPointAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid, const bool &isSrcUse) +{ + bool ret = false; + if (profile.GetBindLevel() == DEVICE) { + ret = CheckIdenticalAccountAccess(profile, caller, callee, srcUdid, sinkUdid, isSrcUse); + } + if ((profile.GetBindLevel() == APP || profile.GetBindLevel() == SERVICE) && isSrcUse) { + ret = CheckSrcUseAccess(profile, caller, srcUdid, sinkUdid); + } + if ((profile.GetBindLevel() == APP || profile.GetBindLevel() == SERVICE) && !isSrcUse) { + ret = CheckSinkUseAccess(profile, caller, callee, srcUdid, sinkUdid); + } + return ret; +} + +bool DeviceProfileConnector::CheckSrcUseAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const std::string &srcUdid, const std::string &sinkUdid) +{ + if (profile.GetAccesser().GetAccesserDeviceId() == srcUdid && + profile.GetAccessee().GetAccesseeDeviceId() == sinkUdid && + (profile.GetAccesser().GetAccesserUserId() == caller.userId || + profile.GetAccesser().GetAccesserUserId() == -1 || + profile.GetAccesser().GetAccesserUserId() == 0) && + profile.GetAccesser().GetAccesserTokenId() == caller.tokenId) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckSinkUseAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid) +{ + if (profile.GetAccesser().GetAccesserDeviceId() == srcUdid && + profile.GetAccessee().GetAccesseeDeviceId() == sinkUdid && + profile.GetAccesser().GetAccesserTokenId() == caller.tokenId && + (profile.GetAccesser().GetAccesserUserId() == caller.userId || + profile.GetAccesser().GetAccesserUserId() == -1 || + profile.GetAccesser().GetAccesserUserId() == 0) && + (profile.GetAccessee().GetAccesseeUserId() == callee.userId || + profile.GetAccessee().GetAccesseeUserId() == -1 || + profile.GetAccessee().GetAccesseeUserId() == 0) && + profile.GetAccessee().GetAccesseeTokenId() == callee.tokenId) { + return true; + } + return false; +} + +bool DeviceProfileConnector::CheckIdenticalAccountAccess(const DistributedDeviceProfile::AccessControlProfile &profile, + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid, const bool &isSrcUse) +{ + if (isSrcUse) { + if (profile.GetAccesser().GetAccesserDeviceId() == srcUdid && + profile.GetAccessee().GetAccesseeDeviceId() == sinkUdid && + (profile.GetAccesser().GetAccesserUserId() == caller.userId || + profile.GetAccesser().GetAccesserUserId() == -1 || + profile.GetAccesser().GetAccesserUserId() == 0)) { + return true; + } + } else { + if (profile.GetAccesser().GetAccesserDeviceId() == srcUdid && + profile.GetAccessee().GetAccesseeDeviceId() == sinkUdid && + (profile.GetAccesser().GetAccesserUserId() == caller.userId || + profile.GetAccesser().GetAccesserUserId() == -1 || + profile.GetAccesser().GetAccesserUserId() == 0) && + (profile.GetAccessee().GetAccesseeUserId() == callee.userId || + profile.GetAccessee().GetAccesseeUserId() == -1 || + profile.GetAccessee().GetAccesseeUserId() == 0)) { + return true; + } + } + return false; +} + bool DeviceProfileConnector::SingleUserProcess(const DistributedDeviceProfile::AccessControlProfile &profile, - const DmAccessCaller &caller, const DmAccessCallee &callee) + const DmAccessCaller &caller, const DmAccessCallee &callee, const std::string &srcUdid, + const std::string &sinkUdid, const bool &isSrcUse) { - LOGI("BindType %{public}d, bindLevel %{public}d.", - profile.GetBindType(), profile.GetBindLevel()); + LOGI("BindType %{public}d, bindLevel %{public}d.", profile.GetBindType(), profile.GetBindLevel()); uint32_t bindType = profile.GetBindType(); bool ret = false; switch (bindType) { case DM_IDENTICAL_ACCOUNT: - ret = true; + ret = CheckIdenticalAccountAccess(profile, caller, callee, srcUdid, sinkUdid, isSrcUse); break; case DM_POINT_TO_POINT: - if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { - ret = true; - } else if (profile.GetBindLevel() == APP && - (profile.GetAccesser().GetAccesserBundleName() == caller.pkgName || - profile.GetAccessee().GetAccesseeBundleName() == caller.pkgName)) { - ret = true; - } - break; case DM_ACROSS_ACCOUNT: - if (profile.GetBindLevel() == DEVICE || profile.GetBindLevel() == SERVICE) { - ret = true; - } else if (profile.GetBindLevel() == APP && - (profile.GetAccesser().GetAccesserBundleName() == caller.pkgName || - profile.GetAccessee().GetAccesseeBundleName() == caller.pkgName)) { - ret = true; - } + ret = CheckPointToPointAccess(profile, caller, callee, srcUdid, sinkUdid, isSrcUse); break; default: LOGE("unknown bind type %{public}d.", bindType); @@ -1064,16 +1129,19 @@ int32_t DeviceProfileConnector::CheckIsSameAccount(const DmAccessCaller &caller, LOGI("DeviceProfileConnector::CheckIsSameAccount pkgName %{public}s, srcUdid %{public}s, sinkUdid %{public}s", caller.pkgName.c_str(), GetAnonyString(srcUdid).c_str(), GetAnonyString(sinkUdid).c_str()); std::vector profiles = GetAllAccessControlProfile(); - std::vector profilesFilter - = GetACLByDeviceIdAndUserId(profiles, caller, srcUdid, callee, sinkUdid); - for (auto &item : profilesFilter) { + bool isSrcUse = true; + if (callee.tokenId != 0) { + isSrcUse = false; + } + for (auto &item : profiles) { if (item.GetStatus() != ACTIVE || (item.GetTrustDeviceId() != sinkUdid && item.GetTrustDeviceId() != srcUdid)) { continue; } if (item.GetBindType() == DM_IDENTICAL_ACCOUNT) { - LOGI("The udid %{public}s is identical bind.", GetAnonyString(item.GetTrustDeviceId()).c_str()); - return DM_OK; + if (CheckIdenticalAccountAccess(item, caller, callee, srcUdid, sinkUdid, isSrcUse)) { + return DM_OK; + } } } return ERR_DM_FAILED; diff --git a/interfaces/inner_kits/native_cpp/include/dm_device_info.h b/interfaces/inner_kits/native_cpp/include/dm_device_info.h index 00d087fcb..a84a9ce1c 100644 --- a/interfaces/inner_kits/native_cpp/include/dm_device_info.h +++ b/interfaces/inner_kits/native_cpp/include/dm_device_info.h @@ -372,6 +372,7 @@ typedef struct DmAccessCallee { std::string networkId; std::string peerId; int32_t userId; + uint64_t tokenId = 0; std::string extra; } DmAccessCallee; diff --git a/services/implementation/src/device_manager_service_impl.cpp b/services/implementation/src/device_manager_service_impl.cpp index 37e4207c6..e12f60fac 100644 --- a/services/implementation/src/device_manager_service_impl.cpp +++ b/services/implementation/src/device_manager_service_impl.cpp @@ -746,7 +746,20 @@ int32_t DeviceManagerServiceImpl::CheckIsSameAccount(const DmAccessCaller &calle int32_t DeviceManagerServiceImpl::CheckAccessControl(const DmAccessCaller &caller, const std::string &srcUdid, const DmAccessCallee &callee, const std::string &sinkUdid) { - return DeviceProfileConnector::GetInstance().CheckAccessControl(caller, srcUdid, callee, sinkUdid); + CHECK_NULL_RETURN(hiChainConnector_, ERR_DM_POINT_NULL); + bool ret = false; + if (callee.tokenId != 0) { + ret = hiChainConnector_->IsDevicesInP2PGroup(sinkUdid, srcUdid); + } else { + ret = hiChainConnector_->IsDevicesInP2PGroup(srcUdid, sinkUdid); + } + if (!ret) { + int32_t checkRet = DeviceProfileConnector::GetInstance().CheckAccessControl(caller, + srcUdid, callee, sinkUdid); + return checkRet; + } else { + return DM_OK; + } } void DeviceManagerServiceImpl::HandleDeviceNotTrust(const std::string &udid) diff --git a/services/service/src/device_manager_service.cpp b/services/service/src/device_manager_service.cpp index 7c0745e07..7cfdebedf 100755 --- a/services/service/src/device_manager_service.cpp +++ b/services/service/src/device_manager_service.cpp @@ -1614,7 +1614,11 @@ bool DeviceManagerService::CheckAccessControl(const DmAccessCaller &caller, cons SoftbusListener::GetUdidByNetworkId(caller.networkId.c_str(), srcUdid); std::string sinkUdid = ""; SoftbusListener::GetUdidByNetworkId(callee.networkId.c_str(), sinkUdid); - return dmServiceImpl_->CheckAccessControl(caller, srcUdid, callee, sinkUdid); + int32_t ret = dmServiceImpl_->CheckAccessControl(caller, srcUdid, callee, sinkUdid); + if (ret != DM_OK) { + return false; + } + return true; } bool DeviceManagerService::CheckIsSameAccount(const DmAccessCaller &caller, const DmAccessCallee &callee) diff --git a/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp b/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp index f43a40c73..0082c74f8 100644 --- a/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp +++ b/test/commonunittest/UTTest_dm_deviceprofile_connector.cpp @@ -1239,35 +1239,39 @@ HWTEST_F(DeviceProfileConnectorTest, SingleUserProcess_001, testing::ext::TestSi DistributedDeviceProfile::AccessControlProfile profile; DmAccessCaller caller; DmAccessCallee callee; - int32_t ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + caller.userId = 111; + std::string srcUdid = "srcUdid123"; + std::string sinkUdid = "sinkUdid123"; + bool isSrcUse = true; + bool ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, srcUdid, sinkUdid, + isSrcUse); EXPECT_EQ(ret, false); profile.SetBindType(DM_IDENTICAL_ACCOUNT); - profile.accessee_.SetAccesseeBundleName("pkgName"); - profile.accessee_.SetAccesseeDeviceId("localDeviceId"); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + profile.accesser_.SetAccesserDeviceId("srcUdid123"); + profile.accessee_.SetAccesseeDeviceId("sinkUdid123"); + profile.accesser_.SetAccesserUserId(111); + ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); - profile.SetBindType(DM_POINT_TO_POINT); - profile.SetBindLevel(DEVICE); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); - EXPECT_EQ(ret, true); - profile.SetBindLevel(APP); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + isSrcUse = false; + callee.userId = 222; + profile.accessee_.SetAccesseeUserId(222); + ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); - profile.SetBindLevel(SERVICE); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); - EXPECT_EQ(ret, true); - profile.SetBindType(DM_ACROSS_ACCOUNT); + profile.SetBindType(DM_POINT_TO_POINT); profile.SetBindLevel(DEVICE); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); - EXPECT_EQ(ret, true); - profile.SetBindLevel(APP); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + isSrcUse = true; + ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); - profile.SetBindLevel(SERVICE); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + isSrcUse = false; + ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); profile.SetBindType(INVALIED_TYPE); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, false); } @@ -1868,11 +1872,11 @@ HWTEST_F(DeviceProfileConnectorTest, CheckIsSameAccount_002, testing::ext::TestS callee.userId = userId; std::string sinkUdid = "remoteDeviceId"; int32_t ret = DeviceProfileConnector::GetInstance().CheckIsSameAccount(caller, srcUdid, callee, sinkUdid); - EXPECT_EQ(ret, DM_OK); + EXPECT_EQ(ret, ERR_DM_FAILED); callee.userId = 0; ret = DeviceProfileConnector::GetInstance().CheckAccessControl(caller, srcUdid, callee, sinkUdid); - EXPECT_EQ(ret, DM_OK); + EXPECT_EQ(ret, ERR_DM_FAILED); } HWTEST_F(DeviceProfileConnectorTest, HandleAppUnBindEvent_002, testing::ext::TestSize.Level0) @@ -2250,26 +2254,47 @@ HWTEST_F(DeviceProfileConnectorTest, GetBindLevel_002, testing::ext::TestSize.Le localAccountId); } -HWTEST_F(DeviceProfileConnectorTest, SingleUserProcess_002, testing::ext::TestSize.Level0) +HWTEST_F(DeviceProfileConnectorTest, CheckPointToPointAccess_001, testing::ext::TestSize.Level0) { DistributedDeviceProfile::AccessControlProfile profile; DmAccessCaller caller; DmAccessCallee callee; + caller.userId = 111; + std::string srcUdid = "srcUdid123"; + std::string sinkUdid = "sinkUdid123"; + bool isSrcUse = true; profile.SetBindType(DM_POINT_TO_POINT); - profile.SetBindLevel(APP); - caller.pkgName = "bundleName"; - DistributedDeviceProfile::Accessee accessee; - accessee.SetAccesseeBundleName("bundleName"); - profile.SetAccessee(accessee); - int32_t ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + profile.SetBindLevel(DEVICE); + profile.accesser_.SetAccesserDeviceId("srcUdid123"); + profile.accessee_.SetAccesseeDeviceId("sinkUdid123"); + profile.accesser_.SetAccesserUserId(111); + bool ret = DeviceProfileConnector::GetInstance().CheckPointToPointAccess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); + EXPECT_EQ(ret, true); + isSrcUse = false; + callee.userId = 222; + profile.accessee_.SetAccesseeUserId(222); + ret = DeviceProfileConnector::GetInstance().CheckPointToPointAccess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); - - - profile.SetBindType(DM_ACROSS_ACCOUNT); profile.SetBindLevel(APP); - accessee.SetAccesseeBundleName("bundleName"); - profile.SetAccessee(accessee); - ret = DeviceProfileConnector::GetInstance().SingleUserProcess(profile, caller, callee); + isSrcUse = true; + caller.tokenId = 666; + profile.accesser_.SetAccesserTokenId(666); + ret = DeviceProfileConnector::GetInstance().CheckPointToPointAccess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); + EXPECT_EQ(ret, true); + profile.SetBindLevel(SERVICE); + ret = DeviceProfileConnector::GetInstance().CheckPointToPointAccess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); + EXPECT_EQ(ret, true); + isSrcUse = false; + callee.userId = 888; + callee.tokenId = 999; + profile.accessee_.SetAccesseeUserId(888); + profile.accessee_.SetAccesseeTokenId(999); + ret = DeviceProfileConnector::GetInstance().CheckPointToPointAccess(profile, caller, callee, + srcUdid, sinkUdid, isSrcUse); EXPECT_EQ(ret, true); } diff --git a/test/unittest/UTTest_device_manager_service_two.cpp b/test/unittest/UTTest_device_manager_service_two.cpp index 56e8d168d..b9d8eed52 100644 --- a/test/unittest/UTTest_device_manager_service_two.cpp +++ b/test/unittest/UTTest_device_manager_service_two.cpp @@ -217,7 +217,7 @@ HWTEST_F(DeviceManagerServiceTest, CheckAccessControl_201, testing::ext::TestSiz DmAccessCallee callee; EXPECT_CALL(*softbusListenerMock_, GetUdidByNetworkId(_, _)).WillOnce(Return(DM_OK)).WillOnce(Return(DM_OK)); bool ret = DeviceManagerService::GetInstance().CheckAccessControl(caller, callee); - EXPECT_EQ(ret, true); + EXPECT_EQ(ret, false); } /** -- Gitee